Things from their flashcards would like to recap
What is an airgap?
An air gap in cybersecurity is a network security measure that physically isolates a computer or network from unsecured networks, like the internet, to enhance security.
This “gap” prevents direct or indirect communication between the protected system and external networks, reducing the risk of cyber threats like malware or unauthorized access.
What does CSP stand for
Cloud Service Provider
What does the term allow list mean?
Apps, systems or networks that are in scope and should be tested
What are the portions of a network packet?
A network packet is typically divided into three main portions: the header, the payload, and the trailer.
The header contains information about the packet, such as source and destination addresses, while the payload is the actual data being transmitted. The trailer provides information about the end of the packet.
what is an xml injection
when a user enters values in an xml query that takes advantage of security loopholes
what does NIST stand for
National Institute of Standards and Technology
what does SASE stand for
Secure Access Service Edge
Secure Access Service Edge (SASE) is a network architecture that consolidates network connectivity and security functions into a single, cloud-delivered platform. It combines Wide Area Networking (WAN) capabilities with security services like Secure Web Gateways (SWG), Cloud Access Security Brokers (CASB), Firewalls as a Service (FWaaS), and Zero Trust Network Access (ZTNA). This approach moves security controls to the cloud edge, making it easier to manage and secure remote users, devices, and applications.
ECDHE
Elliptic Curve Diffe Hellman Ephemeral
is a key exchange algorithm that allows two parties to establish a shared secret over an insecure channel using Elliptic Curve Cryptography (ECC). The “ephemeral” part refers to the fact that the keys used in the exchange are temporary and discarded after use, enhancing security.
What is PFS
Perfect Forward Secrecy (PFS) is a cryptographic technique that ensures even if an attacker compromises a long-term secret key (like a server’s private key), they cannot decrypt past communications. It does this by using ephemeral session keys that are generated separately for each session.
PFS is widely used in protocols like SSL/TLS (Transport Layer Security) to protect web traffic and other secure communications.
What is an allow list
An allow list, also known as a whitelist, is a curated list of entities (like email addresses, IP addresses, or applications) that are explicitly granted permission to access or interact with a system, network, or service. It operates on the principle of “allow everything by default and block everything that isn’t explicitly allowed”. This approach helps enhance security by limiting access to only trusted source
What are the IPSec modes
IPsec has two main operational modes: Transport Mode and Tunnel Mode. Transport Mode primarily secures data within the packet payload, while Tunnel Mode encrypts and authenticates the entire packet, including the IP header.
What is a hyper visor
A hypervisor is software that allows multiple operating systems (OS) to run on a single physical machine, each in its own virtual machine (VM). It acts as a virtual machine monitor (VMM), managing the allocation of physical resources like CPU, memory, and storage to these VMs.
What is UDP
UDP, or User Datagram Protocol, is a transport layer protocol used for sending data over a network. Unlike TCP, UDP is a connectionless protocol, meaning it doesn’t require a handshake to establish a connection before sending data. UDP is faster and more efficient than TCP, but it’s also less reliable because it doesn’t guarantee data delivery or order.
What is DMARC
DMARC stands for Domain-based Message Authentication, Reporting, and Conformance. It’s an email authentication protocol that helps to protect email senders and recipients from spoofing and phishing attacks by verifying the sender’s identity. DMARC builds on the existing SPF and DKIM protocols to provide a more robust email authentication system.
What is spf
In cybersecurity, SPF stands for Sender Policy Framework, an email authentication protocol that helps prevent email spoofing. It allows domain owners to specify which servers are authorized to send emails on their behalf. By verifying if an email comes from an authorized source, SPF helps ensure that legitimate emails are delivered and reduces the risk of phishing and spam.
What is the difference between RADIUS and TACACS+
RADIUS and TACACS+ are both Authentication, Authorization, and Accounting (AAA) protocols, but they differ in their primary use cases. RADIUS is mainly used for user authentication and network access, while TACACS+ is primarily used for managing access to network devices. TACACS+ offers stronger security through packet encryption and more granular authorization control.
What does IR stand for
Incident response
