Looks like no one added any tags here yet for you.
cellular telephony
A communications network in which the coverage area is divided into hexagon-shaped cells
infrared
Light that is next to visible light on the light spectrum and was once used for data communications.
Universal Serial Bus (USB) connectors
A port on mobile devices used for data transfer.
Bring your own device (BYOD)
Allows users to use their own personal mobile devices for business purposes.
Corporate owned, personally enabled (COPE)
Employees choose from a selection of company-approved devices.
Choose your own device (CYOD)
Employees choose from a limited selection of approved devices but pay the upfront cost of the device while the business owns the contract.
Virtual desktop infrastructure (VDI)
Stores sensitive applications and data on a remote server that is accessed through a smartphone.
Corporate owned
A mobile device that is purchased and owned by the enterprise.
firmware over-the-air (OTA) updates
Mobile operating system patches and updates that are distributed as an over-the-air (OTA) update.
Global Positioning System (GPS)
A satellite based navigation system that provides information to a GPS receiver anywhere on (or near) the Earth where there is an unobstructed line of sight to four or more GPS satellites.
geolocation
The process of identifying the geographical location of a device.
GPS tagging (Geo tagging)
Adding geographical identification data to media such as digital photos taken on a mobile device
tethering
Using a mobile device with an active Internet connection to share that connection with other mobile devices through Bluetooth or Wi-Fi.
USB On-the-Go (OTG)
A specification that allows a mobile device with a USB connection to act as either a host or a peripheral used for external media access.
external media access
A device with a USB connection that can function as a host (to which other devices may be connected such as a USB flash drive) to access media.
malicious flash drive
A USB flash drive infected with malware.
Malicious USB cable
A USB cable embedded with a Wi-Fi controller that can receive commands from a nearby device to send malicious commands to the connected mobile device.
Hotspot
A location where users can access the Internet with a wireless signal.
jailbreaking
Circumventing the installed built-in limitations on Apple iOS devices.
Rooting
Circumventing the installed built-in limitations on Android devices.
third party app store
A site from which unofficial apps can be downloaded.
sideloading
Downloading unofficial apps, typically through jailbreaking/rooting
custom firmware
Firmware that is written by users to run on their own mobile devices.
carrier unlocking
Uncoupling a phone from a specific wireless provider.
short message service (SMS)
Text messages of a maximum of 160 characters.
multimedia messaging service (MMS)
Text messages in which pictures, video, or audio can be included.
rich communication services (RCS)
Mobile device communication which can convert a texting app into a live chat platform and supports pictures, videos, location, stickers, and emojis.
personal identification number (PIN)
A passcode made up of numbers only.
screen lock
A security setting that prevents a mobile device from being accessed until the user enters the correct passcode permitting access.
context aware authentication
Using a contextual setting to validate a user.
full disk encryption
The encryption of all user data on a mobile device.
storage segmentation
Separating business data from personal data on a mobile device.
containerization
Separating storage into separate business and personal "containers."
remote wipe
A technology used to erase sensitive data stored on the mobile device.
mobile device management (MDM)
Tools that allow a mobile device to be managed remotely by an organization.
geofencing
Using the mobile device's GPS to define geographical boundaries where an app can be used.
push notification services
Sending SMS text messages to selected users or groups of users.
mobile application management (MAM)
Tools that are used for distributing and controlling access to apps on mobile devices.
Content Management
Tools used to support the creation and subsequent editing and modification of digital content by multiple employees.
mobile content management (MCM)
A system provides content management to mobile devices used by employees in an enterprise.
unified endpoint management (UEM)
A group or class of software tools has a single management interface for mobile devices as well as computer devices.
embedded system
Computer hardware and software contained within a larger system that is designed for a specific function.
raspberry Pi (types of embedded devices)
A low-cost credit-card-sized computer motherboard.
arduino
A controller for other devices.
- has an eight-bit microcontroller instead of a 64-bit microprocessor on the Raspberry Pi
- a limited amount of RAM, and no operating system
field-programmable gate array (FPGA)
A hardware integrated circuit (IC) that can be programmed by the user to carry out one or more logical operations
system on a chip (SoC)
A single microprocessor chip on which all the necessary hardware components are contained.
real-time operating system (RTOS)
An operating system that is specifically designed for an SoC in an embedded system.
smart meters
Digital meters that measure the amount of utilities consumed.
Industrial control systems (ICSs)
Systems that control locally or at remote locations by collecting, monitoring, and processing real-time data to control machines
supervisory control and data acquisition (SCADA) system
A system that controls multiple industrial control systems (ICS).
heating, ventilation, and air conditioning (HVAC) (specialized systems)
Environmental systems that provide and regulate heating and cooling.
multifunctional printer (MFP)
A device that combines the functions of a printer, copier, scanner, and fax machine.
voice over IP (VoIP)
A technology that uses a data-based IP network to add digital voice clients and new voice applications onto the IP network.
Internet of Things (IoT)
Connecting any device to the Internet for the purpose of sending, receiving, and using data
constraints
Limitations that make security a challenge for embedded systems and specialized devices.
Geographical considerations
in context based firewall rules, determines rules depending on the geographical location of the device
Content/url filtering
assesses web pages based on content then puts them on white list or black list
Stateless packet filtering
examines packet only by the firewall rules
Stateful packet filtering
examines packet by firewall rules and if internal device requested it b/c packet may be unsolicited
Open source firewall
firewall that is freely available, built on secure foundations
Proprietary firewalls
firewall that is owned by a separate entity
Hardware firewall
specialized hardware device for firewall purposes. Has more features, more secure but more expensive
Software firewall
a firewall that is installed into a device. can become compromised if host is also compromised
Host-based
software firewall, only protects host that it is installed on
Virtual firewall
for cloud based environments where appliance firewalls are impractical
Web application firewall (WAF)
either hardware or software, examines web applications using HTTP. Blocks sites and attacks such as SQL injections and XSS
Network address translation gateway
a NAT for the cloud
Next generation firewall (NGFW)
can filter packets based on application and uses deep packet inspection to examine payloads to see if they are carrying malware.
Unified threat management (UTM)
combines several security functions into one
Forward proxy
proxy that gives the user anonymity by caching previous web requests and forwarding them to the user or forwarding the users request to the external server
Reverse proxy
proxy that gives the internal server anonymity by forwarding external requests to the internal device
Honeypots
a computer used to deflect an attacker’s attention away from a legitimately vulnerable device and to discover their security tactics.
Honeyfiles
not valuable files that are meant to attract attackers
Fake telemetry
fake version of telemetry (data on how software in managed in a company). Used to lure attackers in.
Honeynet
network with vulnerabilities setup with the same intentions of a honeypot
DNS sinkholes
when a DNS server purposefully gives the user a false IP address in order to redirect them to a “sinkhole” which assists network administrators in finding infected users
IDS vs IPS
IDS (Intrusion detection system) detects attacks as it happens while an IPS (Intrusion protection system) attempts to block the attack.
Inline IPS/IDS system
IPS/IDS system that is connected to the network and monitors traffic as it happens
Passive (IDS/IPS) system
connected to port on switch, receives copy of network traffic
Out-of-band management
connecting through a separate management interface (physical connection, console router for enterprise and multiple devices) to access an otherwise inaccessible (off, sleep mode, etc) device (usually IDS systems).
Anomaly monitoring
a form of IPS/IDS monitoring that includes establishing a “baseline” of regular behavior on the network to then compare on-going behavior with that baseline to detect anomalies in security. Results in several false positives and attacks can happen before a baseline is established.
Signature-based monitoring
a form of monitoring that recognizes a pattern in an attack (traffic, activity, or transactions) and uses a database of these patterns (signatures) to detect incoming malware. Similar to anti-virus.
Behavioral monitoring
a form of IPS/IDS monitoring that analyzes the behaviors of programs and processes and alerts the user when something is abnormal
Heuristic monitoring
a form of IPS/IDS monitoring that follows the philosophy of: Will this be harmful if it is allowed to execute? Heuristic means to find/discover. Algorithm is figuring out if the application should be executed.
Network Intrusion Detection System (NIDS)
detects network intrusions
Network Intrusion Prevention System (NIPS)
system that prevents network intrusions
Network hardware security module
if a company has many HSMs they can use this in the form of a trusted network computer that can encrypt, exchange keys, and generate random numbers.
Baseline configuration
a set of configuration settings that are regarded as the standard for all devices. It is the starting point of configuration and the bare minimum.
Standard naming conventions
Establishing a standard for the way devices should be named. Avoids confusion.
Internet protocol schema
standard for setting up IP addresses. Avoids confusion, waste of space, and helps when troubleshooting
Diagram
mapping network devices can help with troubleshooting and when a new device is connected
Access Control List
rules that either grant or deny access to certain assets. Network ACLs are the most common. Prevents IP spoofing.
Virtual Private Network (VPN)
allowing users to access the public network (the Internet) as if it were a private network. Does this by encrypting the tunnel of communciation
remote access VPN
User-to-LAN connection for remote users
site-to-site VPN
VPN connection setup between multiple networks. Ex: central office, branch1, branch2 etc.
always-on VPNs
users always stay connected to VPN
full tunnel
a form of VPN tunneling where all traffic is sent to the VPN concentrator where it is protected.
split-tunnel
traffic is “split” vulnerable and non-vulnerable. Vulnerable is sent to VPN concentrator.
Layer 2 Tunneling Protocol (L2TP)
VPN protcol that does not have encryption by default, so paired with IPsec
HTML 5
can be used as “clientless” VPN so no other software needs to be installed