click below
click below
Normal Size Small Size show me how
Cybary+
Term | Definition |
---|---|
Social Engineering | Impersonation to gain access or information. Responsible for 93% of data breaches at financial institutions. |
Phishing | An attempt by unauthorized entities posing as legitimate individuals, usually via email, to obtain sensitive information from an indiscriminate group of individuals |
Spear Phishing | Phishing targeted at a specific group, organization, or demographic. |
Whaling | A type of spear phishing geared toward senior leaders of an organization |
Vishing | Phishing over the phone. |
Smishing | Phishing through text messages |
Spam | Unrequested bulk messages sent in large quantities |
Spim | Spam sent through text messages |
Bluejacking | Spam sent over Bluetooth |
Prepending | Adding information to legitimize a message |
Pretexting | An attacker presents a fabrication of a legitimate reason they need access to a system or resource despite not being granted access |
Identity Fraud | Using information (typically gained from social engineering attacks) to present oneself as another. Loans and even mortgages are often fraudulently obtained through these means. |
Invoice Scams | Sending invoices purporting to be from legitimate companies in hopes to be paid without further investigation. |
Reconnaissance Attacks | Using publicly available sources to collect information |
Impersonation | Presenting Oneself as another |
Watering Hole attack | Inject malware through an insecure, frequently used third party |
Typosquatting | Registering a domain name like a legitimate site in hopes of users mistyping and ending up on a spoofed site |
Dumpster Diving | Retrieving information from a user or organizations trash or recycling or other discarded material |
Shoulder Surfing | Looking over an authorized user’s shoulder hoping to see sensitive information such as a PIN or password |
Tailgating | Following an authorized user into a secure area without having to provide credentials |
Piggybacking | Following an authorized user into a secure area without having to provide credentials where the authorized individual allows the attacker into the area |
Influence Campaigns | Large scale program, often launched by a hostile nation. Geared towards swaying public opinion. Often used to sway election results. May use social media to launch bots to spread misinformation |
Hybrid Warfare | Includes both traditional and social means to accomplish military goals. |
Authority | Influencing people by showing yourself as an expert or figure of power. |
Intimidation | Using fear or threats to manipulate others into compliance. The fear of negative consequences can lead people to make different decisions. |
Consensus | Influences people by using the principle that people tend to follow the actions of others, especially if made to believe many people are doing something. |
Scarcity | Makes people fear they will miss out on a deal because it's rare or in short supply. |
Familiarity | People are more receptive to things they’ve encountered before. |
Trust | People are more likely to believe information from sources they see as reliable |
Urgency | Capitalizes on the feeling of needing to act quickly to seize an opportunity or avoid a negative consequence, giving them less time to put in careful consideration on how they will act |
Threat Vectors | Describes how malicious code is replicated and spread |
Viruses | Usually require a host file and user interaction |
Fileless Viruses | Do not need a host. |
Worms | A memory resident type of malware that can self-propagate and does not need a host file |
Trojans | Present themselves as a desirable application or tool, yet contain malware |
PUPs/PUAs | Software that is installed in addition to the app the user has chosen, although not necessarily malicious |
Backdoor | Network software that opens a port on a compromised system. The host listens for traffic on that port and allows system access, bypassing normal authentication methods. |
Remote Access Trojans | A type of backdoor software that allows administrative access to a system |
Bot | An automated script or tool that can perform malicious activity |
Botnet | A collection of systems controlled by the same threat vector |
Command and Control | Host or network that communicates with the exploited hosts |
Rootkit | Operates at executive level or can be used to escalate privileges |
Ransomware | Computer-based attack that allows an attacker to extort the victim. May display threatening messages in relation to illegal activities supposedly performed on the compromised system. |
Cryptoware | Encrypts critical systems or files and requires the user to pay a fee or ransom in exchange for they key, which will unlock the encrypted files |
Timebombs | Wait until a specific date or time to unleash a payload of an attack |
Logicbombs | Wait until an event occurs before delivering a payload |
Spyware | Malware used to track the activities of users |
Adware | Often reconfigures browsers to target market to an individual based on previous activities |
Hoaxes | deceptive messages or claims spread through various channels, often with the intention to deceive, scare, or manipulate recipients. |
Credential Harvesting | Specifically designed to steal account and authentication credentials |
Tracking Cookies | Plain text files stored on a users' system that can record pages visited, purchases made, etc. |
Keylogger | Records Keystrokes |
Dictionary | Every word in a file |
Brute Force | Every combination of characters |
Hybrid | Every word in a file plus some frequently used character combinations |
Rainbow Table | Stored results from a brute force attack matched against a password hash. Much faster than an brute force attack on its own. |
Spraying | Attempting a common password to numerous accounts |
Malicious USB Cable | Can act as a skimmer over legitimate charging stations at public locations |
Flash Drives | Can provide the means to distribute malware, as well as to remove sensitive information |
Card Cloning | Making multiple copies of an existing card |
Skimming | Installing a counterfeit card reader over a legitimate device |
Tainted Training Data for Machine Learning | AI Systems "learn" based on data retrieved from customer systems and security devices. By injecting spurious code or traffic into the training environment, an attacker can corrupt the learning process, therefore rendering the AI skewed. |
Machine Learning Algorithms | computational procedures used to learn patterns from data and make predictions or decisions without being explicitly programmed. |
Supply Chain | Compromising elements of a system provided by another party |
Cloud-based attacks | Attacks at the CSP itself or protocols/apps/accounts used to access and transmit data to and from the CSP. |
Poorly-written APIs | Can introduce security vulnerabilities that attackers might exploit to gain unauthorized access |
Facility Security | refers to the protection of physical locations, buildings, and premises from unauthorized access, theft, vandalism, and other threats. |
Hardware Vulnerabilities | weaknesses or flaws in computer hardware components that attackers can exploit to compromise systems or gain unauthorized access. |
Software Vulnerabilities | weaknesses in software applications or operating systems that attackers can exploit to gain unauthorized access, steal data, or carry out other malicious activities. |
Malicious Insiders | individuals within an organization who exploit their authorized access to carry out harmful actions, such as stealing sensitive data, sabotaging systems, or leaking confidential information. |
Weak Configurations | refer to security settings or configurations that are improperly set, making systems or applications more vulnerable to attacks. |
Third Party Issues | involve security risks introduced by external vendors, contractors, or partners whose products or services are integrated into an organization's systems. |
Collision Attacks | Attempting to create a cryptographic crash to identify another series of characters that will produce the same hash as the legitimate password |
Birthday Attacks | Attempts to cause a collision based on the fact that it's mathematically infeasible to cause a collision with only one hash, so instead uses two hashes |
Downgrade Attacks | Requests access to the server at a lower level than the default in hopes that passwords would be transmitted in a less secure manner |
Code Injection | refers to the insertion of malicious code into a software application. |
Input Validation | the process of checking and filtering user inputs to ensure they meet specific criteria or constraints. |
Fuzzing | a testing technique where an application is bombarded with unexpected and random inputs to identify vulnerabilities. If vulnerabilities are found, code is injected into the application. Can be used for penetration testing. |
Sanitization | involves cleaning and filtering user inputs or data to remove or neutralize potentially malicious or harmful elements. |
SQL Injection | This attack occurs when an attacker is able to input information that is interpreted by an SQL server as SQL commands |
DLL Injection | involves the illicit insertion of malevolent Dynamic Link Library files into an active process. |
LDAP Injection | Similar to SQL injection, but instead of seeking to allow an attacker to inject executable SQL code into a web form, the attacker is now attempting to execute LDAP code |
XML Injection | insert executable code in place of standard user input, but using XML |
Buffer Overflow | an attack where the amount of data sent to an area of memory exceeds the area of memory allocated to hold the data as there are more entities than what is normally expected |
Timing Attacks | exploit variations in the time taken by a system to perform operations. |
Integer Overflow | occurs when an arithmetic operation results in a value that exceeds the maximum value an integer type can hold. Values are out of expected range |
Memory Leak | occurs when a program fails to release allocated memory, leading to performance degradation or potential security vulnerabilities. This causes the application to not release memory as expected. |
XSS | a type of web security vulnerability where an attacker injects malicious scripts into a website that is then executed by other users. |
XSRF | a web vulnerability where an attacker tricks a user into making an unintended request to a different site, often resulting in actions being taken on behalf of the user without their consent. |
Persistent XSS | occurs when malicious scripts injected by an attacker are permanently stored on a web application's server and then served to other users when they access a specific page. |
Non-persistent XSS | involves injecting malicious scripts into a URL or input field that is immediately reflected back to the user without being stored on the server. |
Physical Access | Gain access to a location before security requirements are verified |
Race Conditions | Technical in nature. Revolve around technical timing exploits |
Time of Check | File-based race condition that occurs when a resource is checked for a particular value, which changes before the resource is used. |
Time of Use | The delay before a value is checked and updated, for example, a user still being logged in even if they lose their credentials. |
Replay Attack | Intercepting encrypted data across a network to be used |
Password Replay | Capturing an encrypted password to input, without the decrypted password. |
Session Replay | Intercepting data exchanged between a user's browser and a website, records the session, and uses the recording to perform unauthorized actions. |
Error Handling | Refers to the process of detecting, managing, and responding to errors or exceptions that occur during the execution of a program or system. It is essential that this is handled effectively to maintain reliability, security, and usability. |
Port Scans | Software that looks for open parts on a both a single or multiple machines to search for vulnerabilities. |
X-mas Scans | Sends a packet with all the flags set with a combination conversation never uses- can be used to determine OS and open ports. |
Man-in-the-middle | Attacker inserts themselves into a path of communication. |
Banner Grabbing | Some network services return information in response to a service request |
Passive MITM | Intercepting a conversation, but not changing transmitted data |
Active MITM | Intercepting a conversation and actively altering the transmitted data. |
Spoofing | Disguise activity to deceive a target to gain access to a system, network, or data. |
IP Spoofing | An attacker alters the source IP address in network packets to make them appear as though the data is being received from a trusted source. |
MAC Spoofing/Cloning | Involves changing the hardware address of a network device to impersonate another device on a network. |
Email Spoofing | Involves forging the senders email address in a message to make it appear as a trusted source. |
Smurf attack | By abusing ICMP and IP broadcast addresses, this DDoS attack sends numerous ICMP packets to an IP broadcast address, causing the broadcast network to respond with echo replies, flooding the victim with traffic. |
Fraggle Attack | An attacker sends a large amount of UDP echo packets to IP broadcast addresses to flood a victim with traffic. |
ARP Poisoning | An attack where an attacker associates their MAC address with the IP address of another device, which can lead to traffic being redirected through an attackers systems, allowing the interception of data. |
DNS Rogue Infrastructure | The creation of malicious DNS servers or systems that provide false DNS information. This causes users to receive incorrect IP addresses for domain names. |
DNS Poisoning | Corrupting or altering DNS servers with fraudulent DNS records to redirect users to malicious webpages. |
DNS Pharming | The manipulation of DNS settings to redirect a user to malicious websites. |
DNS Hosts file | A local file on a device that maps hostnames to IP addresses. Can be modified in an attack to redirect specific domains to IP addresses. |
URL Redirection | A legitimate web function that forwards users from one webpage to another. Can be abused in an attack by creating malicious redirects to phishing sites or malware distribution pages. |
Wardriving | the practice of driving around with a network detector in areas in which wireless communications may be accessible |
Warchalking | The practice of publicly tagging an area in which wireless networks are accessible |
Encryption | a security process that transforms plaintext messages or data into ciphertext, making it unreadable to unauthorized individuals. |
Sniffing | The practice of capturing and analyzing network traffic or data packets as they are transmitted on a network. Can be used for legitimate or malicious purposes. |
WEP | Outdated wireless security protocol vulnerable to attacks, replaced by WPA and WPA2. |
WPA | Security protocol for wireless networks, improved from WEP, using TKIP encryption. |
WPA2 | Stronger version of WPA with AES encryption, enhancing Wi-Fi security. |
WPS Attack | An attack that exploits a brief vulnerability in which encryption keys are generated. The attacker sends negotiation requests to the router, trying different values. |
Rogue Access Point | any unauthorized wireless access point on a network |
Evil Twin | the replacement of an authorized access point with a seemingly identical access point |
Disassociation | A wireless network management frame that is apart of the IEEE 802.11 (Wi-Fi) standard, used by wireless clients or access points to signal disconnection from a network. May be used maliciously to disconnecting legitimate clients from the network. |
Deauthentication | Intended to allow authorized devices to request disconnection from a network. Can be used maliciously to disrupt Wifi connections. |
Jamming | A malicious activity where an attacker floods a wireless network with interference, disrupting the network. |
Wi-Fi encryption | A security measure used to protect wireless network communications from unauthorized access and eavesdropping. |
WEP Sniffing | Involves capturing and analyzing data packets transmitted over a Wi-Fi network secured with the WEP encryption protocol, which is the easiest to target, being the weakest. |
WPA sniffing | Involves capturing and analyzing data packets transmitted over a Wi-Fi network secured with the WPA (Wi-Fi Protected Access). encryption protocol. Less susceptible than WEP, but can still be compromised. |
WPA2 Sniffing | WPA2 sniffing involves capturing and analyzing data packets transmitted over a Wi-Fi network secured with the WPA2 (Wi-Fi Protected Access 2) encryption protocol. This is the hardest one to crack, as its protocol is considered highly secure. |
Wifi Sniffing | The practice of capturing and analyzing data packets transmitted over wireless networks. |
WPS | Aiding those who don't know how to setup a secure connection in setting up their connection |
Bluesnarfing | Information is gathered via bluetooth connections |
Bluebugging | A bluetooth device is exploited to give attackers access to your device. |
State-sponsored Attack | An offensive cyber operation conducted by a nation-state or government agency. |
APT (Advanced persistent threat) | A sophisticated and targeted cyber attack in which an adversary, often a well-funded group or nation-state, gains unauthorized access to a network or system and remains undetected for an extended period. |
Internal threats | Applies to 80% of all fraud in organizations, with 53.3% of all fraud being unintentional. |
Attack Vector | A means of creating a compromise and accessing a system |
Direct Access | The ability to connect to a system, network, or resource without outside sources or authorization |
Email Threat Vectors | Associated with a wide range of cyberattacks, such as phishing, spam, attachment attacks, etc. |
Information Gathering | The initial phase of an attack where an attacker collects as much intel as possible about a target from publicly available sources |
Anti-malware | Security programs designed to protect, detect, prevent, and remove malware from a network, system, or resource. |
Patches | Software updates or bug fixes released by software vendors to address security vulnerabilities, bugs, or performance issues. |
Baseline | A standard or reference point used for evaluating and measuring the security of a network. |
Cyber Kill Chain | A concept and framework developed by defense company Lockheed Martin to describe the stages that advanced cyber attackers typically go through when planning and executing a targeted cyber attack. |
Reconnaissance | Attacker researches target network and attempts to identify vulnerabilities. |
Weaponization | The attacker either adapts an existing remote access malware or creates a new one, tailored to one or more vulnerabilities identified in a target network. |
Deliver | The attacker transmits the weapon to the target using an attack vector. |
Exploitation | The malware is triggered, which takes action on the target to take advantage of one or more vulnerabilities and compromise the host. |
Installation | The malware places an access point that the attacker can use to access the device. |
Control and Maintain | The malware allows the attacker to have persistent access to the target network |
Actions on Objective | The attacker proceeds to act to achieve their goal, such as data exfiltration, data destruction, etc. |
Vulnerability Management Activities | Involves identifying, assessing, prioritizing, and mitigating vulnerabilities in an organization's technology infrastructure. |
Vulnerability Scanner | Scan devices on your network to see what areas may be vulnerable. They may test known exploits against your system, look for missing patches, etc. |
Patch Management | Identify missing updates or patches for devices on the network. Can also install missing patches to keep systems up-to-date and secure. |
Risk Assessment | the process of identifying, analyzing, and evaluating the potential risks and vulnerabilities that could impact an organization's information assets, including data, systems, and networks. |
Vulnerability | Weaknesses in systems that allow attacks to occur. |
Uncredentialed Scan | Do not get trusted access to the system being analyzed |
Credentialed Scan | Requires a login to provide access to resources an untrusted user might not have. |
Agent Scan | Executed with specialized software to assist to perform monitoring, assessment, etc. |
Agentless Scan | Is executed without the need to install or deploy any specialized assistance. It is instead relies on external tools to gather information. |
Intrusive Scan | Attempt to exploit a vulnerability when found |
Non-Intrusive Scan | Identify a vulnerability and report on it |
Advisories | Specific data on an identified vulnerability |
Bulletins | Summaries/newsletter listings of advisories |
Information sharing and Analysis Centers (ISACs) | Non-profit groups that specialize in a specific sector |
News reports | Articles or headlines that can give vulnerability information |
Security Content automation protocol (SCAP) | A suite of interoperable specs designed to standardize the naming conventions and formatting used to identify and report on software flaws. Made up of open standards to enumerate software flaws and security related configuration issues. |
Open Vulnerability and Assessment Language (OVAL) | Provides a consistent way to collect and assess three main aspects of evaluated systems: system information, machine state, and reporting |
Asset Reporting Format (ARF) | Correlates reporting formats to device information |
Extensible Configuration Checklist Description Format (XCCDF) | Written in XML to provide a consistent way to define benchmarks and checks performed during assignments. |
Common Platform Enumeration (CPE) | standardized naming format to identify systems and software |
Common Vulnerabilities and Exposures (CVE) | Lists of known vulnerabilities |
Common Configuration Enumeration (CCE) | Similar to CVE but focuses on configuration issues that may lead to a vulnerability |
Honeypots | Designed to mimic real network systems to lure attackers |
Honeypot Deployment | Either placed within the network to detect insider threats, or externally on the perimeter network or DMZ to detect and gather attacker information |
Pseudo Flaw | Loophole purposely added to OS or application to trap intruders |
Honeypot enticement | Goal is to attract potential attackers by creating tempting decoy assets and services on the network |
Honeypot entrapment | Involves actively engaging attackers by providing them with simulated vulnerabilities and services |
Honeynet | Monitored network that is intentionally designed to target attackers. |
Log reviews | Examination of system log files to detect security events to verify security control effectiveness, ensure time is standardized across all network devices. Files are stored locally on each device. |
Syslog | A standard network-based logging protocol that works on a wide variety of devices and applications, allowing them to send text-formatted log messages to a central server. |
Security information and Event Managers (SIEMS) | Systems that enable centralization, correlation, and retention of event data in order to generate automated alerts. Typically provides a dashboard interface that highlights possible security accidents. |
All-in-one UTMS | Combines multiple security features and services into a single appliance or software |
Firewall UTMS | Focuses primarily on firewall functionality, essential for controlling network traffic. Often includes Stateful Packet Inspection and application layer filtering. |
Proxy UTMS | Includes a proxy server component that acts as an intermediary between client devices and the internet. |
NAT UTMS | Includes NAT functionality, which enables the translation of private IP addresses to a public IP address and vice versa. |
PAT UTMS | Translates multiple private IP addresses to a single public IP address using different port numbers. |
Web filtering UTMS | Focuses on content filtering and URL categorization. It allows administrators to control access to websites and web content based on defined policies. |
Wi-Fi security UTMS | Is designed to protect wireless networks from security threats. It includes features such as WPA/WPA2 encryption, intrusion detection, rogue AP detection, and guest network isolation. |
Strategic intelligence | Non-technical, high-level information that can be used by senior management to make security decisions |
Operational intelligence | Focuses on adversaries and their actions |
Tactical intelligence | Focuses on immediate, specific threats and the evidence which can be used to detect them |
Counterintelligence | An active security strategy that uses intelligence offensively |
Open-sourced intelligence (OSINT) | Published by an organization for the good of the community |
Closed-source intelligence (CSINT) | Vendors release specific information to their customers, sometimes requiring a non-disclosure agreement. |
Computer Emergency Response Team (CERT) | A group of cybersecurity experts responsible for responding to and mitigating cybersecurity incidents within an organization |
Information sharing and analysis center (ISAC) | An organization or group focused on facilitating the sharing of cybersecurity threat intelligence and best practices within a specific industry or sector. |
MITRE | A globally-accessible knowledgeable base of adversary tactics and techniques based on real-world observations. |
Known threats | Long-established threats that can still be potent against weak security or if a new attack variant emerges |
Current Vulnerabilities | Documented weaknesses in hardware, software, or procedures are continually changing, so we must remain aware of them. |
Trending attacks | Attackers frequently adopt new strategies as defenses and vulnerabilities change |
Zero-day vulnerabilities | Newly discovered vulnerabilities are an especially dangerous threat |
Emerging threat sources | Ongoing changes in technologies and business practices can affect both individual attacks and the security landscape |
Intelligence Gathering | A process where requirements for information are defined, information is collected and processed, in which it analyzed to be transformed into usable information, after which is given to decision makers to act on it, and finally generating feedback. |
Threat hunting | Uses threat intelligence to develop hypotheses and analytics based on what threat actors are known to do so that threats can be proactively found rather than passively detected. |
Tactics, Techniques, and Procedures (TTP) | Information published from various sources about what trends to look for, such as how attackers approach vulnerabilities, what methods are being used, and what processes are used to accomplish it. |
Data Repositories | Storage systems that hold a vast amount of structured and unstructured data. This includes historical threat data, logs, etc. |
Vulnerability Feeds | Provides information about software weaknesses. Essential for organizations to stay updated on potential security risks and apply mitigations. |
Threat Intelligence Feeds (TIF) | Delivers real-time information on cyber threats, including the threat actors and their TTPs |
Threat Maps | Visualizes cybersecurity threats geographically. Provides a visual representation of cyberattacks and their source. |
Predictive Analytics | Uses data and algorithms to forecast future events, including cybersecurity threats. |
Reputational Indicator | Associated with a known or likely threat source |
Behavioral Indicator | Associated with known or suspected action performed by attacks |
Indicator of Compromise (IoC) | A piece of forensic data which is associated with malicious activity on a system or network |
Penetration Testing | Involves using procedures and tools to test and potentially bypass security controls, aiming to measure an organization's resistance to attacks and identify weaknesses by emulating a real attack requiring written approval from a senior manager. |
Rules of Engagement | Cybersecurity guidelines and procedures outline the procedures for conducting cyber testing or assessments, including IP addresses, acceptable techniques, available times, points of contact, false alarm measures, and information handling. |
Zero knowledge test (Black Box) | Team has no information of the target |
Partial knowledge test (Grey Box) | Team has some information about a target |
Full knowledge test (White Box) | Team has intimate information about a target |
Blind test | Defenders are not aware a test is happening |
Double-blind test | Neither defenders or network security staff are aware of the testing |
Targeted Test | Focused tests on specific areas of interest. |
Integrity | Guarantee that an asset has not been modified |
Availability | Guarantee that an asset will be accessible |
Confidentiality | Guarantee an asset is kept away from those without authorization |
Information Security | The foundation of compliance with many laws regarding privacy, intellectual property, contracts, and other laws and regulations. |
Information governance | Accountable for compliance with laws and regulations |
Data sovereignty | Refers to the laws applicable to data based on where its physically located |
Data Localization | Refers to a governmental policy prohibiting organizations from transferring data outside of a specific location |
Data residency | A decision made by businesses to store data in a specific geographical location |
Obfuscation | The process of hiding, replacing, or omitting sensitive information. |
Anonymization | The process of either encrypting or removing PII from datasets so it may remain anonymous |
Tokenization | Public cloud service can be integrated and paired with a private cloud that stores the data. |
Masking | The process of using specific characters to hide certain parts of a specific dataset. |
Layered Defense | Using different types of security to protect an asset |
Scoping | Limiting what information is stored |
Due Diligence | Comprehensive research and investigation an organization conducts before entering into a cybersecurity-related agreement, partnership, or transaction |
Due Care | The ongoing effort an organization makes to maintain an acceptable level of cybersecurity. |
Audits | Systematic and independent evaluations of an organizations cybersecurity practices, policies, and controls. |
Service Level agreements (SLA) | Formal agreements between a service provider and a customer that outlines the expected level of cybersecurity measures. |
Redundancy | involves creating duplicate or backup systems, components, or processes to ensure data availability and minimize downtime in case of failures or cyberattacks. |
Content Delivery Network | a network of distributed servers that deliver web content (e.g., web pages, images, videos) to users based on their geographic location. |
Data Dispersion | involves breaking data into smaller fragments and distributing them across multiple locations or servers to enhance data security and reduce the risk of unauthorized access. |
Message Authentication Codes | cryptographic tags generated by combining a secret key and the message content. They verify the authenticity and integrity of a message. |
Digital Signatures | cryptographic techniques that provide authentication, integrity, and non-repudiation to digital documents or messages. |
Data at rest | stored data, typically on storage devices like hard drives, SSDs, or tapes. |
Data in process | information being actively manipulated or used by software applications or systems. |
Data in transit | information moving across networks or communication channels. |
File system encryption | involves encrypting individual files or directories within a file system, making the data unreadable without the appropriate decryption key. |
EFS (Encrypting File System) | a feature in Windows operating systems that enables file-level encryption. It uses symmetric key encryption to protect files and folders. |
Full drive encryption | encrypts an entire storage device, such as a hard drive or SSD. |
TPM (Trusted Platform Module) | a hardware-based security module that provides secure storage for encryption keys and performs cryptographic operations. |
SSL | a cryptographic protocol that provides secure communication over computer networks. |
TLS | the successor to SSL, addressed vulnerabilities found in earlier SSL versions and introduced stronger encryption algorithms and security features. |
IPSec | a suite of protocols used to secure IP communication by authenticating and encrypting each data packet. |
SSH | a cryptographic network protocol for secure remote access to systems and secure file transfers. |
Hashes | fixed-length alphanumeric strings generated by applying a cryptographic hashing algorithm to data. |
Data retention | The practice of storing data for a specific period, determined by certain requirements, after data is deleted or archived. |
Archival policy | Outlines how data should be archived, including the criteria for determining what data is archived, how it is stored, and how long it is kept |
Sanitizing Media | The process of cleaning, validating, and transforming raw data into a consistent and usable format |
Data Clearing | Renders data inaccessible by normal means |
Data Purging | Renders media unusable by normal means |
Data Destruction | Physical destruction irreversible by normal means |
Crypto-shredding | Encrypt the drive with a strong, publicly known algorithm and destroy the key |
Virtualization | Allows logical isolation on multi-tentant servers, perfect for testing software, uses snapshots for easy backups, may also allow attacker to target relevant resources, and relies upon the security of the Hypervisor |
Virtual Desktop Infrastructure (VDI) | Client desktop instance provisioned as a VM, golden image allows deploying several virtual desktops based on one base images. Clients can make changes, but they are not saved. Allows greater control over desktop images. |
Application Virtualization | a server-based process where an application is run and accessed by the client, captured as a package and accessed on target machines, eliminating the need for installation and configuration. |
Hypervisor | Allows multiple OS to share a single hardware host, with the appearance of each host having exclusive use of resources |
Hypervisor Type 1 | Runs directly on the hardware with VM resources provided by the hypervisor |
Hypervisor Type 2 | Runs on a host OS to provide virtualization services |
VM escape | A virtualization security vulnerability software that allows an attacker to break out of a VM and potentially gain access to the host system or other connected VMs, |
Single interface for entry | A virtualization security vulnerability that allows an attacker to a single entry point, they potentially gain access to the entire network. |
Physical redundancy | If not properly secured, may allow an attacker access to hardware components of a VM. |
Anti-malware for hosts and guests | If not properly implemented, malware can spread from a singular VM to all VMs on the network |
Unintentional bridging | Occurs when a VMs network configuration allows it to connect to other network segments |
Cloud Computing | A model for enabling ubiquitous, convenient on-demand network access to a shared pool of configurable resources that can be rapidly provisioned with minimal management effort or service provider interaction. |
Cloud Drivers (Reasoning) | provides cost-efficiency, scalability, accessibility, redundancy, security, automatic updates, disaster recovery, low-latency content delivery, global reach, collaboration tools, innovation, agility, and energy-efficient data centers. |
Software as a service (SaaS) | Provides the consumer with the ability to use the provider's applications running on a cloud infrastructure. The applications are accessible from various client devices like a web browser or a program interface |
Platform as a service (PaaS) | Provides the customer the capability to deploy onto the cloud infrastructure consumer-created or acquired programming languages, libraries, services and tools supported by the provider. |
Infrastructure as a service (IaaS) | The capability provided is for provision processing, storage, networks, and other computing resources where the consumer is able to deploy and run the software. The consumer does not control the infrastructure but controls everything else |
Public cloud | Cheapest and most common. Shared tenancy, company information is commingled with others. Little to no input or customization. |
Private Cloud | Private computing resources, used by businesses or third-party hosts, are maintained on a private network, allowing customization to meet IT requirements, often used by government agencies and mid-to-large organizations. |
Hybrid Cloud | The model combines public and private cloud services, enabling data and application sharing, flexibility, and deployment options for organizations to utilize public cloud services for specific functions. |
Community cloud | Cloud infrastructure is reserved for a specific community of consumers from organizations with shared concerns, owned, managed, or operated by one or more organizations, third parties, or a combination. |
Cloud Access Security Breakers (CASB) | An enterprise management tool to mediate access to cloud services for users on all types of devices. Provides visibility into how clients and nodes are using resources |
Data Fragmentation | Breaking information into smaller pieces and distributing them across different machines |
Data Loss Prevention | A cybersecurity strategy and set of tools and processes designed to protect sensitive information from being accessed, shared, or leaked inappropriately. Aims to prevent information breaches and maintain information privacy and compliance. |
Application Security | The practice of securing computer programs and software systems by identifying and mitigating vulnerabilities and code, configuration, and input weaknesses. |
Exception Handling | Errors should not generate non-specific messages and ensure that no further security compromises occur. |
Application Configuration baseline | Outlines the proper settings and configurations for a program or set of programs. |
Application patch management | A fundamental component of system hardening that the objective of is to run the most secure version of a program with the fewest exceptions. |
Server-side Validation | The process of verifying data on a server after it is submitted by the client. |
Client-side validation | The verification of data from a users browser before it is sent to the server. |
Identification | The process of establishing a unique designation for a user, system or entity. Often uses a username, ID, etc. |
Authentication | The process of verifying the claimed identity of a user, system, or identity. |
Authorization | The process of granting or denying access rights and permissions based on a users role. |
Accounting | Involves tracking and recording actions and events that occur within a system. |
Identity and Access Management (IAM) | Defines the roles and privileges of individual users |
Spares | Backup components or resources that are kept in reserve in case of failure |
Redundant Servers | Primary server mirrors data to a secondary server. |
UPS | A critical component in data centers and other environments where electricity is essential. Serves as a backup source of power that provides electricity to connected devices in the event of a power outage. |
Clustering | Group of servers that are managed as a single system. Has higher availability, greater scalability and easier to manage. |
Shadowing | Refers to the use of IT systems, devices, software, applications, and services without explicit approval from the IT department. |
Remote Journaling | A data replication technique that continuously records changes made in real-time and transmits these changes to a seperate location |
Electronic Vaulting | The process of securely backing up data from a primary system and sending it to a seperate location through bulk transfers. This seperate copy serves as a data vault that can be used for recovery in case of data loss or system failures. |
Redundancy of Staff | Encompasses strategies and measures aimed at ensuring that cybersecurity operations can continue in the event of personnel unavailability. |
Business Continuity | Focuses on sustaining operations and protecting the viability of a company following a disaster until normal business operations can be performed |
Redundant Spares | Excessive hardware that is available in the event a primary device becomes unusable. |
MTBF (Mean time between failures) | Calculated by taking the total uptime and dividing it by the number of breakdowns. |
MTTR (Mean time to repair) | Calculated by adding the total time spent on repairs during a given period and then dividing by the number of repairs. |
RAID_0 | Disk Striping, provides no redundancy or fault tolerance but provides performance improvement for read/write functions. |
RAID-1 | Disk mirroring, Provides redundancy but is considered to be least sufficient for storage. |
RAID-5 | Disk striping with Parity, Faster with better fault tolerance |
RAID-6 | Disk striping with 2 parity disks |
RAID-10 | Mirrored Stripe Set |
Full backup | Archive bit is reset (set to 0) |
Incremental Backup | Saves all files that have been modified since they were last saved, and Archival Bit is reset to 0 |
Differential backup | Saves all files that have been modified since they were last saved, and Archival Bit is set to 1 |
Copy Backup | Used before upgrades or system maintenance. Does not reset Archive bit. |
Disaster Recovery | Goal is to minimize the effects of an accident and take the necessary steps to ensure that resources, personnel, and business operations are able to be resumed as quickly as possible. |
Business Impact Analysis | Identifies and prioritizes all business processes based on criticality. Addresses the impact on a company in the event of a loss. |
Facility Recovery | Process of rebuilding the physical infrastructure of an organization's IT facilities after a disaster. |
Reciprocal Agreements | Formal agreements between companies to provide mutual assistance during times of crisis. |
Redundant Site (partial) | Replicates only specific critical components of the primary site. |
Redundant Site (full) | Replicates all critical components and functions of the primary site, including data, applications, and hardware. |
Mirrored Site (partial) | Replicates only the required data and systems in real time |
Mirrored site (full) | All data and systems are replicated in real-time. |
Outsourcing | Involves contracting third-party companies or service providers to manage certain IT functions or services on behalf of an organization. |
Rolling Hot site | a specialized type of disaster recovery facility that can be rapidly deployed to provide temporary IT infrastructure and services in case of a disaster. |
Checklist Test | Copies of the plan are distributed to different departments, functional managers review |
Structured walk Through (Table Top) Test | Representatives from each department go over the plan |
Simulation test | going through a disaster scenario, continues up to the relocation to an offsite facility |
Parallel Test | Systems moved to an alternate site, where processing takes place |
Full-Interruption test | Original site shut down, all processing moved offsite |
Workstation Hardening | a cybersecurity strategy that involves securing individual user workstations through software patches, strong password policies, endpoint security software, and user privilege restrictions. |
Mobile Hardening | A crucial process that involves securing mobile devices, implementing encryption, managing devices, enforcing app whitelisting, and implementing remote wipe capabilities to protect sensitive data. |
Server Hardening | a process that improves server security in data centers or the cloud by configuring servers, applying security updates, disabling unnecessary services, and implementing access controls. |
Appliance Hardening | a process that secures specialized hardware appliances in IT environments, including firewalls, routers, and network appliances, by updating firmware, configuring firewall rules, and implementing intrusion detection systems. |
Application Hardening | the process of securing software applications through code reviews, vulnerability scanning, and security features to reduce the risk of security breaches and data leaks. |
Execution Control | refers to mechanisms and practices used to manage and regulate the execution of software and code on computer systems. |
Removable Media Control | a cybersecurity practice that involves managing and securing removable storage devices, such as USB drives and external hard disks. |
Buffer Overflow attacks | a type of cybersecurity threat where an attacker exploits vulnerabilities in software applications or operating systems by overflowing a buffer with more data than it can handle. |
End of life systems | computer systems or software that have reached the end of their official support and updates from the vendor. |
Lack of Vendor Support | the situation where a vendor discontinues support and updates for a product, leaving users without access to security patches and fixes. |
Bring Your Own Device (BYOD) | a policy that allows employees to use their personal devices, such as smartphones and laptops, for work purposes. |
Corporate Owned, Business Only (COBO) | a mobile device management approach where an organization provides and owns mobile devices solely for business use. |
Corporate Owned, Personally Enabled (COPE) | a mobile device management strategy where organizations provide and own mobile devices but allow employees to use them for both business and personal purposes. |
Virtual Desktop Infrastructure (VDI) | a technology that enables organizations to host and manage virtualized desktop environments on centralized servers. |
Mobile Device Management | a set of policies, tools, and technologies used to manage and secure mobile devices within an organization. |
Personal Area Network (PAN) | refer to small, short-range networks used for connecting devices like smartphones, tablets, and laptops to peripherals such as Bluetooth headsets, wireless keyboards, and fitness trackers. |
Nearfield Communications (NFC) | a technology that allows two devices to communicate and exchange data when they are in close proximity. |
Mobile Wallet Apps | Allows consumers to purchase things on their devices without having to use a card every time. |
NFC Exploits | Eavesdropping, Skimming, DDoS |