ACL - (Access Control List): The main purpose of an access control list is to explicitly state who can and who cannot access a specific device, network, or server. A standard access control list will generally identify which source IP and protocol can reach (or be blocked by) a destination IP by a specified Protocol. For example: “Permit TCP ANY 192.168.77.7 80” indicates that any IP can use port 80 to communicate with the server of 192.168.77.7, AUP - (Acceptable Use Policy): This is a set of rules set by an owner, creator or administrator of a resource, device, service or network. This set of rules specifies how the system can be used and how it cannot be used., API - (Application Programming Interface): A way for two or more computers to communicate with each other. It is a software based interface that offers services to other softwares., DoS - (Denial Of Service): In computing a Denial of service attack is when an attacker makes a machine or network resource unresponsive or unavailable by means of overloading it with fraudulent request so that it cannot respond to valid requests. One example of an intentional DOS is a SYN flood. With a SYN flood an attacker will send an extremely high amount of SYN requests to a server or device. That receiving server or device will attempt to respond to that flood of SYN requests but then the attacker will not complete the connection and instead will just continue to send more SYN requests that will never be answered when the server tries to allow the connection., DDoS - (Distributed Denial of service): Just like With a DoS attack, a DDoS attack will flood a server with communications so that it cannot respond to valid requests. However with a DDoS attack the attack is utilizing more than one device to execute the attack. In many cases the devices in a DDoS attack may not even know that they are participating in a DDoS attack. They may have unknowingly allowed themselves to be added to a botnet to be commanded by the attackers C2 server to execute attacks. Another example of a DDoS that could happen is if too many shoppers attempt to connect to a website during a black friday sale to see what they can buy. If the amount of shoppers connecting to the website are more than the web servers can handle at that time that can cause some people to temporarily be locked out of accessing the website. This is an example of an unintentional DDoS, DLP - (Data Loss Prevention): Data Loss Prevention will consist of the methods and technologies that are implemented to ensure that private or essential information is not exfiltrated from your organization. If you are attempting to make sure that Data, files, and information cannot be copied from your systems to external drives or devices, or extracted to the cloud DLP is a safe bet., DMZ - (Demilitarized Zone): This is where your Web servers will be kept. The DMZ is a subnetwork that allows the services within to be accessible by the internet (this is what we call external-facing services.) The main purpose of a DMZ is to protect your internal network from being accessible by the internet while still allowing you to provide services to those on the internet through the server that is within the DMZ. In order for someone to access the server within the DMZ from the LAN they would have to use the Jumpbox. A Jumpbox would be connected via SSH through the LAN into the DMZ. Usually a jumpbox would be configured to whitelist only the one configuring device. That way no other device could potentially go from the DMZ to the LAN or the LAN to the DMZ, EDR - (Endpoint Detection and Response): Cybersecurity technology that continually monitors an “endpoint: to mitigate malicious cyber threats. Note that EDR focuses on the logging of endpoints in order to observe for IoCs rather than attempting to prevent the execution of attacks by attackers in the first place. With EDR your goal is to notice the attack as soon as possible so that you can remediate it as soon as Possible., EPP - (Endpoint Protection Platform): With an EPP solution you would likely have an agent (software) installed and running on the local host device. An EPP will be a single agent performing the task of multiple security software solutions such as; IDS/IPS, DLP, and anti-malware. EPP does its best to avoid initial attacks and execution from attackers. (Unlike EDR which specializes in the response to those attack events), FPGA - (Field-Programmable Gate Array): FPGAs are meant to be configured by the customer to perform whatever function that the customer needs the circuit for. They look like motherboards but they're not exactly the same as motherboards. FPGAs usually use HDL which is a hardware description Language. They contain an array of programmable logic blocks and reconfigurable interconnections that can be wired together and configured to perform specific functions. Once purchased the buyer has to actually configure the FPGA for the specific task that they would like to accomplish. An FPGA DOES NOT EXECUTE CODE on its own and DOES NOT run software., MFA - (Multi Factor Authentication): This is an authentication method that utilizes two or more pieces of evidence to allow you to be able to sign in to a resource. This evidence must be a mix of knowledge, possession and inherence. (What you know, What you have, what you are). In some cases MFA extence to additional factors, such as geofencing (where where you are)., MOA - (Memorandum of Agreement): A document written between parties that are cooperatively working together on an agreed upon objective., MOU - (Memorandum of Understanding): Documentation that indicates that two or more parties are coming to an intended common line of action., NAC - (Network Access Control): A network security mechanism that only allows authenticated devices to access the network if they also adhere to the predetermined rules that have been set for all connected devices. If a device adheres to the requirements it will be able to access the network. If it does not adhere to the requirements, it will be denied access., NAS - (Network Attached Storage): A file storage server connected to the network that can be accessed by the other devices in the network., OT - (Operational Technology): Where IT controls the data of an organization. OT controls the physical functions of the organization's operations. IT systems can be incorporated into IT systems (and vice versa) however when these systems converge, they will share their vulnerabilities with one another and thus both systems will need to be secured in their own respective ways., SAN - (Storage Area Network): Unlike a NAS which has the storage attached to the same network. SAN is a separate network that is used for storage., NAT - (Network Address Translation): Network address translation is a method of mapping an IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device, NDA - (Non Disclosure agreement): A legal agreement stipulated into a contract that states that certain information and interactions between parties must be maintained as confidential and can not be disclosed to external parties., ISAC - (Information Sharing and Analysis Center): A group of organizations dedicated to freely sharing information about cyber security risks and incidents that are currently being discovered., IOC - (Indicator of Compromise): An event, artifact, item observed on a network that indicates that there has been or currently is an intrusion occurring on the network, SDN - (Software Defined Networking): an approach to networking that uses software-based controllers or application programming interfaces (APIs) to communicate with underlying hardware infrastructure and direct traffic on a network., IDS - (Intrusion Detection System) is a device or software application that monitors a network or system in order to detect malicious or suspicious activity. Once it detects the presence of such activity it will send an alert of the event to be reviewed., IPS - (Intrusion Prevention System) is a device or software application that monitors a network or system in order to detect malicious or suspicious activity. Once it detects the presence of such activity it will send an alert of the event to be reviewed. Everything that an IDS does but it will also proceed to attempt to stop the intrusion from proceeding., HIDS/HIPS - (Host Intrusion Detection system and Host Intrusion Prevention System) These solutions are designed to protect the host. By host they mean the end device that the user is using; whether it be a Laptop, Desktop, or tablet, the HIDS client is installed on that specific device., NIDS/NIPS - (Network Intrusion Detection System and Network Intrusion Prevention Systems) These solutions are designed to protect the network as a whole., SLA - (Service Level Agreement): A service level agreement is a contract between a service provider and a client. Particularly these agreements will stipulate the level of service quality, availability and responsibilities that the provider has to the client. For example an ISP (Internet Service Provider) may say that for a certain fee per month they can provide you with 300MB/ps download speed. Their SLA would then say that they must provide you with 300MB/ps with minimal downtime per month, otherwise you may have a reduced fee for the month., SIEM - (Security Information and Event management): The field of computer security where combined services such as event logs, IDS/IPS, firewall logs converge to provide real-time analysis and correlation of all of these many different types of logs that would be difficult for a human to look through in a timely manner. A SIEM will analyze the alerts and logs generated by all of the connected security applications and indicate what should be looked at more closely., SOC - (Security Operations Center): A SOC is the location where the monitoring, detection, investigation, and prevention of attacks is done. A SOC will be helmed by a SOC team of which will consist of SOC analysts. SOC teams will monitor the SOC in order to protect the organization's assets (Such as IP, HVA and business systems)., SoC - (System on Chip): Note the small ‘o’. SoC (Not SOC) is an integrated circuit that integrates most or all components of a computer or electronic system. This means that the components include CPU, memory, GPU, (sometimes even WiFi capabilities) all on one microchip. This differs from standard computational devices, like a desktop computer which have a base motherboard that all of the other components have to be added to in order to get things to work. With a desktop computer the RAM, CPU, GPU are all added to the motherboard afterward. With a SoC all of this is integrated into the chip. (Like a raspberry pi Pico), SPI - (Sensitive Personal Information): This is information that does not classify as PII but is still personal information. This information includes political opinions, racial and ethnic identification, sexual orentation, religiouos beliefs, philosophical believes, and opinions on such topics., PHI - (Personal/Protected Health Information): This is any information pertaining to an individual's current medical state, medical history, general medical records (including payment for health care)., PII - (Personal Identifiable Information): Any type of data that can be used to identify someone, from their name and address to their phone number, passport information, social security numbers or biometric information., SSO - (Single Sign On): This is an authentication method that allows a user to log in with a single ID and credentials and have access to multiple different (related and yet independent) services without having to reauthenticate to the next service., TLS - (Transport Layer Security): This is a cryptographic protocol designed to provide communications security over a computer network. This protocol is mainly used in securing HTTPS. However it can also be used for applications such as email, IM, and VoIP systems., TPM - (Trusted Platform Module): Simply put a TPM is a computer chip (microcontroller) that can securely store artifacts used to authenticate your device. These artifacts can include passwords, certificates, or encryption keys., TCP - (Transmission Control Protocol): A connection-oriented protocol used in the internet suite. Transmissions are checked periodically during and after packets are sent to ensure that the entirety of the transmitted data has been received. If packets have been dropped a retransmit request will be sent in order for that packet to be sent again to the recipient., UDP - (User Datagram Protocol): Connectionless protocol that does not check whether or not an entire packet has been received without packet loss. With UDP the message will be transmitted, and if it has not been received completely by the target… then oh well. UDP is faster than TCP so it is mainly used for systems where retransmissions are not necessary, such as live streams, and VoIP systems., UEFI - (Unified Extensible Firmware interface): A replacement for BIOS. UEFI is the interface for connecting the firmware to the operating system that is running on a given device. It has superseded BIOS and has added functionality., URL - (Uniform Resource Locator): A location or address that identifies where a resource can be found on the internet. The location for this resource to be typed in the bar at the top of the web browser. For example you may type in: google.com into a URL bar, UTM - (Unified Threat Management): Sometimes called a NGFW (Next Generation Firewall) Unified threat management is an approach to information security where a single hardware of software installation provides multiple security functions. A UTM will do tasks such as A-V, anti-spam, content filtering, and web filtering., WAF - (Web Application Firewall): A firewall that performs its functions from a webservice and is interfaceable by accessing it from a web browser. Examples include. OpenSence, PfSense, and Barracuda., VoIP - (Voice Over IP): Telephone Systems over an IP network, XML - (Extensible Markup Language): Markup language and file format for storing, transmitting and reconstructing data. It defines a set of rules for encoding documents in a format that is readable both for humans and computers., XSS - (Cross-Site Scripting): You May see this written as CSS. This is an attack in which an attacker injects malicious executable scripts into the code of a trusted application or website. Mitigations for XSS typically involve sanitizing data input (to make sure input does not contain any code), escaping all output (to make sure data is not presented as code), and re-structuring applications so code is loaded from well-defined endpoints. In other words; output encoding and input validation are mitigation techniques to XSS., VPC - (Virtual Private Cloud): A private computing environment that is contained in the public cloud. VPCs will use logical isolation to separate sections of the public cloud in order to provide a private environment to its clients., VPN - (Virtual Private Network): A VPN is a means to “extend” a private network across a public network and enable a user to remotely send and receive data across the internet through a secure tunnel of encryption., CI/CD - (Continuous Integration/ Continuous Delivery): a programming method focused on automatically building and testing code. With continuous delivery the code that has been created is automatically tested and deployed. WIth continuous integration a version control system is used to integrate their work to the same location, such as a main branch. Each change is built and verified to detect integration errors as quickly as possible. Continuous integration is focused on automatically building and testing code, as compared to continuous delivery, which automates the entire software release process up to production., CASB - (Cloud Access Security Broker): A cloud access security broker can be an on-premise or cloud based software that sits between users and cloud applications. It will monitor all activity and enforce security policies., CAN - (Controller Area Network): This is a vehicle bus standard designed to allow microcontrollers and devices to communicate with each other's applications without a host computer. This is how different parts of a vehicle are able to communicate with each other., CA - (Certificate Authority): A certificate authority is an entity that issues, stores, and signs digital certificates., FTK - (Forensic Toolkit): Computer forensics software., MDM/EMM - (Mobile Data Management/ Enterprise Mobility Management): Security Control used to protect smartphones and tablets. These (usually cloud based) platforms will allow an administrator to remotely secure devices and offer functionalities such as service restriction, remote wipes, remote updates/patches, locating devices through gps, and preventing devices from being jailbroken., ICS - (Industrial Control System): An electronic controls system used for Industrial and OT (Operational Technology) devices. An ICS environment will comprise systems that are used to control critical infrastructure services. ICS will be used inIndustries such as manufacturing, energy supplying, and water treatment. Systems such as PLCs, RTUs, HMIs and SCADA all fall under the umbrella of ICS, SCADA - (Supervisory Control and Data Acquisition): SCADA is a control system for ICS environments that span a wide area such as Pipelines, Power Plants, waste systems, and oil and gas systems., RTOS - (Real-time Operating System): These operating systems are used for real time applications that process data and events where time is of the utmost criticality, down to the millisecond. Heart Pacemakers, Airline traffic control systems, robotics, autonomous vehicles, are all examples of systems that will use RTOS., SOA - (Service Oriented Architecture): This is a method of software development that uses software components called services to create business applications. Each service provides a business capability, and services can also communicate with each other across platforms and languages. Typically, SOA is implemented with web services, which make the functional building blocks accessible over standard internet protocols. An example of a web service standard is SOAP (Simple Object Access Protocol)., SOAP - (Simple Object Access Protocol): SOAP is a messaging protocol specification for exchanging structured information in the implementation of web services in computer networks. It uses XML information Set for its message format and relies on application layer protocols such as HTTP. An application can send a SOAP request to a server that has web services enabled and specific parameters for the search set. The server will return a SOAP response in XML format with the requested data. Since the generated data comes in a standardized format for machines to parse, the application that is used to make the request to the server can automatically integrate the results., SAML - (Security Assertions Markup Language): SAML is an open federation standard that allows an Identity Provider (IdP) to authenticate users and then pass an authentication token to another application known as a service provider. This is similar to SSO in that a single set of credentials can be used to gain access to different resources. Google is a SAML provider. When a user goes to a website and the website asks them to create an account there may be an option to log into the website through google. The service provider uses the SAML assertion issued by the identity provider to grant the user access.(Security Assertions Markup Language): SAML is an open federation standard that allows an Identity Provider (IdP) to authenticate users and then pass an authentication token to another application known as a service provider. This is similar to SSO in that a single set of credentials can be used to gain access to different resources. Google is a SAML provider. When a user goes to a website and the website asks them to create an account there may be an option to log into the website through google. The service provider uses the SAML assertion issued by the identity provider to grant the user access.(Security Assertions Markup Language): SAML is an open federation standard that allows an Identity Provider (IdP) to authenticate users and then pass an authentication token to another application known as a service provider. This is similar to SSO in that a single set of credentials can be used to gain access to different resources. Google is a SAML provider. When a user goes to a website and the website asks them to create an account there may be an option to log into the website through google. The service provider uses the SAML assertion issued by the identity provider to grant the user access., SaaS - (Software as a Service): Centrally hosted software that is offered to clients through either a subscription model or for free use. With SaaS the service provider manages the application, data, runtime, middleware, OS, virtualization, Servers, Storage, and the networking for the application. The only thing that the client has to deal with is the interface by which they are using the application. Examples of SaaS would be Netflix, Gmail, Youtube, and Amazon.com., PaaS - (Platform as a Service): Cloud model service (or application) that falls in between SaaS and IaaS. A typical PaaS solution would supply servers and storage network infrastructure but also provide a multi-tier web application/ database platform on top. PaaS is used for developers who just want an environment to be able to develop applications in without having to manage everything. Unlike SaaS, though, the platform is not configured to do anything, the person who is using the cloud service will have to develop and create the software that lies on top of the platform. With PaaS the cloud provider manages the runtime, middleware, OS, virtualization, Networking, storage and servers, while the user manages the application and the actual data contained on the platform., IaaS - (Infrastructure as a Service): This cloud model offers essential computational, storage, and networking resources on demand. IaaS provides a developer with various resources like virtual storage and virtual machines that can be accessed through the cloud. With IaaS the User (not the cloud provider) manages Application, data, runtime, middleware, and OS, while the provider manages the virtualization, networking, storage and servers., FaaS - (Function as a Service): Serverless architecture: With FaaS all the architecture is hosted with a cloud, but unlike traditional VPCs, services such as authentication, web applications, and communications aren't developed and managed as applications running on servers located within the cloud. Instead the application is developed as functions and microservices, each interacting with other functions to facilitate client requests. When the client requires some operation to be processed, the cloud spins up a container to run the code, performs the processing and then destroys the container. FaaS is a serverless way to execute modular pieces of code. It lets developers write and update a piece of code on the fly, which can then be executed in response to an event, such as a user clicking on an element in a web application. This makes it easy to scale code and is a cost efficient way to implement microservices., SPF - (Sender Policy Framework): Not to be mistaken for the OSPF or SPF algorithm, which are related to network link state routing protocols. Sender Policy Framework is an email authentication standard that domain owners use to specify the email servers they send email from, making it harder for hackers/attackers to spoof sender information. An example of an SPF record syntax would be: v=spfl mx include:_spf.localmailsrv.com -all The example would prevent outside entities from spoofing the company's email domain (localmailsrv.com), DKIM - (DomainKey Identified Mail): This is an email authentication method designed to detect forged sender addresses in email, a technique often used in phishing and email spam. DKIM allows the receiver to check that an email was actually authorized by the owner of the domain that it claims to have come from. DKIM lets senders associate a specific domain with their email messages. Records published on the DNS will vouch for that email's authenticity., DMARC - (Domain-based Message Authentication, Reporting and Conformance): This is an open email authentication protocol that provides domain-level protection of the email channel. It verifies email senders by building on the DNS, DKIM, and SPF Protocols. (DMARC depends on both SPF and DKIM to authenticate emails.) DMARC enables domain owners to specify how receiving servers should handle unauthorized or unauthenticated messages. In essence, DKIM attempts to verify whether the mail is legitimate, DMARC suggests what to do with the mail that is not legitimate., Banner Grabbing - This is the term used to refer to the technique of grabbing information of a system available on a network and all of the services running on its open ports. Banner grabbing would allow a pentester, attacker, or analyst (anyone really) to be able to quickly scan for discoverable network hosts as well as any known and exploitable vulnerabilities in the current running version of the scanned hosts operating system or services. nmap is a very popular network enumeration tool that can perform banner grabbing. hping3 is a tool that can also be used to grab information from a device by sending altered ping packets and deducing certain information from the replies that it received back. (telnet can also be used for banner grabbing 🤢), STRIDE - This is a threat modeling framework created by microsoft. STRIDE stands for Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privileges. It allows software architects to identify and mitigate potential security issues early, when they are relatively easy and cost-effective to resolve. As a result, it greatly reduces the total cost of development. Also, we designed the tool with non-security experts in mind, making threat modeling easier for all developers by providing clear guidance on creating and analyzing threat models.,

Essential CySa+ Acronyms (Ports not Included)

by
Print
Embed

Leaderboard

Flash cards is an open-ended template. It does not generate scores for a leaderboard.

Visual style

Options

Switch template

Continue editing: ?