TestOut Security Pro Vocab

SOC

Security operations center

Where security pros monitor and protect info assets

CIRT, CSIRT, CERT

Computer incident/security incident/emergency response team

Team responsible for incident response, with expertise across all domains

Managerial controls

Provides oversight of information system

Operational controls

Implemented by people in day-to-day routines

Technical controls

In the system

Physical

Hardware to deter/detect

Preventative

Acts before an incident to reduce attack likelyhood

ACLs

Access control lists

Collections of access control entries (ACEs) that determine which subjects are allowed privileges

Detective

Acts during an incident to record it

Corrective

Acts after incident to minimize impact

Directive control

Enforcing a rule through a policy

Deterrent control

Discourages intrusion attempts

Compensating

Takes on risk mitigation when a primary control fails

CIO

Chief information officer

Manages tech assets and procedures

CTO

Chief technology officer

Using new technology and innovations

CSO

Chief security officer

Responsible for system security

ISSO

Information systems security officer

Implementing of security policies, frameworks, controls

Characteristics of threat actors

Internal / external

Level of sophistication / capability

Resources / funding

Types of hackers

Unskilled attacker / script kiddie

Hacktivist

Nation-state

Organized

Internal

APT

Advanced persistent threat

Attacker maintaining access to a network

Shadow IT

Unintentional insider threat

Opening attack vectors, (ie. installing software) without authorization

Lure

Attack enticing a victim into using/opening a USB, document, image, program, etc

Pretexting

Using lies or half-truths to get someone to believe a falsehood

Pharming

Redirecting from a legit website to a fraudulent one

Watering hole attack

Targeting specific websites that a group or organization uses frequently

Worm

Malware that replicates between processes in the system memory and can spread over networks

Shellcode

Lightweight blocks of malicious code that exploits vulnerabilities to gain access to systems

RAT

Remote access Trojan

Creates a backdoor remote administration channel to allow a threat actor to access the host

C&C

Command and control

Infrastructure that attackers use to control malware over botnets

Covert channel

Subverts network security systems and policies to transfer data

IRC

Internet relay chat

Protocol allowing users to chat, send messages

Rootkit

Modifies system files at the kernel level to conceal its presence

Asymmetric encryption examples

RSA, ECC algorithms

Blockchain

List of transaction records stored in an open public ledger

Data masking

Obfuscating with generic info that maintains the structure/format of the original data

Tokenization

Obfuscating with tokens substituted for real data

TPM

Chip for crypto purposes

Secure enclave

Protected area in system memory

Cryptographic primitive

Single hash function, symmetric cipher, or asymmetric cipher

Digitial signature

Message encrypted with the sender’s public key that is appended to a message to prove integrity

Key stretching

Strengthens weak input by salting and hashing a key

HMAC

Hash-based message authentication code

Used to verify integrity and authenticity by combining a hash of the message with a secret key

KEK

Key encryption key

Private key used to encrypt the symmetric bulk media encryption key

Opal storage specification

Standards for implementing device encryption on storage devices

SAN

Subject alternative name

Field in a digital cert allowing a host to use multiple subdomains

Wildcard

PKI - digital cert that will match numerous subdomains

CRL

Certificate revocation list

OSCP

Online certificate status protocol

Root certificate

CA that issues certificates to intermediate CAs

Self-signed cert

Digital cert signed by the entity that issued it and not the CA

Escrow

Storage of a backup key with a third party

Symmetric encryption examples

CES, RC, blowfish, IDEA, twofish, CAST, DES, AES

Asymmetric encryption examples

Diffie-Hellman, RSA, DSA, ECC

Ephemeral keys

New key for each transmission (perfect forward secrecy)

Stream cipher

Symmetric, encrypts one bit at a time, one time pad, uses XOR

Block cipher

Symmetric, encrypts one block at a time, pads last block

ECB

Electronic Codebook

Simplest, just encrypts each block simultaneously

CBC

Cipher Block Chaining

Random IV, then ciphertext of previous block for subsequent IVs

OFB

Output Feedback Mode

Repeatedly encrypts an IV and XORs its output with the plaintext to make ciphertext (stream cipher-esque)

CTR

Counter mode

Uses a nonce and encrypted counter instead of IV

GCM

Galois/Counter Mode

Like CTR, but combines ciphertext with a hash, authenticated

Homomorphic encryption

Allows computations before decryption