Looks like no one added any tags here yet for you.
Port 21
• FTP (File Transfer Protocol)
• Used to transfer files from host to host
• TCP
Port 88
• Kerberos
• Network authentication protocol
• UDP
Diffie-Hellman (DH)
• Used to conduct key exchanges and secure key distribution over an unsecure network
• Asymmetric algorithm
• Used for the key exchange inside of creating a VPN tunnel establishment as part of IPSec
• OBJ 1.4
RSA (Rivest, Shamir, Adleman)
• Asymmetric algorithm that relies on the mathematical difficulty of factoring large prime numbers
• Commonly used for key exchange
• Can support key sizes between 1024 bits and 4096 bits
• OBJ 1.4
Elliptic Curve Cryptography (ECC)
• Heavily used in mobile devices and its based on the algebraic structure of elliptical curves over finite fields to define its keys
• Public key cryptography algorithm for digital signatures
• Most commonly used for mobile devices and low power computing devices
• OBJ 1.4
Responsiveness
• The ability of a system to provide timely and accurate feedback to user requests
• OBJ 3.1
Availability
• The ability of a system to remain operational and accessible at all times
• OBJ 3.1
ISO/IEC 27017
• Offers cloud-specific guidance to manage information security based on an Information Security Management System (ISMS)
• Focuses on cloud services security
• OBJ 5.1
ISO/IEC 27018
• Focuses on protecting personally identifiable information in public clouds
• OBJ 5.1
Credential stuffing
• In this attack, adversary uses previously stolen username-password pairs to gain unauthorized access
• OBJ 2.4
Replay attack
• Type of application attack that involves capturing and retransmitting data such as authentication tokens or credentials to impersonate a legitimate user or session
• OBJ 2.4
Out-of-band configuration
• Device receives a mirrored copy of web server traffic
• OBJ 3.2
Port 53
• Domain Name System (DNS)
• Translates domain names into IP addresses
• TCP and UDP
Symmetric Algorithm (Private key)
• Encryption algorithm in which both the sender and the receiver must know the same shared secret using a privately held key
• OBJ 1.4
Asymmetric Algorithm (Public key)
• Encryption algorithm where different keys are used to encrypt and decrypt the data
• One key is going to be used to encrypt the data and another key is going to be used to decrypt the data
• Examples are Diffie-Hellman, RSA, and ECC
• OBJ 1.4
Discretionary Access Control (DAC)
• Resource owners specify which users can access their resources
• Access control based on user identity, profile, or role
• Allows resource owners to grant access to specific user
• OBJ 5.1
Attribute-based access control (ABAC)
• Access decisions are based on the combination of attributes
• Considers various attributes like user attributes, environment attributes, resource attributes
• Provides fine-grained control and dynamic access decisions
• OBJ 5.1
Access Control List (ACL)
• A rule set that is placed on firewalls, routers, and other network infrastructure devices that permit or allow traffic through a particular interface
• OBJ 2.5
Authentication
• Verifies user's identity, device, or system
• OBJ 4.6
Possession-based factor
• Something the user physically possesses like a smart card, a hardware token like a key fob, or a software token used with a smartphone
• Something you have
• Software token: authenticator app or SMS-based one-time-use token
• OBJ 4.6
Password spraying
• A form of brute force attack that involves trying a small number of commonly used passwords against a large number of usernames or accounts
• This attack avoids triggering account lockouts from "too many failed login attempts" on one account
• Can be mitigated by using unique passwords and by implementing multifactor authentication
• OBJ 2.4
Just in Time permissions (JIT)
• Security model where administrative access is granted only when needed for a specific period
• OBJ 4.6
Port 135
• Remote Procedure Call (RPC)
• Facilitates communication between different systems
• TCP and UDP
Control Plane
• Refers to the overarching framework and set of components responsible for defining, managing, and enforcing the policies related to user and system access within an organization
• Adaptive identity, threat scope reduction, policy-driven access control, and secured zones
• Essentially the brain behind who gets to access what, ensuring security decisions are informed and robust
• OBJ 1.2
Implicit Trust Zones
• Areas within a network where communication is allowed without exhaustive security checks
• OBJ 1.2
Data Plane
• Ensures the policies are properly executed
• Subject/system, policy engine, policy administrator, and establishing policy enforcement points
• Manages the transmission of data
• OBJ 1.2
Active device
• Interacts with network traffic and can take immediate actions, such as blocking or altering packets when possible threats are identified
• OBJ 3.2
Passive device
• AKA as tap/monitor device, inspects network traffic without directly interacting with it or taking immediate action against potential threats
• OBJ 3.2
Fail-open mode
• Allows traffic to continue in case of a device failure but does not involve interacting with network traffic to take immediate actions against potential threats
• OBJ 3.2
Fail-closed mode
• The system automatically denies all traffic to prevent potential security breaches when it cannot ascertain the safety of the traffic due to a system or connectivity failure
• OBJ 3.2
Permission Restrictions
• Pertain to how access to data can be controlled based on user roles and responsibilities, allowing organizations to define who can view or manipulate data
• Define data access and actions through ACLs or RBAC
• OBJ 3.3
Data masking
• Method to de-identify some or all characters in a sequence, but not changing the total number of characters that field should contain
• Method that involves obscuring specific data within a database to make it inaccessible for unauthorized users while retaining the real data's authenticity and use for authorized users
• Example: Credit card digits, social security numbers, etc.
• OBJ 3.3
Data classifications
• Deal with the sensitivity levels of data such as confidential, secret, and restricted
• Based on the value to the organization and the sensitivity of the information, determined by the data owner
• OBJ 3.3
Obfuscation
• Technique that involves making data difficult to be understood
• OBJ 3.3
Attestation
• Formal declaration by a responsible party that the organization's processes and controls are compliant
• OBJ 4.6
Secure Access Service Edge (SASE)
• A network architecture combining network security and WAN capabilities in a single cloud-based service
• OBJ 3.2
Corporate Owned Personally Enabled (COPE)
• Deployment model that involves the company providing devices to its employees and allowing them to use them for both work and personal purposes
• OBJ 4.1
Host-based Intrusion Detection System (HIDS)
• Monitors and analyzes the internals of a computing system, looking for unauthorized activity or policy violations, making it apt for systems monitoring
• Looks at suspicious network traffic going to or from a single endpoint
• OBJ 4.4
Security Information and Event Management (SIEM)
• A solution for real-time or near-real-time analysis of security alerts generated by network hardware and applications
• Collects and aggregates log data
• OBJ 4.4
Network Intrusion Detection System (NIDS)
• Passively identify potential threats and generate alerts
• OBJ 4.4
Network Intrusion Prevention System (NIPS)
• Actively block or prevent threats from accessing the network
• OBJ 4.4
Web Application Firewall (WAF)
• Specifically designed to monitor HTTP traffic to and from web applications
• Prevents common web application attacks like cross-site scripting and SQL injections
• Ideal for application-based security
• OBJ 4.4
Log aggregation
• Collects and consolidates log data from various sources such as network devices, servers, and applications into a central location
• OBJ 4.4
Honeypot
• Decoy system or network set up to attract potential hackers
• Can be used against insider threats to detect internal fraud, snooping, and malpractice
• OBJ 1.2
Honeytoken
• Fake piece of data, such as a username or password, designed to appear valuable or sensitive in order to attract attackers
• OBJ 1.2
Honeynet
• Network of decoy systems designed to mimic an entire network of systems, including servers, routers, and switches
• OBJ 1.2
Honeyfile
• Decoy file placed within a system to lure in potential attackers and detect unauthorized access or data breaches
• OBJ 1.2
Black box test
• Executed without any prior knowledge of the target environment
• NO prior knowledge
• OBJ 5.5
Grey box test
• A mix of both black and white black test
• SOME partial knowledge
• OBJ 5.5
White box test
• Tester has complete knowledge of the system's architecture, design, and source code
• COMPLETE knowledge
• OBJ 5.5
Risk owner
• Responsible for identifying, assessing, managing, and mitigating a particular risk, as well as for monitoring the effectiveness of these measures and taking corrective action when necessary
• OBJ 5.2
Risk assessor
• Evaluates and analyzes the risks but is not necessarily responsible for managing them
• OBJ 5.2
Risk register
• Document listing all identified risks, their security, and mitigation strategies
• OBJ 5.2
Risk indicator
• Metric used to measure aspects of risk
• OBJ 5.2
Data plane
• Ensures the policies are properly executed
• Subject/system, policy engine, policy administrator, and establishing policy enforcement points
• OBJ 1.2
Fail over
• Meant to keep an organization running after a significant failure
• Temporary means to prevent complete failure
• OBJ 3.4
Parallel processing
• Tests that checks the reliability and stability of the backup or secondary system while it's running alongside the primary system
• OBJ 3.4
Clustering
• The use of multiple computers, storage devices, and redundant network connections that all work together as a single system to provide high levels of availability, reliability, and scalability
• OBJ 3.4
Role-Based Access Control (RBAC)
• Assigns users to roles and assigns permissions to roles
• Enforces minimum privileges
• Effective for managing permissions based on job roles and turnover
• OBJ 5.1
Mandatory Access Control (MAC)
• Uses security labels to authorize resource access
• Requires assigning security labels to both users and resources
• Access is granted only if the user's label is equal to or higher than the resource's label
• OBJ 5.1
Rule-Based Access Control
• Uses security rules or access control lists
• Policies can be changed quickly and frequently
• Applied across multiple users on a network segment
• OBJ 5.1
Brute force attack
• This attack involves systematically trying every possible combination until the correct one is found (can also be physical)
• OBJ 2.4
Dictionary attack
• Uses a list of commonly used passwords to crack passwords
• May include variations with numbers and symbols
• Effective against common, easy-to-guess passwords
• OBJ 2.4
Distributed Denial of Service (DDoS) attack
• Aims to overwhelm a system's resources by flooding it with unwanted requests, causing it to become unavailable to its intended users
• OBJ 2.4
Privilege escalation
• Type of application attack that involves exploiting a vulnerability or misconfiguration to gain higher privileges or access than intended on a system or application
• OBJ 2.4
Buffer overflow attack
• Type of application attack that involves sending more data than expected to a function, causing it to overwrite adjacent memory locations and execute arbitrary code
• OBJ 2.4
Injection attack
• Type of application attack that involves inserting malicious code or commands into an application or database to execute unauthorized actions or access sensitive data
• OBJ 2.4
On-path attack
• Type of network attack that involves intercepting or modifying data in transit between two parties, such as by using a packet sniffer or a proxy server
• OBJ 2.4
Firewall
• A network security device or software that monitors and controls network traffic based on security rules
• OBJ 4.5
Screened Subnet (Dual-homed host)
• Acts as a security barrier between external untrusted networks and internal trusted networks using a protected host with security measures like a packet-filtering firewall
• OBJ 4.5
Packet filtering firewall
• Checks packet headers for traffic allowance based on IP addresses and port numbers
• OBJ 4.5
Stateful firewall
• Monitors all inbound and outbound network connections and requests
• Operates at Layer 4, with improved awareness of connection state
• OBJ 4.5
Proxy firewall
• Acts as an intermediary between internal and external connections, making connections on behalf of other endpoints
• Two types: session layer (layer 5) and application layer (layer 7)
• OBJ 4.5
Kernel proxy firewall (fifth generation firewall)
• Has minimal impact on network performance while thoroughly inspecting packets across all layers
• OBJ 4.5
Next-generation firewall (NGFW)
• Aims to address the limitations of traditional firewalls by being more aware of applications and their behaviors
• Conducts deep packet inspection for traffic
• Operates fast with minimal network performance impact
• Offers full-stack traffic visibility
• Integrates with various security products
• OBJ 3.2
Unified Threat Management (UTM)
• Provides the ability to conduct numerous security functions within a single device or network appliance
• OBJ 3.2
Inline configuration
• Device sits between the network firewall and the web servers
• OBJ 3.2
Identity and Access Management (IAM)
• Ensures the right access for the right people at the right times
• OBJ 4.6
Identification
• Claims a username or email as an identity
• OBJ 4.6
Authorization
• Establishes the user's access permissions or levels
• OBJ 4.6
Accounting/Auditing
• Involves monitoring and recording user actions for compliance and security records
• OBJ 4.6
Provisioning
• Process of creating new user accounts, assigning them appropriate permissions, and providing users with access to systems
• OBJ 4.6
Deprovisioning
• Process of removing an individuals access rights when the rights are no longer required
• OBJ 4.6
Identity proofing
• Process of verifying the identity of a user before the account is created
• OBJ 4.6
Interoperability
• The ability of different systems, devices, and applications to work together and share information
• OBJ 4.6
Multi-Factor Authentication (MFA)
• Security system that requires more than one method of authentication from independent categories of credentials to verify the user's identity
• Knowledge-based factor
• Possession-based factor
• Inherence-based factor
• Behavior-based factor
• Location-based factor
• OBJ 4.6
Knowledge-based factor
• Information that the user must provide to authenticate their identity
• Something you know
• OBJ 4.6
Inherence-based factor
• Involves biometric characteristics that are unique to individuals, including fingerprints, facial recognition, voice recognition, or iris scans
• Something you are
• OBJ 4.6
Behavior-based factor
• Recognizing patterns that are typically associated with a user such as their keystroke patterns, mouse movement, or even the way a user walks down the hallway
• Something you do
• OBJ 4.6
Location-based factor
• Involves determining a user's location to help authenticate them
• Somewhere you are
• OBJ 4.6
Single-factor authentication
• Using a single authentication factor to access a user account
• OBJ 4.6
Two-factor authentication (2FA)
• Using two different authentication factors to gain access to a system
• OBJ 4.6
Multi-factor authentication (MFA)
• Using two or more factors to authenticate with a given system
• OBJ 4.6
Passkeys
• Users can create and access online accounts without needing to input a password
• OBJ 4.6
Passwordless authentication
• Provides improved security and a more user-friendly experience
• Biometric authentication, hardware tokens, one-time passwords, magic links, passkeys
• OBJ 4.6
Brute-force attack mitigations
• Increasing password complexity
• Increasing password length
• Limiting the number of login attempts
• Using multifactor authentication
• Using CAPTCHAS
Hybrid attack
• Blends brute force and dictionary techniques by using common passwords with variations, such as adding number or special characters
• OBJ 2.4
Benefits of single sign on (SSO)
• Improved user experience
• Increased productivity
• Reduced information technology support costs
• Enhanced security
Lightweight Directory Access Protocol (LDAP)
• Used to access and maintain distributed directory information services over an internet protocol network
• Port 389
• TCP
• OBJ 4.6
LDAPS (Lightweight Directory Access Protocol Secure)
• Can support LDAP over SSL or StartTLS, both of which encrypt the data to provide secure transmission
• Port 636
• TCP