SYO-501 Acronym flashcards

Authentication, Authorization, Accounting1. Authentication has 2 components: Identification (Username or email address) and the authentication factor (Something you know, Something you have, Something you are, Somewhere you are or are not, Something you do) 2. Authorization: the rights and privileges assigned to a user to be able to perform their job. 3. Accounting or Auditing: Accounting is the process of recording system activities and resource access. Auditing is part of accounting where an administrator examines logs of what was recorded.

After-Action Report

Attribute-based Access Control: Access control based on different attributes: group membership, OS being used, IP address, the presence of up-to-date patches and anti-malware, geographic location. Typically used in an SDN (Software Defined Network).

Access Control List: A list of objects and what subjects can access them. Example; A user access a directory but only has read access to the documents inside.Routers and firewalls both employ ACLs, either allowing or denying access to different parts of the network.

Active Directory

Advanced Encryption Standard: A symmetric block cipher. Three different key sizes; 128, 192, & 256 bit.

Authentication Header: An IPSec protocol that provides authentication as well as integrity & protection from replay attacks. Uses protocol # 51.

Annual Loss Expectancy: The amount of money an organization would lose over the course of a year. The formula is the SLE (Single Loss Expectancy) times the ARO (Annual Rate of Occurrence). SLE x ARO = ALE.

Access Point: Sometimes referred to as a WAP (Wireless Access Point). An AP is a bridge between wireless and wired networks.

Application Programming Interface:

Advanced Persistent Threat: An attack that uses multiple attack vectors, attempt to remain hidden as to maintain a connection to compromised systems. You can normally tie this to nation-states.

Annual Rate of Occurrence: The number times a year that a particular loss occurs.

Address Resolution Protocol: Matches the MAC address to a known IP address. Easily spoofed, used in MITM (Man-in-the-Middle) attack.

Acceptable Use Policy

Asset Value: Asset Value is half of the formula for a one-time loss or SLE (Single Loss Expectancy). AV x EF (Exposure Factor) = SLE /Antivirus

Business Continuity Planning: Need to identify critical business systems, which systems need to be protected the most, and have resources available to help recover them

Business Impact Analysis: Identify resources that are critical to an organization's ability to sustain operations against threats to those resources. It also assesses the possibility that each threat will occur and the impact those occurrences will have on the organization.

Basic Input/Output System: The firmware that sends instructions to the hardware so the system can boot.

Business Partners Agreement: The agreement between two entities, what is expected with respect to finances, services, and security.

Bring Your Own Device: The model where the organization allows a user to use their personal device for business needs also covers allowing the end user to use the company's Internet with their personal electronic devices.

Certificate Authority: Sometimes referred to as PKI (Public Key Infrastructure). Issues and signs certificates, and maintains the public / private key pair.

Change Advisory Board

Common Access Card: Considered a smart card or digital certificate. Typically issued to military personnel and contractors that need access to DoD (Department of Defense) systems and facilities.

Completely Automated Public TuringTest to Tell Computers and HumansApart

Cloud Access Security Broker

Cipher Block Chaining: A mode of operation for DES, which uses an IV (Initialization Vector) for the first plaintext block and then combines with the next plaintext block using XOR (Exclusive OR). There is a delay using this process. With this method, no plain-text block produces the same ciphertext.

Common Criteria

Cipher Block Chaining MessageAuthentication Code Protocol

Closed-circuit Television

Cross-over Error Rate: A metric for biometric technologies are rated. The CER is the point where the FRR (False Rejection Rate) and FAR (False Acceptance Rate) meet. The lowest possible CER is most desirable. /Certificate: Format that encodes the certificate in binary format may also include PEM (Privacy-enhanced Electronic Mail) on a Windows system.

Computer Emergency Response Team

Cipher Feedback: This DES mode of operation is the streaming cipher version of CBC. It uses an IV and chaining. The IV is first encrypted and then the result is XORed with the previous plain-text block.

Challenge Handshake Authentication Protocol: An encrypted authentication protocol normally used for remote access.

Computer Incident Response Team

Center for Internet Security

Content Management System: SaaS (Software as a Services)

Continuity of Operations Plan: Designing operations and systems to be as little affected by an incident and to have resources to recover from them.

Corporate Owned, Personally Enabled: Company owns and supplies the device. The employee may use the device for web browsing, personal email, and personal social media sites.

Cyclical Redundancy Check: Error-detecting code used to detect errors in the packet during transmission.

Certificate Revocation List: A list of certificates that were revoked before they were configured to expire

Computer Security Incident Response Team:

Cloud Service Provider:

Cryptographic Service Provider

Certificate Signing Request: When a subject wants a certificate, it completes a CSR and submits it to a CA (Certificate Authority)

Cross-site Request Forgery: Attacker passes an HTTP request to the victim's browser in an attempt to gain the user's password and username. The output of the attack could include keywords such as "Buy" or "Purchase"

Counter-Mode: An encryption mode that uses a constantly changing IV, also functions similar to a stream cipher.

Counter: Same as CTM

Choose Your Own Device: A mobile deployment model where the company gives the employees a list of approved mobile devices they can use on the corporate network. This helps keep the devices with more current models.

Discretionary Access Control: Access control is set by the data owner, or possibly the administrator. The permissions can be applied to a group or an individual.

Domain Controller

Distributed Denial of Service: Many devices attacking a single device. The devices can be PCs' laptops, DVRs, Webcams, etc. This type of attack is carried out via a botnet, and the devices are known as drones or zombies.

Data Execution Prevention: A feature that prevents malicious code from executing in memory. This feature is programmed into Windows, AMD CPU's, & Intel CPU's. If you were looking at a log output, you might see one of the columns as "DEP". In the column, if it says "Yes", good chance the malware did not execute from that area. If it says no, that might be where the attack originated.

Distinguished Encoding Rules: Is used to create a binary representation of the information on the certificate. DER-encoded binary file can be represented as ASCII characters using Base64 Privacy-enhanced Electronic Mail (PEM) encoding. File extensions .cer and .crt contain either binary DER or ASCII PEM data.

Digital Encryption Standard: A symmetric block cipher that encrypts in blocks of 64 bits and uses a 56-bit key. This method is deprecated and the easiest upgrade is 3DES (Triple DES)

Dynamic Host Configuration Protocol: A protocol that provides an automated process of assigning IP addresses. Can also issue optional parameters such as DNS address, DNS suffix, Default Gateway, and subnet mask. Uses Ports 67 & 68 UDP

Diffie-Hellman Ephemeral: A protocol for the secure exchange of encryption keys. The Ephemeral provides PFS (Perfect Forward Secrecy)

Dynamic Link Library: Is a binary package used to implement functionality, such as cryptography or establishing a network connection

Data Loss Prevention: A hardware or software solution that prevents a certain type of information from being ex-filtrated from a device or network. Data like PII (Personally Identifiable Information), credit card numbers, Social Security numbers, data that is sensitive using keywords. USB blocking is a form of DLP. Preventing this type of information from being printed is another protection.

Demilitarized Zone: This is where you place your public facing web servers. DMZ's are configured as one of the connections or legs on a firewall.

Destination Network Address Translation: Also called "Port Forwarding", the router accepts requests from the Internet for an application, and then sends the request to a designated host and port within the DMZ.

Domain Name Service (Server): A service that maps / resolves hosts names to an IP address. Use Port 53 UDP for DNS queries, uses Port 53 TCP for Zone Transfers

Denial of Service: Is an attack that is one to one. Anything that can keep a device or user from accessing a service or information is a denial of service. One user flooding other users accounts with email attachments until the email box is full, cutting the network cable or power are just a few examples.

Disaster Recovery Plan: A step by step procedure to restore the organization to full functionality. This can be a failed web server, firewall, or some other critical component. The cause can be weather related, man-made either intentional or accidental. Some items needed:1. Inventory list of hardware and software2. Contact info for DRP team members3. Contact info for employees, suppliers, vendors, customers4. Alternate site5. Backups

Digital Signature Algorithm: Public key encryption used for digital signatures. This is an asymmetric encryption method

Extensible Authentication Protocol: EAP allows different authentication methods, most of using a digital certificate on the server and/or the client

Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling: Replaces LEAP, a certificate is optional on the server

Extensible Authentication Protocol (EAP) over LAN

Extensible Authentication Protocol-Transport Layer Security: Requires a certificate on the server and the clients

Extensible Authentication Protocol - Tunneled Transport Layer Security: Requires a certificate on the server only

Electronic Code Book: Not recommended for use, uses the same key for every packet, break one key, you have the entire message

Elliptic Curve Cryptography: Asymmetric encryption, used with wireless and mobile devices due to both have less processing power

Elliptic Curve Diffie-Hellman Ephemeral: A secure method of exchanging shared keys using PFS (Perfect Forward Secrecy)

Elliptic Curve Digital Signature Algorithm: Uses ElGamal with an elliptical curve to implement a digital signature.

Encrypted File System:  A NTFS public key encryption. On a Windows system, you have the ability to encrypt a single file or the folder based on the user's credentials.

Electromagnetic Interference: An adjacent electrical circuit creates a magnetic field that interferes with the signal, from sources like a high voltage motor, fluorescent lights, and power cables.

Electro Magnetic Pulse: Very powerful but short duration wave with the potential to destroy any type of electronic equipment.

Electronic Serial Number: is a unique identification number embedded by manufacturers on a microchip in wireless phones.

End-of-Life: When systems or applications are no longer supported by the manufacturer or developer.

Electronically Stored Information

Encapsulated Security Payload: An IPSec protocol that does the same as AH (Authentication Header), but also encrypts/encapsulates the entire payload/packet. Uses protocol # 50.

Exposure Factor: The percentage of the asset’s value that would be lost. The EF x AV (Asset Value) = the SLE (Single Loss Expectancy).

File System Access Control List: The file access control lists (FACLs) or simply ACLs are the list of additional user/groups and their permission to the file, on a Unix or Linux system.

False Acceptance Rate: A Type II error. The ratio of when a biometric system authenticates an unauthorized user as an authorized user.

Full Disk Encryption: Means that the entire contents of the drive (or volume), including system files and folders, are encrypted. Two methods are BitLocker and PGP Whole Disk Encryption. This is a software-based or an operating system encryption method. These methods are more CPU intensive processes.

File Integrity Monitoring

False Rejection Rate: Type I error. The ratio in which a biometric system rejects an authorized user.

File Transfer Protocol:Uploads and downloads large files to and from an FTP server. FTP transmits data in plaintext. FTP active mode uses TCP port 21 for control and TCP port 20 for data transfer. FTP passive mode (PASV) also uses TCP port 21 for control signals, but it uses a random TCP port for data.If the user can connect to the FTP but not upload or download, disable PASV (passive mode)

File Transfer Protocol over SSL: Ports 989 & 990 TCP, transfer in plain text or encrypted via "Explicit" mode, forced to use encryption is "Implicit" mode

Galois Counter Mode: Provides confidentiality and authenticity of the data. This mode is used for authenticated encryption. GCM mode uses an IV (Initialization Vector) and that the IV is a nonce (number used once).

Gnu Privacy Guard: GPG is a free implementation of PGP (Pretty Good Privacy). GPG allows the user to encrypt and digitally sign your emails or data.

Group Policy Object: Group Policy Object is a component of Group Policy (in Microsoft Active Directory) that can be used in Microsoft operating systems to control user accounts and user activity.

Global Positioning System: GPS is a way of determining a device's position (its latitude and longitude) based on information received from GPS satellites. The device must have line-of-sight to the GPS satellites. GPS provides another means of locating the device.

Graphic Processing Unit

Generic Routing Encapsulation: GRE is a tunneling protocol that encapsulates over an IP network. GRE uses protocol number 47. Used with PPTP and IPSec.

High Availability: The key premise is that systems are resilient and redundant. HA is the percentage of uptime a system is able to maintain over the period a year. For example, 99% would equal being down 3.65 per year of 14 minutes per day. The five 9's, 99.999%, would equal being down 5.25 minutes per year or .86 seconds per day.

Hard Disk Drive

Host-based Intrusion Detection System

Health Insurance Portability and Accountability Act

Host-based Intrusion Prevention System

Hashed Message Authentication Code: Hashing method, provides integrity and authenticity of the message. Most often used with IPSec.