Comptia Exam Objectives Security+

fraudulent attempt to obtain sensitive information or data, by disguising oneself as a trustworthy entity in an electronic communication.

When someone tries to trick you into giving them your private information via a text or SMS message.

Using social engineering over the telephone system to gain access to private personal and financial information for the purpose of financial reward

irrelevant or unsolicited messages sent to a large number of Internet users, for illegitimate advertising, and other activities such as phishing, and spreading malware

Spam delivered through instant messaging (IM) instead of through e-mail messaging

the act of sending emails to specific and well-researched targets while pretending to be a trusted sender

exploration of a system's trash bin for the purpose of finding details in order for a hacker to have a successful online assault.

When someone watches over your shoulder to nab valuable information as you key it into an electronic device.

cyberattack intended to redirect a website's traffic to another, fake site.

Social engineering attempt by cyber threat actors in which they trick employees into helping them gain unauthorized access into the company premises.

Procedures or techniques involving interacting with and communicating with others that is designed to gather knowledge or inform

Spear phishing that focuses on one specific high level executive or influencer

Prepend is a word that means to attach content as a prefix. For example, a prepend command could be used in a scripting language that a programmer would enter into a certain function or code module. It would add certain characters of text to the beginning of some variable or object.

identity fraud is the use of stolen information such as making fake ID's and fake bank accounts

using fraudulent invoices to steal from a company

the use of MITM attacks, DNS poisoning, phishing, etc. to amass large numbers of credentials (username / password combinations) for reuse.

- Information gathering about a target network

Cyber hoax scams are attacks that exploit unsuspecting users to provide valuable information, such as login credentials or money.

typically involves an email that seems to come from a trusted source.

security exploit in which the attacker seeks to compromise a specific group of end users by infecting websites that members of the group are known to visit. The goal is to infect a targeted user's computer and gain access to the network at the target's place of employment.

type of cybersquatting used by imposters that involve registering domains with intentionally misspelled names of popular web addresses to install malware on the user's system

the practice of presenting oneself as someone else in order to obtain private information.

actors designed to sow discord, manipulate public discourse, discredit the electoral system, bias the development of policy, or disrupt markets for the purpose of undermining interests

- Combining conventional warfare with cyberwarfare

Planned, coordinated marketing efforts using one or more social media platforms.

Authority: an attacker may try to appear to have a certain level authority. Intimidation: may try to make the victim think that something terrible is going to happen if they don't comply with the attacker's wishes. Consensus: An attacker may try to sway the mind of a victim using names they are familiar with, saying that such ones provided them information (they are fishing for) in the past and you should be able to do the same. Scarcity: An attacker may try to set a time limit on a victim so that they can comply with their wishes by a certain deadline. Familiarity: they make you familiar with them on the phone and make you want to do things for them. Trust: The attacker in this case can claim to be a friend or close associate of someone you may know very well and that's trusted. Urgency: When attackers want you to act and not think, they want you to do what they want as quickly as possible so that there's no time to spot all the red flags.

a program or file designed to be disruptive, invasive and harmful to your computer.

Software that encrypts programs and data until a ransom is paid to remove it.

Independent computer programs that copy themselves from one computer to other computers over a network

program that installs itself on a computer, typically without the user's informed consent

Software that uses legitimate programs to infect a computer. It does not rely on files and leaves no footprint, making it challenging to detect and remove.

A computer controlled by an attacker or cybercriminal which is used to send commands to systems compromised by malware and receive stolen data from a target network

self-propagating malware that infects its host and connects back to a central server(s).

Malware to remain in place for as long as possible, quietly mining in the background.

A computer program or part of a program that lies dormant until it is triggered by a specific logical event.

Type of malware that infects your PC or mobile device and gathers information about you, including the sites you visit, the things you download, your usernames and passwords, payment information, and the emails you send and receive.

software that tracks or logs the keys struck on your keyboard, typically in a covert manner so that you don't know that your actions are being monitored.

type of malware that allows covert surveillance, a backdoor for administrative control and unfettered and unauthorized remote access to a victim's machine.

software program, typically malicious, that provides privileged, root-level (i.e., administrative) access to a computer while concealing its presence on that machine

refers to any method by which authorized and unauthorized users are able to get around normal security measures and gain high level user access (aka root access) on a computer system, network, or software application.

Any type of attack in which the attacker attempts to obtain and make use of passwords illegitimately.

an attack that attempts to access a large number of accounts (usernames) with a few commonly used passwords.

An attack method that takes all the words from a dictionary file and attempts to log on by entering each dictionary entry as a password.

an attempt to guess a password by attempting every possible combination of characters and numbers in it

an attack on a password that uses a large pregenerated data set of hashes from nearly every possible password

the attacker has access to pairs of known plaintexts and their corresponding ciphertexts. The goal is to guess the secret key (or a number of secret keys) or to develop an algorithm which would allow him to decrypt any further messages.

usb which performs an unexpected, and unwanted function.

USB sticks are leveraged where an attacker needs physical access to a computer. The first notorious incident was observed back in 2010 when the notorious Stuxnet worm was distributed via USB sticks to launch attacks on the networks of an Iranian facility

the practice of making an unauthorized copy of a credit card. ... It requires copying information at a credit card terminal using an electronic device or software, then transferring the information from the stolen card to a new card or rewriting an existing card with the information.

Illegal practice used by identity thieves to capture credit card information from a cardholder surreptitiously.

1. Tainted training for machine learning (ML) 2. Security of machine learning algorithms

when hackers manipulate the code in third-party software components in order to compromise the 'downstream' applications that use them.

Data center employees are there solely to protect your data. Keep data secure with high efficiency from the start

1. Birthday: 2. Collision: 3. Downgrade:

type of network attack used to obtain unauthorized access to systems within the security perimeter, or sensitive systems, of an organization.

A web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. It allows an attacker to circumvent the same origin policy, which is designed to segregate different websites from each other.

the exploitation of a computer bug that is caused by processing invalid data into a vulnerable computer program and change the course of execution.

A relational data language that provides a consistent, English keyword-oriented set of facilities for query, data definition, data manipulation and data control. It is a programmed interface to relational database management systems

collection of small programs that can be loaded when needed by larger programs and used at the same time. The small program lets the larger program communicate with a specific device, such as a printer or scanner.

an open and cross platform protocol used for directory services authentication

Used to describe data. The standard is a flexible way to create information formats and electronically share structured data via the public Internet, as well as via corporate networks

Occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit

HTTP attack which allows attackers to access restricted directories and execute commands outside of the web server's root directory

Insertion of malicious code into memory by overrunning buffers outside of their assigned memory space.

when a software program depends on the timing of one or more processes to function correctly

Refers to the routines in a program that respond to abnormal input or conditions

The term used to describe functions such as validation, sanitization, filt ering, or encoding and/or decoding of input data.

When a cybercriminal eavesdrops on a secure network communication, intercepts it, and then fraudulently delays or resends it to misdirect the receiver into doing what the hacker wants.

the condition that occurs when the result of an arithmetic operation, such as multiplication or addition, exceeds the maximum size of the integer type used to store it. If a programmer stores the value 127 in such a variable and adds 1 to it, the result should be 128

1. Server-side 2. Cross-site

Hostile usage, or attempted hostile usage, of an API

The depletion effect which is manifested in the higher marginal recovery costs encountered as the resource stock is depleted.

When an application requests memory but never releases it

A technique that downgrades your connection from secure HTTPS to insecure HTTP and exposes you to eavesdropping and data manipulation.

attackers into device drivers so that they undermine security on your computer.

Additional code that can be run instead of the original driver

Improving the internal structure of an existing program's source code, while preserving its external behavior.

A hacking technique that allows an attacker to authenticate to a remote server or service by using the underlying NTLM or LanMan hash of a user's password, instead of requiring the associated plaintext password as is normally the case. It replaces the need for stealing the plaintext password with merely stealing the hash and using that to authenticate with.

Attack involves an attacker setting up a fraudulent wireless access point

Wireless access point that has been installed on a secure network without explicit authorization from a local network administrator, whether added by a well-meaning employee or by a malicious attacker.

Theft of user Bluetooth-enabled devices data.

Some users with Bluetooth-enabled mobiles use this technology to send anonymous text messages to strangers.

A type of DoS attack in which the attacker breaks the wireless connection between the victim device and the access point.

The transmission of radio signals that disrupt communications by decreasing the Signal-to-Inference-plus-Noise ratio

A wireless system comprised of two components: tags and readers .Tags, which use radio waves to communicate their identity and other information to nearby readers, can be passive or active.

A set of standards primarily for smartphones and smart cards that can be used to establish communication between devices in close proximity.

A 24-bit value used in WEP that changes each time a packet is encrypted.

Attackers place themselves between two devices (often a web browser and a web server) and intercept or modify communications between the two.

-Spanning Tree Protocol (STP) Attacks. -Address Resolution Protocol (ARP) Attacks. -Media Access Control (MAC) Spoofing. -Content Addressable Memory (CAM) Table Overflows. -Cisco Discovery Protocol (CDP)/Link Layer Discovery Protocol (LLDP) Reconnaissance. -Virtual LAN (VLAN) Hopping.

Type of cyber attack carried out over a Local Area Network (LAN) that involves sending malicious ARP packets to a default gateway on a LAN in order to change the pairings in its IP to MAC address table.

Setting the MAC address of your PC or any other MAC address as your device WAN port

A hierarchical system for naming resources on the Internet.

An attack where an organization's web address is stolen by another party. The other party changes the enrollment of another's domain name without the consent of its legitimate owner.

Technique used by criminals to alter DNS records and drive users to fake sites, to committing phishing.

A webserver function that sends a user from one URL to another.

The overall "health" of your branded domain as interpreted by mailbox providers

An attack that uses many computers to perform a DoS attack.

layer 3 attack is to slow down or crash a program, service, computer, or network, or to fill up capacity so that no one else can receive service.

Target the application layer of the Internet in order to disrupt the normal flow of traffic to a website or service.

Disrupting the normal traffic from to a specific device in operation

Any code in any part of a software system or script that is intended to cause undesired effects, security breaches or damage to a system.

An automated task framework from Microsoft, with a command line shell and a scripting language integrated into the .NET framework, which can be embedded within other applications.

An interpreted, object-oriented, high-level programming language with dynamic semantics.

A Unix shell and command language written by Brian Fox for the GNU Project as a free software replacement

A single instruction that expands automatically into a set of instructions to perform a particular task.

programming language you can use to create macros

a sophisticated, possibly long-running computer hack that is perpetrated by large, well-funded organizations such as governments

Current or former employee, contractor or other partner that has or had authorized access and intentionally misused that access

A person who is acting on behalf of a governmental body, and is therefore subject to limitations imposed on government by the United States Constitution

A protester seeking to make a political point by leveraging technology tools, often through system infiltration, defacement, or damage.

Individuals who want to break into computers to create damage, yet lack the advanced knowledge of computers and networks needed to do so.

Significant area of organized crime and consist of the supply of illegal goods and services; smuggling, bootlegging, gambling, prostitution and foreign exchange violations are examples of such crimes.

Strives to operate in the public's best interest rather than to create turmoil.

Intentionally gain unauthorized access to networks and systems with malicious intent.

computer security expert who may sometimes violate laws or typical ethical standards,

Projects that are managed outside of, and without the knowledge of, the IT department

An organization or country engaged in commercial or economic competition with others.

-threats originate from sources outside of the organization and its network of partners -encompasses company full-time employees, independent contractors, interns, and other staff.

Varying degrees of expertise, so the sophistication level of the attacker, if known, can describe the attacker's skill and knowledge. Disco Team is labeled as expert due to advanced attack methods and proficiency with tools or malicious code.

APTs, and nation states have a penchant for long-term attacks, which requires this which only major organizations or government can manage over time.

This can be simple or multifold in nature. A script kiddie is just trying to make a technique work. A more skilled threat actor is usually pursuing a specific objective, such as trying to make a point as a hacktivist. At the top of the intent pyramid is the APT threat actor, whose intent or motivation is at least threefold.

physical access vector;keylogger

vector that uses evil twin, rogue WAP

vector that uses phishing , social engineering, malware

represents a unique combination of theory and front-line practice that creates clear links between supply chain tactics and financial performance.

vector that uses information from social media

vector that interacts with usb

attack vector is a path or means by which a hacker can gain access to a computer or network server in order to deliver malicious outcome. Attack vectors include viruses, e-mail attachments, Web pages, pop-up windows, instant messages, chat rooms, and deception.

Is evidence-based knowledge, including context, mechanisms, indicators, implications and action-oriented advice about an existing or emerging menace or hazard to assets.

Information from media (newspapers, television), public government reports, professional and academic publications, and other openly available.

Are typically commercial solutions which incur a cost to use. Intelligence generated by these services can remain closed source, but some can trickle into the open source domain over time.

A platform aimed at collecting, maintaining, and disseminating information about discovered computer security vulnerabilities.

An industry-specific organization that gathers and shares information on cyber threats to critical infrastructure. ISACs also facilitate the sharing of data between public and private sector groups.

The part of the World Wide Web that is only accessible by means of special software, allowing users and website operators to remain anonymous or untraceable.

- unusual outbound traffic - anomalies in privileged account - geographic irregularities - login failures - swells in database read volume - large html responses - many requests for one file - mismatched port-applications - suspicious registry changes - spikes in dns requests from one host

system that enables the sharing of attack indicators between the US government and the private sector as soon as the treat is verified

An XML structured language for expressing and sharing threat intelligence

Effort aims to enable robust, secure, and high-volume exchanges of significantly more expressive sets of cyber threat information.

the use of data warehouses and complex algorithms to forecast future events, based on historical trends and calculated probabilities

A visual representation of the source and destination locations around the world for the traffic

A central file storage location

Are platforms that allow businesses to connect and collaborate with their third-party suppliers on the internet.

A feed that provides the product/platform applicability statement to CPE URI matching based on the CPEs in the official CPE dictionary.

A formal meeting for discussion.

A periodical publication in which scholarship relating to a particular academic discipline is published.

A document published by the IETF that details information about standardized Internet protocols and those in various development stages.

A way of grouping individual companies or stocks based on common business lines

The process of analyzing social media data to conduct quantitative (and at times qualitative) research in order to understand how audiences relate to topics, by using tools and data extraction techniques.

An ongoing stream of data related to potential or current threats to an organization's security

Describes an approach of analyzing an APT's operation or can be used as means of profiling a certain threat actor.

Cloud security is also typically cheaper because you don't have to spend money on dedicated hardware, plus you don't have to constantly monitor security. On-premises security, on the other hand, is exactly what it sounds like—security measures physically on the premises of a business. On-premises security refers to both the rules and tools in place to protect the security and accessibility of computer networks, including both hardware and software.

A cyber attack that occurs on the same day a weakness is discovered in software.

low bit amount, no salt

All permissions allowed

easy password, no password default password for admin account

lack of knowledge of the system or a lack of attention to detail, the result might be an open vulnerability that leaves the system or network exposed to security threats and potential damage

use of WEP or low bit encryptions in configurations

protocols with no encryption

credentials unchanged

unclosed ports in weak configurations that use unsecure protocols

potential risk that. arises from financial institutions relying on outside parties to perform services or activities on their behalf.

1. System integration 2. Lack of vendor support

potential threat presented to organizations' employee and customer data, financial information and operations from the organization's supply-chain and other outside parties that provide products and/or services and have access to privileged systems.

-Financial/reputational: Risk that a third party could damage your revenue or reputation. ... -Legal and regulatory: Risk that a third party will impact your compliance with legislation or regulation. ... -Operational: Risk that a third party could disrupt your operations.

risk of data not being physically accessible

Firmware: Operating system: Applications:

is an operating system (OS) no longer in widespread use, or that has been supplanted by an updated version of earlier technology.

data is accidentally deleted or something causes data to become corrupted;Losing files and documents often has a lasting impact on your company's financial health.

can come in the form of damage to the target company's reputation due to a perceived 'betrayal of trust. ' Victims and their customers may also suffer financial losses should related records be part of the information stolen.

potentially sensitive information becomes available to external parties who may misuse or abuse it

impact your ability to get credit, but it can also hurt your job prospects and increase your auto and homeowners insurance premiums.

devastating, with an individual's emotional wellbeing a primary casualty, and mental health also vulnerable victims perceive a sense of judgement from society about their losses, further exacerbating emotive and social impacts.

are common when large financial losses are announced

If your site is not available then obviously this has a negative impact on your business. Customers and potential customers can not see your website so you may lose business.

proactive security search through networks, endpoints, and datasets to hunt malicious, suspicious, or risky activities that have evaded detection by existing tools.

a collaborative effort of two or more agencies that provide resources, expertise and information to the center with the goal of maximizing their ability to detect, prevent, investigate, and respond to criminal and terrorist activity.

are an actionable threat data associated with indicators or artifacts gathered from third-party vendors to learn from the access and visibility of other organizations to improve your own cybersecurity threat awareness and response.

notify customers about one or more vulnerabilities. Customers are responsible for assessing the impact of any actual or potential security vulnerability in the context of their environment.

the application of force to capture, disrupt, deny, degrade, destroy or manipulate computing and information resources in order to achieve a position of advantage in respect to competitors.

an inspection of the potential points of exploit on a computer or network to identify security holes.

a test result which incorrectly indicates that a particular condition or attribute is present.

a test result which incorrectly indicates that a particular condition or attribute is absent.

interpreting and understand computer-generated records called logs

- make use of the admin account, do a more thorough check by looking for problems that cannot be seen from the network. -provide a quick view of vulnerabilities by only looking at network services exposed by the host.

-attempt to exploit a vulnerability when it is found. -identify a vulnerability and report on it so you can fix it

Technology used to scan applications for potential vulnerabilities and weaknesses.

automated tools that scan web applications, normally from the outside, to look for security vulnerabilities such as Cross-site scripting, SQL Injection, Command Injection, Path Traversal and insecure server configuration.

The application of vulnerability scanning to network devices to search for vulnerabilities at the network level.

a list of publicly disclosed computer security flaws.

provides a numerical (0-10) representation of the severity of an information security vulnerability.

an independent review of hardware and software for the purpose of assessing compliance with established performance requirements, commercial and appropriate military standards, and functional, allocated, and product baselines.

works by combining two technologies: a) Security information management (SIM), which collects data from log files for analysis and reports on security threats and events, and b) security event management (SEM), which conducts real-time system monitoring, notifies network admins about important issues and establishes correlations between security events.

provides an independent and in-depth assessment of the ability of an organisation to protect its information assets from the impact of cyber threats.

a computer networking term for intercepting a data packet that is crossing or moving over a specific computer network.

Whenever you enter data into your computer

apps launched, network activity, and, most critically files accessed (when the file or email was touched, who touched it, what was done with it and how frequently).

process of computationally identifying and categorizing opinions expressed in a piece of text, especially in order to determine whether the writer's attitude towards a particular topic, product, etc. is positive, negative, or neutral.

the automated process of collecting and analysing indicators of potential security threats, then triaging these threats with appropriate action.

software function that consolidates log data from throughout the IT infrastructure into a single centralized platform where it can be reviewed and analyzed.

store some logging informations, generally in order to send them to a remote location

refers to technologies that enable organizations to collect inputs monitored by the security operations team.

network that is known in the test enviroment

network that is unknown in the test environment

network has some elements shown in the test enviroment

inform participants of test parameters

technique used by cybercriminals to systematically move through a network in search of data or assets to exfiltrate.

network attack used to obtain unauthorized access to systems within the security perimeter, or sensitive systems, of an organization.

Remove all executable, scripts and temporary file from a compromised system.

a reward offered to a person who identifies an error or vulnerability in a computer program or system.

able to use the compromised host as a bridge to pivot to another network or system that is not directly accessible from the attacking system.

An attempt to gain information about targeted computers and networks without actively engaging with the systems. The attacker engages with the target system, typically conducting a port scan to determine find any open ports.

preliminary survey to gain information

an activity consisting of using an airplane and a Wi-Fi-equipped computer, such as a laptop or a PDA, to detect Wi-Fi wireless networks.

the act of searching for Wi-Fi wireless networks, usually from a moving vehicle, using a laptop or smartphone.

the technique used for gathering information about computer systems and the entities they belong to.

open source intelligence, is the practice of collecting information from published or otherwise publicly available sources.

Red-Team: Blue-Team: White-Team: Purple-Team:

The management and control of configurations for an information system with the goal of enabling security and managing risk

Network or physical diagrams

Standard or normal configuration

consistent use of a pattern that is easily understoof

chart lists what type of device it is, and it gives a range of numbers for the last octet of the IP address of each device

residency ensures that the data stays in the specified geographical location, makes sure that the information is subject to the legal punishments and protections of the country where it is physically stored.

the process of safeguarding important information from corruption, compromise or loss

a set of tools and processes used to ensure that sensitive data is not lost, misused, or accessed by unauthorized users.

data ofuscation

method where information is encoded and can only be accessed or decrypted by a user with the correct encryption key

aims to secure inactive data stored on any device or network.

is data actively moving from one location to another such as across the internet or through a private network.

as any operation or set of operations performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making

the process of turning a meaningful piece of data, such as an account number, into a random string of characters called a token that has no meaningful value if breached.

a way to protect copyrights for digital media. This approach includes the use of technologies that limit the copying and use of copyrighted works and proprietary software.

the study of the natural features of the earth's surface, including topography, climate, soil, vegetation, etc., and man's response to them.

focuses on returning things to normal following a chemical or biological incident. This involves the development of plans, , technologies, capabilities, and tools for remediation.

the process of intercepting SSL/TLS encrypted internet communication between the client and server. ... Along with your legitimate information, malicious content could also be hidden in the encrypted traffic.

is an algorithm performed on data such as a file or message to produce a number

the protection of network-exposed APIs that your organization both produces and consumes.

A configuration that extends the messaging infrastructure to multiple Active Directory sites to provide operational continuity for the messaging system in the event of a failure affecting one of the sites.

a commercial disaster recovery service that allows a business to continue computer and network operations in the event of a computer or equipment disaster.

is essentially office or datacenter space without any server-related equipment installed.

a backup facility that has the network connectivity and the necessary hardware equipment already pre-installed.

technology is a cybersecurity defense practice that aims to deceive attackers by distributing a collection of traps and decoys across a system's infrastructure to imitate genuine assets.

a controlled and safe environment for showing how attackers work and examining different types of threats.

bait files intended for hackers to access.

a decoy network that contains one or more honeypots

fake automated communication processes from multiple data sources.

provider that supplies systems looking for DNS information with false results, allowing an attacker to redirect a system to a potentially malicious destination.

deployment models: public, private, community, and hybrid.

a cloud computing service where enterprises rent or lease servers for compute and storage in the cloud. Users can run any operating system or applications on the rented servers without the maintenance and operating costs of those servers.

a complete development and deployment environment in the cloud, with resources that enable you to deliver everything from simple cloud-based apps to sophisticated, cloud-enabled enterprise applications.

is a way of delivering applications over the Internet—as a service. ... SaaS applications are sometimes called Web-based software, on-demand software, or hosted software.

describes a general category of services related to cloud computing and remote access. It recognizes the vast number of products, tools, and technologies that are now delivered to users as a service over the internet

a platform that uses the standard cloud computing model to make resources -- such as virtual machines, applications or storage -- available to users remotely. Public cloud services may be free or offered through a variety of subscription or on-demand pricing schemes, including a pay-per-usage model.

a cloud service model that provides a cloud computing solution to a limited number of individuals or organizations that is governed, managed and secured commonly by all the participating organizations or a third party managed service provider.

a computing model that offers a proprietary environment dedicated to a single business entity. As with other types of cloud computing environments, private cloud provides extended, virtualized computing resources via physical components stored on-premises or at a vendor's datacenter.

a solution that combines a private cloud with one or more public cloud services, with proprietary software enabling communication between each distinct service. A hybrid cloud strategy provides businesses with greater flexibility by moving workloads between cloud solutions as needs and costs fluctuate.

a third-party company offering a cloud-based platform, infrastructure, application or storage services. Much like a homeowner would pay for a utility such as electricity or gas, companies typically have to pay only for the amount of cloud services they use, as business demands require.

delivers services, such as network, application, infrastructure and security, via ongoing and regular support and active administration on customers' premises, in their MSP's data center (hosting), or in a third-party data center.

provides outsourced monitoring and management of security devices and systems. Common services include managed firewall, intrusion detection, virtual private network, vulnerability scanning and anti-viral services.

a solution hosted in-house and usually supported by a third-party. a solution hosted by a third-party and usually supported by a different third-party.

describes a decentralized computing structure located between the cloud and devices that produce data.

a distributed, open IT architecture that features decentralised processing power, enabling mobile computing and Internet of Things (IoT) technologies.

a computer that runs from resources stored on a central server instead of a localized hard drive.

sit on top of a physical server and its host OS typically Linux or Windows. shares the host OS kernel and, usually, the binaries and libraries, too.

a small, single service offered by a company. It derives from the distributed computing architecture that connects many small services, rather than having one large service.

the process of managing and provisioning computer data centers through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools.

using a central control program separate from network devices to manage the flow of data on a network

extends the capability of a visibility infrastructure platform so it can tie security tools they can operate collaboratively in an automated way

a way to build and run applications and services without having to manage infrastructure. Your application still runs on servers, but all the server management is done by AWS.

specialized application with a defined interface and structure that acts as a container for a web services solution.

a system rule that specifies resources and actions for a particular access feature. A resource is either a server or file that can be accessed through the system, and an action is to "allow" or "deny" a resource or to perform or not perform a function.

a network transit hub that you can use to interconnect your virtual private clouds (VPCs) and on-premises networks.

technology that lets you create useful IT services using resources that are traditionally bound to hardware. It allows you to use a physical machine's full capacity by distributing its capabilities among many users or environments.

happens when an administrator can no longer effectively control and manage all the virtual machines on a network.

a security exploit that enables a hacker/cracker to gain access to the primary hypervisor and its created virtual machines.

a collection of procedures and tools for developing, testing and debugging an application or program.

any space in which software undergoes a series of experimental uses.

a nearly exact replica of a production environment for software testing.

the setting where the latest working version of a computer program is installed and made available to end-users.

a way of preventing mistakes and defects in manufactured products and avoiding problems when delivering products or services to customers; which ISO 9000 defines as "part of quality management focused on providing confidence that quality requirements will be fulfilled".

Commission/Decommission of assets from the time it is installed, until the time it is decommissioned and disposed.

being composed of two separable attributes that reflect the intended, desired emergent properties of a system and the minimisation of unintended, undesired emergent properties.

Techniques used while coding to provide as much security as possible.

the process of reorganizing data in a database so that it meets two basic requirements: There is no redundancy of data, all data is stored in only one place.

a set of Structured Query Language (SQL) statements with an assigned name, which are stored in a relational database management system (RDBMS) as a group, so it can be reused and shared by multiple programs.

the deliberate act of creating source or machine code that is difficult for humans to understand. Like obfuscation in natural language, it may use needlessly roundabout expressions to compose statements.

reusing code that already exists either within your organization or externally when developing new software. The existing code may be reused to perform the same or very similar function.

validation is mainly used to validate and display form level errors validation is used for field level errors depends on javascript and may be turned off in some browser, which can lead to invalid data saved, while server side validation is very secure

function keeps track of the status of each memory location, either allocated or free.

commonly defined as a set of tools that can be used to create and develop applications.

An open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted.

a research field about the comprehension and engineering of diversity in the context of software.

is a computer program that translates computer code written in one programming language (the source language) into another language (the target language).

a numeric system that only uses two digits — 0 and 1

the process of using automation software to leverage existing scripts to deliver automation in a managed framework without having to do custom script development and maintenance going forward.

Using technology to automate IT processes.

used to detect compliance and risk issues associated with an organization's financial and operational environment.

Knowing the state of the system (its current configuration) and ensuring alignment with specifications and user requirements (at all times)

the practice of automating the integration of code changes from multiple contributors into a single software project. It's a primary DevOps best practice, allowing developers to frequently merge code changes into a central repository where builds and tests then run.

a software engineering approach in which teams produce software in short cycles, ensuring that the software can be reliably released at any time and, when releasing the software, without doing so manually.

a strategy in software development where code changes to an application are released automatically into the production environment.

is the ability of an IT infrastructure to quickly expand or cut back capacity and services without hindering or jeopardizing the infrastructure's stability, performance, security, governance or compliance protocols.

the measure of a system's ability to increase or decrease in performance and cost in response to changes in application and system processing demands.

is a category of processes and tools designed to keep track of multiple different versions of software, content, documents, websites and other information in development.

the process of recognizing a user's identity. It is the mechanism of associating an incoming request with a set of identifying credentials. ... Identification phase provides a user identity to the security system. This identity is provided in the form of a user ID.

a group of computing or network providers agreeing upon standards of operation in a collective fashion. The term may be used when describing the inter-operation of two distinct, formally disconnected, telecommunications networks that may have different internal structures.

the process of demonstrating that a piece of software has been properly instantiated on the platform.

a temporary passcode generated by an algorithm that uses the current time of day as one of its authentication factors.

is an event-based OTP where the moving factor in each code is based on a counter. Each time the HOTP is requested and validated, the moving factor is incremented based on a counter.

the most basic communications technology for mobile data transfer and is characterized by the exchange of short alphanumeric text messages between digital line and mobile devices. SMS messaging's key influential factor is affordability.

a small hardware device that the owner carries to authorize access to a network service.

a method of computer program debugging that is done by examining the code without executing the program.

the process of recognizing a user's identity. ... The credentials provided are compared to those on a file in a database of the authorized user's information on a local operating system or within an authentication server.

an automated message sent by an application to a user when the application is not open.

an instance of speaking to someone on the phone or attempting to contact someone by phone.

a means of verifying users into enterprise resources such as workstations and applications using a physical card in tandem with a smart card reader and software on the workstation.

a way to measure a person's physical characteristics to verify their identity.

the use of technology to identify a person based on some aspect of their biology. Fingerprint recognition is one of the first and original biometric technologies that have been grouped loosely under digital forensics.

a biometric technique that uses the unique patterns on a person's retina for person identification. The retina is the layer of blood vessels situated at the back of an eye.

an automated method of biometric identification that uses mathematical pattern-recognition techniques on video images of one or both of the irises of an individual's eyes, whose complex patterns are unique, stable, and can be seen from some distance.

a way of identifying or confirming an individual's identity using their face. Facial recognition systems can be used to identify people in photos, videos, or in real-time. Facial recognition is a category of biometric security.

a technology used to verify a person's identity using their unique vocal attributes. Everyone has different physical and behavioral characteristics that influence the sound of their voice and in combination these are—just like a fingerprint—unique to every individual.

a biometric authentication method based on the unique patterns of veins in the palms of people's hands. Palm vein recognition systems, like many other biometric technologies, capture an image of a target, acquire and process image data and compare it to a stored record for that individual.

one kind of biometric technology that can be used to monitor people without their cooperation. Some researchers are working on visually-based systems that use video cameras to analyze the movements of each body part—the knee, the foot, the shoulder, and so on.

based on several criteria including error rate, false acceptance rate (FAR), identification rate, false reject rate (FRR) and additional biometric system standards.

the percentage of identification instances in which unauthorised persons are incorrectly accepted.

the percentage of identification instances in which authorised persons are incorrectly rejected.

the point where the false reject rate (FRR) and false accept rate (FAR) are equal.

using two or more different factors to achieve authentication. Factors include: (i) something you know (e.g., password/PIN); (ii) something you have (e.g., cryptographic identification device, token); or (iii) something you are (e.g., biometric).

a system for tracking user activities on an IP-based network and controlling their access to network resources.

company keeps all of this IT infrastructure managed by a 3rd party company keeps all of this IT infrastructure onsite

is the duplication of critical components or functions of a system with the intention of increasing reliability of the system, usually in the form of a backup or fail-safe, or to improve actual system performance, such as in the case of GNSS receivers, or multi-threaded computer processing.

locations or areas that provide greater opportunity for families in terms of education, economic, mobility and transportation, health and environment, and neighborhood quality

RAID 0 - striping RAID 1 - mirroring RAID 5 - striping with parity RAID 6 - striping with double parity RAID 10 - combining mirroring and striping

is a fault-tolerance and performance-enhancement technique that defines more than one physical path between the CPU in a computer system and its mass-storage devices through the buses, controllers, switches, and bridge devices connecting them.

a device that acts as a reverse proxy and distributes network or application traffic across a number of servers.

the process of combining multiple network cards together for performance, load balancing, and redundancy reasons.

provides battery backup power when the flow of electricity drops to an inadequate voltage, or if it stops

appliances that supply electrical power during a power outage and prevent discontinuity of daily activities or disruption of business operations.

ensure stable power supply to a device, but it also helps prevent system damage. It allows for multiple usage of power by increasing power output. In short, it ensures regular direct current power supply.

is a device fitted with multiple outputs designed to distribute electric power, especially to racks of computers and networking equipment located within a data center.

duplicate

a dedicated, independent high-speed network that interconnects and delivers shared pools of storage devices to multiple servers.

an image file managed by the hypervisor that exhibits the behavior of a separate computer, capable of performing tasks such as running applications and programs like a separate computer.

full,incremental,snapshot,differential

complete copies of all configured data

save resources and time because they backup only the data that changed since the last backup of any kind.

a set of reference markers for data at a particular point in time

save resources and time because they backup only the data that changed since the last full backup

drive is one of the oldest data storage devices which allows for reading and writing data on a magnetic tape

data backup and recovery method that backs data up to hard disk storage

a backup that copies all selected files but does not mark each file as having been backed up

is dedicated file storage that enables multiple users and heterogeneous client devices to retrieve data from centralized disk capacity

a dedicated, independent high-speed network that interconnects and delivers shared pools of storage devices to multiple servers. Each server can access shared storage as if it were a drive directly attached to the server.

is a service in which the data and applications on a business's servers are backed up and stored on a remote server.

entire operating system, including files, executable programs and OS configurations.

places your files onto the Spare Backup data servers a backup performed while the database is off-line and unavailable to its users

good to consider when using an offsite storage solution

a desktop where nothing gets saved at the end of the user session.

undo the change prior to committing to a known solution

a copy of a system's hardware configuration and driver settings taken from the system's registry when the OS successfully boots.

a complete bootable computer installation including operating system which runs directly from a CD-ROM or similar storage device into a computer's memory, rather than loading from a hard disk drive.

he ability of an application or a system to handle a huge volume of workload or expand in response to an increased demand for database access, processing, networking, or system resources.

maintenance order by which the process of refurbishing damaged equipment or the spare parts of the equipment

interact and build strong relationships with a broader range of customers , good vs 0 day attacks

Promotes innovation through the introduction of new products, services, and solutions. Provides multiple channels from which to procure goods and services. Drives competition (on price and service levels) between the company's existing and potential vendors

a way of minimising risk and maximising the potential rewards of your portfolio

using from different categories...to achieve the same control objective.

Special-purpose software designed and included inside physical products

A low budget, pocket sized computer which is easy to program

Class of PLDs that contain an array of more complex logic cells that can be very flexibly interconnected to implement high-level logic circuits.

An open source electronics prototyping platform

used to control geographically dispersed assets, as well as distributed control systems (DCSs) and smaller control systems using programmable logic controllers to control localized processes.

implements SCADA

implements SCADA

implements SCADA

implements SCADA

the network of products embedded with connectivity-enabled electronics

Input devices used to measure physical traits, such as sound, heat, or light.

An electronic device connected to other devices, usually with wireless technology, to exchange data and information.

Devices that may be worn on a person's wrist or incorporated into clothing.

uses IOT for temperature and air quality

downside of IOT

used in heart monitors, have older OS

often seen as the most innovative and technologically advanced of all aircraft a very broad definition, and can apply to any fighter built for a particular purpose.

digital monitoring of consumption data and its regular transmission to the energy provider, and typically enables bidirectional communication.

Uses IP technology to transmit telephone calls

Systems that provide and regulate heating and cooling.

Robotic aircraft, used extensively by the military.

An all-in-one output device that usually combines a scanner, a laser or inkjet printer, and a fax modem.

A program with a specific purpose that must guarantee certain response times for particular computing tasks or else the machine's application is useless. Real-time operating systems are found in many types of robotic equipment.

The ongoing and systematic collection, analysis, and interpretation of health data essential to the planning, implementation, and evaluation of public health practice, closely integrated with the timely dissemination of these data to those who need to know. The final link in the surveillance chain is the application of these data to prevention and control.

A modern microprocessor that contain the CPU, memory, and peripheral interfaces; a miniature computer; an example is the Raspberry Pi.

high speed connection for mobile and wifi devices also can allow for more reliable low latency connections as well as energy efficiency and node connection

efers to data communication and telecommunications tools, technologies and services that utilize a narrower set or band of frequencies in the communication channel. These utilize the channel frequency that is considered flat or which will use a lesser number of frequency sets.

Baseband refers to the original frequency range of a transmission signal before it is converted, or modulated, to a different frequency range. When it is transmitted on a radio frequency (RF), it is modulated to a much higher, inaudible, frequency range

Removable cards in GSM phones that contain information for identifying subscribers. They can also store other information, such as messages and call history.

A short-range low-power network technology used for the Internet of Things.

not a lot of power can be drawn due to efficiency concern as well as portability

high end chips cannot be used without adequate cooling and power draw

due to the nature of wifi the connection itself is not very secure and is volatile

cannot be changed cannot be patched

have massive security flaws due to lack of support and no feature implementations

limited options no multifactor

range dependent on equipment used for connection 5g is strong but not as far as satellite but satellite has less data transfer and large amount of latency

only serves a single purpose; low cost

limited access hard to verify trust.

used to block paths

secured spaces with two of more sets of doors and an office sign-in area.

gives access to mantraps

doors, windows, fences motion detect

signs collectively, especially commercial or public display signs.

device for recording visual images in the form of photographs, film, or video signals.

to recognize the physical movement of an object in a given place or region. By acting segmentation among moving objects and stationary area or region, the moving objects motion could be tracked and thus could be analyzed later

Video cameras and receivers used for surveillance in areas that require security monitoring.

camouflage in plain sight that looks like a normal building

Guards: Robot sentries: Reception: Two-person integrity/control

Biometrics: Electronic: Physical: Cable Locks:

device that plugs into the charging port on your phone, acting as a shield between the public charging station's cord and your phone.

camras can see better also provides a barrier

smoke detector, stops fire

identify movement

changes in noise

access doors, door locks

water leaks

card reader

temperature change over time

quick large area video coverage

tracks personel

blocks electromagnetic fields

no physical connection

a network architecture that uses a single firewall with three network interfaces. Interface 1 is the public interface and connects to the Internet. Interface 2 connects to a DMZ (demilitarized zone) to which hosted public services are attached.

prevents cable cuts

physical separation of a network

reinforced room, expensive

similar to vault, smaller

allows the network operator to establish trust boundaries in accessing the management function to apply it to network resources. It also can be used to ensure management connectivity (including the ability to determine the status of any network component) independent of the status of other in-band network components.

where air is drawn in from a server room

Burning: Shredding: Pulping: Pulverizing: Degaussing: Third-party solutions :

authentication; non-reputable

important for hashing strength

increasing key size; hashing

adding random hash to product hash

transforming plaintext of any length into a short code called a hash

The process of sending and receiving secure cryptographic keys.

An algorithm that uses elliptic curves instead of prime numbers to compute keys.

hash has nothing revealed in transfer

is a field of applied quantum physics closely related to quantum information processing and quantum teleportation. Its most interesting application is protecting information channels against eavesdropping by means of quantum cryptography.

uses the principles of quantum physics to represent data and perform operations on these data

temporary keys

Authenticated: Unauthenticated: Counter:

Stream: Block:

Audio: Video: Image:

Enables processing of encrypted data without the need to decrypt the data. It allows the cloud customer to upload data to a cloud service provider for processing without the requirement to decipher the data first.

Modern malware tries to hide itself. Encrypted data hides the active malware code. Decryption occurs during execution.

Password hashing. Protect the original password. Add salts to randomize the stored password hash.

Confirm the authenticity of data. Digital signature provides both integrity and non-repudiation.

hashing takes a large amount of computing power and can only be done at a certain speed

the larger the size the more secure but also much harder and longer to process and store

small keys are easily to brute force

larger keys are very time consuming

keys become less secure over time as new technologies emerge

the actual hashing process is not random; everything has a pattern

reusing reduced complexity and security of the key

nothing is random

takes much longer time and computing power the larger the hash

hard to do must be both effective and not time consuming

a set of rules or procedures for transmitting data between electronic devices, such as computers

uses public key and cryptography

uses encryption with terminal remote access

used in mail servers for encryptions of mail

uses AES encryption

uses SSL for secure use of looking through directories and organized sets

A secure version of the File Transfer Protocol optimized for file transfers. It uses SSL or TLS for security and uses port 990 or 21.

One method for sending FTP traffic over a Secure Shell (SSH) session using native SSH commands and methods. Note that this is not the same thing as tunneling regular FTP traffic over SSH (referred to as FTP over SSH, which is called Secure FTP).

used in HTTPS connections

A protocol for transfer of material across the Internet that contains links to additional material that is carried over a secure tunnel via SSL or TLS.

used in layer 3 authentication and encryption

integrity in packet creation

a communications protocol that allows for the movement of data from one network to another

used in mail receiving from a remote server to a local email client.

the interactions between the "actor" and the system.

VOIP,HTTPS

NTP

POP, IMAP, MIME

HTTPS, FTP

LDAPS

SSH

DNS

SSH, SNMPv3,,HTTPS

DHCP

Antivirus/Anti malware

antivirus software (looks more holistically at everything that is necessary to protect)

software that is specifically designed to detect viruses and protect a computer and files from harm

software that prevents attacks by a wide range of destructive, malicious, or intrusive programs

a system to gather and analyze security threat-related information from computer workstations and other endpoints, with the goal of finding security breaches as they happen and facilitating a quick response to discovered or potential threats.

email, cloud storage

allow/deny app features, prevents url access

block known attacks, secure OS

A system that looks for computer intrusions by monitoring activity on one or more individual PCs or servers.

A firewall that only protects the computer on which it's installed.

chapter provides an introduction to the concept of roots of trust in a trusted computing platform, the measured boot process, and the attestation that are critical steps

specification that defines a software interface between an operating system and platform firmware can support remote diagnostics and repair of computers, even with no operating system installed.

A UEFI firmware feature that logs the startup process. Antimalware software can analyze this to log to determine if malware is on the computer or or if the boot components were tampered with.

software integrity measurements are immediately committed to during boot, thus relaxing the traditional requirement for secure storage and reporting.

the process of turning a meaningful piece of data, such as an account number, into a random string of characters called a token that has no meaningful value if breached.

A cryptographic salt is made up of random bits added to each password instance before its hashing. Salts create unique passwords even in the instance of two users choosing the same passwords.

a technique to directly search the location of desired data on the disk without using index structure. Used to index and retrieve items in a database as it is faster to search that specific item using the shorter hashed key instead of using its original value.

the process of developing, adding, and testing security features within applications to prevent security vulnerabilities against threats such as unauthorized access and modification.

the process of testing input received by the application for compliance against a standard defined within the application. It can be as simple as strictly typing a parameter and as complex as using regular expressions or business logic to validate input.

attribute is sent to the server only with an encrypted request over the HTTPS protocol, never with unsecured HTTP (except on localhost), and therefore can't easily be accessed by a man-in-the-middle attacker.

let the client and the server pass additional information with an HTTP request or response

confirms who the author of the software is and proves that the code has not been altered or tampered with after it was signed.

entries allowed through a firewall

entries not allowed through a firewall

helps to mitigate the vulnerabilities and risks associated with the software product development process.

Manuel code review: a method of debugging by examining source code before a program is run. It's done by analyzing a set of code against a set (or multiple sets) of coding rules.

the method of debugging by examining an application during or after a program is run.

an automated software testing technique that attempts to find hackable software bugs by randomly feeding invalid and unexpected inputs and data into a computer program in order to find coding errors and security loopholes.

is usually the process of securing a system by reducing its surface of vulnerability, which is larger when a system performs more functions; in principle a single-function system is more secure than a multipurpose one.

is used to mean a TCP or UDP port number that is configured to accept packets. web pages or FTP, require their respective ports to be "open" on the server in order to be publicly reachable.

a database of settings used by Microsoft Windows. It stores configurations for hardware devices, installed applications, and the Windows operating system.

Best protection against data compromise in the event of physical theft of the device.

software that supports a computer's basic functions, such as scheduling tasks, executing applications, and controlling peripherals.

Third-party updates: Auto-update:

Opal: a set of specifications for features of data storage devices (such as disk drives) that enhance their security.

the foundation on which all secure operations of a computing system depend.

everybody's certificate is issued by a third party called Certificate Authority (CA) these CAs may issue certificates themselves, or they may issue certificates that are used to issue certificates down some chain. The whole structure is like a trust tree.

A form of software virtualization that lets programs and processes run in their own isolated virtual environment

as the methodical and efficient distribution of network or application traffic across multiple servers in a server farm. Each sits between client devices and backend servers, receiving and then distributing incoming requests to any available server capable of fulfilling them.

cluster is typically made up of at least two nodes, both actively running the same kind of service simultaneously to achieve load balancing .

not all nodes are going to be active the first node is already active, the second node must be passive or on standby.

nodes that take turns load balancing

farm cluster address is required to load balance clients requests and to reroute clients in case of failover.

a process in which a load balancer creates an affinity between a client and a specific network server for the duration of a session

is an architectural approach that divides a network into multiple segments or subnets, each acting as its own small network. This allows network administrators to control the flow of traffic between subnets based on granular policies.

allows different computers and devices to be connected virtually to each other as if they were in a LAN sharing a single broadcast domain ; helpful for organizational use mainly because it can be used to segment a larger network into smaller segments.

also known as DMZ; commonly uses two firewalls; one between public network and DMZ; other resides between the DMZ and the private network

denotes a direction of traffic flow within a data center

an intranet that can be partially accessed by authorized outside users, enabling businesses to exchange information over the internet securely.

a network designed for the exclusive use of computer users within an organization that cannot be accessed by users outside the organization

a security concept centered on the belief that organizations should not automatically trust anything inside or outside its perimeters and instead must verify anything and everything trying to connect to its systems before granting access.

a solution that allows a client to automatically establish a VPN connection without any user interaction.

sending part of your traffic through a VPN and part of it through the open network. using your VPN for all your traffic,

Individual users are connected to the private network and It allows the technique to access the services and resources of that private network remotely IPsec security method is used to create an encrypted tunnel from one customer network to remote site of the customer

a group of protocols that are used together to set up encrypted connections between devices. It helps keep data sent over public networks secure.

enables individual users to access an organization's network, client-server applications, and internal network utilities and directories without the need for specialized software.

Portal allows you to provide this without needing to expose the server directly to the Internet or allowing traditional VPN connections. Essentially the UTM proxies your shell session

a standard protocol for tunneling L2 traffic over an IP network. Its ability to carry almost any L2 data format over IP or other L3 networks makes it particularly useful.

the phonebook of the Internet. Humans access information online through domain names, like nytimes.com or espn.com.

a computer networking solution that uses a set of protocols to define and implement a policy that describes how to secure access to network nodes by devices when they initially attempt to access the network.

persistent agent lives on the end station, where it performs authentication and compliance checking before allowing network access. not installed on the clients and are often used to inspect employee-owned mobile devices. ... However, management wants to ensure that mobile devices meet minimum standards for security before they can access any network resources.

is part of a broader definition concerning maritime security. It refers to the defense, law and treaty enforcement, and counterterrorism activities that fall within the port and maritime domain.

a feature of many managed switches in which the switch intentionally ceases to forward all broadcast traffic if the bandwidth consumed by incoming broadcast frames exceeds a designated threshold.

message transmitted across a local area network to detect loops in network topologies guard functionality prevents malicious attacks on edge ports.

A method of preventing switching loop or bridge loop problems. Both STP and RSTP prevent switching loops.

feature provides network protection from rogue DHCP servers. It creates a logical firewall between untrusted hosts and DHCP servers. In addition, the switch uses this table to identify and filter untrusted messages from the network.

The method to secure a network by limiting which devices are allowed to connect to a network based on a list of MAC addresses kept by the wireless access points.

computing appliance that aids in the flow of information to other network-connected computing devices. Services that may be provided include firewall functions, caching, authentication, network address translation and IP address management.

used to access and manage devices in a separate security zone; hardened and monitored device that spans two dissimilar security zones and provides a controlled means of access between them.

server application or appliance that acts as an intermediary for requests from clients seeking resources from servers that provide those resources. Forward: provides proxy services to a client or a group of clients. Reverse: routes traffic on behalf of multiple servers verse proxy effectively serves as a gateway between clients, users, and application servers.

NIDS: detects malicious traffic on a network. NIDS usually require promiscuous network access in order to analyze all traffic, including all unicast traffic. NIPS: are the network security appliances or applications that monitor the network traffic comprising network segments or devices, and analyze the network and the protocol activities for any suspicious activities.

involves your antivirus having a predefined repository of static signatures (fingerprints) that represent known network threats.

determines the susceptibility of a system towards particular threat/risk using various decision rules or weighing methods commonly uses A.I

inline sensor is inserted into a network segment so that the traffic that it is monitoring must pass through the sensor. A passive sensor monitors a copy of network traffic; the actual traffic does not pass through the device

s a physical device that provides extra security for sensitive data. This type of device is used to provision cryptographic keys for critical functions such as encryption, decryption and authentication for the use of applications, identities and databases.

Syslogs,IPS,firewalls

gathers together materials from a variety of sources

hardware, software, or both designed to prevent unauthorized persons from accessing electronic information

A firewall that operates at the application level, specifically designed to protect web applications by examining requests at the application stack level.

delivers comprehensive, unified policy management of firewall functions, application control, threat prevention, and advanced malware protection from the network to the endpoint.

is a network-based firewall that individually tracks sessions of network connections traversing it also referred to as dynamic packet filtering, is a security feature often used in non-commercial and business networks

designed to protect networks based on static information such as source and destination.

a simple code that can be attached to any URL to generate Google Analytics data for digital campaigns.

NAT gateway gives cloud resources without public IP addresses access to the internet without exposing those resources to incoming internet connections

limits access by comparing web traffic against a database to prevent employees from accessing harmful sites such as phishing pages.

open-source has large amount of functionality for the money proprietary have higher control and higher speeds

hardware is purpose built so is very good as specific function software is much more flexible and has many features but not as detailed

application firewall is a type of firewall that governs traffic to, from, or by an application or service use a series of configured policies to determine whether to block or allow communications to or from an app. firewall software that runs on an individual computer or device connected to a network. virtual firewall is a firewall device or service that provides network traffic filtering and monitoring for virtual machines (VMs) in a virtualized environment. Like a traditional network firewall, a virtual firewall inspects packets and uses security policy rules to block unapproved communication between VMs.

a collection of permit and deny conditions, called rules, that provide security by blocking unauthorized users and allowing authorized users to access specific resources.

Securing routing operation from attacks in a network by deploying appropriate defense

a set of technologies that work on a network to guarantee its ability to dependably run high-priority applications and traffic under limited network capacity.

reduces the size of routing tables and makes routing more efficient and hierarchical; contains no IP-level checksum, so the checksum does not need to be recalculated at every router hop

the network switch ability to send a copy of network data packets being transmitted over a switch port to a network monitoring or inspection device that is itself connected to the port mirror Port taps:two most common ways of accessing monitoring data are through either a switched port analyzer (SPAN) port or a test access port (Tap). A tap is a purpose-built device that passively makes a copy of network data but does not alter the data. Once you install it, you are done. No programming is required.

Reviewing the services the client receives, the conditions that may have changed since planning, and progress toward the goals and objectives of the plan offers security checks and fast response times

performs the act of validating the integrity of operating system and application software files using a verification method between the current file state and a known, good baseline.

Protocols meant to ensure security via encryption and cryptography.

-improved version of WPA -supports robust encryption (government grade security) -can be enabled with password authentication or server authentication

-improved version of WPA2 -provides improvements to the general Wi-Fi encryption, Simultaneous Authentication of Equals (SAE) replaces the Pre-Shared Key (PSK) -more individualized. Users on the Personal network can't snoop on another's Personal traffic -Wi-Fi Easy Connect replacing WPS

Uses AES w/128 bit keys uses CCM that combines CTR mode for data confidentiality and CBC-MAC for authentication and integrity replaces TKIP

an password based authentication and key establishment protocol initially introduced in IEEE 802.11s for mesh networks.

EAP, PEAP, EAP-FAST, EAP-TLS, EAP-TTLS,IEEE 802.1X, Radius

is a protocol for wireless networks that expands the authentication methods used by the Point-to-Point Protocol (PPP), a protocol often used when connecting a computer to the internet. ... It provides the framework within which the various authentication methods work.

is a protocol that encapsulates the Extensible Authentication Protocol (EAP) within an encrypted and authenticated Transport Layer Security (TLS) tunnel.

uses a two-phase tunneled authentication process. In the first phase of authentication, employs the TLS handshake to provide an authenticated key exchange and to establish a protected tunnel between the client and the authentication server.

Uses PKI, requiring both server-side and client-side certificates.

Simplifies EAP-TLS by dropping the client-side certificate requirement.

Supplicant (e.g., client software); Authenticator (e.g., access point); Authentication server (e.g., a RADIUS/AAA server)

is a client/server protocol and software that enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service.

pre-shared key vs enterprise vs open, WPS, Captive portals

a client authentication method that uses a string of 64 hexadecimal digits, or as a passphrase of 8 to 63 printable ASCII characters, to generate unique encryption keys for each wireless client. VS WPA2 Enterprise uses IEEE 802.1X VS WiFi that is not password protected Sometimes the WiFi turns out to be a captive portal

An automated setup feature supported by most current 802.11 wireless access points.

refers to a specific technique of using an HTTP client to handle authentication on a wireless network. Frequently employed in public hot spots, this opens a web browser to an authentication page. This occurs before the user is granted admission to the network. The access point uses this simple mechanism by intercepting all packets and returning the web page for login. The actual web server that serves up the authentication page that can be in a walled-off section of the network, blocking access to the Internet until the user successfully authenticates.

Site Surveys, Heat Maps, Wifi Analyzers, Channel Overlay, WAP, Controller and access point security

survey of wireless landscape often uses heat maps

identifies wifi signal strength

useful software application that can tell you many things about your wireless network and the networks around you, helping you optimize your WiFi for best performance.

can cause frequency conflicts, are used (2-5, 7-10 in 2.4GHz), any stations (STAs) on those channels will transmit independent of what is happening on the other channels, causing a degradation of performance.

important for wifi connection efficiency, test signal strength, and avoid overlapping

connects multiple wireless devices together in a single wireless network. Access point supports both type of standards; Ethernet and Wi-Fi. To extend the coverage area, multiple access points are used together under a Wireless LAN Controller.

cellular, wifi, bluetooth , nfc , infrared, USB, point-to-point, point-to-multipoint, GPS, RFID

Uses antenna for connection, has security problems

connection uses a WAP, sec problems

connection is highspeed and uses PAN

connection uses 2 way WIFI, known to jam, short length, PAN

connection uses wifi to specific locations

connection uses wifi to multiple locations

connection uses satellites, inaccurate, sec issues

connection is a wireless non-contact use of radio frequency waves to transfer data no battery until signal is sent

remotely controls smartphones and tablets, ensuring data security

refers to the suite of Intune management features that lets you publish, push, configure, secure, monitor, and update mobile apps for your users

a part of most mobile device management (MDM) solutions that provides secure access to corporate resources such as documents and media files on any mobile device such as smartphones, tablets and laptops.

useful security feature of mobile device management. It totally erases the device's memory, in case the device gets lost or stolen

the use of GPS or RFID technology to create a virtual geographic boundary, enabling software to trigger a response when a mobile device enters or leaves a particular area.

the process or technique of identifying the geographical location of a person or device by means of digital information processed via the internet.

graphical user interface displayed by a device (such as a computer or smartphone) that prevents access to most functions of the device until a certain action (such as swiping one's finger across the screen or entering a predetermined code) is performed

automated message sent by an application to a user when the application is not open.

an arbitrary string of characters including letters, digits, or other symbols. If the permissible characters are constrained to be numeric, the corresponding secret is sometimes called a personal identification number

refers to security processes that verify a user's identity through unique biological traits such as retinas, irises, voices, facial characteristics, and fingerprints

the use of situational information (such as identity, geolocation, time of day or type of endpoint device) to improve information security decisions.

defined as a form of operating system virtualization, through which applications are run in isolated user spaces called containers, all using the same shared operating system

method used to isolate data on mobile devices. It allows personal data to be stored in one location and encrypted corporate data to be stored elsewhere.

the process of encoding all user data on an Android device using an encrypted key

is a hardware security module coming in the form of a microSD card. It provides security services driven by hardware-based crypto engines, including encryption, key generation and key life cycle management, digital signature, authentication and other cryptographic functions.

manage devices across a variety of platforms, theoretically, at least, making it easier to lockdown hardware and protect critical data

refers to the management of the complete lifecycle of every app used in an enterprise. ... It also includes defining app policies that includes restrictions pertaining to the apps and data stored on the apps.

Security Enhancements for Android, a security solution for Android that identifies and addresses critical gaps.

stores have some sort of regulation for the apps but the user still does not know what is being done or what can be done with the software

the process of removing the limitations put in place by a device's manufacturer.

a good method to add more features to iphones and android but tools are not regulated like in the app store so caution is advised , data breachs/ leaks

aftermarket firmware, is an unofficial new or modified version of firmware created by third parties on devices such as video game consoles and various embedded device types to provide new features or to unlock hidden functionality.

lets you switch carriers without buying a new device. All carriers are required to let you do this, as long as you've paid off the phone. Many smartphones can work with any U.S. carrier. You can check your phone's compatibility online.

is the wireless delivery of new software, firmware, or other data to mobile devices. Wireless carriers and original equipment manufacturers (OEMs) typically use over-the-air updates to deploy firmware and configure phones for use on their networks over Wi-Fi or mobile broadband poor security

meant to keep you and other property safe, not to stalk you. Cameras are there not to invade a person's privacy but to protect the public by deterring criminal activity and by providing material evidence when a crime has been caught on film.

mms built using the same technology as SMS to allow SMS users to send multimedia content. It's most popularly used to send pictures, but can also be used to send audio, phone contacts, and video files careful of files downloaded by friends, no security measures to check for the attachment RCS is a communication protocol between mobile telephone carriers and between phone and carrier, aiming at replacing SMS messages with a text-message system that is richer, provides phonebook polling (for service discovery), and can transmit in-call multimedia no security measures to check for the attachment

non-fixed-disk based storage media, including tape, optical disk, and CD. ... External Storage Media means disks, tapes, and optical disks, careful of different medium put in disable auto run

allows the connection of input devices, data storage, and A/V devices. OTG can allow you to connect up your USB mic to your Android phone. You could even use it to edit with your mouse, or to type an article with your phone. careful with input of different things such as rogue USB drives

disable and geofence it

can use in different areas, causes concern with locations

wireless network structure where devices can communicate directly with each other, don't use in public

sharing of a mobile device's Internet connection with other connected computers dont use in large public space don't know who is connected

a physical location where people may obtain Internet access, typically using Wi-Fi technology, via a wireless local-area network (WLAN) using a router connected to an Internet service provider.

Cash. Checks. Debit cards. Credit cards. Mobile payments. Electronic bank transfers. dont store it anywhere

good for users and cost but policies must be reinforced to make sure security measures are maintained.

IT business strategy through which an organization buys and provides computing resources and devices to be used and managed by employees

the corporation would provide the end user with a number of different options for a mobile device. And then the end user can decide what type of device they would like the corporation to buy for them.

organization or the corporation purchases the mobile device, and then it's used both as a corporate device and as a personal device for the end user.

he hosting of desktop environments on a central server. It is a form of desktop virtualization, as the specific desktop images run within virtual machines (VMs) and are delivered to end clients over a network.

a set of security controls that protects cloud environments against vulnerabilities and reduces the effects of malicious attacks.

tools and technologies used to manage digital authentication credentials.

considers the relationship between information technology, financial and operational controls in establishing an effective and efficient internal control environment.

Can access the device storage at any time. This means it can upload personal files or even delete sensitive information from the device.

The use of encryption to protect stored or backed-up data both in transit and in the storage medium to provide an additional layer of security.

a managed service in which stored or archived data is duplicated in real time over a storage area network (SAN)

a storage system that is continuously operational or provides at least 99% uptime.Redundancy is a key feature of HA storage, as it allows data to be kept in more than one place and eliminates a single points of failure (SPOF).

a network where all devices, servers, virtual machines, and data centers that are connected are done so through software and wireless technology.

A public subnet is a subnet that's associated with a route table that has a route to an internet gateway. A private subnet with a size /24 IPv4 CIDR block (example: 10.0. 1.0/24). ... This connects the VPC to the internet and to other AWS services. Instances with private IPv4 addresses in the subnet range (examples: 10.0.

helps you to protect your business against insider attacks as well as attacks by outsiders. Reducing Damage from Successful Attacks.

refers to this seamless connectivity that allows organizations to automate business processes, and enhance the sharing and embedding of data between various applications and systems.

used to collect user accounts, computer accounts, and other groups into manageable units. In the Windows Server operating system, there are several built-in accounts and security groups that are preconfigured with the appropriate rights and permissions to perform specific tasks.

a virtual table used to determine availability of resources for allocation. The table consists of resources provided by all PM's by means of its Virtual Machines

refers to the idea that computers can both sense, and react based on their environment. Devices may have information about the circumstances under which they are able to operate and based on rules, or an intelligent stimulus, react accordingly.

are horizontally scaled, redundant, and highly available VPC components. They allow communication between instances in your VPC and services without imposing availability risks.

the process of implementing security tools and policies to assure that all in your container is running as intended, including protection of infrastructure, software supply chain, runtime, and everything between.

is cloud-hosted software or on-premises software or hardware that act as an intermediary between users and cloud service providers. The ability of a CASB to address gaps in security extends across software-as-a-service (SaaS), platform-as-a-service (PaaS), and infrastructure-as-a-service (IaaS) environments.

describes security measures at the application level that aim to prevent data or code within the app from being stolen or hijacked.

protects users from web-based threats in addition to applying and enforcing corporate acceptable use policies. ... Block access to inappropriate websites or content based on acceptable use policies. Enforce their security policies to make internet access safer.

Cost: Need for segmentation: Open systems Interconnection (OSI) Layers

platform and infrastructure security, as well as continuous application security. The security must be built into the assets you're working to secure. This applies to multiple layers, from OS to container to application VS company offering a cloud-based platform, infrastructure, application or storage services. Much like a homeowner would pay for a utility such as electricity or gas, companies typically have to pay only for the amount of cloud services they use, as business demands require.

a service that stores and manages digital identities. Companies use these services to allow their employees or users to connect with the resources they need.

personal identifiers that are commonly used to distinguish one person from others. Examples include, but are not limited to, name, date of birth, social security number (SSN), and address.

may be used only for authentication or may be used for both authentication and digital signatures.

a security Token that contains Claims about the Authentication of an End-User by an Authorization Server when using a OAuth Client, and potentially other requested Claims.

a physical electronic authorization device, used to control access to a resource.

an identity created for a person in a computer or computing system

any non-person account that may allow multiple users to use a single account to authenticate to the network, application or other university resources.

a user account that is created to isolate a service or application.

consist of at least seven characters, including three of the following four character types: uppercase letters, lowercase letters, numeric digits, and non-alphanumeric characters such as & $ * and !.

Number of unique passwords that must be used before an user can re-use his old password.

a problem where people try to remember multiple passwords for everything they interact with on a regular basis, but instead use the same password on multiple systems, tiers of applications, or even social sites.

a profile that includes a collection of network and sharing settings that get applied to the network you are connected to. Based on the network location assigned to your active network connection, features such as file and printer sharing, network discovery and others might be enabled or disabled.

specifying this boundary in an app or web portal, and by providing the software access to your smartphone's location data.

the process of adding geographical identification metadata to various media such as a geotagged photograph or video, websites, SMS messages, QR Codes or RSS feeds and is a form of geospatial metadata.

refers to the use of location technologies such as GPS or IP addresses to identify and track the whereabouts of connected electronic devices. Because these devices are often carried on an individual's person, geolocation is often used to track the movements and location of people and surveillance.

a standard procedure to grant access to an area by detecting a person at an entrance an opening the barrier at a certain time.

a list of user groups and the resources with which users in the group are to be provisioned or deprovisioned.

verifies that user accounts are used appropriately and consistently with organizational policies.

a calculation made by comparing a user's last known location to their current location, then assessing whether the trip is likely or even possible in the time that elapsed between the two measurements.

"locks" the user's account after a defined number of failed password attempts.

technical issues that can cause temporary deactivation.

a user created secret phrase that is used to verify identity or generate cryptographic keys

a program that stores usernames and passwords for multiple applications in a secure location and in an encrypted format.

a computer chip (microcontroller) that can securely store artifacts used to authenticate the platform (your PC or laptop). These artifacts can include passwords, certificates, or encryption keys.

a dedicated cryptographic processor designed to protect highly critical and sensitive keys and assets. HSMs act as trust anchors that protect the cryptographic infrastructure of some of the most security-conscious organizations in the world.

a method of authentication which seeks to prove the identity of someone accessing a service such as a financial institution or website.

confirms that users are who they say they are. gives those users permission to access a resource.

a protocol for wireless networks that expands the authentication methods used by the Point-to-Point Protocol (PPP), a protocol often used when connecting a computer to the internet. ... It provides the framework within which the various authentication methods work.

an identity checking protocol that periodically re-authenticates the user during an online session

The oldest and most basic form of authentication and also the least safe because it sends all passwords in cleartext.

a network authentication protocol that opens ports for network access when an organization authenticates a user's identity and authorizes them for access to the network.

open standard client/server protocol and software that enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service.

Using one authentication credential to access multiple accounts or applications.

a standardized way to tell external applications and services that a user is who they say they are makes single sign-on technology possible by providing a way to authenticate a user once and then communicate that authentication to multiple applications.

is Cisco proprietary protocol which is used for the communication of the Cisco client and Cisco ACS server. It uses TCP port number 49 which makes it reliable.

allows third-party services to exchange your information without you having to give away your password.

A decentralized open source federated identity management system that does not require specific software to be installed on the desktop.

a computer network security protocol that authenticates service requests between two or more trusted hosts across an untrusted network, like the internet. It uses secret-key cryptography and a trusted third party for authenticating client-server applications and verifying users' identities

regulates who or what can view or use resources in a computing environment

This is an access control paradigm whereby access rights are granted to users with policies that combine attributes together.

Select below the access control model that uses access based on a user's job function within an organization:

An access control model that based on a list of predefined rules that determine what accesses should be granted

A means of restricting access to data based on varying degrees of security requirements for information contained in the objects and the corresponding security clearance of users or programs acting on their behalf.

A means of restricting access to objects based on the identity of subjects and/or groups to which they belong.

is the protection of content by requiring certain criteria to be met before granting access to the content. The term is commonly used in relation to digital television systems and to software.

refers to systems that securely manage the accounts of users who have elevated permissions to critical, corporate resources.

control what user is permitted to perform which actions on a file

a catch-all term for everything used to establish and manage public key encryption, one of the most common forms of internet encryption.

The method whereby two nodes using key encryption agree on common parameters for the keys they will use to encrypt data.

A trusted third-party agency that is responsible for issuing digital certificates.

Subordinate organizations or entities to which CAs delegate the day-to-day issuance of certificates on behalf of the CA.

A subordinate entity designed to handle specific CA tasks such as processing certificate requests and authenticating users.

A repository that lists revoked digital certificates.

a term that describes the identifying information in a certificate and is part of the certificate itself.

A protocol that performs a real-time lookup of a certificate's status.

A specially formatted encrypted message that validates the information the CA requires to issue a digital certificate.

known as the Fully Qualified Domain Name (FQDN), is the characteristic value within a Distinguished Name (DN)

an extension to the X. 509 specification that allows users to specify additional host names for a single SSL certificate.

dates are an important way of providing assurance to the security of SSL

Wildcard, SAN, Code Signing, Self-Signed, Machine/Computer, Email, User, Root, Domain Validation, Extended Validation

A special character that represents other characters in a search.

an extension to the X. 509 specification that allows users to specify additional host names for a single SSL certificate.

the process of digitally signing executables and scripts to confirm the software author and guarantee that the code has not been altered or corrupted since it was signed.

A signed digital certificate that does not depend upon any higher level authority for authentication.

A signed digital certificate that is created locally aside from higher level authority for authentication.

is meant to provide a legal equivalent of the traditional registered mail: by paying a small fee, users are able to legally prove that a given email has been sent and received.

EUC, is a document used in international transfers, including sales and arms provided as aid, of weapons and ammunition to certify that the buyer is the final recipient of the materials, and is not planning on transferring the materials to another party.Jun 2, 2020

he cornerstone of authentication and security in software and on the Internet. They're issued by a certified authority (CA) and, essentially, verify that the software/website owner is who they say they are

the right to administratively manage the domain name in question

a digital identity authentication solution used by HTTPS websites to provide the highest level of security by verifying the identity of a website owner or operator.

There are different formats of X. 509 certificates such as PEM, DER, PKCS#7 and PKCS#12. PEM and PKCS#7 formats use Base64 ASCII encoding while DER and PKCS#12 use binary encoding. The certificate files have different extensions based on the format and encoding they use.

Privacy enhanced mail (PEM)

Fully encrypted files that require a password to open. May contain single certificates, certificate chains, or private keys, although in most cases it is used to store public/private key pairs. A binary file that is heavily used by Microsoft products. Also known as PKCS#12. Uses the extension .pfx or .p12.

used to store X. 509 certificate. Normally used for SSL certification to verify and identify web servers security.

restricts which certificates are considered valid for a particular website, limiting risk. Instead of allowing any trusted certificate to be used, operators "pin" the certificate authority (CA) issuer(s), public keys or even end-entity certificates of their choice.

PKCS#7. A common format for PKI certificates. They are DER-based (ASCII) and commonly used to share public keys.

Online vs. offline CA:

a time-stamped OCSP response signed by the CA to the initial TLS handshake

the process of storing a copy of an encryption key in a secure location

Linking several certificates together to establish trust between all the certificates involved.