Professor Messer SY0-701 All Acronyms

802.1X

IEEE 802.1X

Port-based Network Access Control (NAC). You don't get access to the network until you authenticate. Centralized authentication (802.1X).

AAA

Authentication, Authorization, Accounting

Identification (who you claim to be), authentication (prove it), authorization (what access), accounting (resources used).

ABAC

Attribute-Based Access Control

Users can have complex relationships to applications and data. Access may be based on many different criteria. A "next generation" authorization model.

ACL

Access Control List

Allow or disallow traffic. Groupings of categories: source IP, destination IP, port number, time of day, application, etc.

AD

Active Directory

A database of everything on the network. Computers, user accounts, file shares, printers, groups, and more. Primarily Windows-based.

AES

Advanced Encryption Standard

Encryption algorithm. Used in GCMP for data confidentiality. Performs AES encryption in hardware.

AIC

Availability, Integrity, Confidentiality

Alternate ordering of the CIA Triad.

ALE

Annualized Loss Expectancy

ARO x SLE.

API

Application Programming Interface

The "glue" for the microservices. Work together to act as the application. EDR is API driven. Integrations and APIs. Interact with third-party devices and services.

APT

Advanced Persistent Threat

Nation states. Constant attacks, massive resources. Commonly an APT.

ARO

Annualized Rate of Occurrence

How likely is it that a hurricane will hit? In Montana? In Florida?

ARP

Address Resolution Protocol

ARP poisoning. On-path attack on the local IP subnet. ARP has no security.

AUP

Acceptable Use Policy

What is acceptable use of company assets? Detailed documentation. May be documented in the Rules of Behavior. May be part of the employee handbook or a separate AUP.

AV

Asset Value

The value of the asset to the organization.

BFF

Basic Fuzzing Framework

CERT BFF.

BPA

Business Partners Agreement

Going into business together. Owner stake. Financial contract.

BYOD

Bring Your Own Device

Employee owns the device. Need to meet the company's requirements. You can't trust everyone's computer.

C2C

Cloud to Cloud

Always have backups. Cloud to Cloud (C2C).

CA

Certificate Authority

An organization has a trusted CA. Most organizations maintain their own CAs.

CCO

Central Compliance Officer

Large organizations have a CCO.

CERT

Computer Emergency Response Team

Carnegie Mellon CERT. CERT Basic Fuzzing Framework (BFF).

CIA

Confidentiality, Integrity, Availability

The fundamentals of security. Sometimes referenced as the AIC Triad.

CIS

Center for Internet Security

Popular benchmarks. https://www.cisecurity.org/cis-benchmarks/

COOP

Continuity of Operations Planning

Not everything goes according to plan. Disasters can cause a disruption to the norm.

COPE

Corporate Owned, Personally Enabled

Company buys the device. Used as both a corporate device and a personal device.

CRL

Certificate Revocation List

Maintained by the Certificate Authority (CA). Can contain many revocations in a large file.

CSR

Certificate Signing Request

Create a key pair, then send the public key to the CA to be signed.

CSRF

Cross-Site Request Forgery

One-click attack, session riding. Takes advantage of the trust that a web application has for the user.

CSS

Cascading Style Sheets

XSS was originally called cross-site because CSS was something else entirely.

CSV

Comma-Separated Values

Hybrid data format. CSV, XML, JSON, etc.

CTA

Cyber Threat Alliance

Members upload specifically formatted threat intelligence. CTA scores each submission.

CVE

Common Vulnerabilities and Exposures

The vulnerabilities can be cross-referenced online. https://cve.mitre.org/cve/

CVSS

Common Vulnerability Scoring System

Quantitative scoring of a vulnerability — 0 to 10. 63% of code in production are unpatched. Vulnerabilities rated high or critical (CVSS >= 7.0).

CYOD

Choose Your Own Device

Similar to COPE, but with the user's choice of device.

DAC

Discretionary Access Control

Used in most operating systems. You create a spreadsheet. As the owner, you control who has access. Linux traditionally uses DAC.

DAP

Directory Access Protocol

DAP ran on the OSI protocol stack. LDAP is lightweight.

DDoS

Distributed Denial of Service

Launch an army of computers to bring down a service. Use all the bandwidth or resources. Asymmetric threat. Botnet attack.

DKIM

Domain Keys Identified Mail

A mail server digitally signs all outgoing mail. The public key is in the DKIM TXT record.

DLL

Dynamic Link Library

A Windows library containing code and data. Many applications can use this library. Attackers inject a path to a malicious DLL.

DLP

Data Loss Prevention

Where's your data? Stop the data before the attacker gets it. Data "leakage."

DMARC

Domain-based Message Authentication, Reporting, and Conformance

An extension of SPF and DKIM. The domain owner decides what receiving email servers should do with emails not validating using SPF and DKIM.

DNS

Domain Name System

DNS poisoning. Modify the DNS server. DNS query: udp/53. DNS filtering. Perform a DNS lookup. SPF, DKIM, and DMARC all use DNS TXT records.

DoS

Denial of Service

Force a service to fail. Overload the service. Cause a system to be unavailable.

EAP

Extensible Authentication Protocol

An authentication framework. Many different ways to authenticate based on RFC standards. EAP integrates with 802.1X.

EDR

Endpoint Detection and Response

A different method of threat protection. Detect a threat, investigate the threat, respond to the threat. Posture assessment checks EDR version.

EF

Exposure Factor

The percentage of the value lost due to an incident.

EFS

Encrypting File System

Windows file level encryption.

EOL

End of Life

Manufacturer stops selling a product. May continue supporting the product. Important for security patches and updates.

EOSL

End of Service Life

Manufacturer stops selling a product. Support is no longer available. No ongoing security patches or updates.

ESI

Electronically Stored Information

Separate repository for ESI. Many different data sources and types.

FaaS

Function as a Service

Apps are separated into individual, autonomous functions. Also called serverless architecture.

FDE

Full Disk Encryption

Encrypt everything on the drive. BitLocker, FileVault, etc.

FIM

File Integrity Monitoring

Some files change all the time. Some files should NEVER change. Monitor important operating system and application files.

FTP

File Transfer Protocol

Insecure protocol. All traffic sent in the clear. Many proxies are multipurpose proxies — HTTP, HTTPS, FTP, etc.

GCMP

Galois/Counter Mode Protocol

A stronger encryption than WPA2. Data confidentiality with AES. Message Integrity Check with GMAC.

GDPR

General Data Protection Regulation

European Union regulation. Data protection and privacy for individuals in the EU. Data collected on EU citizens must be stored in the EU.

GLBA

Gramm-Leach-Bliley Act

Disclosure of privacy information from financial institutions.

GMAC

Galois Message Authentication Code

Message Integrity Check (MIC) with GMAC.

GPS

Global Positioning System

Geolocation. Mobile devices, very accurate. Somewhere you are. Geolocation to a very specific area.

HA

High Availability

Always on, always available. May include many different components working together.

HIPAA

Health Insurance Portability and Accountability Act

Extensive healthcare standards for storage, use, and transmission of health care information. Privacy laws for everyone in a country.

HIPS

Host-based Intrusion Prevention System

Recognize and block known attacks. Secure OS and application configs, validate incoming service requests.

HSM

Hardware Security Module

Used in large environments. Clusters, redundant power. Securely store thousands of cryptographic keys.

HTTP

Hypertext Transfer Protocol

A proxy may only know one application — HTTP. In-the-clear web browsing. Port 80.

HTTPS

Hypertext Transfer Protocol Secure

Some sites are now HTTPS-only. Encrypted web browsing. Port 443.

HVAC

Heating, Ventilation, and Air Conditioning

Target Corp. breach. Heating and AC firm in Pennsylvania was infected. VPN credentials for HVAC techs was stolen.

IAM

Identity and Access Management

Give the right permissions to the right people at the right time. Prevent unauthorized access.

IaaS

Infrastructure as a Service

Cloud service model. Responsibility matrix.

ICMP

Internet Control Message Protocol

Used in DDoS reflection and amplification. An example of protocol abuse.

ICS

Industrial Control Systems

Large-scale, multi-site. PC manages equipment.

IDS

Intrusion Detection System

Alarm or alert. Does not prevent.

IMAP

Internet Message Access Protocol

Insecure protocol. All traffic sent in the clear.

IMAPS

IMAP Secure

Encrypted version of IMAP. Use the encrypted versions.

IoT

Internet of Things

Sensors, smart devices, wearable technology, facility automation. Weak defaults.

IPS

Intrusion Prevention System

Watch network traffic. Stop it before it gets into the network. Usually integrated into an NGFW. Different ways to find malicious traffic.

IPsec

Internet Protocol Security

Network-level encryption. IPsec tunnels, VPN connections. Site-to-site IPsec VPN. Always-on. Firewalls often act as VPN concentrators.

ISO

International Organization for Standardization

Many standards are already available. ISO, NIST.

ITU

International Telecommunications Union

Wrote the X.500 specification.

JSON

JavaScript Object Notation

Hybrid data format. CSV, XML, JSON, etc.

Kerberos

Kerberos

Used in conjunction with an authentication database. RADIUS, LDAP, TACACS+, Kerberos, etc.

LDAP

Lightweight Directory Access Protocol

Protocol for reading and writing directories over an IP network. An organized set of records, like a phone directory. Used in conjunction with an authentication database.

MAC

Mandatory Access Control

The operating system limits the operation on an object. Based on security clearance levels. Every object gets a label. SELinux adds MAC to Linux.

MD5

Message Digest 5

First published in April 1992. Collisions identified in 1996.

MDM

Mobile Device Manager or Mobile Device Management

Often need additional security policies and systems. An MDM becomes relatively useless after jailbreaking. Manage company-owned and user-owned mobile devices.

MFA

Multi-Factor Authentication

76% of organizations aren't using MFA for management console users. This is why we have MFA. Use another factor with the card.

MIB

Management Information Base

A database of data for SNMP.

MIC

Message Integrity Check

GCMP security services include MIC with GMAC.

MOA

Memorandum of Agreement

The next step above a MOU. Both sides conditionally agree to the objectives.

MOU

Memorandum of Understanding

Both sides agree in general to the contents. Usually states common goals.

MSA

Master Service Agreement

Legal contract and agreement of terms. A broad framework to cover later transactions.

MSP

Managed Service Provider

Supply chain vector. Access many different customer networks from one location.

MTBF

Mean Time Between Failures

The time between outages. Total uptime / number of breakdowns.

MTTR

Mean Time to Repair

Commonly referenced as resilience. How quickly can you recover? Average time required to fix an issue. Includes time spent diagnosing the problem.

NAC

Network Access Control

Port-based NAC. 802.1X prevents access to the network until the authentication succeeds. Agentless NAC. Integrated with Active Directory.

NAT

Network Address Translation

One of the simplest "proxies" is NAT. A network-level proxy. Most firewalls can be layer 3 devices (routers). NAT functionality.

NDA

Non-Disclosure Agreement

Confidentiality agreement between parties. Information in the agreement should not be disclosed. Private/classified/restricted data may require an NDA.

NetFlow

NetFlow

Gather traffic statistics from all traffic flows. Shared communication between devices.

NGFW

Next-Generation Firewall

The OSI Application Layer firewall. Can be called application layer gateway, stateful multilayer inspection, or deep packet inspection.

NIST

National Institute of Standards and Technology

Publishes SP800-61 Computer Security Incident Handling Guide. Technical Guide to Information Security Testing and Assessment. Managed by NIST. Many standards are already available from ISO and NIST.

NTP

Network Time Protocol

Used in DDoS reflection and amplification. An example of protocol abuse. NTP: udp/123.