1/103
Made to review what concepts I struggle with
Name | Mastery | Learn | Test | Matching | Spaced | Call with Kai | Chat |
|---|
No analytics yet
Send a link to your students to track their progress
802.1X
Port-based NAC- no network access until you authenticate. Pairs with EAP as the auth framework and RADIUS/LDAP/TACACS+ as the backend.
AAA
Authentication (who you are) + Authorization (what you can do) + Accounting (what you did/logging). RADIUS and TACACS+ implement this framework.
Air Gap
Physical isolation - zero direct connection between two devices/networks. No cable, no data path, no electronic way in. The strongest form of segmentation.
Alert Tuning
Adjusting monitoring rules/thresholds over time to cut false positives and false negatives, so alerts stay meaningful instead of noisy.
Attestation
Formally vouching that something is true or accurate (e.g., an auditor attesting to security posture, or sign-off on compliance docs). Whoever attests is on the hook if it's wrong.
Chain of Custody
Unbroken, documented trail of who handled a piece of evidence and when. Keeps evidence admissible in court; use hashes/signatures to prove no tampering.
Cold-Site Recovery
Empty DR facility - no hardware, no data, no staff on-site; everything gets brought in after disaster hits. Cheapest option, but slowest recovery.
Configuration Enforcement
Posture check run every time a device connects (patch level, EDR status, firewall, cert validity). Fails the check â†' automatically quarantined.
COPE (Corporate Owned, Personally Enabled)
Company buys and owns the device, employee can use it personally, but IT keeps full control (including remote wipe). CYOD = same idea, employee picks the model.
CSR - Certificate Signing Request
The file (with your public key + identity info) you submit to a CA to request a signed certificate.
DAC - Discretionary Access Control
The resource owner decides who gets access- the most common model in everyday OSes (e.g., file/folder sharing). "Discretionary" = owner's choice, unlike MAC's fixed admin-set levels.
Data Controller
The org that decides why and how personal data is processed (e.g., a payroll department setting pay amounts/timing).
Data Custodian
Also "data steward" - hands-on daily work with the data: sensitivity labels, access rights, and actual security controls.
Data Owner
Senior person accountable for a specific dataset (e.g., VP of Sales owns customer data). Accountability sits here even though a custodian handles day-to-day work.
Data Processor
The (often third-party) entity that processes data on the controller's behalf (e.g., an outsourced payroll company).
Data Retention
Policy on how long data is kept, in what form, and when it's purged. Driven by regulations plus operational needs (e.g., disaster recovery).
Data Subject
The individual whose personal data is being collected/processed (e.g., a customer). Regulations like GDPR give them rights over their own data.
Deauthentication
Wireless attack that force-disconnects a client from an access point using spoofed frames - used for DoS or to capture a fresh handshake for cracking.
Dependency List
Documents that need what to function: "A won't run without B." Critical during change management since touching one piece can break another.
DHCP (Dynamic Host Configuration Protocol) Port
UDP 67, 68
DNS (Domain Name System) Port
-converts and associates names of websites to/with IP address
-udp/tcp 53
Due Care
Reasonable steps an org takes to protect its own systems, in good faith. "Due diligence" is the sibling term for vetting third parties.
EAP (Extensible Authentication Protocol)
An authentication framework, not one method. Pairs with 802.1X and backend systems like RADIUS/LDAP/TACACS+/Kerberos.
Enumeration
Listing out every component that makes up an asset (CPU, RAM, storage, etc.) - part of building a complete asset inventory.
Federation
Trust link between orgs letting one login work across multiple services (e.g., "Sign in with Google"). Relies on standards like SAML to pass identity securely.
FTP (File Transfer Protocol) Port
-Used to transfer files between systems
-tcp/20 (active mode data, transfer files)
-tcp/21 (controls the communication)
-Authenticates with a username and password
-full-featured functionality (list, add, delete, etc.)
FTPS (File Transfer Protocol Secure)
TCP 20/21/989/990
An extension of FTP that uses SSL or TLS encrypt FTP traffic.
HIPS (Host-based Intrusion Prevention System)
Runs on the endpoint itself, actively blocking known malicious activity in real time - often built into endpoint protection software.
HSM (Hardware Security Module)
Dedicated high-end hardware for generating/storing thousands of crypto keys at scale; also offloads (accelerates) encryption from other devices' CPUs.
HTTP (Hypertext Transfer Protocol) Port
TCP 80 -
Web server communication
HTTPS (Hypertext Transfer Protocol Secure) Port
TCP 443 - A encrypted version of HTTP
ICS - Industrial Control Systems
(often paired with SCADA). Runs physical industrial equipment (power, water, manufacturing). Hard to patch, so usually isolated and stripped to minimum services.
IMAP (Internet Message Access Protocol) Port
TCP 143
IMAPS (Internet Message Access Protocol Secure) Port
TCP 993
Insecure Protocols
Legacy protocols that send data - including passwords - in plaintext (Telnet, FTP, SMTP, IMAP). Fix: swap for encrypted versions (SSH, SFTP, IMAPS).
IPsec
Protocol suite that encrypts and authenticates IP traffic - the backbone of most site-to-site and remote-access VPNs. Works at the network layer, so apps don't need to know it's there.
Jump Server
A single hardened server that's the only door into a secure network zone. Admins connect to it first, then "jump" inward. If it's compromised, the whole protected zone is at risk.
Kerberos port
TCP/UDP 88
LDAP (Lightweight Directory Access Protocol)
Lightweight Directory Access Protocol. Queries a directory of users/groups/resources - the backbone of many authentication/authorization lookups.
LDAP (Lightweight Directory Access Protocol) Port
TCP 389 - Manage comms with directories
LDAPS (Lightweight Directory Access Protocol Secure)
TCP 636
NAC - Network Access Control
Blocks a device from the network until it authenticates (often via 802.1X), sometimes also checking device health first. Works with RADIUS/LDAP/TACACS+.
NetFlow Logs
Standard method for collecting traffic-flow stats between devices - a probe watches traffic, a collector stores the summarized records. Shows patterns without capturing full packet content.
Network Protection Mismatches
In hybrid/multi-cloud setups, auth methods, firewall rules, and server settings differ across platforms - creating inconsistent protection and gaps, worsened by diverse, cloud-specific logs.
NGFW (Next-Generation Firewall)
Inspects up to the application layer (deep packet inspection), not just ports/IPs - adds app-aware rules, content filtering, IPS.
Non-repudiation
Proof someone can't deny an action they took (e.g., signing something with a private key). Confirms both integrity (data unchanged) and origin (who really sent it).
OCSP (Online Certificate Status Protocol)
Real-time check of whether a certificate is revoked, via an OCSP responder over HTTP - faster than downloading a full CRL.
OCSP Stapling
The web server pre-fetches its own OCSP response and "staples" it to the TLS handshake, so the browser doesn't have to call the OCSP responder itself. Faster + more private.
Password Vaulting
Privileged credentials are locked in a central vault instead of memorized/hardcoded. The vault controls and logs exactly who gets access, often just-in-time.
POP Port
TCP 110
POP3 (Post Office Protocol version 3) Port
TCP 995
Port Numbers used by RDP
3389
RADIUS
Common AAA protocol; central server authenticates users against a real database instead of a shared static key. Used heavily for WPA3-Enterprise and VPN logins.
Record-Level Encryption
Encrypts individual records/columns in a database (own key per column) instead of the whole database at once - more granular than transparent encryption.
Regulatory Compliance
Following laws/standards that apply to your industry (HIPAA, GLBA, etc.). Drives requirements like data retention, encryption, and reporting - noncompliance = fines or worse.
Responsibility Matrix
Cloud provider's documented breakdown of who secures what (you vs. them) across IaaS/PaaS/SaaS - avoids finger-pointing after an incident.
Risk Avoidance
Stop doing the risky activity entirely - the risk disappears because the activity does. One of 4 strategies: avoid, transfer, mitigate, accept.
Rootkit
Malware that gains root/admin access while hiding itself and other malware from the OS. Hard to detect/remove - usually needs a tool built specifically for that rootkit.
RPO - Recovery Point Objective
How much data loss is acceptable, measured in time? Sets how often you must back up.
RTO - Recovery Time Objective
How fast a service must be restored after an outage. Different from MTTR (average actual repair time).
RTOS - Real-Time Operating System
Built to process input/output within a guaranteed, strict time window - used in embedded/industrial systems where delay = failure. Often can't be patched like a normal OS.
SASE (Secure Access Service Edge)
Cloud-delivered bundle of networking + security (SD-WAN, secure web gateway, firewall) - replaces VPN clients/on-prem hardware with cloud-based policy enforcement anywhere.
SCAP - Security Content Automation Protocol
NIST standard for automating vulnerability scans and compliance checks - content is shareable across different security tools.
Screened Subnet
Formerly "DMZ." A buffer network between the Internet and your internal network that hosts public-facing servers while keeping private data walled off.
SDN - Software-Defined Networking
Splits a network device into 3 planes: data plane (forwards traffic), control plane (routing decisions), management plane (config via SSH/API). Separating them makes networks easier to automate - built for the cloud.
Self-Assessment
An org checks its own compliance internally instead of (or alongside) an outside auditor. Results feed into ongoing compliance reports.
SIEM Aggregation
Pulling logs from many sources (firewalls, servers, apps, auth systems) into one central SIEM so patterns can be correlated across all of them at once.
SNMP (Simple Network Management Protocol)
Polls devices (UDP/161) for stats stored in a MIB (identified by OIDs); devices can also push alerts as SNMP traps over UDP/162.
SNMP (Simple Network Management Protocol) Port
UDP/161 (queries), UDP/162 (traps) - Used to monitor and manage network devices on IP networks
SSH (Secure Shell)
TCP 22
SSH File Transfer Protocol Port
TCP 22 - Encrypts file transfers
Statement of Work (SOW)
Formal document spelling out a project's scope, deliverables, and timeline before work starts. Also called a Work Order (WO).
Steganography
Hiding a message inside another file (image, audio, etc.) so its existence isn't obvious. Different from encryption - encryption hides content, hides the fact anything's there.
Tokenization
Swaps sensitive data for a meaningless substitute token; the real data sits safely in a separate vault. The token itself is useless if stolen.
TPM - Trusted Platform Module
Dedicated crypto chip on a device for key generation and secure, password-protected key storage (e.g., BitLocker keys). Resists dictionary attacks since it's hardware-locked.