All Sec+ Words

cellular telephony

A communications network in which the coverage area is divided into hexagon-shaped cells

infrared

Light that is next to visible light on the light spectrum and was once used for data communications.

Universal Serial Bus (USB) connectors

A port on mobile devices used for data transfer.

Bring your own device (BYOD)

Allows users to use their own personal mobile devices for business purposes.

Corporate owned, personally enabled (COPE)

Employees choose from a selection of company-approved devices.

Choose your own device (CYOD)

Employees choose from a limited selection of approved devices but pay the upfront cost of the device while the business owns the contract.

Virtual desktop infrastructure (VDI)

Stores sensitive applications and data on a remote server that is accessed through a smartphone.

Corporate owned

A mobile device that is purchased and owned by the enterprise.

firmware over-the-air (OTA) updates

Mobile operating system patches and updates that are distributed as an over-the-air (OTA) update.

Global Positioning System (GPS)

A satellite based navigation system that provides information to a GPS receiver anywhere on (or near) the Earth where there is an unobstructed line of sight to four or more GPS satellites.

geolocation

The process of identifying the geographical location of a device.

GPS tagging (Geo tagging)

Adding geographical identification data to media such as digital photos taken on a mobile device

tethering

Using a mobile device with an active Internet connection to share that connection with other mobile devices through Bluetooth or Wi-Fi.

USB On-the-Go (OTG)

A specification that allows a mobile device with a USB connection to act as either a host or a peripheral used for external media access.

external media access

A device with a USB connection that can function as a host (to which other devices may be connected such as a USB flash drive) to access media.

malicious flash drive

A USB flash drive infected with malware.

Malicious USB cable

A USB cable embedded with a Wi-Fi controller that can receive commands from a nearby device to send malicious commands to the connected mobile device.

Hotspot

A location where users can access the Internet with a wireless signal.

jailbreaking

Circumventing the installed built-in limitations on Apple iOS devices.

Rooting

Circumventing the installed built-in limitations on Android devices.

third party app store

A site from which unofficial apps can be downloaded.

sideloading

Downloading unofficial apps, typically through jailbreaking/rooting

custom firmware

Firmware that is written by users to run on their own mobile devices.

carrier unlocking

Uncoupling a phone from a specific wireless provider.

short message service (SMS)

Text messages of a maximum of 160 characters.

multimedia messaging service (MMS)

Text messages in which pictures, video, or audio can be included.

rich communication services (RCS)

Mobile device communication which can convert a texting app into a live chat platform and supports pictures, videos, location, stickers, and emojis.

personal identification number (PIN)

A passcode made up of numbers only.

screen lock

A security setting that prevents a mobile device from being accessed until the user enters the correct passcode permitting access.

context aware authentication

Using a contextual setting to validate a user.

full disk encryption

The encryption of all user data on a mobile device.

storage segmentation

Separating business data from personal data on a mobile device.

containerization

Separating storage into separate business and personal "containers."

remote wipe

A technology used to erase sensitive data stored on the mobile device.

mobile device management (MDM)

Tools that allow a mobile device to be managed remotely by an organization.

geofencing

Using the mobile device's GPS to define geographical boundaries where an app can be used.

push notification services

Sending SMS text messages to selected users or groups of users.

mobile application management (MAM)

Tools that are used for distributing and controlling access to apps on mobile devices.

Content Management

Tools used to support the creation and subsequent editing and modification of digital content by multiple employees.

mobile content management (MCM)

A system provides content management to mobile devices used by employees in an enterprise.

unified endpoint management (UEM)

A group or class of software tools has a single management interface for mobile devices as well as computer devices.

embedded system

Computer hardware and software contained within a larger system that is designed for a specific function.

raspberry Pi (types of embedded devices)

A low-cost credit-card-sized computer motherboard.

arduino

A controller for other devices.
- has an eight-bit microcontroller instead of a 64-bit microprocessor on the Raspberry Pi

- a limited amount of RAM, and no operating system

field-programmable gate array (FPGA)

A hardware integrated circuit (IC) that can be programmed by the user to carry out one or more logical operations

system on a chip (SoC)

A single microprocessor chip on which all the necessary hardware components are contained.

real-time operating system (RTOS)

An operating system that is specifically designed for an SoC in an embedded system.

smart meters

Digital meters that measure the amount of utilities consumed.

Industrial control systems (ICSs)

Systems that control locally or at remote locations by collecting, monitoring, and processing real-time data to control machines

supervisory control and data acquisition (SCADA) system

A system that controls multiple industrial control systems (ICS).

heating, ventilation, and air conditioning (HVAC) (specialized systems)

Environmental systems that provide and regulate heating and cooling.

multifunctional printer (MFP)

A device that combines the functions of a printer, copier, scanner, and fax machine.

voice over IP (VoIP)

A technology that uses a data-based IP network to add digital voice clients and new voice applications onto the IP network.

Internet of Things (IoT)

Connecting any device to the Internet for the purpose of sending, receiving, and using data

constraints

Limitations that make security a challenge for embedded systems and specialized devices.

Geographical considerations

in context based firewall rules, determines rules depending on the geographical location of the device

Content/url filtering

assesses web pages based on content then puts them on white list or black list

Stateless packet filtering

examines packet only by the firewall rules

Stateful packet filtering

examines packet by firewall rules and if internal device requested it b/c packet may be unsolicited

Open source firewall

firewall that is freely available, built on secure foundations

Proprietary firewalls

firewall that is owned by a separate entity

Hardware firewall

specialized hardware device for firewall purposes. Has more features, more secure but more expensive

Software firewall

a firewall that is installed into a device. can become compromised if host is also compromised

Host-based

software firewall, only protects host that it is installed on 

Virtual firewall

for cloud based environments where appliance firewalls are impractical

Web application firewall (WAF)

either hardware or software, examines web applications using HTTP. Blocks sites and attacks such as SQL injections and XSS

Network address translation gateway

a NAT for the cloud

Next generation firewall (NGFW)

can filter packets based on application and uses deep packet inspection to examine payloads to see if they are carrying malware. 

Unified threat management (UTM)

combines several security functions into one

Forward proxy

proxy that gives the user anonymity by caching previous web requests and forwarding them to the user or forwarding the users request to the external server

Reverse proxy

proxy that gives the internal server anonymity by forwarding external requests to the internal device

Honeypots

a computer used to deflect an attacker’s attention away from a legitimately vulnerable device and to discover their security tactics.

Honeyfiles

not valuable files that are meant to attract attackers

Fake telemetry

fake version of telemetry (data on how software in managed in a company). Used to lure attackers in.

Honeynet

network with vulnerabilities setup with the same intentions of a honeypot

DNS sinkholes

when a DNS server purposefully gives the user a false IP address in order to redirect them to a “sinkhole” which assists network administrators in finding infected users

IDS vs IPS

IDS (Intrusion detection system) detects attacks as it happens while an IPS (Intrusion protection system) attempts to block the attack.

Inline IPS/IDS system

IPS/IDS system that is connected to the network and monitors traffic as it happens

Passive (IDS/IPS) system

connected to port on switch, receives copy of network traffic

Out-of-band management

connecting through a separate management interface (physical connection, console router for enterprise and multiple devices) to access an otherwise inaccessible (off, sleep mode, etc) device (usually IDS systems).

Anomaly monitoring

a form of IPS/IDS monitoring that includes establishing a “baseline” of regular behavior on the network to then compare on-going behavior with that baseline to detect anomalies in security. Results in several false positives and attacks can happen before a baseline is established.

Signature-based monitoring

a form of monitoring that recognizes a pattern in an attack (traffic, activity, or transactions) and uses a database of these patterns (signatures) to detect incoming malware. Similar to anti-virus.

Behavioral monitoring

a form of IPS/IDS monitoring that analyzes the behaviors of programs and processes and alerts the user when something is abnormal

Heuristic monitoring

a form of IPS/IDS monitoring that follows the philosophy of: Will this be harmful if it is allowed to execute? Heuristic means to find/discover. Algorithm is figuring out if the application should be executed.

Network Intrusion Detection System (NIDS)

detects network intrusions

Network Intrusion Prevention System (NIPS)

system that prevents network intrusions

Network hardware security module

if a company has many HSMs they can use this in the form of a trusted network computer that can encrypt, exchange keys, and generate random numbers.

Baseline configuration

a set of configuration settings that are regarded as the standard for all devices. It is the starting point of configuration and the bare minimum.

Standard naming conventions

Establishing a standard for the way devices should be named. Avoids confusion.

Internet protocol schema

standard for setting up IP addresses. Avoids confusion, waste of space, and helps when troubleshooting

Diagram

mapping network devices can help with troubleshooting and when a new device is connected

Access Control List

rules that either grant or deny access to certain assets. Network ACLs are the most common. Prevents IP spoofing.

Virtual Private Network (VPN)

allowing users to access the public network (the Internet) as if it were a private network. Does this by encrypting the tunnel of communciation

remote access VPN

User-to-LAN connection for remote users

site-to-site VPN

VPN connection setup between multiple networks. Ex: central office, branch1, branch2 etc.

always-on VPNs

users always stay connected to VPN

full tunnel

a form of VPN tunneling where all traffic is sent to the VPN concentrator where it is protected.

split-tunnel

traffic is “split” vulnerable and non-vulnerable. Vulnerable is sent to VPN concentrator.

Layer 2 Tunneling Protocol (L2TP)

VPN protcol that does not have encryption by default, so paired with IPsec

HTML 5

can be used as “clientless” VPN so no other software needs to be installed