Domain 3.0 Implementation

CASB (v2)

Cloud Access Security Broker (CASB) is a software that enforces security policies, monitors traffic for encryption and malicious content, and ensures compliance with the company's security policy.

DNSSEC

Domain Name System Security Extensions (DNSSEC) secures DNS traffic, protects against DNS server poisoning, and uses digital signatures for zone files.

SSH

Secure Shell (SSH) is a cryptographic network protocol for secure remote access, operating services securely over unsecured networks.

S/MIME

Secure/Multipurpose Internet Mail Extensions (S/MIME) secures emails by encrypting and digitally signing them.

SRTP

Provides encryption, message authorization, and integrity for audio and video over IP networks.

LDAPS

Lightweight Directory Access Protocol over SSL (LDAPS) secures directory services information, like Active Directory Domain Services, using port 636.

Hypertext Transfer Protocol over SSL/TLS (HTTPS)

ensures secure web browsing using port 443.

SFTP

SSH File Transfer Protocol (SFTP) encrypts file transfers using SSH, ensuring secure FTP downloads on port 22.

FTPS

Securely downloads large files using ports 989/990.

SNMP v3

Simple Network Management Protocol, version 3 (SNMP v3) remotely monitors and configures SNMP entities, like network devices, using ports 161/162 and UDP.

Kerberos

An authentication protocol providing two-way authentication using tickets, securing authentication on port 88.

IPsec

Internet Protocol Security (IPsec) secures VPN sessions between hosts using UDP on port 500.

SMTPS

Secure Simple Mail Transfer Protocol (SMTPS) secures SMTP for email using TLS on port 587.

Post Office Protocol Secure (POP3S)

Encrypted version of POP3, securing email retrieval on port 995.

IMAPS

IMAP over SSL/TLS (IMAPS) allows email clients to access email securely on port 993.

Session Initiated Protocol (SIP)

Controls Internet telephony for voice, video, and messaging applications on ports 5060/5061.

AH Protocol

Authentication Header (AH) provides authentication without encryption in IPsec.

ESP Protocol

Encapsulating Security Payloads (ESP) provides data confidentiality and authentication in IPsec.

Tunnel Mode

IPsec mode where two IP headers are sent, protecting traffic between different networks.

Transport Mode

IPsec mode where the outer IP addresses determine the IPsec policy for end-to-end communications.

SRTP for voice and video

SRTP secures VOIP protocols using AES encryption for voice and video.

NTP

Network Time Protocol synchronizes clocks across the network securely using NTPsec.

Secure Email and Web Protocols

Use S/MIME, secure SMTP, IMAP, POP3 over SSL, and HTTPS for secure email and web browsing.

Secure File Transfer

Use FTPS for SSL-based file transfers or SFTP for SSH-based secure file transfers.

Directory Services

Use LDAP or LDAPS for secure reading and writing of directories over an IP network.

Secure Remote Access

Use SSH for encrypted terminal communication or IPsec for OSI Layer 3 security.

Secure Domain Name Resolution

Use DNSSEC to validate DNS responses and provide origin authentication and data integrity.

Secure Routing and Switching

Use SNMP v3, SSH, or HTTPS for encrypted communication and management of network devices.

Secure Network Address Allocation

Use NAT and secure DHCP to enhance security and prevent attacks like DHCP DoS.

Subscription Services

Automated subscriptions like antivirus software require continuous updates and specific firewall configurations.

Antivirus

Software designed to detect and remove viruses and malicious software from systems.

Anti-malware

Program protecting systems from various malware types, including viruses, Trojans, worms, and potentially unwanted programs.

EDR

Endpoint Detection & Response (EDR) is an Integrated Endpoint Security Solution that continuously monitors the endpoint to mitigate malicious cyber threats.

DLP

way to protect sensitive information and prevent its inadvertent disclosure, identifying, monitoring, and automatically protecting sensitive information in documents.

NGFW

Next-generation firewall (NGFW) combines Conventional Firewalls, Deep-packet inspection (DPI), IPS, and Application Level firewall, moving beyond Port/Protocol inspection and blocking.

HIPS

Host-based intrusion prevention system (HIPS) analyzes whole packets for known events, rejecting packets when detected, often installed on a host like a server.

HIDS

Host-based intrusion detection system (HIDS) analyzes packets for known events, generating log messages when detected, typically installed on a host like a server.

Host-based Firewall

An application firewall built into desktop Operating Systems, like Windows or Linux, restricting service/process access to prevent malicious interference.

Boot Integrity

Ensures hosts are protected during the boot process, safeguarding against attacks on the OS during boot.

UEFI

Newer replacement for BIOS, providing faster boot times, support for larger hard drives, and enhanced security features.

Measured boot

All components from firmware, applications, and software are measured and stored in a log file, enhancing security and trust in the boot process.

Boot Attestation

Shows proof of software integrity using boot configuration logs, ensuring the OS kernel has not been modified by malware.

TPM

Trusted Platform Module is a microchip providing basic security functions, primarily encryption keys, communicating with the system using a hardware bus.

Tokenization

Deemed more secure than encryption, it replaces sensitive data with random data, aiding in meeting compliance requirements like PCI DSS and HIPAA.

Hashing

Used to index and fetch items from a database, making searches faster by mapping data to where records are held.

Salting

Adds random text before hashing passwords to increase security and render rainbow tables ineffective.

Input validations

Ensures data entered is in the correct format, rejecting incorrect inputs to prevent attacks like buffer overflow and SQL injection.

Secure cookies

Setting the Secure Attribute flag in website code ensures cookies are only downloaded in secure HTTPS sessions, preventing session hijacking attacks.

HTTP Headers

Designed to transfer information between hosts and web servers, can be used for cross-site scripting attacks, prevented by HTTP Strict Transport Security (HSTS) headers.

Code Signing

Uses certificates to digitally sign scripts and executables, verifying their authenticity and confirming they are genuine.

Allow List

Enables only explicitly allowed applications to run, often used in Firewalls, IDS/IPS, and EDR systems.

Block List/Deny List

Prevents specified applications from running, used in Firewalls, IDS/IPS, and EDR systems for added security.

Network-based Intrusion Prevention System (NIPS)

Analyzes whole packets, including header and payload, to detect known events and takes action by rejecting the packet.

Intrusion Detection System (IDS) vs

While both operate at the Network Level, IPS takes action by rejecting packets, whereas IDS only logs threats.

Heuristic (IDS & IPS)

Utilizes AI to identify attacks without prior signatures, detecting unknown and emerging threats.

Anomaly (IDS & IPS)

Creates a baseline of normal activity to detect abnormal behavior, capable of identifying unknown and emerging threats.

Signature-Based (IDS & IPS)

Looks for specific traffic flow patterns to block traffic matching signatures, effective against known attack methods.

Inline (aka In-Band)

NIDS/NIPS placed near the firewall for additional security.

Passive mode (Out of Band)

Traffic does not pass through NIDS/NIPS; sensors and collectors forward alerts.

Sensors & Collectors

Placed on networks to alert NIDS of changes in traffic patterns.

Hardware Security Module (HSM)

Safeguards and manages digital keys, performs encryption functions.

Web Application Firewall (WAF)

Protects web apps by filtering HTTP traffic, defending against common attacks.

Next Generation Firewalls (NGFW)

Utilize deep-packet inspection and application-level inspection for enhanced security.

Stateful (Firewall)

Filters and monitors network traffic based on established connections stored in a state table.

Stateless

Filters network traffic based on individual packets without storing them, better at identifying unauthorized communications.

Network Address Translation (NAT) Gateway

Allows private subnets to communicate with public services, translating private IP addresses.

Content/URL Filter

Blocks content based on filters applied to requested webpage traffic.

Open Source vs

Open source provides freely available source code, while proprietary offers more support and functionality.

Hardware vs Software Firewalls

Hardware firewalls are purpose-built network devices, while software firewalls are installed on existing hardware.

Appliance vs

Appliance refers to hardware firewalls, host-based are software installed on host OS, and virtual firewalls are implemented in the cloud.

Access Control List (ACL)

Configuration used to allow or deny traffic on routers or firewalls.

Types of Network Devices

Firewalls filter traffic, switches repeat traffic, routers control traffic flow, and gateways connect networks with different protocols.

Quality of Service (QoS)

Prioritizes traffic based on importance and function to ensure applications have the necessary bandwidth.

IPv6 Addresses

With IPv6, there are significantly more IP addresses available compared to IPv4, leading to challenges in scanning numerous ports and reducing the need for port address translation.

Network Address Translation (NAT)

NAT is a security feature that provides indirect access to the source user, eliminating the Address Resolution Protocol (ARP) and ARP Poisoning in IPv6.

Port Mirroring

Also known as port spanning, it duplicates incoming data from one port to another device for real-time or later analysis.

Monitoring Services

Organizations utilize monitoring services, often through a Security Operations Center (SOC), for continuous network security monitoring and compliance maintenance.

File Integrity Monitors

These tools detect unauthorized changes in critical files, such as operating system files, to identify potential malicious activities.

Route Security

Involves encrypting routing information using protocols like IPSEC and SSL/TLS to enhance network security.

Broadcast Storm

A situation where excessive broadcast traffic overwhelms the network, causing disruptions in normal traffic flow.

BPDU Guard

Frames containing Spanning Tree Protocol (STP) information that help prevent network loops and ensure stable network operation.

Network Access Control (NAC)

A security process that restricts unauthorized users and devices from accessing a network, ensuring compliance with security policies.

DNS Spoofing

An attack where false DNS replies are sent to redirect traffic, bypassing legitimate DNS servers.

Fully-Qualified Domain Name (FQDN)

A complete domain name including the hostname and domain, like server1.contoso.com.

SOA Record

Start of Authority record that holds essential information about a DNS zone, such as the primary name server and domain administrator's email.

CNAME Record

Canonical Name record that creates an alias for one domain name to another, allowing DNS lookup redirection.

RRSIG Record Type

DNSSEC signature that secures DNS records against unauthorized modifications.

SPF

Sender Policy Framework (SPF) is a DNS text (TXT) record used to prevent spam and verify the legitimacy of the email sender's domain.

DMARC

Domain-based Message Authentication, Reporting, and Conformance (DMARC) is a DNS text (TXT) record used by ISPs to prevent malicious emails like phishing attacks.

VPN

Virtual Private Network (VPN) creates secure connections between devices or networks over insecure mediums like the internet.

SSL / TLS VPN

VPNs using SSL/TLS protocols for secure communication, often without firewall issues and supporting various operating systems.

Full Tunnel VPN

VPN configuration where all user data goes through an encrypted tunnel without direct communication outside the tunnel.

Split Tunnel

VPN configuration allowing some data to go through the VPN tunnel while other data communicates directly outside the tunnel.

Site-to-Site VPN

VPN connecting two networks using IPSec tunnel mode for always-on encrypted communication.

Remote Access VPN

VPN where users initiate connections for shorter durations, often using IPSec transport mode.

IPSec

Internet Protocol Security authenticates and encrypts data packets for secure communication, commonly used in VPNs.

VLAN

Virtual Local Area Network partitions and isolates broadcast domains in a network at the Data Link Layer (Layer 2).

Zero Trust

Security model where no entity is inherently trusted, and all requests must be verified, often using multifactor authentication and encryption.

Load Balancing

Distributes network traffic across multiple servers to prevent overloading a single server.

Round Robin

Load balancing algorithm that rotates servers by directing traffic to the next available server.