Test Prep April 2 Flashcards
SRTP
Secure Real Time Transport Protocol: This encrypts communication with AES
NTPsec
Secure Network Time Protocol
S/MIME
Secure multipurpose internet mail extensions: Requires a public key infrastructure
Secure POP3
Uses STARTTLS to encrypt with SSL
IMAP
Uses SSL to encrypt email messages
SSL
Secure Sockets Layer
TLS
Transport Layer Security: Uses HTTPS
HTTPS
HTTP over TLS: Uses Private key encryption
IPsec
Internet Protocol Security: Security for OSI Layer 3, encryption and packet signing; uses authentication header
FTPS
File Transfer protocol secure: FTP over SSL
SFTP
SSH file transfer protocol
LDAP
Lightweight Directory Access Protocol: Protocol for reading and writing directories over an IP network
SASL
Simple authentication and security layer
SSH
Secure Shell: encrypted terminal communication replaces telnet and FTP
DNS
Domain Name System: Easy to poison a DNS
SNMPv3
Simple network management protocol version 3: Has encrypted data, verifies the source
DHCP
Dynamic Host configuration protocol: This assigns IP addresses to the devices on the network, no secure version of this
NAT
Network Address Translation
Stateless Firewall
Not secure! Does not keep track of traffic flows, each packet is individually examined, this needs two separate rules, one for outside to inside and another from inside to outside
Stateful Firewall
Much more secure! They remember the state of the session, only need a single rule. everything within a valid flow is allowed
UTM
Unified threat management device: Web security gateway, spam filter, malware inspection etc.
NGFW
Next generation firewall: Every packet must be analyzed and categorized before a security decision is made
WAF
Web application firewall: Applies rules to HTTP/HTTPS conversations This is used with the PCI DSS (payment card industry data security standard)
Passive footprinting
Gather information that will not be seen by the victim. Needs to happen over open source. Can do this through social media, web site etc.
Wardriving/warflying
Combine wifi monitoring and a GPS, search from a car, plane or drone.
Active footprinting
Actively sending info into the network to gain more information. ping scans, port scans etc.
Malicious actor
a person you are trying to protect your data from
APT
Advanced persistent threat
Nation State
These are governments, commonly an APT
hacktivist
often associated to a social or political agenda, specific hacks, no financial gain
organized crime
motivated by money, very sophisticated
Order of volatility
How long does data stick around: Most volatile - Least: CPU, Memory, temporary file systems, Disk, Remote logging, Network topology, archive media
RAM
Random access memory: Changes constantly, memory dump; grab everything in the RAM
Swap
An area of the storage device to store RAM when memory is depleted
snapshot
original image is the full backup, each snapshot is incremented from the last
cache
A temporary storage area and is designed to speed up performance of an OS
Embedded systems
hardware and software designed for a specific function
SoC
System on a chip: multiple components running on a single chip, difficult to upgrade hardware
FPGA
Field programmable gate array: An integrated circuit that can be configured after manufacturing, common on routers and firewalls
SCADA/ICS
Supervisory control and data acquisition system: Large scale, multi site industrial control system. Often found within manufacturing, not connected to the internet
VOIP
Voice over internet protocol: Each device is a computer
MFD
Multifunction devices: everything you need in one single device (example a printer)
RTOS
Real time operating system: designed to work on a specific schedule, no time to wait for other processes (example automobiles) no security in place usually
CIS
Center for internet security: Used to Design to improve the security posture in your organization and has 20 different controls
NIST CSF
Cybersecurity framework: Used for commercial cyber framework. 1. Framework core, framework implemetation tiers and framework profile
ISO/IEC 27001
Standard for information security management systems
ISO/IEC 27002
Code of practice for security controls
ISO/IEC 27701
Privacy information management systems
ISO 31000
International standards for risk management practices
SSAE SOC 2 Type I/II
These are for the auditing of accounting. SOC2 is the audit documentation
Type I audit
Tests controls in place at a particular time
Type II audit
Tests controls over a period of at least six months
CSA
Cloud security alliance: not for profit organization for cloud security controls
CCM
Cloud control matrix: Cloud specific security controls
PII
Personally identifiable information: Credit card info, social security numbers etc
Containment
Every application is running on its own sandbox and is running independently
SOAR
Security orchestration, automation and response: Integrate third party tools and data sources
runbooks
Linear checklist of steps to perform step by step approach to automation
playbook
Conditional steps to follow, a broad process lots of steps in one
Federation
Allow someone to authenticate to your network using credentials that are stored by a third party.
Attestation
This proves the hardware is really yours.
SMS
Short message service: Login can be sent via SMS to a phone number to provide username and password
TOTP
Time based one time password algorithm: The random number for login will be available for a certain amount of time and then after that time the number will change.
HOTP
HMAC based one time password algorithm: A number you would use one time to authenticate and never use that number again.
EAP
Extensible authentication protocol: A standard framework for authentication usually integrates with 802.1x
802.1x
Port based network access control used with RADIUS, LDAP etc.
Supplicant
This is the client that is connecting to the network
Authenticator
This is the device that provides access to the network
Authentication Server
this validates the username and password
EAP-FAST
EAP flexible authentication via secure tunneling: Authentication server and supplicant are able to transfer info over a secure tunnel
PAC
Protected access credential: Supplicant receives the shared secret
PEAP
Protected extensible authentication protocol: This uses TLS tunnel to share information using a digital certificate and is only on the server.
MSCHAPv2
Microsoft challenge handshake authentication protocol
GTC
Generic token card
EAP-TLS
Transport Layer Security: Strong security, requires digital certificates on all devices. TLS tunnel is built after the certificates are done
EAP-TTLS
Tunneled transport layer security: can tunnel other protocols within a TLS tunnel. Only needs a single digital certificate
RADIUS Federation
Members of one organization can authenticate to the network of another organization, uses 802.1x to authenticate
CASB
Cloud access security broker: Help enforce security policies that were already created. Operates on; visibility, compliance, threat prevention and data security
Application configurations
This is the most common security concern with the cloud
SWG
Next-Gen secure web gateway: Provides security with all users across all devices in any location. Can allow or deny certain activities
non-credentialed scan
The scanner cannot login to the remote device
CVE
Common vulnerabilities and exposures
CVSS
Common vulnerability scoring system
nmap
This is a port scanner to see open and closed ports
FDE
Full Disk encryption: Encrypt everything on the drive
SED
Self encrypting drive: Hardware based full disk encryption, no OS software needed
MAC
Mandatory Access Control: Requires you to have separate security clearance levels and assign documents and users to those clearances
DAC
Discretionary access control: You create an object and you assign rights and permissions to it
RBAC
Role Based Access Control: You have rights and permissions based on the role you have
ABAC
Attribute Based access control: Access may be granted based on many different criteria
Rule Based Access control
The System admin makes the rules for all the users.
PAM
Privileged access management: A centralized way to manage access for admins
Traceroute
A tool to determine the route a packet takes to a destination. Windows use ICMP echo requests. Linux allows you to specify the protocol used
nslookup
This is a tool to determine the ip addresses on the network
dig
domain information groper: More advanced version of nslookup
ipconfig
This will determine the ip configuration of devices
pathping
combines ping and traceroute, will run a traceroute to an ip address to determine what routes may be between your device and the device your pinging.
netstat
showing us what ip addresses are communicating to our device and what ip addresses our device is connecting to.
arp
address resolution protocol: determines mac addresses based on the current ip address
COPE
Corporate owned, personally enabled: Used as both a corporate and personal device, everything is controlled by the organization
VDI/VMI
Virtual desktop infrastructure: The apps are separated from the mobile device, the data is separated
Preventive control
examples are locks and security guards
Detective control
identifies the intrusion but does not stop it
Corrective control
similar to an IPS
RADIUS
Remote authentication dial in service: This is an authentication protocol
TACACS
Terminal access controller: Remote authentication protocol usually with CISCO
Kerboros
A type of authentication system that uses single sign on. the client and server authenticate, usually used with microsoft
VPN Concentrator
the device that encrypts data and sending it out on the network and then decrypting anything it receives
HTML5 VPNs
Hypertext markup language version 5 supports API interfaces and web cryptography
Full tunnel
everything that is being transmitted by the remote user is sent to the vpn concentrator on the other side and determines where that data goes
Split tunnel
some info from the user can go through the tunnel and other info does not have to go through the tunnel
L2TP
Layer 2 tunneling protocol: Site to site VPN’s use this. These are commonly uses with IPsec networks
IPsec
Internet protocol security: Security for OSI layer 3, connecting site to site communication uses this. Commonly used for the internet.
Tunnel mode
this will protect the ip info and the data. both are encrypted with ipsec
AH
authentication header: Hash of the packet and a shared key and SHA-2 is commonly used
ESP
Encapsulation security payload: Most ipsec uses this, this encrypts and authenticates the tunneling data using SHA-2 and AES for encryption
Jump server
Allows us to access internal devices by a private connection on the inside.
HSM
Hardware security module: A server to manage and control keys within your environment.
ARO
Annual rate of occurrence: Describes the likelyhood of an event occuring
SLE
Single loss expectancy: How much money will we loose for an event occuring
ALE
Annualized loss expectancy: ARO x SLE
Transit gateway
This is essentially a router within the cloud where all the virtual private clouds can connect to.
elasticity
the process of providing resources when demand increases and
scaling down when the demand is low.
jump server
jump server is a highly secured device commonly used to access secure
areas of another network.
UPS
Uninterruptable power supply: can provide backup power
when the main power source is unavailable
Incident Response
PICERL: Preperation, identification, containment, eradication, recovery and lessons learned
Key Escrow
Safely storing private keys