T Flashcards
TACACS+
Terminal Access Controller Access Control System
A network protocol developed by Cisco, popularly used in the industry for AAA.
TAXII
Trusted Automated eXchange of Indicator Information
The transport protocol/format through which threat intelligence data is transmitted.
TCP/IP
Transmission Control Protocol / Internet Protocol
A set of standardized rules that allow computers to communicate on a network such as the internet.
TGT
Ticket Granting Ticket
A file created by the KDC (Key Distribution Center) of the Kerberos authentication protocol.
It is a user authentication token that is used to request access tokens from the Ticket Granting Service for specific resources/systems joined to the domain.
TKIP
Temporal Key Integrity Protocol
TKIP has been deprecated and replaced by AES.
TKIP is the deprecated encryption protocol used by WPA. It dynamically changes the encryption key that systems use.
An encryption protocol for wireless LANs that provides more secure encryption than WEP.
It is better to use WPA2 (AES) or WPA3.
TLS
Transport Layer Security
A cryptographic protocol that protects internet communications. It has replaced SSL.
It provides end-to-end security of data sent between applications over the internet. While it is commonly seen in web browsers when a secure session is established, it can also be used for other applications such as email, file transfers, video/audioconferencing, instant messaging, VoIP, and internet services such as DNS and NTP.
TOC
Time-of-Check
Regarding a running process on a computer, this is the time that the process accesses some variable or data stored in memory.
TOTP
Time-based One-Time Password
A common form of 2FA. Unique numeric passwords are generated with a standardized algorithm that uses the current time as an input. The time-based passwords are available offline and provide user-friendly, increased account security when used as a second factor.
TOU
Time-of-Use
Regarding a running process on a computer, this is the time that the process uses some variable or data stored in memory to perform an action.
TPM
Trusted Platform Module
A secure crypto-processor chip that is designed to carry out cryptographic operations. It includes multiple physical security mechanisms to make it tamper-resistant, and malicious software is unable to tamper with the security functions of the TPM.
Some of the advantages of using TPM technology are:
Generate, store, and limit the use of cryptographic keys.
Use it for device authentication by using the TPM’s unique RSA key, which is burned into the chip.
Help ensure platform integrity by taking and storing security measurements of the boot process.
The most common TPM functions are used for system integrity measurements and for key creation and use. During the boot process of a system, the boot code that is loaded (including firmware and the operating system components) can be measured and recorded in the TPM. The integrity measurements can be used as evidence for how a system started and to make sure that a TPM-based key was used only when the correct software was used to boot the system.
TTP
Tactics, Techniques, and Procedures
The description of the behavior of a threat actor and a structured framework for executing a cyberattack.
TSIG
Transaction Signature
A network protocol defined in RFC 2845. Its main purpose is to allow DNS to authenticate updates to a DNS database, so that malicious users can’t change name resolution records to point to a bogus IP address instead of (for example) the IP address of a bank.
TSIG uses one-way hashing and shared secret keys to provide a secure means to authenticate the endpoints of a connection for processing (or responding to) DNS update requests.
The TSIG protocol uses timestamps to prevent replay of recorded responses. Therefore, DNS servers and TSIG clients need accurate clocks to provide the timestamps.
Difference between RADIUS and TACACS+
Protocol
Security
Flexibility
Protocol:
RADIUS - UDP, less reliable but faster
TACACS+ - TCP, very reliable but slower
Security:
RADIUS - only encrypts the password
TACACS+ - encrypts the entire packet
Flexibility:
RADIUS - amalgamates authentication and authorization, making it a unified process
TACACS+ - separates authentication, authorization, and accounting into 3 separate processes, giving more granular control over user permissions
Note:
RADIUS does not do very much authorization; TACACS+ does.
What is the reason that WEP is no longer considered secure?
It encrypts with a static key.
WEP uses a single key to ensure the security of an entire network. If one user is compromised, everyone on the network is.