Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
177 Cards in this Set
- Front
- Back
Order of Volatility -1 |
Data in cache memory - processor cache/hard drive cache |
|
Order of Volatility - 2 |
Data in RAM, including system and network processes |
|
Order of Volatility - 3 |
Swap file or paging file on system disk drive |
|
Order of Volatility - 4 |
Data stored on local disk drives |
|
Order of Volatility - 5 |
Logs stored on remote systems |
|
Order of Volatility - 6 |
Archive media |
|
Port 21 |
FTP control/command |
|
Port 22 |
Ssh/ SFTP/scp/ secure logins, port forwarding |
|
Port 25 |
SMTP, client --->>>servers |
|
Port 53 |
DNS |
|
Port 80 |
Http |
|
Port 110 |
Popv3; exchange --->>>client |
|
Port 139 |
NetBIOS session service; osi-5 session layer |
|
Port 143 |
IMApv4; used to store email on servers and for clients to manage email; app layer |
|
Port 443 |
Https; app layer |
|
Port 3389 |
Rdp; app layer |
|
802.1x |
Port-based Authentication protocol; used in WPA-2802.1X authentication involves three parties: a local machine, an authenticator, and an authentication server. The local machine (Supplicant) that wishes to attach to the LAN/WLAN. The term 'local machine' is also used interchangeably to refer to the software running on the client that provides credentials to the authenticator. The authenticator is a network device, such as an Ethernet switch or wireless access point; and the authentication server is typically a host running software supporting the RADIUS and EAP protocols |
|
AAA |
Authentication, Authorization, and Accounting |
|
ACE |
Access Control Entry |
|
ACL |
Access Control List |
|
ALE |
Annualized Loss Expectancy = SLE x ARO |
|
Ascii |
American standard code for information interchange |
|
API |
Application Programming Interface |
|
ARO |
Annualized Rate of Occurrence = ale/sle |
|
ASP |
Application Service Provider |
|
BAC |
Business Availability Center; app showing Availability/perf of business owned or licensed apps |
|
BIOS |
Basic Input/output |
|
BPA |
Business partners agreement; includes obligations toward the partnership |
|
CAC |
Common access card |
|
CAN |
Controller Area Network; standard that allows microcontrollers and devices to communicate |
|
CAR |
Corrective action report; part of IRP |
|
CCMP |
Counter-mode cipher block chaining message authentication code protocol; encryption based on AES and used with WPA2; more secure than TKIP |
|
CERT |
Computer Emergency Response Team; Carnegie-Melon |
|
CIRT |
Computer incident response team |
|
COOP |
Continuity of Operations planning; sites, succession plan |
|
CP |
Contingency Planning |
|
CRC |
Cyclical Redundancy Check; error detection code used to check for accidental changes which can affect data integrity |
|
CSR |
Cert signing request |
|
CSU |
Control service unit- line bridging device |
|
CVE |
Common vulnerabilities and Exchange |
|
DAC |
Discretionary Access Control; owners can modify permissions from files/folders; highly flexible insecure |
|
DACL |
Discretionary Access Control List; AD list of ACE (access control entries |
|
dBd |
Decibels-dipole; identifies gain of antenna compared with a dipole antenna; higher dBd = higher transmission/reception power |
|
dBi |
Decibels-isotropic; measures gain of antenna; used with omni directional attennas |
|
dBm |
Decibels-milliwatt; identifies power level of the WAP and refers to the power ratio in decibels referenced to one milliwatt |
|
DEP |
Data execution prevention; prevents all or program from running code in nonexecutable area |
|
DLL |
Dynamic link library; compiled set of code which can be linked to other programs |
|
DNAT |
Dynamic network address translation; dnat format that uses multiple public IP addresses |
|
DNAT. |
Destination Network Address Translation. A form of NAT tha t changes the destination IP address for incoming traffic; used for port forwarding |
|
DRP |
Disaster recovery plan |
|
DSU |
Data service unit; system used to connect equip on T1 line |
|
EFS |
Encrypting file system; windows ntfs |
|
FACL |
File system access control list; acl used for file systrms |
|
FDE |
Full disk encryption |
|
FCoE |
Fibre Channel over Ethernet |
|
GRE |
Generic Routing Encapsulation; is a tunneling protocol developed by Cisco Systems that can encapsulate a wide variety of network layer protocols inside virtual point-to-point links over an Internet Protocol network. |
|
HIDS |
Host based intrusion detection system |
|
HIPS |
Host-based intrusion prevention system |
|
HOTP |
HMAC-based one time PW; open standard for creating one time passwords |
|
ICMP |
Internet control message protocol; used to control network devices; common to block at firewall/router; if ping fails but other connections work ICMP is blocked |
|
IGMP |
Internet group management protocol; used for multicasting; comps belong to multicasting group have a multicasting IP address |
|
IIS |
INTERNET info services |
|
IR |
Incident response |
|
IRC |
Internet Relay Chat; a form of real-time internet text messaging sometimes used by botnets |
|
IRT |
Incident response team; group of experts who respond to Sec incidents |
|
ISA |
Interconnection Security agreement; specifies technical and Sec requirements |
|
ITCP |
IT Contingency Planning; ; part of risk management |
|
KDC |
Key distribution center; typical operation with a KDC involves a request from a user to use some service. The KDC will use cryptographic techniques to authenticate requesting users as themselves. It will also check whether an individual user has the right to access the service requested. If the authenticated user meets all prescribed conditions, the KDC can issue a ticket permitting access. |
|
LANMAN |
LANMAN; older authentication protocol used to provide backward compatibility to Windows9x clients |
|
L2TP |
Does not encrypt or provide confidentiality by itself; commonly used with IPSec for the purpose of encryption confidentiality |
|
Ldap |
Port 389; SLDAP -port 636 |
|
LEAP |
Lightweight extensible authentication protocol; modified version of CHAP - Challenge authentication handshake protocol; used in WEP; WEP and mutual authentication (between a Radius server). Allows for clients to re-authenticate frequently. |
|
MBR |
Master Boot Record - area on hd in first sector |
|
MAN |
Metropolitan Area Network |
|
MITM |
Man in the middle; kerberos provides authentication and helps prevent MITM attacks |
|
MPLS |
Multi-protocol layer switch; WAN topology provided by telecoms |
|
MS-CHAP |
MS-CHAPv2 provides mutual authentication |
|
MTBF |
Mean time between failures |
|
MTTF |
Mean Time to Failure; meausre of systems reliability in hours |
|
MTTR |
Mean time to recovery; average time it takes to recover |
|
MTU |
Maximum transmission unit |
|
NDA |
Non disclosure agreement |
|
NDP |
Neighbor discovery protocol; ipv6 - similar to arp; performs autoconfig of device IPv6 addresses and discovers other devices on the network |
|
NIDS |
Network Based Intrusion Detection SyStem |
|
NIPS |
Network intrusion prevention system |
|
NOP |
No operation; used in buffer overflow attacks |
|
Network Operating System |
Software that runs on a server to manage resources on a network |
|
NTFS |
NT file system uses DAC model |
|
NTLM |
New tech LANMAN; stores pws in two 7 character blocks and then converting all lowercase letters to uppercase |
|
OCSP |
Online certificate status protocol; alternative to CRL; returns good, revoked, unknow |
|
OSI |
Open systems interconnection; osi model |
|
OVAL |
Open Vulnerability Assessment Language; international standard proposed for Vulnerability Assessment scanners to follow |
|
PAC |
Proxy Auto configuration; method used to autoconfig systems to use a proxy server |
|
PAM |
Pluggable authentication module; library of APIs used for authentication-related services |
|
PAN |
Personal Area Network |
|
PAP |
PW authentication protocol; older authentication protocol; used clear text to send PWs; |
|
PAT |
Port address translation; form of NAT that translates public IP addresses to private IP addresses; private IPs --->>>Public IPs |
|
PBX |
Private branch exchange; telephone switch used with telephone calls |
|
PCAP |
Packet capture |
|
PEAP |
Protected extensible authentication protocol; extra layer protection for peap; sometimes used with 802.1x; requires a cert on 802.1x server, doesn't require a cert on client side; uses MSCHAP primarily |
|
PIV |
Personal Identity Verification card |
|
POTS |
Plain-old telephone system; voice-grade telephone service using traditional telephone wires |
|
RADIUS |
Remote Authentication Dial-In user system; provides central Authentication for remote access users; e.g. AOL; uses symmetric encryption to encrypt PW packets and UDP for rest of Authentication process; TACACS+ encrypts full process |
|
RAID |
Redundant Array of Disks |
|
RAID-0 |
Disk stirping; no parity |
|
RAID-1 |
Disk mirroring |
|
RAID-5 |
Disk striping with parity; 3 or more disks; can survive single drive failure
|
|
RAID-6 |
Disk striping with parity; uses four or more disks and can survive the failure of two drives |
|
RAS |
Remote Access Service; dial-up or vpn to connect to network |
|
RAT |
Remote Access Tool; commonly used by APTs; gives attacker full control over a user's system from remote location; e.g. RDP |
|
RC |
Ron's code |
|
RFI |
Radio Frequency Interference; interference from AM/FM transmitters etc.
|
|
RFID |
Radio Frequency ID; often used in inventory control |
|
RPO |
Recovery Point Objective; amount of data you can afford to lose; point in time where data loss is accepable; related to
|
|
RTP |
Real-time protocol; standard used for delivering audio and video over an IP network; |
|
S/MIME |
Secure/Multipurpose Internet Mail Extensions; provides confidentiality, integrity, authentication, and non-repudiation; can digitally sign and encrypt email, including encyrption of email at rest; uses RSA with public and private keys for encyrption/decryption and PKI for certificates |
|
RTSP |
Rapid Tree Spanning protocol |
|
SAML |
Security Assertions Markup Language; XML-based standard used to exchange authentication and authorization info between different parties |
|
SAN |
Storage Area Network; specialized network of high-speed storage devices |
|
SCADA |
Supervisory Control and data acquisitions |
|
SCAP |
Security content Automation Procol; set of security specifications for various applications OSs |
|
SCEP |
Simple Certificate Enrollment Protocol; method for requesting a cert from a CA |
|
SCSI |
Small Computer Sys interface; set of standards used to connect peripherals to computers; |
|
SDLM |
Software Dev Life Cycle Management |
|
SEH |
Structured Exception Handler; module within an app that handles errors or exceptions; prevents applications from crashing or responding to events that can be exploited by attackers |
|
SELinux |
Sec-Enhanced Linux; Uses MAC model |
|
SHTTP |
SecureHTTP; https alternative rarely used |
|
SID |
Sec Identifier; Used in MS environs |
|
SIEM |
Sec Info and Event Management; sec system looking at sec events throughout an organization |
|
SIM |
Subscriber Identity Module |
|
SIRT |
Sec Identity Response team
|
|
SONET |
Sychron Optical Network Tech; multiplexing protocol used to transfer data over fiber-optics |
|
SPOF |
Single Point of Failure |
|
SSTP |
Securee Socket Tunneling Protocol; encrypts VPN traffic over TCP 443 |
|
TACACS+ |
Terminal Access Controller Access-Control System+; Provides central authentication for remote access clients; used as alternative to RADIUS; port 49 |
|
TFTP |
port 69; Trivial File Transfer Protocol |
|
TGT |
Ticket Granting Ticket |
|
TKIP |
Trusted Key Integrity Protocol; addressed problem with WEP; used with WPA; uses RC4 |
|
TOTP |
Time-based one time password |
|
TPM |
TRusted platform module; chip on motherboard included on newer laptops |
|
TSIG |
Transaction Signature; a method of securely providing updates to DNS with use of authentication |
|
UAT |
User Acceptance Testing |
|
UDP |
user datagram protocol |
|
UEFI |
Unified Extensible Firmware Interface; |
|
UPS |
Uninterruptible Power supply |
|
URI |
Unfirom Resource IDentifier; always includes the protocol; https://, https |
|
UTM |
Unified Threat management; sec appliance that combined multiple sec controls into a single solution; |
|
UTP |
Unshielded twisted pairs |
|
VDI |
virtualization desktop interface |
|
VLAN |
Virtualization local area network |
|
VSAN |
Virtual Storage Area Network |
|
WAF |
Web-app firewall; put it on a web server |
|
WAP |
Wireless application point |
|
WEP |
Wired equivalent privacy; wifi v1; security flaws; used RC4 incorrectly;; 10-26 hexadecimal |
|
WIPS |
Wireless Intrusion detection system |
|
WIDS |
Wireless Intrusion Detection System |
|
WPA |
Wifi protected access; replaced WEP; used TKIP with RC4; later versions used AES; in WPA attacks hackers captured four-way authentication handshake and then used brute-force to break it; 40-104bit encryption key which must be manually entered and doesn't change; WPA PSK - WPA personal; WPA-Enterpise - WPA-802.1x mode Enterprise , requires Radius server |
|
WPA2 |
Wifi protected access 2; uses CCMP (AES-based); uses 802.1x authentication server in WPA2 enterprise |
|
WTLS |
Wireless transport Layer Security; used to encrypt traffic for smaller wireless devices |
|
XML |
Xtensible Markup Language; used by many DBs for inputting or exporting data |
|
XTACACS |
Extended Terminall Access Controller Access-Control system; Cisco propietary
|
|
Security Baselining |
First step is create written security policy different tools to deploy the policy: sec templates, imaging, and Group Policy - account settings, password and account lockout policies, audit policies, user rights system service software restrictions; |
|
IMaging |
Three parts: 1) Source system; 2) Image Server; 3) Deploy images to clients |
|
Configuration Baseline |
config settings for a system (e.g. printer configuration, application settings, and TCP/IP settings |
|
USGCB |
US Gov Config Baseline: standard images |
|
Host Software Baselines |
all software installed on a system, along with a list of approved software; app baseline |
|
App COnfig Baselines |
Proper settings for applications; only refer to settings for applications |
|
performance baselines |
overall performance of a system at a point in time; difference between baseline and actual performance allows admin to identify problems |
|
EAP |
Extensible authentication protocol; Authentication framework-not a specific authentication mechanism; EAP-MD5; |
|
EAP- TLS |
uses/require client side certificates |
|
OSI Layers |
Please do not teach students pointless acronyms; physical data network transport session presentation application |
|
PPP |
Point to Point tunnelling protocol; typically is in phone lines; supports EAP |
|
CHAP |
Challenge handshake authentication protocol; primarily used for RA PPP connections; PAPs successor; When client wants to logon -- Server---Challenge --> Client . Client---Challenge (hashed) un/pw combo and a random number-->> Server Server performs same encryption |
|
Kerberos |
Port 88 3 players: Client, Target Server, KDC 3 parts: a) Authentication exchange, - client logs on after verfication gets TGT from KDC b) TGS - using TGT and logon session key - client request a new session key and tick for use w/target server c) CS Exchange - client sends the new ticket to target server |
|
Mutual Authentication |
Client authenticates to service Service Authenticates to client |
|
x500 |
used by LDAP |
|
Diameter |
AAA protocol; replaced RADIUS; uses TCP and SCTP instead of UDP; can encapsulate EAP messages |