Security Plus Part 4
Allows all of the subdomains to use the same public key certificate and have it displayed as valid.
Wildcard Certificate
A commercial disk editor
WinHex
Standard used PKI for digital certificates and contains the owner/users info and the certificate authority's information.
X.509
Each tap is used once per day for two weeks and then the entire set is reused.
10 Tape Rotation
People are more willing to comply with a request when they think its coming from someone in authority.
Authority
A digital forensics platform and graphical interface
Autopsy
Technique used by an attacker to find two different messages that have the same identical hash digest.
Birthday Attack
(Authentication Header) - Protocol used in IPSec that provides integrity and authentication.
AH
(Automated Indicator Sharing) - Used to share important threat data Uses STIX and TAXII
AIS
A technique where data is generalized to protect the individuals involved
Aggregation/Banding
Encryption algorithm where different keys are used to encrypt and decrypt the data.
Asymmetric Encryption (Public Key)
Public key cryptography and uses two key are using for each method. One key is to encrypt it and another is decrypt it.
Asymmetric encryption is also know as what?
Breaks the input into fixed-length blocks of data and performs the encryption on each block. used in software solutions
Block Cipher
A shared immutable ledger for recording transactions, tracking assets and building trust.
Blockchain
(Business Impact Analysis) - How do things impact our business.
BIA
(Business Partnership Agreement) - Two businesses that establishes the conditions of their relationship.
BPA
When a malicious individual leaves malware-infected removable media such as a USB drive or optical disc lying around in plain view.
Baiting
(Browser Exploration Framework)
BeEF
When a thief attempts to take responsibility for a shipment by diverting the delivery to a nearby location.
Diversion Theft
(Center for Internet Security) - Configuration guidelines for hardening benchmarks and sets of cybersecurity best practices
CIS
(Cyber Security Framework) - Made by NIST to hep organizations manage cybersecurity risks. 1. Identify 2. Protect 3. Detect 4. Respond 5. Recover
CSF what are the five category functions?
(Cyber Security Incident Response Team) - Is the single point of contact for security incidents.
CSIRT
(Certificate Signing Request) - Is submitted to the Certificate authority to request a digital certificate.
CSR
The entity that issues the certificate to a user
Certificate Authority
An online list of digital certificates that the certificate authority has revoked.
Certificate Revocation List (CRL)
Digitally-signed electronic documents that bind a public key with a users identity.
Certificates
The structured way of changing the state of a computer system, network or IT procedure.
Change Management Policy
Is an algorithm which performs the encryption or decryption.
Cipher
Removal of data with a certain amount of assurance that it cannot be reconstructed.
Clearing
Two or more servers working together to perform a particular job function.
Cluster
A site that has tables, chairs, bathrooms and possibly some technical items like phones and network cabling. Has no computers or servers yet.
Cold Site
Condition that occurs when two different files create the same hash digest.
Collision
Data that could affect the government if leaked out
Confidential Data
Highest classification level of data that could impact a company greatly if leaked out to the public.
Confidential Data
A protocol is tricked into using a lower quality version of itself instead of a higher quality version.
Downgrade Attack
Due Diligence - Ensuring IT infrastructure risks are known and managed properly. Due Care - Mitigation actions that an organization takes to defend against the risks that have been uncovered during due diligence.
Due Diligence And Due Care
protects citizens from the government and companies from lawsuits
Due Process
Is Asymmetric encryption Algorithm used for mobile devices and low-power computing devices.
ECC
The method and tools used to create forensically sound copy of data from a hard disk.
Data Acquisition
Responsible for handling the management of the system on which the data sets are stored.
Data Custondian
covering up of data so know one can read it.
Data Masking
A senior (executive) role with ultimate responsibility for maintaining the CIA of the information asset.
Data Owner
Focused on the quality of the data and associated metadata.
Data Stewart
Methods and technologies that remove identifying information from data before it is distributed.
Deidentification
Only conducts a backup of the contents of a drive that has changed since the last full backup. Take more time to create but less time to restore.
Differential Backup
A hash digest of a message encrypted with the senders private key to let the recipient know the document was created and sent by the person claiming to have sent it.
Digital Signature
Provides two independent zones with full access to the data (RAID 10)
Disaster-tolerant RAID
are short lived and used in key exchange for WPA3 to create perfect forward secrecy.
Ephemeral keys
Requires each agency to develop document and implement an agency wide information systems security program to protect their data.
FISMA
Are popular Forensic Tools
FTK and EnCase
A secondary server can take over the function when the primary one fails.
Failover Cluster
Protects against the loss of the array's data if a single disk fails (RAID 1 and RAID 5)
Fault-resistant RAID
Protects against the loss of the array's data if a single component fails (RAID 1, RAID 5, RAID 6)
Fault-tolerant RAID
The use of threats or demands to intimidate someone into helping you.
Fear
All the contents of a drive are backed up.
Full Backup
(Gramm-Leach-Bliley Act) - Affects, banks, mortgage companies, loan offices, insurance companies, investment companies and credit card providers.
GLBA
(GNU Privacy Guard) - A newer and updated version of the PGP encryption suite that uses AES for its symmetric encryption functions.
GPG
Three sets of backup tapes are defined as the son (daily), the father (weekly), and the grandfather (monthly).
Grandfather-Father-Son
Provides regulations that govern the security of information during the election and voting process.
HAVA of 2002
A one-way cryptographic function which takes an input and produces a unique message digest.
Hashing
An attempt at deceiving people into believing something that is false when it is true or vice versa.
Hoax
An encryption method that allows calculations to be performed on data without decrypting it first. used in cloud
Homomorphic Encryption
A near duplicate of the original site of the organization that can be up and running within minutes.
Hot Site
Utilizes asymmetric encryption to securely transfer a private key that can then be used with symmetric encryption.
Hybrid implementation
A TCP/IP protocol that authenticates and encrypts IP packets and effectively securing communications between computers and devices using this protocol. Uses IKE to create a secure tunnel by encrypting the connection between authenticated peers.
IPSec
(Interconnection Security Agreement) - An agreement for the owners of two IT systems to document what technical requirements each organization must meet.
ISA
1. Informations systems 2. The controls to protect those systems 3. Adding privacy on top of everything
ISO 27001 ISO 27002 ISO 27701
Os is the de facto standard for IT service management
ITIL
Only conducts a backup of the contents of a drive that have changed since the last full or incremental backup.
Incremental Backup
Taking data about someone and using it against them. Can be used for Hybrid Warfare
Influence Campaign
Servers are clustered in order to share resources such as CPU, RAM and hard disks.
Load-balancing Cluster
A scam in which a person is tricked into paying or for a fake invoice for a service or product that they did not order.
Invoice Scam
A Linux command line utility for querying and displaying logs from journald, the systemd loggin service on Linux
Journalctl
Occurs when a secure copy of a user's private key is held in case a user accidentally loses their key.
Key Escrow
Refers to how an organization will generate, exchange, store, and use encryption keys.
Key Management
A specialized type of software that allows the restoration of a lost corrupted key to be performed.
Key Recovery Agent
A technique that is used to mitigate a weaker key by increasing the time needed to crack it.
Key Stretching
(Layer 2 Tunneling Protocol) - A connection between two or more computers or devices that are not on the same private network. HAS NO Encryption and is paired with IPSec to provide security. Port 1701
L2TP What Port does it use?
The business or organizations legal counsel responsible for mitigating risk from civil lawsuits.
Legal
A person in your company with legal knowledge that works directly with law enforcement
Liaison
A technique the social engineer attempts to find common ground and shared interests with their target.
Likability
(Message Digest 5) - Algorithm that creates a fixed length 128 bit hash value.
MD5
(Memorandum of Understanding) - A non biding agreement between two or more organizations to detail an intended common line of action.
MOU
(Maximum Tolerable Downtime) - the longest period of time a business can be inoperable without going out of business.
MTD
The time between System Failure to System Failure.
Mean Time Between Failures
Time of a system running and then failing
Mean Time of Failure (MTTF)
Time from failure to repair
Mean Time to Repair (MTTR
Data describing other data
Metadata
(Non-Disclosure Agreement) - Agreement between two parties that defines what data is confidential and cannot be share outside of the relationship.
NDA
a vulnerability scanner used to scan computers or networks for vulnerabilities
Nessus
(Online Certifcate Status Protocol) - A protocol that allows you to determine the revocation status of a digital certificate using its serial number.
OCSP
A stream cipher that encrypts plaintext information with a secret random key that is the same length as the plaintext input.
One-Time Pad
Are the steps an analyst should follow when collecting evidence.
Order of volatility
Signals that are sent between two parties or two devices that uses a different path or method from the primary communication.
Out of band communication
(Pretty Good Privacy) - An encryption program used for signing, encrypting, and decrypting emails. Uses the IDEA algorithm
PGP
An entire system of hardware, software, policies, procedures and people that is based on asymmetric encryption.
PKI
(Point to Point Tunneling Protocol) - A protocol that encapsulates PPP packets and ultimately sends data as encrypted traffic. Port 1723 uses CHAP based authentication making it vulnerable to attacks.
PPTP What Port is it on?
(Pseudo Random Number Generator) - A simulated random number stream generated by a computer that is used in cryptography, video games and more.
PRNG
A technique that allows an attacker to authenticate to a remote server or service by using the underlying NTLM or LM hash instead of requiring the plaintext password.
Pass the Hash
Generic Specific
Policies are what? and Procedures are what?
A new kind of cryptographic algorithm that is impervious to attacks from quantum computers.
Post Quantum Cryptography
A technical method of social engineering that tricks users into entering their usernames and passwords by adding an invisible string before the weblink they click.
Prepending
Affects U.S. government computer systems that collect, stores, uses or disseminates PII
Privacy Act of 1974
Responsible for the oversight of any PII/SPI/PHI assets managed by the company.
Privacy Officer
Contains data that should only be used within the orginization.
Private Data
Has no impact to the company if released and is often posted in the open source enviroment.
Public Data
Allows an HTTPS website to resist impersonation attacks by presenting a set of trusted public keys to the users web browser as part of the HTTP header.
Public Key Pinning
A record keeping system that maintains participants identities in secure and anonymous form.
Public Ledger
Used to manage negative publicity from a serious incident.
Public Relations
A communications network that relies on qbits made up of photons (light) to send multiple combinations of 1s and 0s
Quantum Communication
A computer that uses quantum mechanics to generate and manipulate quantum bits in order access enormous processing power.
Quantum Computing
Creates a 160 bit fixed output
RIPEMD
(RMF) - Is made by NIST and is used in Federal government systems
RMF
(Recovery Point Objective) - Longest period of time that an organization can tolerate lost data being unrecoverable.
RPO
(Recovery Time Objective) - Length of time it takes after an event to resume normal business operations and activities.
RTO
An enclosure that provides two or more power supplies.
Redundant Power Supply
Used to verify info about a user prior to requesting that a certificate authority issue the certificate.
Registration Authority
Governmental organizations that oversee the compliance with specific regulations and laws.
Regulatory Bodies
(Secure/Multipurpose Internet Mail Extensions) - A standard that provides cryptographic security for electronic messaging.
S/MIME
(Security Association) - Establishment of secure connections and shared security info using certificates or cryptographic keys.
SA
(Subject Alternative Name) - Allows a certificate owner to specify additional domains and IP addresses to be supported.
SAN
Requires any business in California to disclose a breach to the customers.
SB 1386
(Secure Hash Algorithm) - Algorithm that creates a fixed-length 160 bit hash value. Uses a 160 bit output
SHA - 1
Family of algorithms uses 256 bit output
SHA - 2
(Service Level Agreement) - An agreement covering the level of services to be delivered.
SLA
A suite of reports produced during an audit. Trusted Services Criteria Addresses the operational effectiveness of the specified controls over a period of time.
SOC SOC 2 Type 2
(Sarbanes-Oxley) - Affects publicly traded U.S. corporations and requires certain accounting methods and financial reporting.
SOX
Used to create an exploitation website that can perform open port scans in a stealthy manner.
Scanless
Technique that relies on the fear of missing out on a good deal that is only offered in limited quantities or a limited time.
Scarcity
Data that could damage national security.
Secret Data
Executives and managers who are responsible for business operations and functional areas.
Senior Leadership
Data that wouldn't hurt national security if released but could impact those whose data is contained in it.
Sensitive But Unclassified
Might have a minimal impact on the company if released.
Sensitive Data
Single Sided - Only require the server to be validated. Dual Sided - Requires both the server and the user to be validated.
Single Sided and Dual Sided Certificates
Type of backup primarily used to capture the entire operating system image including all applications and data. Used for virtualized systems
Snapshot Backup
People are more likely to click on a link through social media or based on seeing others have already clicked on it.
Social Proof
The science and art of hiding messages within other messages.
Steganography
Uses a keystream generator to encrypt data bit by bit using a mathematical XOR function to create the ciphertext. used in hardware solutions
Stream Cipher
Encryption algorithm in which both the sender and the receiver must know the same secret using a privately held key. Are 100-1000x faster than asymmetric
Symmetric Algorithm (Private Key)
A tool that shows the sequence of file system events within a source image in a graphical format.
Timeline
Data that could gravely damange national security.
Top Secret Data
Three sets of backup tapes (like the (grandfather-father-son) that are rated in a more complex system.
Towers of Hanoi
Tracert - Windows Traceroute - Linux shows you all the hops it takes to get to the ipaddress you put in.
Tracert/Traceroute
Occurs when X trusts Y and Y trusts Z therefore X can trust Z
Transitive Trust
Can be released to the public
Unclassified Data
People are usually in a rush these days and urgency takes advantage of this fact.
Urgency
Phishing users over the phone
Vishing
(Work Recovery Time) - Length of time in addition to the RTO of individual systems to perform reintegration and testing of restored or upgraded system following an event.
WRT
A site that has computers, phones and severs but they might require some configuration before the users can start working
Warm Site
1. Diffie-Hellman 2. RSA 3. ECC
What are the Asymmetric Algorithms?
1. Identification - Ensure the scene is safe, secure the scene to prevent evidence contamination, and identify the scope of evidence to be collected. 2. Collection - Ensure authorization to collect the evidence and then document and prove the integrity of the evidence. 3. Analysis - Create a copy of evidence for analysis and use repeatable methods and tools during analysis. 4. Reporting - Create a report of the methods and tools used in the investigation and present detailed findings and conclusions on the analysis.
What are the Forensic Procedures?
1. DES 2. 3DES 3. IDEA 4. AES 5. Blowfish 6. Twofish 7. RC4 8.RC5 9.RC6
What are the Symmetric ciphers?
1. Preparation 2. Identification 3. Containment 4. Eradication 5. Recovery 6. Lessons Learned
What are the steps of incident response?
RC4
What is a stream cipher?
Uses BER, CER and DER BER - has the ability to multiple encoding types. CER - Restricted version of BER Only allows the use of one encoding type. DER - Restricted version of BER Only allows one encoding type and is used in X.509.
X.690
used for viewing and modifying the local ARP cache on a host or server.
arp
a sandbox enviroment
cuckoo
a command line tool used to transfer data to or from a server using a ton of different protocols.
curl
used to copy disk images
dd command
used for DNS enumeration to locate DNS servers and DNS entities
dnsenum
a python script used to gather information
harvester
linux commands for outputting the first ten lines of a file. Tail - outputs the last ten lines
head and tail
An opensource packet assembler and analyzer for TCP/IP protocol that tests firewalls and networks
hping
used to add messages to the Var/log/syslog file
logger
used for reading from and writing to network connections using TCP or UDP. Can be used for remote shell connections
netcat
A network protocol system created by Cisco that collects IP network traffic as it flows in or out.
netflow
is used to prevent password reuse.
nonce
used to identify the ip address of a DNS name
nslookup/dig
A mulit-platform open source tool that is similar to rsyslog or syslog -ng
nxlog
A quantum bit composed of electrons or photons that can represent numerous combinations of 1s and 0s
qubit
used to view and manipulate the IP routing table on a host or server.
route
used to capture some packets but not all to get an idea of whats going on in the network.
sflow
an automated scanner used to scan for vulnerabilities
sn1per
a command that allows you to capture and analyze network traffic Allows you to edit and replay captured network traffic.
tcpdump and tcpreplay
When a unique token is substituted in for real data.
tokenization