Terms Flashcards
Risk Management
What is Risk Management?
A practice of identifying, monitoring, and limiting risks to a manageable level.
What are the 3 Risk Control Types?
Administrative
Technical
Physical
What is Risk Assessment?
Used to understand the current risks, probability, impact, and the solution to prevent them.
What are the 4 Risk Management Options?
Avoidance
Transference
Acceptance
Mitigation
Is a living document used to track different types of data elements associated to risk factors and scenarios.
Risk Register
Continuity of operations plan (COOP)
Provides an alternate location for operations after a critical outage.
Business Continuity Plan (BCP)
Ensures that critical business operations continue and the organization can survive the outage. Identify key items.
What is DRP?
Disaster Recovery Plan: Provides a step-by-step procedure that personnel will follow to save human life and recover/restore your business .
What is BIA?
Business Impact Analysis: Identifies systems and components that are essential to the organization’s success and potential for financial loss.
What is ALE?
Annual Loss Expectancy: The possible yearly cost of all instances of a specific realized threat against a specific asset. Allows for proper budgeting of the security measures if risk happens
What is ARO?
Annual Rate of Occurrence: The frequency with which a specific threat or risk will occur within a single year.
what is SLE?
Single Loss Expectancy: The cost associated with a single realized risk against a specific asset
How do you calculate the ALE?
ALE = ARO * SLE
What is SLA?
Service Level Agreement
What is BPA?
Business Partnership Agreement
What is MOA/MOU ?
Memorandum of Agreement/Understanding
What is ISA?
Interconnection Security Agreement
What is AUP?
Acceptable Use Policy
What is BYOD?
Bring Your Own Device
What is CYOD?
Choose Your Own Device
What isCOPE?
Company Owned, Personally Enabled
What is VDI?
Virtual Desktop Infrastructure
What is AV?
Asset Value - Monetary value of the information asset
What is EF?
Exposure Factor: Percentage of loss that an organization would experience if a specific asset were violated by a realized risk.
How is the SLE calculated?
SLE = AV * EF
What are the 4 pillars of Sec+
Confidentiality
Integrity
Availability
Safety/Security
What are the 6 Access Control Types?
Preventative Detective Corrective Deterrent Recovery Compensation
What is PAP?
Password Authentication Protocol: passwords are sent over the wire in cleartext.
What is CHAP?
Challenge Handshake Authentication Protocol: passwords are sent over the network encrypted.
What is PPP?
Point-to-Point Protocol
What is FFR?
False Reject Rate OR Type 1
What is FAR?
False Acceptance Rate OR Type 2
What are the 5 Authentication Factors?
Something You Know (Password) - [Weakest]
Something You Have (Multi-Factor)
Something You Are (Biometric) - [Strongest]
Somewhere You Are (Geolocation)
Something You Do (Gestures)
What is Single Factor Authentication?
Authentication that requires a single authentication factor type.
What is Multi-Factor Authentication?
Authentication that requires more then one authentication factor type.
What is Mutual Authentication?
Two-way Authentication: client to server, & server to client.
What is SSO?
Single Sign On: authentication that allows for access of multiple applications without requiring additional authentication.
What are 2 services that use SSO Secure Token?
Kerberos (Domain)
LDAP (Active Directory)
What are 4 Federated Identity Management services?
OpenID
Oauth
SAML (Domain to Domain)
Shibboleth
What are the 2 Categories of Identify Management
Centralized Access Control: authorization verification performed by a single entity.
Decentralized Access Control (Distributed Access Control): various entities located throughout a system perform authorization verification.
What is LDAP/LDAPS?
Lightweight Directory Access Protocol (Secured)
TCP 389
SSL/TLS TCP 636/3269
uses x.500 Standard
What is PKI?
Public Key Infrastructure
What is ADDS?
Active Domain Services OR Domain Controller
What are the 2 types of Domain Administrators?
Root Domain
Enterprise Domain
What is AES?
Advanced Encryption Standard: symmetric encryption to protect the users logon credentials.
Whats is KDC?
Key Distribution Center OR Kerberos
What are the 4 parts of KDC?
Authentication Server (AS)
Ticket Granting Service (TGS)
Ticket Granting Ticket (TGT)
Domain Controller
What is IDaaS
Identity as a Service:
What is Federated Identify Management?
is when organizations join a group of organizations, to share authentication.
Cloud identify authentication
What 2 protocols used for Personal Federations?
OpenID
OAuth
Google, Facebook, LinkedIN, Microsoft, & Twitter
What 2 protocols are used for Business Federation?
Security Assertion Markup Language (SAML) [Cloud]
Shibboleth
What is SOAP?
Simple Object Access Protocol
What is CRM?
Customer Relation Managment
What is SAML?
Security Assertion Markup Language (business to business)
What is used by SSH?
SFTP
SCP
What is PEAP?
Protected Extensible Authentication, works with SSL/TLS
What are the 3 phases of Account Management?
Provisioning (on-boarding)
Review
Deprovisioning (off-boarding)
What are the 3 types of Authorization?
Rights
Permissions
Privileges
What are the 5 Access Control Models?
Role-based access control (role-BAC) Rule-based access control (rule-BAC) Discretionary access control (DAC) Mandatory access control (MAC) Attribute-based access control (ABAC)
What is Separation of Duties?
Dividing roles and responsibilities of individuals or departments so that one critical task cannot be performed by one entity.
What is Dual Control?
Ensuring that more than one individual has to be involved in completing a task.
What are the 4 Role-based access control (Role-BAC) types?
Administrators
Executives
Project Managers
Team Members
What is rule-BAC?
Rule-based access control: uses IF/THEN logic.
What is MAC?
Mandatory access control: uses sensitivity labels
What is DAC?
Discretionary access control: Owner establishes access for the objects (files and folders)
What is a RAS?
Remote Access Service: example VPN
What are the 3 types of user authentication?
Point-to-Point (PPP)
Client Side
Server Side
What are the 4 Client Side protocols used for user authentication?
PAP
CHAP
MSCHAP (mutual authentication)
EAP
What are the 5 Server Side protocols used for user authentication?
AAA TACACS+ 802.1X RADIUS/ Radius Federation DIAMETER
What are the 3 Network Authentication Server (AAA) protocols?
RADUIS (UDP)
TACACS+ (Cisco, TCP 49)
Diameter (TCP)
What does AAA stand for?
Authentication, Authorization, and Accounting
What is IdP?
Identity Provider: creates, maintains and manages users identity information.
What is Change Management?
Controls software changes, patches
What are the 2 Cryptographic Methods?
Symmetric Cryptography: 1 key, out-of-band
Asymmetric Cryptography: 2 separate keys, in-band
What are 5 Popular Symmetric Algorithms?
Advanced Encryption Standard (AES) strongest
Data Encryption Standard (DES) weakest
Triple Data Encryption Standard (3DES) slow
RC4 (Rivest Cipher), weakest encryption
Blowfish, next most secure
What are 5 Popular Asymmetric Algorithms?
RSA DSA Diffie-Hellman (Groups, DHE, ECDHE) Elliptic curve PGP/GPG
What are the 4 Data Encryption Standard (DES) Modes?
ECB, weakest
CBC
CTR
GCM
What are the 4 most common Hashing Algorithms?
MD5
SHA, NSA 256
HMAC
RIPEMD
What is HMAC?
Hash-based Message Authentication Code: used in IT security with VPNs.
What are 2 Key Stretching Algorithms?
Bcrypt [salts, and hashes with Blowfish] strongest
Password-Based Key Derivation Function 2 (PBKDF2)
What are 3 advantages of using digital signatures?
Authentication
Non-repudiation
Integrity
What 2 things are utilized when a Certificate Revocation takes place?
Certificate Revocation List (CRL)
Online Certificate Status Protocol (OCSP)
What are the 3 main Certificate Formats & PKI Structures?
Distinguished Encoding Rules (DER), Ascii
PKCS#7, Share public key
PKCS#12, Private key with certificate
What are the 4 types of Trust Models?
Web Of Trust [decentralized]
Third-Party (Single Authority) Trust
Hierarchical Trust [centralized]
Cross-trust [different organizations]
What is Encapsulation/Multiplexing in regards to OSI?
Going from High to Low, Application to Physical Layer.
What is Decapsulation/De-multiplexing in regards to ISO?
Going from Low to High, Physical to Application Layer.
What are the 7 layers of the ISO model?
- Application
- Presentation
- Session
- Transport
- Network
- Data Link
- Physical
What are the 7 layers of the ISO model?
- Application [data]
- Presentation [data]
- Session [data]
- Transport [protocols]
- Network [packets]
- Data Link [frames]
- Physical [bits]
What are the 3 types of communication sessions?
Simplex [one way]
Full-duplex [two way, same time]
Half-duplex [two way, one at a time]
What are the 4 layers of the TCP/IP model?
Application
Transport
Internet
Link/Network Interface
What are the 4 protocol groups?
Basic connectivity protocols
Encryption protocols
Application protocols
Email protocols
What is SNMP?
Simple Network Management Protocol
UDP 161 (query); UDP 162 (trap/notifications)
SNMPv2, authentication
SNMPv3, encryption TCP 10161, TCP 10162
What is SRTP?
Secure Real-time Protocol
Used to implement voice encryption (VoIP)
UDP 5004
SMTP
SMTPS
TCP 25
TCP 465
POP3
POP3S
TCP 110
TCP 995
IMAP4
IMAPS
TCP 143
TCP 993
DHCP
Dynmic Host Configuration Protocol UDP 67 (server) UDP 68 (client)
DNS Comands
Nslookup (Windows)
Dig (Linux)
What is a BIND server?
Berkeley Internet Name Domain, a DNS server
What does SCP use?
Uses SSH
TCP 22
What does TFTP use?
UDP 69
What does HTTP use?
TCP 80
What does HTTPS use?
TCP 443
What port does SIP use?
5060/5061
What port does H.323 use?
1720
What port does RADUIS use?
UDP 1812/1813
What are the 3 types of FIREWALLS?
Packet filtering (Stateless Inspection)
Stateful
Application-Aware Firewall (WAF)
Application-Aware Firewall
Web based firewall
Host based firewall
What are the 6 types of Proxy Servers?
Forward proxy (protects client) Reverse proxy (protects servers) Transparent (does not modify) Nontransparent (modify or filter) Application (specific applications) Multipurpose (multiple protocol types)
What are the 2 modes of Internet Protocol security (IPsec)?
Transport
Tunnel
What is SIEM?
Security Information and Event Management
What is WORM in relation to SIEM?
Write Once, Read Many (offer tamper-proof data)
What is a HSM?
Hardware Security Module
-can generate, store, and manage RSA keys used in asymmetric encryption
What is a NAC?
Network Access Control
-entry point or gateway into the network, typically for remote or mobile clients
What is Host Health Check / Posture Assessment?
Enforces NAC
What is 802.1x ?
Switch Port based authentication
- RADIUS server
- Diameter server
- redirect unauthorized clients to a non-production network via a VLAN
What is EPA?
Extensible Authentication Protocol
What is NAC?
Network Access Control: provides continuous security monitoring by inspecting computers and preventing them from accessing the network if they don’t pass the inspection.
What is ESP?
Encapsulating Security Payload
What is SSTP?
Secure Socket Tunneling Protocol: encrypts VPN traffic using TLS over TCP 443
What is PPTP?
Point-to-Point Tunneling Protocol: TCP 1723
What is L2TP?
Layer 2 Tunneling Protocol: uses IPsec, UDP 1701
SSL Accelerator
Offloads the SSL process to a hardware accelerator, makes secure connection faster, and provides load balancing options.
What is FDE?
Full disk encryption: software based
What is SED?
Self-encrypted devices: hardware or software based
What is UEFI?
Unified Extensible Firmware Interface: replaces a BIOS, supposed to be better.
What is a TPM?
Trusted Platform Module: Prevent any type of dictionary attack
What is HSM?
Hardware Security Module: manage, generate, and securely store cryptographic keys in a secure location
What is SCADA?
Supervisory control and data acquisition
Industrial Control System (ICS) is associated with SCADA
What is IaaS?
Infrastructure-as-a-service [host, servers]
What is PaaS?
Platform as a service [build, operating systems]
What is SaaS?
Software as a service [consume, applications]
What is SECaaS?
Security as a Service
What is CASB?
Cloud access security broker
Virtualization Hypervisors
Type 1: it is an OS, faster, more expensive
Type 2: runs on an OS, cheaper, slower
Type 3: Container virtualization, runs within isolated cells and does not have its own kernel
802.11x
Captive Portal