General Security Concepts Flashcards
(256 cards)
1
Q
CIA Triad
A
Confidentiality, Integrity, and Availability
2
Q
DAD Triade
A
Disclosure, Alteration, and Destruction
3
Q
AAA
A
Authentication, Authorization, Accounting/Auditing
4
Q
MSSP
A
Managed Security Service Provider. Offers network security services to an organization. It’s third party that can alleviate the strain on IT teams, and saves the organization time to expand and support operations.
5
Q
Saas
A
Software as a service. A cloud based software delivery model that allows users to access software applications over the internet. Ex: Dropbox, Google Workspace, and Salesforce.
6
Q
Iaas
A
Infrastructure as a service. A type of cloud computing service that offers essential compute, storage, and networking resources on demand also a pay as you go basis.
7
Q
Paas
A
Platform as a service. A complete development and deployment environment in the cloud, with resources that enable you to deliver everything from cloud based apps to sophisticated, cloud-enabled enterprise application.
8
Q
Daas
A
Desktop as a service. Provides a fully virtualized desktop environment from within a cloud-based service. (Virtualized desktop Infrastructure)
9
Q
AES
A
Advanced Encryption Standard. A specification for the encryption of electronic data, and was established by the National Institute of Standards and Technology (NIST) in 2001. Blocker cipher. It is Symmetric.
10
Q
Diffie-Hellman
A
Key exchange between two parties usually between VPNs, over a public channel to establish a mutual secret without it being transmitted over the internet. It enables the two to use public key to encrypt and decrypt their conversations or data using symmetric cryptography.
11
Q
RSA
A
One of the first public key cryptosystems and used for data transmission. Asymmetric algorithm.
12
Q
DSA
A
Asymmetric cryptographic algorithm.
13
Q
ECC
A
Asymmetric cryptographic algorithm
14
Q
Blowfish
A
A variable length that is symmetric, a 64 bit block cipher. General purpose algorithm. It was made to be used to provide a fast, and free drop in alternative to the DES data encryption standard and international encryption algorithm. IDEA
15
Q
RCA
A
A form of stream cipher. It encrypts messages one byte at a time from an algorithm. Also a symmetric algorithm.
16
Q
Incremental Backup Approach
A
Used when the amount of data has to be protected is too extensive to do a complete backup of that data everyday. Only backing up changed data. Incremental backups save restore time and disk space.
17
Q
SQL Injection
A
Cyberattack that injects malicious (sql) code into an application allow the attacker to view or modify a database. One of the web application most serious attacks.
18
Q
Web Application
A
Software that runs your software.
19
Q
FTK Imager
A
Can create perfect copies for forensic images of computer data without making changes to the original evidence.
20
Q
Memdump
A
Used to collect content within the RAM on a given host.
21
Q
Autopsy
A
Used to collect, open source forensic tool suite.
22
Q
Zero Day Vulnerability
A
In a software unpatched by the developer on an attack that exploits such a vulnerability.
23
Q
ADT
A
Advanced persistent threat is a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time. Intends to steal data rather than to cause damage to the network or organization.
24
Q
Spear Fishing
A
Fraudulent practice of sending emails ostensibly from a known or trusted sender to induce targeted individuals to reveal confidential information.
25
Worm
Malware computer program that replicates itself to spread to other computers. Usually, it uses a computer network to spread itself, relying on security failures on the target computer to access it.
26
Pharming
A type of social engineering attack that redirects a request for a website, typically an e-commerce site.
27
Spimming
A type of spam targeting users of instant messaging (IM) services, SMS, or privates messages within websites and social media.
28
Firewall
Computer network security system that restricts internet traffic within a private network. Three types: Hardware, software, and cloud.
29
Database Server
Networked computers dedicated to database storage and data retrieval from the database. Database server is a key component in a client/server computing environment.
30
Operating System (OS)
When loaded, the program into the computer by a boot program, manages all of the other application programs in a computer.
31
WEP (Wired Equivalent Privacy)
Oldest most common Wi-Fi security protocol.
32
WPA2 (WiFi protected access 2)
It is an encrypted security protocol that protects internet traffic on wireless networks. It catches flaws and offers more powerful encryption.
33
WPS (Wi-Fi protected setup)
A router with WPS can allow any device to automatically connect to your router when the WPS button is pressed.
34
SSID
Displays the name of your network in the available networks when nearby users try to connect their wireless devices.
35
Directory Traversal
Web security vulnerability that allows an attacker to read arbitrary files on the server that is running an application. May include application code and data, credentials for back-end systems, and sensitive operating system files.
36
XML Injection
An injection attack technique used to manipulate or compromise the logic of an XML application document. It usually occurs when user-supplies input is not properly escaped or sanitized before being added to a web applications XML documents.
37
Password Spraying
When an attacker uses common passwords to attempt to access several accounts on one ddomain.
38
PKI (Public Key Infrastructure)
A system of processes, technologies, and policies that allows you to encrypt and sign data.
39
HTTPS Protocol
Port 443. The internet engineering task force (IFTF) recognizes the TCP port number 443 as the default HTTPS protocol. It provides an encryption algorithm for exchanging information between web servers and browsers. It works by securing network traffic packets before the data transmission occurs.
40
Port Scan Targeting
Common technique hackers use to discover open doors or weak points in a weak point in a network. Helps cyber criminals if they are sending or receiving data. It can also show if firewalls are being used by an organization.
41
Denial of Service Attack (DoS)
Attack that is meant to shut down a machine or make it inaccessible to its intended users.
42
MAC address filtering
Allows you to block traffic from coming from certain known machine devices. Traffic coming in from a specified MAC address will be filtered depending on the policy.
43
WPA
Key password that you use to connect to a wireless network. You can get the WPA password from whoever runs the network.
44
WPA 2
Uses a dynamic key encryption, so it regularly changes the key to make it more difficult to crack.
45
Session Hijacking
The exploitation of the web session control mechanism.
46
Social Engineering Attack
Manipulating, influencing, or deceiving a victim in order to gain control over a computer system, or to steal personal/financial info. It also uses psychological manipulation to trick users.
47
Privilege Escalation
Cyber attack to gain unauthorized access into a system.
48
ARP Poisoning (Address Resolution Protocol)
A form of spoofing attack that hackers use to intercept data. A hacker usually does this by tricking one device into sending messages to the hacker instead of the original recipient.
49
Cross-site scripting (XSS)
An attack that an attacker injects malicious executable scripts into the code of a trusted application website. Usually attackers do this by sending a suspicious link hoping the user clicks on it.
50
On Path Attack
An aggressor that sits between two stations and can change data that is being sent across the organization. Can happen secretly.
51
Mission Essential Functions (MEFs)
The limited set of organizations functions that continue though or resume rapidly after a disturbance or regular operations. So important and crucial to planning..
52
Single point of Failure
Vulnerability that causes the whole system to fail.
53
Block Cipher
A method of encrypting data in blocks to produce ciphertext using a cryptographic key and algorithm. It processes fixed-size blocks simultaneously. A stream cipher, which encrypts data one at a time.
54
Hashing algorithm
A mathematical function that garbles data and makes it unreadable. One way programs so the text cannot be decoded by anyone.
55
CRC (Cyclical Redundancy Check)
A method to ensure data has not been altered after being sent through a communication channel. (Error detection)
56
Stream Cipher
An encryption algorithm that uses symmetric key to encrypt and decrypt a given amount of data.
57
Wildcard Certificate
A temporary character that is used as substitutes for one or multiple characters. (Secure domain hosts)
58
Why would a company want to use a wildcard certificate for their servers?
To reduce the certificate management burden. This saves money and reduces the management burden of managing more than on subdomain and will secure all of them at once.
59
SSL
An older technology your applications or browsers used to create a secure encrypted communication channel over any network, but because this is older and has some flaws, TLS is used now.
60
TLS (Transport Layer Security
Security protocol designed to facilitate privacy and data security for communications over the internet. Mainly used for encrypting the communication between web applications and servers, like web browsers and loading a website. It also fixes existing SSL vulnerabilities.
61
Data at Rest
Data that isnt being used anymore accessed. (Store data)
62
Data in transit
Data that is currently being transferred between locations over a private network or the internet. Data is more vulnerable at this time. It can be intercepted and modified.
63
MTTR (Mean time to respond)
On average, time it takes to recover from a product or system failure from the time when are first alerted to the specific failure.
64
RPO (Recovery Point Objective)
A period of time in which enterprises operations must be restored following a disruptive event.
65
RTO (Recovery Time Object)
The maximum tolerable length of time that a computer, system, or network or application can be down after a failure or disaster occurs.
66
MTBF (Mean time between failures)
Average time between repairable failures of a technology product. It's used to track availability and reliability of a product. It's used to track the availability and reliability of a product. The higher the time there is between failures, the more reliable the system is.
67
LDAP (Lightweight directory access protocol)
Helps users fine data about organizations, people, and more. The two main goals are to store data in the LDAP directory and authenticate users in the directory. **It is not shared authentication protocols. (OpenID, OAuth, and Facebook connect are all shared authentication protocols.
68
IMAP (Internet Message Access Protocol) Protocol for accessing email or bulletin board messages from a (Possibly shared) mail service. It allows client E-mail program to access remote message stores as if they are local.
Protocol for accessing email or bulletin board messages from a (Possibly shared) mail service. It allows client E-mail program to access remote message stores as if they are local.
69
MySQL
Protects sensitive data access by way of encryption. Some are Asymmetric Public Key Encryption/Decryption.
70
Botnet
Network of private computers infected with malicious software and controlled as a group w/out knowledge to send spam.
71
Trojan
Type of malware that downloads onto a computer disguised as a legitimate program,
72
Ransomware
Malicious software designed to block access to a computer system until a sum of money is paid.
73
Rootkit
A set of software tools that enable an unauthorized user to gain control of a computer system without being detected.
74
SYN Flood
A type of denial of service (DDoS)
75
Smurf Attack
DDoS attack in which an attacker attempts to flood a targeted server with internet control message protocol (ICMP) packets.
76
Ping Flood
A DDoS attack. A targeted device gets flooded which makes it inaccessible to normal traffic.
77
DAC (Discretionary Access Control)
A type of security access control that allows restriction of object access from an access policy determined by an objects owner group.
78
ABAC (Attribute based access control)
Authorization methodology that makes and enforces policies based on characteristics like, department, location, manager, and time of day.
79
TCP (Transmission control protocol)
Communications standard that enables application programs and computing devices to exchange messages over a network.
80
MECM (Microsoft Endpoint Configuration Manager)
Provides remote control, patch management, software distribution, operating system deployment, network access protection, and hardware and software inventory.
81
DevSecOps (Deployment security and operations)
Automates the integration of security at every phase of the software development lifecycle.
82
Tokenization
Replaces a sensitive data element. No essential or exploitable value or meaning.
83
Hypervisors (VMM/Virtual machine monitor)
Software that creates and runs machines. Allows one host computer to support multiple guest VMs by virtually sharing its resources, like memory and processing.
84
Spoofing
Used to inject the attacker into the conversation path between the two parties. Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source.
85
Brute Force Attack
An attacker submitting many passwords or passphrases with the hope of eventually guessing correctly.
86
Cain and Abel
A windows based password cracking tool that is effective against Microsoft operating systems. Hackers with this tool can recover the passwords from their target machines.
87
Nessus
Platform developed by Tenable that scans for security vulnerabilities in devices, applications, operating systems and cloud services and other network resources.
88
Familiarity
Social engineering technique that relies on assuming a known organizations persona.
89
RSA
Public key cryptography widely used for data encryption of e-mail and other digital transactions over the internet.
90
3DES (Triple Encryption Standard)
Cryptography where block cipher algorithms are applied three times to each data block.
90
91
SAH-256 (Secure Hash Algorithm)
Widely used cryptographic algorithm that produces a fixed length. It's to create a unique digital fingerprint of a piece of data like a message or file.
92
1701 Port Used for L2TP (Layer Two Tunneling Protocol)
An extension of the point to point Tunneling Protocol. Usually used with IPSec to establish a Virtual Private Network (VPN).
93
3389 Port
Allows users to connect remote computers. (RDP) Remote Desktop Protocol.
93
88 Port
Standard port for kerberos authentication. Outbound connections from your storage system.
94
389 Port
Used for (LDAP) directory, replication, user and computer authentication, group policy and trusts.
94
Deterrent
May not control or may not physically or logically prevent access.
95
BYOD (Bring your own device)
People an bring their own devices to the corporate network, and their devices may contain vulnerabilities that could be allowed to roam free on a corporate network.
96
COPE (Company owned/personally enabled)
Company that provides the users with a smartphone primarily for work use, but functions like voice calls, messaging and personal applications are allowed, with some controls on usage and flexibility.
97
CYOD
User can choose which device they wish to use from a small selection of devices approved by the company.
98
MDM (Mobile Device Management)
Gives centralized cover COPE.
99
Zero-Day-Attack
Attack that exploits a potentially serious software security weakness that the vendor or developer may be unaware of.
100
Passive Gathering
Gathers open-source or publicly available information without the organization under investigation being aware that the information is being accessed.
101
Active Information Gathering
Starts to probe the organizations using DNS Enumeration, port scanning, OS fingerprinting techniques.
102
Vulnerability Assessments
Form of active information gathering.
103
Information Reporting
Occurs after the penetration test is complete and involved writing a final report with the results, vulnerabilities, and lessons learned during the assessment.
104
Information Reporting
Occurs after the penetration test is complete and involved writing a final report with the results, vulnerabilities, lessons learned during the assessment.
105
Reverse Proxy
Used for directing traffic to internal services if the contents of the traffic comply with policy.
106
MD-5
Creates a 128-bit fixed output
107
SHA-1
Creates a 160 bit fixed output
108
SHA-2
Creates a 256 bit fixed output
109
RIPEMD
Creates a 160 bit fixed output
110
SSO (Single sign on)
Authentication process that allows users multiple applications with one set of login credentials.
111
Permission Propagation
Technician sets permissions on a folder on a drive, and the folder under that folder properties apply those permissions to all of the folder under that folder tree.
112
RADIUS (Remote Authentication In User Service)
A networking protocol that authorizes and authenticates users with remote networks.
113
Kerberos
System or router that provides a gateway between users and the internet. Helps prevent cyber attacks from entering a private network. Uses a system of tickets to allow nodes to communicate over a non-secure network and securely prove their identity. A protocol.
114
PCI-DSS (Payment Card Industry Data Security Standard)
Applies to companies of any size that accept credit card payments. If your company intends to accept credit card payment and store process, and transit cardholder data, you need to securely host your data and follow PCI compliance requirements.
115
GDPR (The General Data Protection Plan)
Creates provisions and requirements protect the personal data European Union.
116
PII (Personally Identifiable Information)
Used to identify, contact, or locate and individual
117
PHI (Protected Health Information)
Refers to medical and insurance records, and associated hospital and lab test results.
118
Defense in Depth
Layering various network appliances and configurations to create more secure and defensible architecture.
119
Network Segmentation
Dividing networks
120
Load Balancer
Used to distribute network or application traffic across servers.
121
ISA (Interconnection Security Agreement)
Used by any federal agency interconnecting its IT system to a third party.
122
SLA (Service Level Agreement)
Contractual agreement that sets out the detailed terms under which service is provided.
123
DSUA (Data Sharing and Use Agreement)
Specify how a database can be analyzed and proscribe the use of re-identification techniques.
124
UTM (Unified Threat Management)
Multiple Security features or services are combined into a single device for your network.
125
White Team
Acts and judges, enforces rules, observes, and scores. Resolves issues.
126
Purple Team
Gets both teams to come together and work together.
127
Diamond Model of Intrusion Analysis
A great methodology for communicating cyber events and allowing analysts to derive mitigation strategies implicitly. Made around graphical representation of an attacker's behavior.
128
MITRE ATTACK Framework
Gives explicit psuedo-code examples for detecting mitigating a given threat within a network and ties specific behaviors back to individual actors.
129
Lockheed Martin Cyber Kill Chain
Provides a general life cycle description of how attacks occur but does not deal with the specific of how to mitigate them,
130
OPEN IOC
Depth of research on APTs but does not integrate that detection and mitigation strategy.
131
Zombie
Computer connected to the internet that has been compromised by a hacker, computer virus, or trojan horse program and can be used to perform malicious tasks of one sort or another under remote direction.
132
Bugs
Error, flaw, or fault in an application. Causes the application to produce an unintended or unexpected result, such as crashing or producing invalid results.
133
APT (Advanced Threat Protection)
Security solutions to defend sensitive data against complex cyber attacks, like malware, phishing campaigns.
134
Lesson learned report
When detailed information on when an incident was detected, how impactful the incident was, how it was remediated, the effectiveness of the incident response and identified gaps that may require improvement.
135
Rapid elasticity
Used to describe the scalable provisioning or capability to provide scalable cloud computing services. Very critical to meet the fluctuating demands of cloud users. But it can cause significant loading of the system due to high resources number.
136
Metered Services
Pre paid or pay per use
137
Aircracking-ng
A complete suite of wireless security assessment and exploitation tools that includes monitoring, attacking, testing, and cracking of wireless networks. Includes packet capture and export of the data collected as a text file or pcap file.
138
GPO (Group Policy Object)
A collection of group policy settings that defines what a system will look and how it will behave for a defined group of users. Primary administration tool for defining and controlling how programs, network resources, and the operating system operate for users and computers in an organization.
139
John the Ripper
A password cracking software tool.
140
Port 25
Default port for SMTP (Simple message transfer protocol). If port 25 is open, because a Nmap scan of a server found it, the risk would be open mail relay.
141
Account management policy
Should contain the requirements for removing a user's access when an employee is terminated.
142
Zero Day Vulnerability
Refers to a hole in software unknown to the vendor and newly discovered, it can be exploited by hackers before the vendor becomes aware of it and can fix it.
143
Input Validation Attack
Any malicious action against a computer system that involves manually entering strange information into a normal user input field that is successful due to an input validation flaw.
144
Port 25
Default port SMTP (Simple Message Transfer Protocol) used for sending an email.
145
HTTP (Header injection Vulnerability)
Occur when user input is insecurely included within server response headers.
146
Time-To-Check Time-Of-Use
A class software bug caused by changes in a system between checking a condition like a security credential, and using the checks results and the difference in time passed.
147
Port 23
Used by telnet and is not considered secure because it sends all of its data in cleartext, including authentication data like usernames and passwords.
148
TPM (Trusted Platform Module)
A hardware based cryptographic processing component that is part of the motherboard.
149
PAM (Pluggable authentication module)
A device that looks like a USB thumb drive and is used as a software key in cryptography.
150
FDE (Full Disk Encryption)
Can be hardware or software-based.
151
AES (Advanced Encryption System)
Cryptographic algorithm. It is also symmetric.
152
NAC (Network Access control)
An approach to computer security that attempts to unify endpoint security technology, the user or the system authentication, and network security enforcement. Restricts data that each particular user can access and implements anti-threat applications such as firewalls, anti-virus software, and spyware detection programs.
153
UTM (Unified Threat Management)
Provides multiple security features in a single device or network appliance.
154
Banner Grabbing
Conducted by actively connecting to the server using telnet or netcat and collecting the web servers response. This banner usually contains the servers operating system and the version number of the service (SSH) being run.
155
IPsec
The most secure protocol that works with VPNs.
156
Integer Overflow
Occurs when an arithmetic operation results in a large number to be stored in the space in the space allocated for it. Integers are stored in 32 bits on the X86 architecture.
157
Non-repudiation
Occurs when a sender cannot claim they didn't send an email when they did.
158
Unknown Environmental Penetration Testing
Requires no previous information that usually takes the approach of an uninformed attacker.
159
Threat Hunting
The utilization of insights gained from threat research and threat modeling to proactively discover evidence of an adversarial TTP within a network or system.
160
Penetration Test
Verifies that a threat exists, actively tests, and bypasses security controls, and finally exploits vulnerabilities on the system.
161
Buffer Overflow Attack
Is an anomaly that occurs when a program overruns the buffers boundary and overwrites adjacent memory locations while writing data to the buffer.
162
Cross-site Scripting (XXS)
Are a type of injection in which malicious scripts are injected into otherwise benign and trusted websites. They occur when the attacker uses a web application to send malicious code, usually in a browser side script, to a different end user.
163
SQL Injection
A code injection technique used to attack data-driven applications. Malicious SQL statements are inserted into an entry field for execution, like dumping the database contents to the attacker.
164
Netstat
Command use to display active TCP connections ports on which the computer is listening, Ethernet statistics, the IP routing table, on a windows machine. It's useful when determining if any malware has been installed on the system and maybe maintaining a remote connection with a command and control server.
165
Ipconfig
Tool that displays all the current TCP/IP network configuration values on a given system.
166
Ping
Command is used to test a host's reachability on an internet Protocol network.
167
Net Use
Command use to connect to, remove, and configure connections to shared resources such as mapped drives and network printers.
168
Machine Learning (ML)
A type that would classify as malicious.
169
Deep learning System
Can determine what is malicious traffic without having prior benefit of being told what is benign/malicious.
170
Generative Adversarial network
An underlying strategy used to accomplish deep learning but is not specific to the scenario described.
171
PII
Personally Identifiable Information
172
FISMA (Federal Information Security Management ACT)
A United States federal law that defines a comprehensive framework to protect government information, operates, and assets against natural or human made threats.
173
COPPA (Childrens Online Privacy Protection ACT)
A United States federal law that imposes certain requirements on operators of websites or online services directed to children under 113 years of age and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years.
174
SOX (Sarbanes Okley)
A United States federal law that sets ner or expanded requirements for all U.S. public company boards, management, and public accounting firms.
175
False Positive
Occurs when an alert is triggered. (The system believes malicious activity occured) when there is no malicious activity involved. Error in some evaluation process in which a condition tested for is mistakenly found to have been detected.
176
Biometric Authentication
Crossover error rate (overall accuracy)
177
Syslog
Server that is centralized log management solution. All of the logs are retained on the Syslog server all of the network devices and servers.
178
Firewall Logs
Would help determine why the network connectivity between host and destination may have been disrupted.
179
NIDS (Network Intrusion Detection System)
Used to detect hacking activities, denial of service attacks, and port scans on a computer network.
180
IDS (Intrusion Detection System)
A device or software application that monitors a network or system for malicious activity or policy violations.
181
TPM (Trusted Platform Module)
Hardware based cryptographic processing component that is part of the motherboard.
182
PAM (Pluggable Authentication Module)
A device that looks like a USB thumb drive and is used as a software key in cryptography.
183
FDE (Full Disk Encryption)
Can be hardware or software based.
184
Rouge anti-virus
Form of malicious software and internet fraud that misleads users into believing there is a virus on their computer and to pay money for a fake malware to the computer. "scareware" that manipulates users through fear and a form of ransomware.
185
Data Correlation
Is the first step in making sense of data from across numerous sensors. It ensures data is place concerning other pieces of data within the system. Should be performed as soon as the SIEM indexes the data.
186
Polymorphic Virus
Malware that changes its binary pattern in its code on specific dates or times to avoid detection by antimalware software.
187
Data Protection Officer
Ensures that their organization processes the personal data of its staff, customers, providers, or any other individuals in compliance with the applicable data protection rules.
188
SPI (Sensitive Personal Information)
Information about a subjects opinions, beliefs, and nature afforded specifically protected status by privacy legislation.
189
TLS (Transport Layer Security)
Is used to secure web connections over port 443.
190
SAML (Security Assertions Markup Language)
An XML based framework for exchanging security related information such as user authentication, entitlement and attributes. Often used in conjunction with SOAP. A solution for providing single sign on (SSO) a federated identity management.
191
IdP (Identity Provider)
Requests a resource from when conducting a SAML transaction.
192
Load balancer
Allows for high availability to serve increased demand by splitting the workload across multiple servers.
193
RAID
High availability technology that allows for multiple hard disks to act logically as one to handle more through, but will not solve the higher demand on the servers limited processing power as a load balancer would.
194
VPN Concentrator
A networking device that provides the secure creation of VPN connections and the delivery of messages between VPN nodes.
195
DLP
Data loss prevention, focused on ensuring that intellectual property theft does not occur.
196
Iris Scan
Rely on the matching of patterns on the surface of the eye using near-infrared imaging. Most likely to used for high-volume applications such as airport security. Can be fooled by a high-resolution photo of someone's eye.
197
BCP (Business continuity plan)
The systems or operations listed in a BCP are the most critical systems in a large organization.
198
TPM Chip
Secure chip is a secure cryptoprocessor that is designed to carry out cryptographic operations. The chip includes multiple physical security mechanisms to make it tamper-resistant, and malicious software cannot tamper with the security functions of it.
199
Hardening
The process of securing a system by reducing its surface of vulnerability, which is larger when a system performs more functions in a principle, a single-function system is more secure than a multi-purpose one.
200
Harvesting
Process of gathering data, normally user credentials
201
Race Conditions
Occur when the outcome from one execution process is directly dependent on the order and timing of certain events. Software vulnerability when the resulting outcome from execution processes is directly dependent on the order and timing of certain events.
202
Sensitive Data Exposure
Fault that allows privileged information (token, password, PII) to be read without being subject to the proper access controls
203
Broken Authentication
Refers to an app that fails to deny access to malicious actors. Dereferencing attempts to access a pointer that references an object at a particular memory location,
204
VM Data Remnant
The residual representation of digital data that remains even after attempts have been made to remove or erase it.
205
VM Virtualization Sprawl
A phenomenon that occurs when the number of virtual machines on a network reaches a point when the administrator can no longer manage them effectively.
206
Virtual Machine Migration
The task of moving a virtual machine from one physical hardware environment to another
207
Cognitive Password
Form of knowledge based authentication that requires a user to answer a question, presumably something they instinctively know, to verify their identity.
208
Social Engineering
Refers to the psychological manipulation of people into performing actions or divulging confidential information.
209
TACACS (Terminal Access Controller Access Control System)
Developed as a proprietary protocol by cisco.
210
Kerberos (Remote Authentication Dial-in User Service)
A networking protocol that operates on port 1812 and provides centralized Authentication, authorization, and authentication for client/server applications using secret-key cryptography developed by MIT
211
CHAP (Challenge Handshake Authentication Protocol)
Used to authenticate a user or network host to an authenticating entity. It is an authentication protocol but does not provide authorization or accounting services.
212
IDOR (Insecure Direct Object References)
Cyber security issue that occurs when a web application developer uses an identifier for direct access to an internal implementation object but provides no additional access control and/or authorization checks.
213
Weak or default configurations
Commonly a result of incomplete, open cloud storage, misconfigured HTTP headers, unnecessary HTTP methods, permissive cross-origin resource sharing (CORS) and verbose error methods containing sensitive information.
214
Improper handling of errors
Can reveal detailed information that can provide hackers important clues on the system's potential flaws.
215
Scarcity
Used to create a fear in a person of missing out on special deal or offer. This technique is used in advertising all the time, such as "supplies are limited" "only available for the next 4 hours" and other artificial limitations being used.
216
Familiarity
Social Engineering technique that relies on assuming a widely known organizations persona.
217
SSL Certificates (Secure Sockets Layer)
A security protocol developed by netscape to provide privacy and authentication over the internet. Independent application that works at layer 5 and can be used with a variety of protocols like (HTTP or FTP).
218
WPA2
Security key is a pre-shared password used to authenticate and connect to a wireless access point.
219
VLAN
Segment out network traffic to various parts of the network and stop someone from the open wireless network from logging to the HVAC controls.
220
Chain of Custody
Forms a list of every person who has worked with or who has touched the evidence that is a part of an investigation. They record every action taken by individual in possession of the evidence.
221
Legal Hold
A process that an organization uses to preserve all forms of potentially relevant information when litigation is pending or reasonably anticipated.
222
A right to audit
A clause in contract or service agreement that allows a company the authority to audit the systems and information.
223
Order of volatility
Refers to the order in which you should collect evidence
224
IDS (Intrusion Detection System)
A device or software application that monitors a network or system for malicious activity or policy violations.
225
IPS (Intrusion Prevention System)
Conducts the same functions as an IDS but can also block or take actions against malicious events.
226
Proxy Server
A server that acts as an intermediary between a client requesting a resource and the server that provides that resource. It can be used to filter content and websites from reaching a user.
227
Nslookup
Command used to query the Domain Name System to obtain the mapping between a domain name and an IP address or to view other DNS records.
228
Set Type=ns
Tells nslookup only reports information on name servers.
229
Set Type=ns
You would recieve information only about mail exchange servers.
230
802.1x
Standard network authentication protocol that opens ports for access to the network. It defines port security.
231
War Walking
Conducted by walking around a build while locating wireless networks and devices. It will not help a wired rogue device.
232
Spear Phishing
Fraudulent practice of sending emails from a seemingly known or trusted sender to induce targeted individuals to reveal confidential information.
233
Tracert (trace route)
Diagnostic utility determines the route to a destination by sending internet control message protocol (ICMP) echo packets to the destination.
234
Nbtstat
Command diagnostic tool for NetBIOS over TCP/IP used to trouble shoots NetBIOS name resolution problems.
235
SOW (The statement of Work)
A formal document stating what will and will not be performed during a penetration test. It also contains the assessments size and scope and a list of the assessments objectives.
236
MSA (Master Service Agreement)
A contract reached between parties, in which parties agree to most of the terms that will govern future transactions or future agreements. It's used when a pentester will be on a retainer for multi-year contract, and an individual SOW will be issues for each assessment to define the individual scopes for each one
237
SLA (A Service Level Agreement)
Contract that outlines that detailed terms under which a service is provided, including reasons the contract may be terminated.
238
Adversary
The red team acts as the adversary, attempting to penetrate the network or exploit it as a rogue internal attacker. The red team might select members of in house security staff, a third party company, or a consultant contracted to perform the role.
239
Blue Team
Consists of system administrators, cybersecurity analyst and network defenders.
240
Malicious Process
Any process running on a system that is outside the norm. This is a host based indicator of compromise (IOC) and not directly associated with an account based IOC.
241
Off-hours usage
Unauthorized sessions, and failed logins are all account -based examples of an IOC. Occurs when an account is observed to log in during periods outside of normal business hours. An attacker usually uses this to avoid detection during business hours.
242
Unauthorized sessions
Usually occurs when a device or service is accessed without authorization.
243
Nessus
A proprietary vulnerability scanner developed by Tenable. It doesn't contain the ability to conduct a port scan, it's primary role is as a vulnerability scanner, and it is not an open-source tool.
244
DD
Tool is used to copy files, disks, and partitions and it can also be used to create forensic disk images.
245
Nmap
The worlds most popular open-source port scanning utility.
246
Service.msc
Allows an analyst to disable or enable Window services.
247
Continuous Deployment
Software development method in which app and platform updates are committed to production rapidly.
248
Continuous Delivery
A software development method in which app and platform updates are committed to production rapidly.
249
Continuous Deployment
A software development method in which app and platform updates are committed to production rapidly.
250
Continuous Delivery
Software development method in which app and platform requirements are frequently tested and validated for immediate availability.
251
Continuous Integration
Software development method in which code updates are tested and committed to development or build server/code repositories rapidly.
252
Continuous Monitoring
Technique of constantly evaluating an environment for changed so that new risks may be more quickly detected and business operations improved upon
253
