CompTIA CySA+

Security Control

Mitigates vulnerabilities and risk to ensure the CIA, non-repudiation, and authentication of data

NIST SP 800-53

Security and Privacy Controls for Information Systems and Organizations

Techinal (Logical) Controls

A category of security control that is implemented as a system (hardware, software, or firmware)

Operational Controls

A category of security control that is implemented primarily by people rather than systems

Managerial Controls

A category of security control that provides oversight of the information system

Preventative Control

A control that acts to eliminate or reduce the likelihood that an attack can succeed

Detective Control

A control that identifies and records any attempted or successful intrusion

Corrective Control

A control that acts to eliminate or reduce the impact of an instrusion event

Physical Control

A control that acts against in-person intrusion attempts

Deterrent Control

A control that discourages intrusion attempts

Compensating Control

A control that acts as a substitute for a principal control

Responsive Control

System that actively monitors for potential vulnerabilities or attacks, and then takes action to mitigate them before they can cause damage

Security Intelligence

Process where data is generated and is then collected, processed, analyzed, and disseminated to provide insights into the security status

Cyber Threat Intelligence

Investigation, collection, analysis, and dissemination of info about emerging threats and threat sources to provide data about the external threat landscape

Information Sharing and Analysis Center (ISAC)

A non-profit group set up to share sector-specific threat intelligence and security best practices amongst its members

Critical Infrastructure

Any physical or virtual infrastructure considered so vital to the US that its destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination of these

Diamond Model of Intrusion Analysis

A framework for analyzing cybersecurity incidents and intrusions by exploring the relationships between four core features, adversary, capability, infrastructure, and victim

MRTG

Used for graphing traffic trends on network links, useful for spotting unusual traffic patterns

DGA

Used by malware to obfuscate their C2 servers’ IP addresses

OSSIM

Open-source SIEM developed by AlienVault

Syslog

Centralized log management solution

Carving

Extracting data from an image when that data has no associated file system metadata

Rogue Devices - Mitigation

Use digital certs on endpoints and servers to authenticate and encrypt traffic using IPSec or HTTPS

Network Tap

Physical device attached to cabling to record packets passing over that network segment

Network Mapping and Host Discovery

Enumeration scanners can identify hosts via banner grabbing or fingerprinting of devices across the network

Wireless Monitoring

Wireless sniffing can be used to find unknown or unidentifiable SSIDs showing up within range of the office

Packet Sniffing and Traffic Flow

Used to identify the use of unauthorized protocols on the netowrk and unusual peer-to-peer communication flows

NAC and Intrusion Detection

Automated scanning with defense and remediation suites can try to prevent rogue devices from accessing the network

FTP

Port 21

SMTP

Port 25

POP3

110

RPCBIND

Port 111

MSRPC

Port 135

NETBIOS-SSN (Windows file sharing with pre-Windows 2000)

Poer 139

IMAP

Port 143

IMAPS

Port 993

POP3S

Port 995

PPTP

Port 1723

MySQL

Port 3306

VNC (Like RDP but open-source)

Port 5900

Code of Conduct

Defined set of rules, ethics, and expectations for employees in a particular job role

Privileged User Agreement (PUA)

Contract with terms stating a code of conduct for employees is assigned based on their higher level permissions on the network

Acceptable Use Policy

Policy that governs employees’ use of company equipment and Internet services

Function as a Service (FAAS)

A cloud service model that supports serverless software architecture by provisioning runtime containers in which code is executed in a particular programming language

Security Orchestration, Automation, and Response (SOAR)

Class of security tools that facilitates incident response, threat hunting, and security configuration by orchestrating automated run-books and delivering data enrichment

Next-Gen SIEM

A SIEM with an integrated SOAR

Six Sigma

An iterative process that involves key steps including define, measure, analyze, improve, and control

Lean/Lean Methodology

Focuses on minimizing waste and maximizing value in all of your processes

Continual Service Improvement Model (CSI)

A process that helps organizations identify and implement changes to improve their services

Dual Control Execution

2 individuals verifying or authorizing and transaction

Nmap: -sn

Host discovery

Nmap: List Scan (-sL)

Lists IPs from supplied target range(s) and performs a reverse DNS query to discover any host names associated with this IPs

Nmap: Sparse Scanning (—scan-delay <Time>)

Issues probes with delays to become stealthier to avoid IDS or IPS detection

Nmap: Scan Timing (-Tn)

Issues probes with a timing [pattern with n being the pattern to utilize (0 is slowest and 5 is fastest)

Nmap: TCP Idle Scan (-sl)

Makes scan appear that another machine (a zombie) started the scan

Nmap: Fragmentation(-f or —mtu)

Splits TCP header of each probe between multiple IP datagrams to make it hard for an IDS or IPS to detect

Reaver

A command-line tool used to perform brute force attacks against WPS-enabled access points

SDLC - Waterfall

Phases of the SDLC cascade so that each phase starts only when all tasks in previous phase are complete

SDLC - Agile

Focuses on iterative and incremental development to account for evolving requirements and expectations

Security Development Life Cycle (SDL)

Microsoft’s security framework for app development that supports dynamic development processes

OWASP Software Security Assurance Process

OWASP’s security framework for secure app developement

SysAdmin, Network, and Security (SANS) Institute

Company specializing in cyber security and secure web app development training and sponsors the Global Information Assurance Certification (GIAC)