Security Plus sy0-501D
passive response
A nonactive response, such as logging. Passive response is the most common type of response to many intrusions. In general, passive responses are the easiest to develop and implement.
implicit deny
A condition that states that unless otherwise given, the permission will be denied
demilitarized zone (DMZ)
A network segment between two firewalls. One is outward facing, connected to the outside world, the other inward facing, connected to the internal network. Public-facing servers, such as web servers, are often placed in a DMZ.
honeynet
A network that functions in the same manner as a honeypot
Secure Sockets Layer (SSL)
A protocol that secures messages by operating between the Application layer (HTTP) and the Transport layer
HSM (hardware security module)
A software or appliance stand-alone used to enhance security and commonly used with PKI systems
analyzer
The component or process that analyzes the data collected by the sensor.
false negative
An event that should be flagged but isn't
data loss prevention (DLP)
Any systems that identify, monitor, and protect data to prevent it from unauthorized use, modification, destruction, egress, or exfiltration from a location.
network access control (NAC)
The set of standards defined by the network for clients attempting to access it. Usually, NAC requires that clients be virus free and adhere to specified policies before allowing them on the network.
intrusion detection system (IDS)
Tools that identify attacks using defined rules or logic and are considered passive. An IDS can be network based or hosts based.
intrusion prevention system (IPS)
Tools that respond to attacks using defied rules or logic and are considered active. An IPS can be network based or host based.
active response
a response generated in real time
risk acceptance
a strategy of dealing with risk in which it is decided the best approach is simply to accept the consequences should the threat happen
SLA
service level agreement - an agreement that specifies performance requirements for a vendor. This agreement may use mean time before failure (MTBF) and mean time to repair (MTTR) as performance measures in the SLA
firewall
A combination of hardware and software filters placed between trusted and untrusted networks intended to protect a network from attack by hackers who could gain access through public networks, including the Internet.
application-level proxy
A device or software that recognizes application-specific commands and offers granular control over them.
honeypot
A fake system designed to divert attackers from your real systems. It is often replete with logging and tracking to gather evidence.
stateful packet inspection (SPI)
A firewall that not only examines each packet but also remembers the recent previous packets.
false positive
A flagged event that isn't really an event and has been falsely triggered.
appliance
A freestanding device that operates in a largely self-contained manner.
clustering
A method of balancing loads and providing fault tolerance.
proxy firewall
A proxy server that also acts as a firewall, blocking network access from external networks.
Internet Protocol Security (IPSec)
A set of protocols that enable encryption, authentication, and integrity over IP. IPSec is commonly used with virtual private networks (VPNs) and operates at Layer 3.
signature-based system
A system that acts based on the digital signature it sees and offers no repudiation to increase the integrity of a message.
intrusion prevention system (IPS)
A system that monitors the network for possible intrusions and logs that activity and then blocks the traffic that is suspected of being an attack.
intrusion detection system (IDS)
A system that monitors the network for possible intrusions and logs that activity.
access control list (ACL)
A table or data file that specifies whether a user or group has access to a specific resource on a computer or network
proxy server
A type of server that makes a single Internet connection and services requests on behalf of many users.
proxy
A type of system that prevents direct communication between a client and a host by acting as an intermediary.
host-based IDS (HIDS)
An intrusion detection system that is host based. An alternative is an intrusion detection system that is network based.
network intrusion prevention system (NIPS)
An intrusion prevention system that is net-work based.
personally identifiable information (PII)
Any information that could identify a particular individual.
load balancing
Dividing a load for greater efficiency of management among multiple devices.
stateful inspection
Inspections that occur at all levels of the network and provide additional security using a state table that tracks every comunications channel
SIEM
Security information and event management software combines security information management (SIM) and security event management (SEM) functions to provide real-time analysis of security alerts.
access point (AP)
The point at which access to a network is accomplished. This term is often used in relation to a wireless access point
BPA
business partners agreement - an agreement between partners in a business that outlines their responsibilities, obligations, and sharing of profits and losses.
EF
exposure factor - the potential percentage of loss to an asset if a threat is realized
compensating controls
gap controls that fill in the coverage between other types of vulnerability mitigation techniques (where there are holes in coverage, we compensate for them).
MTD
maximum tolerable downtime - the maximum period of time that a business process can be down before the survival of the organization is at risk.
MTBF
mean time between failures - The measurement of the anticipated lifetime of a system or component
MTTF
mean time to failure - the measurement of the average of how long it takes a system or component to fail
MTTR
mean time to restore - the measurement of how long it takes to repair a system or component once a failure occurs.
MOU/MOA
most commonly known as an MOU rather than MOA, this is a document between two or more parties defining their respective responsibilities in accomplishing a particular goal or mission, such as securing a system.
anomalies
variations from normal operations
information security management system (ISMS)
A broad term that applies to a wide range of systems used to manage information security.
Encapsulating Security Payload (ESP)
An IPSec header used to provide a mix of security services in IPv4 and IPv6. ESP can be used alone or in combination with the IP Authentication Header (AH).
Authentication Header (AH)
An IPSec header used to provide connectionless integrity and data origin authentication for IP datagrams and t provide protection against replays.
SSID broadcast
An access point's broadcasting of the network name
anomaly-detection IDS (AD-IDS_
An anomaly-detection intrusion detection system works by looking for deviation from a pattern of normal network traffic
all-in-one appliance
An appliance that performs multiple functions
network-based IDS (NIDS)
An approach to an intrusion detection system (IDS); it attaches the system to a point i the network where it can monitor and report on all network traffic.
software-defined network (SDN)
The entire network, including all security devices, is virtualized.
key management
The management of all aspects of cryptographic keys in a cryptosystem, including key generation, exchange, storage, use, destruction and replacement
vulnerability
a flaw weakness in some part of a system's security procedures, design, implementation, or internal controls that cold expose it to danger (accidental or intentional) and result in a violation of the security policy
alarm
a notification that an unusual condition exists and should be investigated
SPOF
a single weakness that is capable of bringing an entire system down
risk avoidance
a strategy of dealing with risk in which it is decided tat he best approach is to avoid the risk
risk deterrence
a strategy of dealing with risk in which it is decided that the best approach is to discourage potential attackers from engaging in the behavior that leads to the risk
risk mitigation
a strategy of dealing with risk in which it is decided that the best approach is to lessen the risk.
risk transference
a strategy of dealing with risk in which it is decided that the best approach is to offload some of the risk through insurance, third-party contracts, and/or shared responsibility
acceptable use policy/rules of behavior
agreed-upon principles set forth by a company to govern how the employees of that company may use resource such a computers and internet access.
BIA
business impact analysis - a study of the possible impact if a disruption to a business' vital resources were to occur.
risk assessment
an evaluation of the possibility of a threat or vulnerability existing. an assessment must be performed before any other actions - such as how much to spend on security in terms of dollars and manpower - can be decided.
alert
an indication that a unusual condition could exist and should be investigated.
ALE
annual loss expectancy - a calculation used to identify risks and calculate the expected loss each year
ARO
annualized rate of occurrence - a calculation of how often a threat will occur. For example, a threat that occurs once every five years has an annualized rate of occurrence of 1/5 or .2
AV (managing risk)
asset value - the assessed value of an item (server, property, and so on) associated with cash flow.
ISA
interconnection security agreement - as defined by NIST (in Publication 800-47), it is "an agreement established between the organizations that own and operate connected IT systems to document the technical requirements of the interconnection. The ISA also supports a Memorandum of Understanding or Agreement (MOU/A) between the organizations."
RPO
recovery point objective - the point last known good data prior to an outage that is used to recover systems.
RTO
recovery time objective - the maximum amount of time that a process or service is allowed to be down and the consequences still to be considered acceptable.
RAID
redundant array of independent disks - a configuration of multiple hard disks used to provide fault tolerance should a disk fail. different levels of RAID exist
switch
switches break up collision domains, while routers (and VLANs) break up collision domains and broadcast domains. Also, a broadcast domain can contain multiple collision domains, but a collision domain can never have more than one broadcast domain associated with it.
SLE
the cost of a single loss when it occurs. this loss can be a critical failure, or it can be the result of an attack
risk
the probability that a particular threat will occur, either accidentally or intentionally, including both leaving a system vulnerable and its impact.
risk calculation
the process of calculating the risks that exist in terms of costs, number, frequency, and so forth
encapsulation
the process of enclosing data in a packet