ISDS 4123 Final (Non-Exhaustive)

booleans: AND OR XOR

(eXclusive OR) A Boolean logic operation that is widely used in cryptography as well as in generating parity bits for error checking and fault tolerance. XOR compares two input bits and generates one output bit. The logic is simple. If the bits are the same, the result is 0.

Edge computing

- Intelligene and processing are contained within each device. - the protection of edge networks and devices that are decentralized from the data center, where data is more vulnerable to cyber threats. - Ex: web filtering, anti-malware, intrusion prevention systems, and next-generation firewalls

Fog Computing

- Provisioning processing resource between the network edge of IoT devices and the data center to reduce latency. - an segment bandwidth traffic, enabling users to boost security with additional firewalls in the network - Ex: intelligent traffic management systems

MD5sum

128-bit message digest that is computationally infeasible to match

MAC address

A Media Access Control address is a hardware address that uniquely identifies each node on a network. Six groups of two hexadecimal digits: D0:03:4B:....

Brute force

A brute force attack is a method used by hackers to gain unauthorized access to a system, website, or account by systematically trying all possible combinations of passwords or encryption keys until the correct one is found. This method is based on the assumption that the password or key is likely to be one of the commonly used ones or can be found by trying all possible combinations. Brute force attacks can be time-consuming and resource-intensive, but they can be effective if the password or key is weak or easily guessable.

Motherboard

A circuit board that contains all of the computer system's main components.

Credential scan

A credential scan is a cybersecurity technique used to identify and assess the strength of user credentials (such as usernames, passwords, API keys, etc.) used to access a system, network, or application. This scan involves checking the credentials against a database of known compromised credentials or using brute force methods to test the credentials. The goal of a credential scan is to identify weak, reused, or compromised credentials that could be exploited by attackers to gain unauthorized access.

Denial of service

A denial-of-service (DoS) attack is a cyber attack in which the attacker seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services. This is typically achieved by overwhelming the targeted system with a flood of traffic, such as from multiple sources, so that it becomes unable to respond to legitimate requests. DoS attacks can result in websites being inaccessible, networks being unusable, or services being disrupted, leading to financial losses and reputational damage for the affected organization.

Bruter

A program which will allow you to perform a dictionary or brute force attack against a remote system. Brute force attack: Attempts every possible valid combination for a key or password.

Replay Attack

A replay attack is a network attack when an attacker intercepts a network communication between two parties to delay, redirect, or repeat it.

Federated identity management

A single identity is created for a user and shared with all of the organizations in a federation In Federated Identity Management, a user's identity is stored and maintained by their home organization (Identity Provider or IdP). When the user tries to access a service or resource in another organization (Service Provider or SP), the IdP authenticates the user and provides the necessary information to the SP to grant access. This authentication process is based on standardized protocols such as SAML (Security Assertion Markup Language) or OpenID Connect.

ROT13

A substitution cipher that uses a key of 13. To encrypt a message, you would rotate each letter 13 spaces. To decrypt a message, you would rotate each letter 13 spaces.

Access Control Matrix

A two-dimensional table that allows for individual subjects and objects to be related to each other.

Keys

A value used to control cryptographic operations, such as decryption, signature generation or signature verification.

Full device Encryption

A way to assure data at-rest is secure even in the event of loss or theft is to use.

ARP

Address Resolution Protocol. Resolves IP addresses to MAC addresses. ARP poisoning attacks can redirect traffic through an attacker's system by sending false MAC address updates. VLAN segregation helps prevent the scope of ARP poisoning attacks within a network.

IP Address

An internet protocol address: Numerical label assigned to each device connected to a computer network that uses the internet Protocol for communication. Two main functions: Host or network interface identification and local addressing. "Temporary" logical address assigned over or on the MAC address Ex: 10.0.07 or 10.0.0.13

Assurance level

Assurance levels are typically defined based on the strength of the security mechanisms and processes used to protect a system or data. Higher assurance levels indicate greater confidence in the security of the system, while lower assurance levels indicate a lower level of confidence. For example, in the context of authentication, an assurance level may be assigned based on the strength of the authentication factors used. A system that requires a combination of something the user knows (e.g., a password) and something the user has (e.g., a hardware token) would have a higher assurance level than a system that only requires a password. Overall, assurance levels are used to communicate the level of security provided by a system or process and to help users and administrators make informed decisions about the trustworthiness of the system.

Binary

Bi(2) each character represents 1 of 2 values: 0 or 1.

Black, gray, and white pen box test

Black Box Testing: This is a type of software testing where the tester has no prior knowledge of the internal workings of the system being tested. It simulates an external attack, where the tester tries to find vulnerabilities by interacting with the system as an outsider would, without knowing the system's internal code or architecture. White Box Testing: Also known as clear box testing, this is the opposite of black box testing. Here, the tester has full knowledge of the internal code, architecture, and design of the system being tested. White box testing is used to ensure that all code paths are tested and that the internal workings of the system function as intended. Gray Box Testing: This is a combination of black box and white box testing. The tester has partial knowledge of the internal workings of the system. This can be useful when some information about the internal code is available, but not all details are known. Gray box testing can provide a balance between the thoroughness of white box testing and the external perspective of black box testing.

Bot and botnet

Bot: A bot, short for "robot," is a type of software application or script that performs automated tasks on command. In cybersecurity, bots are often associated with malicious activities, where they are used to perform automated tasks, such as spreading malware, gathering sensitive information, or launching cyber attacks. Botnet: A botnet is a network of computers or devices that have been infected with malware and are controlled by a single command-and-control (C&C) server. The computers in a botnet, known as bots, are typically compromised without the knowledge of their owners and can be used to perform coordinated tasks, such as launching distributed denial-of-service (DDoS) attacks, sending spam emails, or stealing sensitive information. Botnets are a significant cybersecurity threat due to their ability to harness the collective computing power of multiple devices to carry out malicious activities.

CPU

Central Processing Unit; the brain of the computer.

open vs. closed systems

Closed systems are more secure as they limit user access to only what is necessary and authenticates users before giving them access to the system.

CVSS

Common Vulnerability Scoring System. It is a framework used to assign a severity score to a vulnerability, allowing analysts and administrators to prioritize responses and resources according to the threat posed by the vulnerability. The CVSS score is based on several metrics, including the vulnerability's impact on confidentiality, integrity, and availability, as well as the complexity of exploiting the vulnerability. The score is represented as a number between 0.0 and 10.0, with higher scores indicating a greater severity of the vulnerability.

Access Control List (ACL)

Components: An ACL typically consists of entries, each specifying a user or group and the permissions granted to that user or group. Types of Entries: ACL entries can be of two types: Allow: Specifies permissions granted to a user or group. Deny: Specifies permissions explicitly denied to a user or group, which overrides any allow permissions. Permissions: Permissions in an ACL can include: Read: Allows reading or viewing the object. Write: Allows modifying or writing to the object. Execute: Allows executing or running the object (for executable files). Delete: Allows deleting the object. Control: Allows changing permissions on the object. Inheritance: ACLs can be set to inherit permissions from parent objects, which simplifies management and ensures consistency. Order of Processing: In most systems, ACLs are processed in order, with deny entries taking precedence over allow entries. Implementation: ACLs can be implemented at various levels, such as file systems, network devices, and database management systems.

Discretionary Access Control (DAC)

DAC is a security model that allows the owner of a resource to control who can access that resource and what actions they can perform on it. In DAC, the owner of the resource has the discretion to grant or revoke access permissions to other users or groups. Each resource has an associated Access Control List (ACL) that specifies which users or groups have permission to access the resource and what level of access they have (e.g., read, write, execute). DAC is commonly used in operating systems to control access to files and directories.

Default Settings

Default configurations help make hardware, software, and systems more user-friendly, but can leave organizations vulnerable to cyber threats.

Mobile Device Security

Device authentication: Passwords, pins, biometrics, etcs., used to verify the user's identity. When device is locked data is secured Communication protection: Encrypted voice calls, text messages, and data transmission to ensure that the content is indecipherable to unauthorized parties. Remote wiping: Allows users to remotely erase data and configuration settings from a lost or stolen device. Device lockout: After a number of failed authentication attempts device locks for a specific duration or require additional authentication methods to regain access. Screen locks: Protect the device from causal access. Triggers after a specific period of inactivity. Application control: Limits the installation of apps from unknown sources and enforces security settings to mitigate risks associated with unauthorized software. Asset Tracking and Inventory Control: Helps verify device ownership, locate missing or stolen devices, and maintain oversight of mobile device assets. Disabling unused features Rooting or Jailbreaking: Bypassing restrictions to gain full system privileges on a mobile devices. Exposed device to potential risks and vulnerabilities. Text messaging: Transmits messages via SMS MMS or other apps. SMS-based 2FA provides an additional layer of authentication, but may not be the most secure option.

Encryption in Phases

Encryption can be understood in phases that describe the process of transforming plaintext into ciphertext and back again. Here's a simplified breakdown: 1. **Plaintext**: This is the original, readable data that you want to protect. It could be a message, a file, or any other form of data. 2. **Encryption**: This is the process of converting plaintext into ciphertext using an encryption algorithm and a key. The algorithm performs various operations on the plaintext to obscure its meaning, and the key influences how the algorithm operates. 3. **Ciphertext**: This is the result of the encryption process. It's the scrambled, unreadable version of the plaintext. 4. **Decryption**: This is the process of converting ciphertext back into plaintext using a decryption algorithm and the correct key. The algorithm reverses the operations performed during encryption to reveal the original plaintext. 5. **Key**: The key is a piece of information used by the encryption and decryption algorithms. It determines how the algorithms manipulate the plaintext and ciphertext. The same key is typically used for both encryption and decryption (symmetric encryption) or a pair of keys is used (asymmetric encryption). 6. **Symmetric Encryption**: In symmetric encryption, the same key is used for both encryption and decryption. This means that anyone who has the key can encrypt and decrypt messages. Examples of symmetric encryption algorithms include AES (Advanced Encryption Standard) and DES (Data Encryption Standard). 7. **Asymmetric Encryption**: In asymmetric encryption, a pair of keys is used: a public key and a private key. The public key is used for encryption, while the private key is used for decryption. This allows for secure communication without the need to share a secret key. Examples of asymmetric encryption algorithms inclu

Device Lockout

Enforce automatic device lockout following a predetermined threshold of local failed authentication attempts on portable end-user devices.

fgdump.exe

Extracting NTLM and LanMan password hashes from Windows. It is also capable of displaying password histories if they are available.

False positive vs false negative

False Positive: In cybersecurity, a false positive occurs when a security system incorrectly identifies a legitimate activity or file as malicious. For example, an antivirus program might flag a safe file as a virus, leading to a false positive result. False positives can be problematic because they can waste time and resources investigating non-threats. False Negative: A false negative, on the other hand, occurs when a security system fails to detect a real threat. For example, an intrusion detection system (IDS) might fail to detect a malicious network packet, resulting in a false negative. False negatives are concerning because they can leave systems vulnerable to attacks that go undetected.

FTP

File Transfer Protocol tcp/20 (active mode data), tcp/21 (control) - Transfers files between systems - Authenticates with a username and password - Full-featured functionality (list, add, delete, etc.) is a standard network protocol used to transfer files from one host to another over a TCP-based network, such as the Internet. It is commonly used for uploading files to a server or downloading files from a server.

GPU

Graphics Processing Unit Handles graphics rendering and acceleration

HTTPS

Hypertext Transfer Protocol Secure. Encrypts HTTP traffic with SSL or TLS using port 443.

Backdoor

In cybersecurity, a backdoor is a hidden or undocumented method of bypassing normal authentication or encryption in a computer system, application, or device. Backdoors can be created intentionally by developers for various reasons, such as debugging, maintenance, or administrative access. However, they can also be inserted maliciously by attackers to gain unauthorized access to a system. Backdoors can take many forms, including: Software Backdoors: These are typically hidden features or pieces of code within a software application that can be used to bypass normal authentication mechanisms. Hardware Backdoors: These are hidden physical components or modifications to hardware that allow for unauthorized access. For example, a hardware backdoor could be a secret button combination that activates a hidden administrative interface on a device. Default Passwords: In some cases, manufacturers may leave default passwords or credentials in place as a backdoor for accessing devices. Trojan Horses: Malware can also act as a backdoor by providing attackers with unauthorized access to a system once it has been installed.

Modulo and examples

In cybersecurity, modulo arithmetic is often used in various cryptographic algorithms and protocols to ensure data integrity, generate keys, and perform other operations. The modulo operation calculates the remainder when one number is divided by another. It is denoted by the symbol "%".

Infrastructure as code

Infrastructure as code (IaC) is used for infrastructure automation to create environments. The most common use of IaC is in software development to build, test, and deploy applications. Traditionally, system administrators used a combination of scripts and manual processes to set up infrastructure environments.

IDOR vulnerability

Insecure Direct Object Reference. It is a type of vulnerability that occurs when a web application provides direct access to objects based on user-supplied input, such as a URL or a form parameter. This vulnerability can allow an attacker to access and manipulate unauthorized data by changing the object references in the request. For example, in a web application that uses numeric identifiers (IDs) to access user data, an attacker might change the ID in the URL to access another user's data without proper authorization. This can lead to data breaches, unauthorized access, and other security issues. (Walgreens example)

IoT Security

Internet of Things devices - smart devices, appliances, garage doors, door locks, lights etc. Security is probably not the primary focus - in some cases, it's not a consideration at all IoT devices should be segmented from the private network - keep your personal devices and storage systems away from IoT devices - If an IoT device is breached, your personal data is not accessible Use a separate VLAN - many home access points provide a "guest" network - this is different than the DMZ or screened-subnet

SMS (text) weaknesses

Lack of Encryption:SMS messages are not encrypted, and as a result, they can be intercepted and read by attackers.

Substitution ciphers

Letters of the alphabet replaced by other letters. weakness of the frequency distributions of symbols in the plaintext and in the ciphertext are identical, only the symbols having been relabeled

MAC spoofing

MAC spoofing is a commonly employed tactic by threat actors to illicitly obtain access to confidential information in diverse situations. After a successful MAC address spoofing attempt, the perpetrator can illicitly infiltrate the network and potentially execute further malicious activities, such as compromising other devices or exfiltrating sensitive data.

Distribution channels for malware

Malware can be distributed through various channels, including: Email: Malicious attachments or links in emails can be used to distribute malware. Phishing emails, which appear to be from legitimate sources, are often used to trick users into downloading malware. Malicious Websites: Websites that host malicious content or have been compromised can distribute malware to visitors. Drive-by downloads, where malware is automatically downloaded to a user's computer without their knowledge, can occur through such websites. Removable Media: Malware can be spread through infected USB drives, CDs, or other removable media. When a user inserts the infected media into their computer, the malware can be executed. File Sharing Networks: Malware can be disguised as legitimate files on file-sharing networks. When users download and execute these files, they inadvertently install malware on their systems. Instant Messaging and Social Media: Malware can be distributed through instant messaging platforms or social media networks. Links or attachments sent through these platforms can lead to the download and execution of malware. Software Vulnerabilities: Malware can exploit vulnerabilities in software or operating systems to infect systems. This can occur through unpatched software or known vulnerabilities that have not been addressed. Malvertising: Malicious advertisements, or malvertisements, can distribute malware when users click on them. These ads can be displayed on legitimate websites that have been compromised. Drive-by Downloads: This occurs when malware is automatically downloaded to a user's computer without their knowledge or consent. It often happens when a user visits a compromised or malicious website. Supply Chain Attacks: Malware can be distributed through compromised software or hardware in the supply chain. Attackers

Rooting/jailbreaking

Modify (a smartphone or other electronic device) to remove restrictions imposed by the manufacturer or operator, e.g. to allow the installation of unauthorized software

OSI layers and Address type (2 vs 3)

Open System Interconnection: Think of program development. All people seem to need data processing 7. Application: responsible for interacting with end users. The Application Layer includes all programs on a computer that interact with the network. For example, your email software is included, since it must transmit and receive messages over the network. (User interface) 6. Presentation: This layer is responsible for the coding of data. The Presentation Layer includes file formats and character representations. From a security perspective, encryption generally takes place at the Presentation Layer. (Data format; encryption) 5. Session(Application): Responsible for maintaining communication between computers. (Process-to-process communication) 4. Transport(TCP or UDP): Responsible for breaking data into datagrams or segments and properly transmitting it over the network. Flow control and error checking takes places at the transport layer. (End-to-end communication maintenance) 3. Network(IP): Responsible for the logical implementation of the network. One very important feature is the logical addressing. Logical addressing takes the familiar form of IP addresses. (Routing data; logical addressing; WAN delivery) 2. Data Link(Data Link): Responsible for translating information on computers connected to the same local area network (LAN). Uses Media Access Control (MAC) addresses. (Physical addressing; LAN delivery) 1. Physical(Physical): Must translate binary 1s and 0s of computer language into the language of the transport medium. Ex: In copper network cables it must translate data into electrical pulses. (signaling)

Open systems

Open systems provide a higher level of flexibility as users can more easily customize the system according to their needs but this comes at the cost of lower security.

Salted passwords

Password salting is a technique to protect passwords stored in databases by adding a string of 32 or more characters and then hashing them. Salting prevents hackers who breach an enterprise environment from reverse-engineering passwords and stealing them from the database. a random piece of data is added to the password before it runs through the hashing algorithm, making it unique and harder to crack.

power supply unit (PSU)

Provides power to the internal components of the computer

Ram

Random Access Memory Temporary storage for data

ROM

Read Only Memory- Permanent instructions that cannot be changed. It makes the BIOS function. Checks your OS.

Rootkit detection

Rootkit malware is a collection of software designed to give malicious actors control of a computer network or application. Once activated, the malicious program sets up a backdoor exploit and may deliver additional malware, such as ransomware, bots, and more.

SMTP, HTTP, SNMP & Layers

SMTP: Simple mail transfer Protocol TCP port 25

SCP

Secure copy Protocol: is a means of securely transferring computer files between a local host and a remote host or between two remote hosts.

Loopback Address

The IP address 127.0. 0.1 is called a loopback address. Packets sent to this address never reach the network but are looped through the network interface card only. This can be used for diagnostic purposes to verify that the internal path through the TCP/IP protocols is working.

SSH

The Secure Shell: a method for securely sending commands to a computer over an unsecured network. SSH uses cryptography to authenticate and encrypt connections between devices.

Remote wiping

The ability to remotely erase sensitive data stored on a mobile device.

hard disk drive (HDD)

The computer's nonvolatile, primary storage device for permanent storage of software and documents. (Spinning disks)

MAC Prefix

The first six digits of a MAC address. The first six are called the 'prefix' and this identifies the adapter's/IP phone manufacturer. A unique identifier for a network device that uses a connection based on one of the IEEE 802 standards, such as Ethernet, Wi-Fi, or Bluetooth. It is factory-installed and is meant to unambiguously identify each host, as well as provide precision routing of packets in broadcast networks.

Storage devices

The hardware components that read and write data to and from storage media.

Hash length

There are three SHA's, described as: SHA-1: A 160-bit hash value is generated by the widely used SHA-1 hashing algorithm. SHA-256: SHA-256 is a member of the SHA-2 family and generates hash values that are 256 bits long. SHA-3: The newest member of the SHA family, SHA-3 offers enhanced performance and security.

Optical Drive

These play disk media, such as CD's, DVD's, or blu-ray disks, or some can copy data to special disks in the form of burning data. It uses a laser to read the data on the disk.

Keyspace

This is the number of possibilities that a specific key length can generate. Ex: How large is the keyspace for a briefcase with two three digit locks? Combination run from 000000 to 999-999: 1000 combinations possible for the first lock 1000 combinations possible for the second lock 1000*1000= A: 1,000,000 keys in the keyspace.

asymmetric encryption

Two different but mathematically related keys are used where one key is used to encrypt and another is used to decrypt. Has both a public key to be shared and a private key that is held onto by the owner that should remain private. If the public key encrypts, only the private key can decrypt and vice versa. The receiver has a public key the sender can access The receiver also has a private key needed to open and decrypt the message they are receiving.

Virtualization

Used to host one or more OSs within the memory of a single host computer or to run applications that are not compatible with the host OS. Ex: VMware like used in the homeworks.

Port 25

When email is delivered, servers talk to each other using the Transmission Control Protocol (TCP) over port 25

Cable Limits and Repeaters (100 Meters)

You need a repeater when the total length of a single span of network cable exceeds 100 meters (328 feet). The 100-meter length limit applies to the cable that connects a computer to the switch or the cable that connects switches to each other when switches are daisy chained together.

tcpdump

a command line based network analyzer that lets you inspect network traffic. It can capture and display packets on the network interface of your Linux/UNIX computer in real-time. # tcpdump -i eth0

Hashing

a data security technique used to convert data values into alternate, unique identifiers called hashes for quick and secure access. Hashing can be used for data security because the one-way process prevents access to or tampering with the source data. No one can forge a message in a way that will result in the same hash as the legitimate message.

Dotted decimal

a human-readable representation of IP addresses in the IPv4 (Internet Protocol version 4) format. It is expressed as a series of four decimal numbers, each ranging from 0 to 255, separated by periods (dots). ex: 205.57. 32.9

Error Handling

a meaningful error message to the user, diagnostic information to the site maintainers, and no useful information to an attacker" and recommends writing specific policies for error handling that can achieve these things.

Chosen Plaintext

a method hackers use to break a secret code or encryption system in order to gain unauthorized access to information. In this attack, hackers can choose specific messages (plaintexts) to be encrypted using the target's encryption algorithm.

Privacy by design

a method of planning and implementing a system and architecture that fully supports individual rights and protects people's data.

VM sprawl

a phenomenon that occurs when the number of virtual machines (VMs) on a network reaches a point where administrators can no longer manage them effectively.

Moore's Law

a predication made by Gordon Moore in 1965 that computing power will double every 1.5-2 years, it has remained more or less true ever since.

Chosen ciphertext

a scenario in which the attacker has the ability to choose ciphertexts C i and to view their corresponding decryptions - plaintexts P i . It is essentially the same scenario as a chosen plaintext attack but applied to a decryption function, instead of the encryption function.

Proxy

a system or router that provides a gateway between users and the internet. Therefore, it helps prevent cyber attackers from entering a private network. It is a server, referred to as an "intermediary" because it goes between end-users and the web pages they visit online.

Caesar's Cipher

a technique for encryption that shifts the alphabet by some number of characters

Credential stuffing

a type of cyber attack where attackers use large sets of username and password combinations obtained from data breaches or leaks to gain unauthorized access to user accounts on other online platforms. The attackers automate the login process by using bots to rapidly input the stolen credentials into the login page of the target platform. The goal of credential stuffing attacks is to exploit the fact that many users reuse the same username and password across multiple online accounts.

Attribute-based access control (ABAC)

an access control model that uses attributes as the basis for controlling access to resources. In ABAC, access decisions are based on the attributes of the user, the resource being accessed, and the environment in which the access request is made. Attributes can include things like user roles, job titles, department, location, time of day, and any other relevant characteristics. ABAC policies are typically defined using logical rules that specify which attributes are required for access to specific resources under certain conditions. ABAC offers more granular control over access compared to traditional access control models like role-based access control (RBAC) or discretionary access control (DAC). It allows for dynamic, context-aware access control decisions that can adapt to changing conditions and requirements.

Man-in-the-Middle

attack is a cyber attack in which a threat actor puts themselves in the middle of two parties, typically a user and an application, to intercept their communications and data exchanges and use them for malicious purposes like making unauthorized purchases or hacking.

Factors of Authentication

authentication is the process of verifying the identity of a user or system. Factors of authentication refer to the different types of information or credentials that can be used to verify identity. There are typically three main factors of authentication: Knowledge Factor: This involves something the user knows, such as a password, PIN, or answers to security questions. Possession Factor: This involves something the user has, such as a security token, smart card, or mobile device that receives a one-time code. Inherence Factor: This involves something inherent to the user, such as a fingerprint, retina scan, voice recognition, or other biometric identifier.

Open ciphers

cryptographic algorithms whose source code is openly available for inspection, modification, and use by anyone. This openness allows for transparency and peer review, which can help identify and fix security vulnerabilities more effectively than closed, proprietary algorithms.

SSID broadcast

displaying your network as available for nearby users trying to connect their devices to a wireless network.

Fabrication

fabrication refers to the act of creating or falsifying data, information, or identities in order to deceive or gain unauthorized access to a system. This can include creating fake user accounts, forging digital certificates, or generating counterfeit data packets to trick a system into accepting malicious commands or actions. Fabrication is often used as part of social engineering attacks or to bypass authentication mechanisms.

Solid State Drive (SSD)

faster and more reliable storage without moving parts

Hexadecimal

hex(6) decimal (10). Each character pair represents 1 of 16 values 0-9 a-f. Ex: 63 8f 0d 8a c9 bd 00

Interruption

interruption refers to an attack or event that disrupts the availability or normal functioning of a system, network, or service. This can include attacks such as denial-of-service (DoS) or distributed denial-of-service (DDoS) attacks, which overwhelm a system with traffic, making it unavailable to legitimate users. Interruption can also refer to other events, such as power outages, hardware failures, or natural disasters, that disrupt the normal operation of a system or network. The goal of interruption attacks is to make a system or service unavailable to its intended users, often causing financial loss or other negative impacts.

Process confinement

is a key requirement for workloads in the cloud and in other contexts

Known Plaintext attack

is an attack model for cryptanalysis where the attacker has access to both the plaintext (called a crib) and its encrypted version (ciphertext). These can be used to reveal secret keys and code books.

Mobile Device Management

is the process of managing mobile devices, largely in terms of usage and security Bring your own device: Allows employees to bring personal mobile device. Can be used through the company network. Company owned, personally enabled: Organization purchases devices and provides them to employees. Each user can customize the device and use it for both work and personal activities. Choose your own device: Provides users with a list of approved devices. Corporate-owned mobile strategy: Corporate-owned and used for business only.

Split tunnelling

lets you route some of your application or device traffic through an encrypted VPN, while other applications or devices have direct access to the internet.

nmap

network scanning tool—an open source Linux command-line tool—used for network exploration, host discovery, and security auditing.

Account Review

refers to the process of evaluating user accounts within a system or network to ensure they adhere to security policies and best practices. This process typically involves checking for various aspects such as: Account Permissions: Ensuring that users have only the necessary permissions to perform their job functions and that these permissions are not excessive or unnecessary. Password Policies: Verifying that users are following password policies, such as using strong passwords, changing them regularly, and not reusing passwords across multiple accounts. Account Activity: Monitoring user account activity for any signs of unauthorized access or suspicious behavior. Account Deactivation: Removing or deactivating accounts that are no longer needed or that belong to users who have left the organization. Access Reviews: Conducting periodic reviews of user access rights to ensure that they are still appropriate based on the user's role and responsibilities.

Interception

the act of capturing or eavesdropping on communications between two parties. This can include intercepting emails, instant messages, phone calls, or any other form of digital communication. Interception can be done through various means, such as by hacking into a network, using specialized equipment to capture wireless signals, or by gaining access to communication channels through which data is transmitted. Interception is often used by cyber attackers to steal sensitive information, such as passwords, credit card numbers, or confidential business data. It is a significant threat to the security and privacy of digital communications, and various encryption and security measures are used to protect against interception attacks.

Rule of least power in programming

the less powerful the [computer] language, the more you can do with the data stored in that language

Zenmap

the official Nmap Security Scanner GUI. It is a multi- platform (Linux, Windows, Mac OS X, BSD, etc.)

Input sanitation

the process of checking and filtering input data to ensure it's free of characters or strings that could inject malicious code into an application or system.

Symmetric encryption

the same key is used to encode and decode Ex: Company issue separate keys to each employee Both employees have to use the same key each employee-employee pair would have to have its own unique keys. Each time an employee joined or left keys would have to be added or deleted. (Too many keys, undesirable)