Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
Security+
| Term | Definition |
|---|---|
| CVE | Common vulnerabilities and exposures (publicly available) |
| NVD | Govt repository of standards for vul. mgmt |
| DBaaS | Database as a Service |
| AIS | Automated indicator sharing - sharing between public and private |
| IoC | Indicators of Compromise - a system may have been infiltrated by a cyber threat |
| TTP | Tactics, Techniques, and Procedures - Identify patterns against threat vectors |
| CVSS | Common Vulnerability Scoring System - public framework for rating severity of security vulnerabilities |
| ARO | Annual rate of occurrence - Estimated times a security incident is expected in a year |
| SLE | Single loss expectancy - estimate of damage an asset will have from a single incident |
| Cloud Computing | Provides reliable up-to-date computing access while being flexible for a growing company, SDN makes network configuration easy. |
| Custom-built webmail | Rather expensive compared to hosted solutions |
| Legal hold | Preservation order to ensure evidence cannot be modified. |
| Order of volatility | Fragility of digital evidence as a result in the order that it is gathered. ex: RAM should be gathered first before powering off a HDD because the RAM will be lost. |
| Data sovereignty | Applicable laws and regulations based on physical location of data. |
| Chain of custody | Gathering evidence with secure documentation and storage |
| Nonrepudiation | Closely associated with hashing; proves a message was sent by a certain user. |
| Stream cipher | Encrypt data one bit at a time |
| Block cipher | Encrypt data one block at a time |
| Quantitative analysis | Identify assets and risk to with calculations Quantity = think dollar |
| Qualitative analysis | Identify risk by ranking or other standards |
| Threat, risk | Analysis reports should be completed this way |
| Restricting network access | Should be limited to burned-in MAC addresses |
| Recipient's public key | Used to send encrypted emails |
| Your public key | Used by a sender to send encrypted emails to you |
| Your private key | Digitally sign outgoing messages / encrypt a file |
| Recipient's private key | Sign their outgoing messages |
| RAID 0 | Disk striping to two or more drives - a single loss of a disk renders all data unreadable |
| RAID 1 | Mirroring - Data is duplicated onto a second disk in the array. - you can tolerate the loss of 1 drive |
| Server clustering | Two or more servers work together to offer servers. |
| Spear phishing | Target a specific individual - not targeted at a high-profile person |
| Whaling | Target high-profile end user |
| Phishing | Trick people into providing information |
| Vishing | Data disclosure over voice. |
| Smishing | Data disclosure over text. |
| Software updates | Critical to be applied to a system or else it could be vulnerable |
| TPM | Store cryptographic keys for encryption |
| Private key in a session | Decrypt a client session key |
| Gloves | Prevent PII from being left behind. |
| Anonymous proxy server | Mask IP address |
| Business impact analysis | How personnel, data systems, and clients will be affected if a threat is realized |
| Risk analysis | Conducted before business impact analysis |
| Incident analysis | What should be done when a threat is realized |
| Security audit | Identify vulnerabilities and policy non-compliance |
| Encryption | Scrambles communications |
| Steganography | Hides communications so they cannot be detected |
| DNS on local network | Cannot point to loopback (127.0.0.1) |
| Default gateway + DHCP | Can be the same host. |
| Fail secure | A server that blocks connections when log files run out of disk space. |
| Blowfish | Symmetric / block cipher |
| RC4 | Symmetric / stream cipher |
| RSA | Asymmetric |
| FTP Port | 20 (data) / 21 (control) |
| SSH Port | 22 |
| TACACS+ Port | 49 |
| DNS Port | 53 |
| DHCP Port | 67 (server) / 68 (client) |
| HTTP Port | 80 |
| HTTPS Port | 443 |
| Kerberos Port | 88 |
| Post Office Protocol 3 (POP3) Port | 110 |
| IMAP Port | 143 |
| IMAP4 Secure Port | 993 |
| SNMP Port | 161 (listen) / 162 (trap) |
| LDAP Port | 389 |
| LDAPS Port | 636 |
| FTPS Port | 989 (data) / 990 (control) |
| POP3S Port | 995 |
| RADIUS | UDP - 1812 (authentication) / 1813 (accounting) 1645 (authentication) / 1646 (accounting) |
| SRTP Port | 5004 - Audio/Video Traffic |
| L2TP Port | 1701 |
| PPTP Port | 1723 |
| RDP Port | 3389 |
| CUSS | Assess severity of computer vulnerabilites |
| STIX | (Structured Threat Information eXpression) Common language (XML) for describing cyber threat information |
| TAXII | (Trusted Automation eXchange of Intelligence Information) Transport mechanism for transmission of intelligence data |
| RFQ | Request for Quote - Request for a vendor to submit a quote |
| MaaS | Malware as a Service - The offering of on-demand malware |
| IV Attack | Attack on Wireless |
| Xmas Attack | Every single option is enabled for the selected protocol |
| UC Server | Unified Communications - combines voice, im, video, etc. |
| ICS Server | Industrial Control Systems - combines integrated hardware and software |
| PCAP | Packet capture |
| SOAR | (Security orchestration, automation, and response), automated response to security incidents |
| Red team | Initiate attacks |
| Purple team | Brings together red + blue to improve cybersecurity |
| Blue team | Defend against attacks |
| White team | Engagement between red/blue - witness |
| Honeypot | Divert attention from the network |
| DNS Sinkhole | Fake telementry / Prevent infected devices from communicating externally |
| Fog computing | Local infrastructure between IoT and cloud/speeds up computing and processing |
| Microservice | Independent/self-contained code to form an application |
| Normalization | Remove duplicate entires |
| Dead code | Not used elsewhere in an application |
| RAID 5 | Minimum of three disks. Disk striping with parity . If a drive fails, the data can be rebuilt from the other two. |
| RAID 10 (RAID 1+0) | Minimum of four disks. Disk mirroring and striping to protect data. As long as one disk in each mirror is functional, data can be retrieved. |
| Code obfuscation | Make code harder to understand |
| XaaS | Anything as a Service - All encompassing term for Cloud services |
| Telemetry | Collection, transmission, and measurement of data. |
| MSP | Managed Service Provider - delivers services via ongoing and regular support |
| MSSP | Managed Security Service Provider - Monitoring and management of security devices and systems. |
| Edge computing | Devices or networks near the end user ex: Smartwatch, smartphone |
| SDP | Software-defined perimeter - hide infrastructure from attackers - base the network on software rather than hardware |
| SDV | Software-defined Visibility - Visibility (GUI) of infrastructure |
| VPC | Virtual Private Cloud - Secure isolated cloud hosted within a public cloud. |
| Passive reconnaissance | Gain information without actively engaging systems |
| Active reconnaissance | Actively engage systems for information |
| SAN | Storage area network - These appear as local OS drives. They support encryption. |
| DHCP - Security? | Disabling DHCP means that clients must manually configure the appropriate networking settings to connect. This increases security posture. |
| Wireless routers | Most behave as hubs - wireless clients exist within a single collision domain. |
| 802.1x | Network authentication. |
| Securing virtualized operating systems | Apply patches for extra security. |
| IPSec | A set of rules to ensure network traffic is accepted only from appropriate systems. |
| Honeypot | Intentionally vulnerable computer or single client to attract attacks for logging or analysis. |
| Honeynet | Intentionally vulnerable network, could consist of many hosts. |
| BTU | British thermal unit. These measure heat. |
| DNS poisoning | Redirects legitimate requests to another webserver/website. |
| ARP poisoning | Relies on victims having malicious MAC addresses so that malicious users receive legitimate victim traffic. |
| ALE | Annual Loss Expectancy. (SLE ((chance x time)) x ARO) |
| IP header | Contains source IP address and the TTL value. |
| Common botnet activites | Spam and DDoS |
| Benefits of server virtualization | -Centralized storage -Efficient application of software updates |
| SHA-1 | Integrity algorithm |
| MD5 | Integrity algorithm |
| PKI information | Public key infrastructure - Could be stored in a password-protected file and on a smartcard. |
| SOC 2 Type 1 | Document cybersecurity at a specific point in time |
| SOC 2 Type 2 | Documents how well systems perform over a period of time More expensive than type 1 and take more time to complete. |
| SOC 2 Type 3/4 | Invalid SOC types |
| DLP | Data loss prevention. Ensures that data leaving the network is tracked/stays private. |
| DRP | Disaster recovery plan - Redirect available resources to restore data after a disasater. |
| A5 | Stream cipher |
| Key escrow | A third party holds decryption keys in trust that is unrelated to the original holder. |
| Mandatory vacations | Enable potential discoveries of irregularities in a job role via audit or associated reports |
| SQL Server Port | 1433 |
| Fuzz Test | Automated testing with invalid/unexpected input |
| Sideload | Install apps through unofficial channels |
| Shimming | Small piece of code to monitor data that is difficult to detect |
| Cross-site scripting (XSS) | eXploit Trust (web browser to website) - initiated by attacker |
| Cross-site request forgery (CSRF/XSRF) | Request forgery where a user is already authenticated (i.e. bank funds transfer) -initiated by victim |
| Server-side request forgery (SSRF) | Unofficial app makes requests to unintended locations (spoof as organization mail server) |
| Buffer overflow | Write to unauthorized places in memory |
| Null-pointer dereference | Read from an invalid address |
| Hash collision | Two different files produce the same hash |
| Birthday attack | Closely related to probability theory. |
| Rainbow table | Precomputed list of hashes and passwords |
| Spraying attack | Using the same common password list to try to access many accounts |
| Rootkit | Admin-level computer access |
| C2 Server | Botnet control |
| Fileless virus | Resides in RAM |
| Grayware | Doesn't necessarily have spyware, but is an annoying program. |
| Spyware | Track user actions without their awareness |
| SPIM | Spam over Instant Messaging |
| SPIT | Spam over Internet Telephony - elicitation over phone |
| Elicitation | The act of forcing someone to reveal information through casual conversation |
| Vishing | Phishing over voice |
| Spear phishing | Targeting and phishing a certain user |
| Whaling | Phishing by targeting a specific set of users (ex: high ranking executives) |
| Smishing | Phishing over SMS |
| SMTP + SSL/TLS Port | 465/587 |
| iSCSi Target Port | 3260 |
| iSCSi Port | 860 |
| Data Confusion | Ensures Ciphertext is very different than plaintext |
| Data Masking | Partial omission (blanking out credit card numbers) |
| Bluejacking | Sending unsolicited messages |
| Bluesnarfing | Hacking a bluetooth device (access / steal data) |
| WPA | Wi-fi protected access, associated with TKIP and RC4. |
| Honeyfile | Bait files for an attacker to access - alerts a successful attack |
| 2.4GHz | B, G, N |
| 5.0GHz | A, N, AC |
| Promiscuous mode | Capture all traffic to a specific port |
| HSM | Hardware security module - store/manage keys (ex: MicroSD) |
| IPSec VPN | Site-to-site and always on |
| Cuckoo | Malware sandbox testing tool |
| FCIP Port | 3225 |
| Diameter Port | 3868 |
| Syslog Port | 514 |
| Syslog over TLS | 6514 |
| TFTP Port | 69 |
| Attribute-based access control | Evaluate objects based on attributes/characteristics - restudy this |
| HOTP | HMAC (hash) - based onetime password |
| CHAP | Challenge Handshake Authentication Protocol - must shake more than once |
| Network Switches | Each port has a separate collision domain |
| FAR | False acceptance rate - how many times a system will accept an invalid login. |
| Smurf attack | Sending spoofed broadcast packets to a router |
| TOTP | Time-based one time password - time-limited with open authentication |
| Diffusion | Small change in ciphertext results in a large change in the plaintext |
| RPC/DCOM-scm Port | 135 |
| Telnet Port | 23 |
| Tokenization | Replace sensitive data with an entirely different dataset |
| NetBIOS Port | 137 - 139 |
| SMB Port | 445 |
| SYN Flood | Half-open connections |
| NNTP Port | 119 |
| WEP | Wired Equivalent Privacy - IV |
| WPA2 | CCMP / AES |
| sn1per | Conduct penetration testing automatically |
| SMTP | 25 |
| Registered Ports | 1,024 - 49,151 |
| Well-known Ports | 0 - 1023 |
| Dynamic / Private Ports | 49, 152 - 65,535 |
| Pass the Hash | Generate the hash of a password to reuse later to gain access to a system |
| SIEM | Security Information and Event Management - Software/services combine security information management and event management. |
| Runbook | A set of rules that can be largely automated - generally related to security orchestration, automation, and response |
| Playbook | Step-by-step actions that need to occur within the SOAR process - usually involving human intervention. |
| CIS Controls | Center for Internet Security Controls - 20 control groups covering hardware inventory to penetration testing - pare controls to those most critical to reduce risk |
| NIST RMF | National Institute of Standards and Technology - Risk Management Framework - seven-step methodology that provides risk management through the information systems lifecycle |
| PCI DSS | Payment Card Industry Data Security Standard - standard for the payment card industry to process payment card information |
| Behavioral-based monitoring | Using a baseline of normal behavior, detect anomalies to the baseline. |
| Rule-based monitoring | Dependent on administrator-created rules that search for specific behavior |
| Signature-based monitoring | Examine network traffic against known signatures. This can easily become out of date and is vulnerable to zero-day attacks. |
| Active-based monitoring | Actively monitor systems for suspicious activity. No specific protection against zero-day. (ie http traffic) |
| Protocol analyzer | Examine network packets sent from server to server |
| RTO | Recovery time objective. Maximum amount of time considered tolerable for a service/business function to be unavailable. |
| RPO | Recovery point objective. Maximum amount of lost data because of an outage. |
| MTBF | Mean Time Between Failures - Average length of time a specific device is expected to work until it fails |
| MTTR | Mean Time to Repair - Average length of time from component failure until it is repaired |
| Kiting | Attack domain name registrations |
| IPFIX | IP Flow Information Export - Common representation of flow data - based on NetFlow v9 |
| NXLog | Open source universal log collector |
| sFlow | Sampled flow - Random sampling of packets |
| Digital certificates refer to what information assurance objective | Authentication |
| MITRE ATT&CK | Catalog emerging tactics, techniques, and procedures being used in attacks globally |
| Diamond Model of Analysis | Categorizes attacks - an attacker attacks victim's infrastructure |
| NIST CSF | Set of controls to reduce risk |
| Cyber Kill Chain | Lockheed's model to describe how attackers step through actions to reach their final goal. Assumes a unidirectional workflow. |
| UPS and battery backup | Provide backup power for a short amount of time |
| Gas-powered generator | Will provide power continuously until electrical power is restored |
| SNMP community name | Is insecure by default, should be changed from "public". |
| Escaping | A coding technique that ensures any system commands are not processed and just recognized as text. |
| Transitive access | Unauthorized user access from one software component to another without proper authorization. |
| Cryptographic erase | Data is encrypted by default, when the erase process is started, the encryption key is deleted with the data |
| Overwrite | Overwrite data with random patterns of 1s and 0s. |
| Secure erase | Securely delete data, but causes wear and tear. |
| Zero fill | Fill the entire storage device with zeros |
| Preparation phase | Conduct training, prepare incident response kits, and research threats/intel |
| Detection and analysis phase | Monitor and detect any possible malicious events/attacks |
| Containment, eradication, and recovery | Preserve forensic and incident information |
| Post-incident activity | After-action reports, lessons learned, follow-up actions to prevent further incidents |
| Uncredentialed scans | Unable to detect many vulnerabilities on devices |
| Authenticated scans | Accurately determine the vulnerability posture of a network |
| Cloud service investigations | Challenging due to the rapid creation/deletion of cloud servers |
| APT | Advanced Persistent Threats - A group of hackers with great capability and intent, often backed by nation-states/large orgs. |
| Hacktivist | Someone who uses hacking to bring about political and social change |
| Traceroute | ICMP |
| Hping | Sends custom ICMP, UDP, or TCP packets |
| nc -l -p 8080 | nc 192.168.1.76 443 | Netcat listens on port 8080, outputs to remote connection 192.168.1.76, port 443 |
| Community cloud | A cloud shared manually among different organizations that belong to the same community/area |
| AlienVault | Avoid the rigidity of the Lockheed Martin cyber kill chain. |
| Proximity Card | Uses RFID to communicate with readers |
| Mandatory vacation | Requires an employee to fill in for another - an audit could reveal fraud or abuse |
| Network tap | Copy data for later analysis; passive reconnaissance |
| RP | Relaying party - provides services to members of a federation |
| IdP | Identity provider - provides identities, makes assertions about them, and releases information about identity holders |
| flow: to_client,established | Only inbound traffic will be analyzed. |
| Metasploit | Security vulnerabilities and penetration testing |
| Nessus | Vulnerability scanner |
| nmap | Port scanner |
| Endpoint security | monitor endpoints against cyberthreats |
| PGP | asymmetric |
| 3DES | symmetric |
| AES | symmetric |
| FISMA | Federal Information Security Management Act - federal framework to protect govt information |
| HIPPA | Protect privacy |
| COPPA | Children's online privacy protection act - law imposing restrictions on websites directed to children under 13 |
| SOX | Sarbanes-oxley - US law for requirements of public companies |
| reverse proxy | directs traffic to cloud services if the traffic complies with policy |
| DNS blackholing | Using a list of known malicious domains, internal dns creates a fake reply |
| Route poisoning | prevents networks from sending data when the destination is invalid |
Created by:
nmn5108
Popular Computers sets