Vocab Flashcards
AAA server
Used to establish secure access in a remote access vpn network
ANT
Wireless sensor protocol that enables communication between sensors and their controllers.
Access control
Selective restriction of access to an asset or a system/network resource
Access point
Used to connect devices to a wireless/wired network
Accounting
Method of keeping track of user actions on the network.
Admin Security controls
Management limitations, operational and accountability procedures, and other controls that ensure the security of an organization.
AES(advanced encryption standard)
National institute of standards and technology (NIST) specification for the encryption of electronic data.
Alert systems
Sends an alert message when any anomaly or misuse is detected.
Alarm system
Draw attention when a breach occurs or an attempt is made at a breach
Alert
A graduated event that notifies that a particular event(or series of) has reached a set threshold and requires action.
Anomaly detection
Detects intrusions based on fixed behavioral characteristics, of users and components within the system.
Anonymous proxy
Does not transfer info about the IP address of it’s user, hiding info about said user and their history.
Antenna
Converts between radio waves and electricity.
Anything as a service(XaaS)
Cloud and remote access service that offers anything as a service based on the demands of the user.
Application Containers
Used to run a single service. Posses layered file systems and are built on top of OS container technologies.
Application level gateway
Can filter packets at the application layer of the OSI model.
Application Proxy
Application-level proxy that works as a proxy server and filters connections for specific services.
Association
Process of connecting a wireless device to an AP
Asymmetric Encryption
Used two separate keys to carry of encryption and decryption.
Audit Trials
Set of records that provide documentary evidence of a systems activity.
Authentication
Ensures the identity of an individual is verified by the system or service.
Authorization
Process of providing permission to access the resources or perform an action on the network.
Availability
Ensures info is available to authorized parties without any disruption
Banwidth
The amount of info that can be broadcast over a connection
Basic Service Set Identifier(BSSID)
Media access control (MAC) address of an access point(AP) or base station that has set up a basic service Set(BSS).
Bastion Host
A computer system designed and configured to protect network resources from attacks.
Behavior-based IDS
Behavior based intrusion detection techniques assume an intrusion can be detected by observing a deviation from normal or expected behavior of the system of users.
Biometric Authentication
A technology which identifies human characteristics for authenticating people
Biometrics
An advanced and unique security technology that utilizes an individual’s physical attributes such as fingerprint, iris, face, voice, and behavior for verifying their identity.
Bluetooth
With this tech data is transfered between cell phones, computers, and other networking devices over short distances.
Bollards
A short vertical post that controls and restricts motor vehicles.
Bring your own device(BYOD)
A policy that allows employees to bring their devices such as laptops, smartphones, and tablets to the workplace.
Business critical data
Info that contains critical data to business operations.
5G Cellular Communication
A broadband cellular network that operates at high bandwidth with low latency and provides high-speed data downloads.
CCMP
An encryption protocol used in WPA2 for stronger encryption and authentication.
Cellular Communication
Communication based on a single network tower that services devices located within it’s radius.
Centralized Authorization
A single database for authorizing all the network resources or applications
Centralized IDS
In an centralized system, the data is gathered from different sites to a centralized one
Certification authorities(CA)
Trusted entities that issue digital certificates
Choose Your Own Device(CYOD)
A policy where employees select their device of choice from a pre-approved list, to access company data according to the chosen access privilege of the organization
Ciphers
An algorithm for performing encryption and decryption
Circuit level gateway
Work at the session layer of the OSI model, or the TCP layer of TCP/IP.
Client to client(Remote access) VPNs
Allow multiple hosts or clients to establish secure connections to a companies network over the internet
Cloud auditor
A party that performs an independent examination of cloud service controls to express an opinion
Cloud Broker
An entity that manages cloud services in terms of use, performance, and delivery, while maintaining the relationship between cloud providers and consumers
Cloud carrier
An intermediary that provides connectivity and transport services between CSPs and cloud consumers
Cloud computing
An on-demand delivery of IT capabilities where IT infrastructure and applications are provided to subscribers as a metered service over a network
Cloud consumer
Person or organization that uses cloud computing services
Cloud data backup
Storing backup data on storage provided by an online backup provider
Cloud layer
Servers hosted in the cloud accept, store and process the sensor data received from IoT gateways
Cloud platform
A person or organization providing services to interested parties via network access.
Cloud storage
A data storage medium used to store digital data in logistical pools using a network
Cloud to cloud (back end data sharing) communication model
Extends the device to cloud communication type such that the data from IoT devices can be accessed by authorized users
Combination locks
It has a combination of numbers and letters, that the user must use to open the lock.
Command console
Provides a user interface to the administrator for the purpose of receiving and analyzing security events, alerts, and log files.
Communication layer
(connectivity edge computing) the components of communication protocols and networks used for connectivity and edge computing.
Community cloud
Shared infrastructure shared between several organizations from a specific community with common concerns.
Company owned, Business only(COBO)
Refers to a policy that allows employees to use and manage the devices purchased by the organization but restrict the use of the device for business use only.
Compensating controls
Used as an alternative control when the intended control fails or is unavailable
Computer fraud and abuse act
Whoever access es a computer without authorization or exceeds authorized access, and thereby obtains information from any protected computer, and if the conduct involves an interstate or foreign communication, shall be punished under the act
Confidentiality
Ensures the info is not disclosed to any unauthorized persons.
Container
Refers to the virtualization based on the operating system, in which the kernels operating system is functionally replicated on multiple instances of isolated user space
Container as a service
A cloud computing model that provides containers and clusters as a service to it’s subscribers
Containerization
A technique in which all personal and organizational data are segregated on a employees mobile device.
Context aware authentication
A type of enhanced security technique that uses the contextual information of a user for enhancing data security decisions.
Contraband
Materials banned from entering the environment
Corporate owned, personally enabled(COPE)
Refers to a policy that enables employees to use and manage devices purchased by the organization.
Cross-container attacks
Gaining access to a container and utilizing it to attack other containers of the same host or within the local network.
Cryptography
The practice of concealing info by converting it from plain text (readable format) into cyphertext (unreadable format) using a key or encryption scheme.
Data access control
Enables authentication and authorization of users access to data.
Data backup strategy
An ideal back up strategy involves steps ranging from selecting the right data to conducting a test data restoration drill.
Data backup
The process of making backup data of critical data such as physical and computer records.
Data destruction
Involves destroying the data so that it cannot be recovered and used for the wrong motive.
Data encryption standard(DES)
Designed to encipher and decipher blocks of data consisting of 64bits under control of a 56 bit key.
Data encryption
Protecting information so that it becomes unreadable for an unauthorized party
Data loss prevention(DPL)
A set of software products and processes that do not allow users to send confidential corporate data outside of the organization.
Data masking
Protecting information by obscuring specific areas of data with random characters or codes.
Data protection act of 2018(DPA)
An act to make provision for the regulation of the processing of information relating to individuals
Data resilience and backup
Making duplicates of critical data to be used for restoring and recovering purposes
Data retention
Securing data securly for compliance or business requirements
Data security
Involves the application of several security protocols to prevent any (un)intentional acts of data misuse, destruction, or modification.
Database honey pots
Employ fake databases that are vulnerable to perform database related attacks such as SQL injection and database enumeration
Decentralized authorization
Maintains a separate database for each resource
Demilitarized zone(DMZ)
A subnetwork is placed between the organizations private network such as a lan, and an outside network like the internet, and acts as another security layer.
Denial of service traffic signatures
Traffic containing certain traffic signatures that indicate a DoS attempt that floods a server with a large number of requests.
Detection controls
Used to detect unauthorized access attempts
Deterrence controls
Used to discourage the violation of security policies
Device layer
Layer of IoT that consists of hardware
Device to cloud communication
Devices communicate with the cloud directly, rather than communicating with a client to send or receive data commands.
Device to device communication
Inter connected devices interact with each other through the internet, but they predominantly use protocols such as ZigBee, zwave or bluetooth
Device to gateway communication
The IoT device communicates with an intermediate device called a gateway, which in turn communicates with a cloud device.
Differential data backup
All the data that has been changed since the last backup is copied over to the backup data.
Digital certificates
Allow a secure exchange of info between a sender and a reciever
Digital locks
Use fingerprint, smartcard, or pin on a keypad to unlock
Digital signature algorithm(DSA)
A federal information processing standard(FIPS) for digital signatures.
Digital Signature
Use of the asymmetric key algorithms to provide data integrity.
Dipole antenna
A straight electrical conductor measuring half a wavelength from end to end, and it is connected at the center of the radio frequency (RF) feed line.
Direct-sequence spread spectrum
DSSS is a spread spectrum technique that multiplies the original data signature with a pseudo random noise spreading code.
Directional antenna
Can broadcast and receive radio waves from a single direction.
Discretionary access control(DAC)
Determines the access control taken by any processor of an object in order to decide the access control of an subject on that object.
Disk encryption
Encryption of data stored in a physical or logical disk.
Distributed IDS
A distributed intrusion detection system (dIDS) consists of multiple IDSs over a large network.
Docker Networking
This type of networking architecture is developed on a set of interfaces known as container network model (CNM). Which provides application portability across heterogeneous infastuctures.
Docker Registry Attacks
Gaining access to the docker Registry.
Docker
An open source technology used for developing, packaging, and running applications and all it’s dependencies in the form of containers, to ensure that the application works in a seamless environment.
Duel Firewall DMZ
The duel Firewall approach uses two firewalls to create a DMZ
EAP
The extensible authentication protocol(EAP) supports multiple authentication methods, such as token cards, kerberos and certificates.
Fabric virtualization
This level of virtualization makes the virtualization independent of the physical computer hardware.
EDGE
The EDGE is the main physical device in the IoT ecosystem that interacts with it’s surroundings and contains various components like sensors, actuators, operating systems, hardware and network, and communication capabilities.
Face recognition
Compares and identifies a person on the basis of the facial features from an image or a video source.
Electric/Electro magnetic Locks
A locking mechanism that operates on an electrical current.
False-Negative (Attack -No Alert)
A condition that occurs when an IDS fails to react to an attack event.
Electromagnetic interface(EMI)
Occurs when an electronic device’s performance is interrupted or degraded due to electromagnetic radiation or conduction.
False positive (No attack- alert)
Occurs if an event triggers an alarm without an actual attack occuring.
Email honeypots
Also known as email traps. These are fake emails designed to attract fake and malicious emails from advertiser’s.
Fences/Electric Fences/Metal Rails
General marks of a restricted area, controlled areas and prevent unwanted access.
Encapsulation
The method in which protocols have separate functions to communicate among each other by hiding the data.
File system virtualization
Refers to virtualization at the layer where the filing system is present.
Encryption
The practice of concealing information by converting a plain text(readable format) into a cypher text (unreadable format) using a key or encryption scheme.
File level encryption
Encryption of data stored in files/folders.
Endpoint
This connects a sandbox to a network and abstracts the actual network from the application.
Fingerprint scanning
Compares two fingerprints for verification and identification on the basis of the patterns on the finger.
Enterprise information security policy
EISP drives an organizations scope and provides direction is there security policies.
Firewall
A software or, hardware or combination of both, which is generally used to separate a protected network from an unprotected public network.
Enterprise Mobility Management(EMM)
Consists of tools and technologies used in an organization to secure the data in an employees personal BYOD and organizational devices
Freedom of information act (FOIA)
Provided the general public the right to request access to record from any federal agency.
Explicit Authorization
Maintains separate authorization details for each requested resource request.
Frequency hopping spread spectrum (FHSS)
Also known as frequency hopping code division multiple access(FH-CDMA), a method of transmitting radio signals by rapidly switching a carrier among many frequency channels.
Full Data Backup
This is also called a normal backup. It copies all files and compresses them to save space.
Full device encription
A security feature that can encrypt all the information stored on any storage medium within a mobile device.
Full mesh VPN topology
In a fully meshed VPN network, all peers can communicate, with each other, making it a complex network.
Full virtualization network
In this type of virtualization, the guest OS is not aware that it is running a virtualized environment.
Function as a service (FaaS)
This cloud computing service provides a platform for developing, running, and managing application functionalities without the complexity of building and maintaining necessary infastucture.
General Data Protection Regulation (GDPR)
Levies harsh fines against those who violate it’s privacy and security standards, with penalties reaching tens of millions of euros.
Hardware Firewalls
A dedicated stand-alone hardware device or it comes as part of a router
IDE
Integrated device electronics(IDE) allows the connection of two devices per channel. It is normally used for internal devices as the cables are large and flat.
Geofencing
A technique through which mobile application marketers use the location of the user to gather info.
Hardware VPNs
A dedicated hardware VPN application is used to connect routers and gateways to ensure communication over an insecure channel.
IPser server
Enhances VPN security through the use of strong encryption algorithms and authentication.
Geolocation
A technology that can identify the real-world geographical location of users or devices when connected to the internet.
Hash-based message Authentication Code(HMAC)
A type of message identification code(MAC) that uses a cryptographic key along with a cryptographic hash function.
ISM band
Set of frequencies for the international industrial, scientific, and medical community’s.
Global positioning system (GPS)
A radio navigation and positioning system based on satellite communication
Health insurance portability and accountability act(HIPAA)
Provides federal protections for the individually identifyable health information held by covered entities and their business associates and gives patients an array of rights to that information.
Identity and Access Management (IAM)
Responsible for providing the right individual with the right information at the right time.
Global System for Mobile Communication (GSM)
A universal system used for Mobile data transmission in wireless networks worldwide.
High-Interaction Honeypots
Do not emulate anything; they run actual vulnerable services or software on production systems with real OS and applications
Identity-as-a-Service (IdaaS)
This cloud computing service offers authentication services to the subscribed enterprises and is managed by a third party vendor to provide identity and Access Management services.
Government Access to Keys (GAK)
Refers to the statuory obligation of individuals and organizations to disclose their cryptographic keys to the government agencies.
Honeynets
Networks of honeypots. They are very effective in determining the entire capabilities of adversaries.
Implicit Authentication
Provides access to resources indirectly
Gramm-leach-Bliley Act (GLBA)
A united states federal law that requires financial institutions to explain how they share and protect their customers private information.
Honey pot
An informational system resource that is expressly set up to attract people who attempt to penetrate a organization’s network.
Incremental data backup
Only files that have been changed or created after the last backup are copied to the backup media
Guest Machine
Independent instance of an operating system created by virtual machine monitor.
Host Intrusion Detection Systems (HIDS)
Installed on a specific host in order to monitor, detect, and analyze events occurring on that host.
Information assurance (IA) Principles
Act as enablers for an organizations security activities to protect and defend it’s network from security attacks.
Host Machine
Real physical machine that provide computing resources to support virtual machines.
Informational traffic signature
Traffic containing certain signatures that may be suspicious but might not be malicious.
Host based firewalls
Used to filter inbound/outbound traffic of a computer on which it is installed.
Infrared (IR)
A wireless technology for transferring data between devices in the digital form within a short range of up to 5 m.
Host backup (online)
Also called a dynamic backup or active backup. In a hot backup, the system continues to perform the backup even when the user is using the system.
Infrastructure Network Topology
Devices inside a wireless network are connected through an AP.
Hotspot
Places where wireless networks are available for public use.
Infrastructure-as-a-service (IaaS)
Provides virtual machines and other abstract hardware and operating systems which may be controlled through a service API.