Sec 701+ Port Protocols with Some Terms

0.0(0)
Studied by 0 people
call kaiCall Kai
Locked
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/103

flashcard set

Earn XP

Description and Tags

Made to review what concepts I struggle with

Last updated 10:22 PM on 7/12/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai
Chat

No analytics yet

Send a link to your students to track their progress

104 Terms

1
New cards

802.1X

Port-based NAC- no network access until you authenticate. Pairs with EAP as the auth framework and RADIUS/LDAP/TACACS+ as the backend.

2
New cards

AAA

Authentication (who you are) + Authorization (what you can do) + Accounting (what you did/logging). RADIUS and TACACS+ implement this framework.

3
New cards

Air Gap

Physical isolation - zero direct connection between two devices/networks. No cable, no data path, no electronic way in. The strongest form of segmentation.

4
New cards

Alert Tuning

Adjusting monitoring rules/thresholds over time to cut false positives and false negatives, so alerts stay meaningful instead of noisy.

5
New cards

Attestation

Formally vouching that something is true or accurate (e.g., an auditor attesting to security posture, or sign-off on compliance docs). Whoever attests is on the hook if it's wrong.

6
New cards

Chain of Custody

Unbroken, documented trail of who handled a piece of evidence and when. Keeps evidence admissible in court; use hashes/signatures to prove no tampering.

7
New cards

Cold-Site Recovery

Empty DR facility - no hardware, no data, no staff on-site; everything gets brought in after disaster hits. Cheapest option, but slowest recovery.

8
New cards

Configuration Enforcement

Posture check run every time a device connects (patch level, EDR status, firewall, cert validity). Fails the check â†' automatically quarantined.

9
New cards

COPE (Corporate Owned, Personally Enabled)

Company buys and owns the device, employee can use it personally, but IT keeps full control (including remote wipe). CYOD = same idea, employee picks the model.

10
New cards

CSR - Certificate Signing Request

The file (with your public key + identity info) you submit to a CA to request a signed certificate.

11
New cards

DAC - Discretionary Access Control

The resource owner decides who gets access- the most common model in everyday OSes (e.g., file/folder sharing). "Discretionary" = owner's choice, unlike MAC's fixed admin-set levels.

12
New cards

Data Controller

The org that decides why and how personal data is processed (e.g., a payroll department setting pay amounts/timing).

13
New cards

Data Custodian

Also "data steward" - hands-on daily work with the data: sensitivity labels, access rights, and actual security controls.

14
New cards

Data Owner

Senior person accountable for a specific dataset (e.g., VP of Sales owns customer data). Accountability sits here even though a custodian handles day-to-day work.

15
New cards

Data Processor

The (often third-party) entity that processes data on the controller's behalf (e.g., an outsourced payroll company).

16
New cards

Data Retention

Policy on how long data is kept, in what form, and when it's purged. Driven by regulations plus operational needs (e.g., disaster recovery).

17
New cards

Data Subject

The individual whose personal data is being collected/processed (e.g., a customer). Regulations like GDPR give them rights over their own data.

18
New cards

Deauthentication

Wireless attack that force-disconnects a client from an access point using spoofed frames - used for DoS or to capture a fresh handshake for cracking.

19
New cards

Dependency List

Documents that need what to function: "A won't run without B." Critical during change management since touching one piece can break another.

20
New cards

DHCP (Dynamic Host Configuration Protocol) Port

UDP 67, 68

21
New cards
22
New cards
  • Network management protocol that assigns local IP addresses to devices on a network. Creates multiple private IP addresses from one public IPv4 address
23
New cards

DNS (Domain Name System) Port

-converts and associates names of websites to/with IP address

24
New cards
25
New cards

-udp/tcp 53

26
New cards

Due Care

Reasonable steps an org takes to protect its own systems, in good faith. "Due diligence" is the sibling term for vetting third parties.

27
New cards

EAP (Extensible Authentication Protocol)

An authentication framework, not one method. Pairs with 802.1X and backend systems like RADIUS/LDAP/TACACS+/Kerberos.

28
New cards

Enumeration

Listing out every component that makes up an asset (CPU, RAM, storage, etc.) - part of building a complete asset inventory.

29
New cards

Federation

Trust link between orgs letting one login work across multiple services (e.g., "Sign in with Google"). Relies on standards like SAML to pass identity securely.

30
New cards

FTP (File Transfer Protocol) Port

-Used to transfer files between systems

31
New cards
32
New cards

-tcp/20 (active mode data, transfer files)

33
New cards

-tcp/21 (controls the communication)

34
New cards
35
New cards

-Authenticates with a username and password

36
New cards

-full-featured functionality (list, add, delete, etc.)

37
New cards

FTPS (File Transfer Protocol Secure)

TCP 20/21/989/990

38
New cards
39
New cards

An extension of FTP that uses SSL or TLS encrypt FTP traffic.

40
New cards

HIPS (Host-based Intrusion Prevention System)

Runs on the endpoint itself, actively blocking known malicious activity in real time - often built into endpoint protection software.

41
New cards

HSM (Hardware Security Module)

Dedicated high-end hardware for generating/storing thousands of crypto keys at scale; also offloads (accelerates) encryption from other devices' CPUs.

42
New cards

HTTP (Hypertext Transfer Protocol) Port

TCP 80 -

43
New cards

Web server communication

44
New cards

HTTPS (Hypertext Transfer Protocol Secure) Port

TCP 443 - A encrypted version of HTTP

45
New cards

ICS - Industrial Control Systems

(often paired with SCADA). Runs physical industrial equipment (power, water, manufacturing). Hard to patch, so usually isolated and stripped to minimum services.

46
New cards

IMAP (Internet Message Access Protocol) Port

TCP 143

47
New cards
48
New cards
  • Two- way e-mail protocol comms used for e-mail; clients to communicate with email servers
49
New cards

IMAPS (Internet Message Access Protocol Secure) Port

TCP 993

50
New cards
51
New cards
  • Secure version of IMAP that uses TLS for encryption
52
New cards

Insecure Protocols

Legacy protocols that send data - including passwords - in plaintext (Telnet, FTP, SMTP, IMAP). Fix: swap for encrypted versions (SSH, SFTP, IMAPS).

53
New cards

IPsec

Protocol suite that encrypts and authenticates IP traffic - the backbone of most site-to-site and remote-access VPNs. Works at the network layer, so apps don't need to know it's there.

54
New cards

Jump Server

A single hardened server that's the only door into a secure network zone. Admins connect to it first, then "jump" inward. If it's compromised, the whole protected zone is at risk.

55
New cards

Kerberos port

TCP/UDP 88

56
New cards
57
New cards
  • Network auth protocol that allows for comms over non-secure network
58
New cards

LDAP (Lightweight Directory Access Protocol)

Lightweight Directory Access Protocol. Queries a directory of users/groups/resources - the backbone of many authentication/authorization lookups.

59
New cards

LDAP (Lightweight Directory Access Protocol) Port

TCP 389 - Manage comms with directories

60
New cards

LDAPS (Lightweight Directory Access Protocol Secure)

TCP 636

61
New cards
62
New cards
  • Secure version of LDAP that uses TLS for encryption
63
New cards

NAC - Network Access Control

Blocks a device from the network until it authenticates (often via 802.1X), sometimes also checking device health first. Works with RADIUS/LDAP/TACACS+.

64
New cards

NetFlow Logs

Standard method for collecting traffic-flow stats between devices - a probe watches traffic, a collector stores the summarized records. Shows patterns without capturing full packet content.

65
New cards

Network Protection Mismatches

In hybrid/multi-cloud setups, auth methods, firewall rules, and server settings differ across platforms - creating inconsistent protection and gaps, worsened by diverse, cloud-specific logs.

66
New cards

NGFW (Next-Generation Firewall)

Inspects up to the application layer (deep packet inspection), not just ports/IPs - adds app-aware rules, content filtering, IPS.

67
New cards

Non-repudiation

Proof someone can't deny an action they took (e.g., signing something with a private key). Confirms both integrity (data unchanged) and origin (who really sent it).

68
New cards

OCSP (Online Certificate Status Protocol)

Real-time check of whether a certificate is revoked, via an OCSP responder over HTTP - faster than downloading a full CRL.

69
New cards

OCSP Stapling

The web server pre-fetches its own OCSP response and "staples" it to the TLS handshake, so the browser doesn't have to call the OCSP responder itself. Faster + more private.

70
New cards

Password Vaulting

Privileged credentials are locked in a central vault instead of memorized/hardcoded. The vault controls and logs exactly who gets access, often just-in-time.

71
New cards

POP Port

TCP 110

72
New cards
  • Email protocol that allows e-mail clients to communicate with e-mail servers with one-way comms.
73
New cards

POP3 (Post Office Protocol version 3) Port

TCP 995

74
New cards
75
New cards
  • Secure version of POP that uses TLS for encryption
76
New cards

Port Numbers used by RDP

3389

77
New cards

RADIUS

Common AAA protocol; central server authenticates users against a real database instead of a shared static key. Used heavily for WPA3-Enterprise and VPN logins.

78
New cards

Record-Level Encryption

Encrypts individual records/columns in a database (own key per column) instead of the whole database at once - more granular than transparent encryption.

79
New cards

Regulatory Compliance

Following laws/standards that apply to your industry (HIPAA, GLBA, etc.). Drives requirements like data retention, encryption, and reporting - noncompliance = fines or worse.

80
New cards

Responsibility Matrix

Cloud provider's documented breakdown of who secures what (you vs. them) across IaaS/PaaS/SaaS - avoids finger-pointing after an incident.

81
New cards

Risk Avoidance

Stop doing the risky activity entirely - the risk disappears because the activity does. One of 4 strategies: avoid, transfer, mitigate, accept.

82
New cards

Rootkit

Malware that gains root/admin access while hiding itself and other malware from the OS. Hard to detect/remove - usually needs a tool built specifically for that rootkit.

83
New cards

RPO - Recovery Point Objective

How much data loss is acceptable, measured in time? Sets how often you must back up.

84
New cards

RTO - Recovery Time Objective

How fast a service must be restored after an outage. Different from MTTR (average actual repair time).

85
New cards

RTOS - Real-Time Operating System

Built to process input/output within a guaranteed, strict time window - used in embedded/industrial systems where delay = failure. Often can't be patched like a normal OS.

86
New cards

SASE (Secure Access Service Edge)

Cloud-delivered bundle of networking + security (SD-WAN, secure web gateway, firewall) - replaces VPN clients/on-prem hardware with cloud-based policy enforcement anywhere.

87
New cards

SCAP - Security Content Automation Protocol

NIST standard for automating vulnerability scans and compliance checks - content is shareable across different security tools.

88
New cards

Screened Subnet

Formerly "DMZ." A buffer network between the Internet and your internal network that hosts public-facing servers while keeping private data walled off.

89
New cards

SDN - Software-Defined Networking

Splits a network device into 3 planes: data plane (forwards traffic), control plane (routing decisions), management plane (config via SSH/API). Separating them makes networks easier to automate - built for the cloud.

90
New cards

Self-Assessment

An org checks its own compliance internally instead of (or alongside) an outside auditor. Results feed into ongoing compliance reports.

91
New cards

SIEM Aggregation

Pulling logs from many sources (firewalls, servers, apps, auth systems) into one central SIEM so patterns can be correlated across all of them at once.

92
New cards

SNMP (Simple Network Management Protocol)

Polls devices (UDP/161) for stats stored in a MIB (identified by OIDs); devices can also push alerts as SNMP traps over UDP/162.

93
New cards

SNMP (Simple Network Management Protocol) Port

UDP/161 (queries), UDP/162 (traps) - Used to monitor and manage network devices on IP networks

94
New cards

SSH (Secure Shell)

TCP 22

95
New cards
  • Transmits data through remote connection
96
New cards

SSH File Transfer Protocol Port

TCP 22 - Encrypts file transfers

97
New cards

Statement of Work (SOW)

Formal document spelling out a project's scope, deliverables, and timeline before work starts. Also called a Work Order (WO).

98
New cards

Steganography

Hiding a message inside another file (image, audio, etc.) so its existence isn't obvious. Different from encryption - encryption hides content, hides the fact anything's there.

99
New cards

Tokenization

Swaps sensitive data for a meaningless substitute token; the real data sits safely in a separate vault. The token itself is useless if stolen.

100
New cards

TPM - Trusted Platform Module

Dedicated crypto chip on a device for key generation and secure, password-protected key storage (e.g., BitLocker keys). Resists dictionary attacks since it's hardware-locked.