Term
| Data Privacy and Confidentiality |
|
Definition
| Ensure data has not been copied or read by parties who do not have permission. |
|
|
Term
|
Definition
| Data integrity involves ensuring that data deleted or tampered. |
|
|
Term
|
Definition
| Controlling who can do what, and when on your system. |
|
|
Term
| System logging and auditing |
|
Definition
| Capturing of all potentially relevant data. Often followed by auditing: evaluating all potentially relevant data. |
|
|
Term
|
Definition
| Involves making sure data or computing resources are available to authorized users when needed. |
|
|
Term
| What does C.I.A stand for? |
|
Definition
Confidentiality
Integrity
Availability |
|
|
Term
|
Definition
Uses widely available security tools
Messes with people
Attempting to learn
Low risk attackers |
|
|
Term
|
Definition
Often curious
Involved in computers or tech.
Can be just as dangerous to themselves as others
Don't cause much damage on purpose |
|
|
Term
|
Definition
Most dangerous group of attackers
Specific targets in mind
Often very focused, research a target
Criminals, motivated by personal gain. They may want to engage in identity or credit card theft, etc. |
|
|
Term
|
Definition
Considered the most dangerous threat to an organization.
Already inside the firewall
Many start by just nosing around
May be motivated by greed, revenge, etc. |
|
|
Term
|
Definition
| White hat hackers have authorization, black hat hackers do. |
|
|
Term
|
Definition
| People who should not be able to connect to your system resources are able to connect and do so. |
|
|
Term
| Exploration of Known Weaknesses |
|
Definition
| Some services that are internet accessible, and were not designed with security in mind allow a threat actor to exploit known bugs to run arbitrary code. |
|
|
Term
|
Definition
| Sending traffic to a network host that is designed to crash a component of the host or use up all available resources. |
|
|
Term
|
Definition
| This involves sending packets that try and trick a host into thinking you are another trusted computer. |
|
|
Term
|
Definition
| This involves an attacker gaining access to data in network traffic they should not be able to access. |
|
|
Term
|
Definition
| The largest weak point in many organizations. This involves an attacker tricking people into giving away sensitive information. |
|
|
Term
|
Definition
| Computer programs designed to prevent, detect, and defend against malware. |
|
|
Term
|
Definition
| In computer security terms, an Advanced Persistent Threat. This is a threat actor who gains unauthorized access to a computer network and remains undetected for an extended period. Usually when people talk about APT's they are referring to sophisticated groups, often affiliated with a nation-state. |
|
|
Term
|
Definition
| a hardware or software method that is used to gain easy access to a system. Often, when people discuss back doors, they are referring to software a threat actor will install after the initial compromise to get easy access to the system later. In some cases, back doors may be left on new devices or software by malicious or incompetent vendors. |
|
|
Term
|
Definition
| A combination of “Robot” and “Network”. A botnet is a group of devices that are controlled centrally. Usually, botnets on the internet are large numbers of devices that have been successfully attacked and are now used for purposes such as Distributed Denial of Service Attacks, sending spam, or finding other victims. |
|
|
Term
|
Definition
| Short for “Command and Control” Servers. These are servers that threat actors place somewhere on the internet to control and communicate with hacked systems. They are most often used by botnets. |
|
|
Term
|
Definition
| An algorithm for encrypting and/or decryption data. |
|
|
Term
|
Definition
| Blanket term for Malicious Software. Malware could be a virus, adware, ransomware, key loggers, back doors, or other types of malicious software. |
|
|
Term
|
Definition
| : Security Information and Event Management. A SIEM typically gives IT or security staff the ability to centrally collect security data from multiple systems and present that as actionable information via a single interface. |
|
|
Term
|
Definition
| An entity responsible for an event or incident that may impact the safety or security of another entity. Usually, this term is used to describe an individual or group that attempts to perform malicious acts against other organizations. I often use the term ‘Attacker’ interchangeably with Threat Actor, and I’ve also seen ‘bad actor’ or ‘hostile actor’ or ‘malicious actor’. |
|
|
Term
|
Definition
| Virtual Private Network. A VPN allows user to create a private network, to send or receive data, across a public or untrusted network. Generally, all the data that travels across a VPN is encrypted in such a manner that only the sender and receiver can view it. Different types of VPNs may be used by remote workers, organizations to secure traffic between physical locations, or by privacy conscious individuals who want to either obscure their traffic or make it seem like it is coming from a different location. |
|
|
Term
|
Definition
| Hiding the existence of a message |
|
|
Term
| What was Caesar's contribution to crypto? |
|
Definition
| Invented the Caesars cipher, a trans positional cipher that shifts letters 3 spaces. |
|
|
Term
|
Definition
| Involves changing the order of letters in a cipher. |
|
|
Term
|
Definition
| Using a Viginere's Square with a random key as long as the message |
|
|
Term
|
Definition
| Deals with a set of numbers in a loop. |
|
|
Term
| Who handles domain disputes in Canada? |
|
Definition
| ICANN (Internet Corporation for Assigned Names and Numbers) |
|
|
Term
|
Definition
| ISP's cannot unjustly discriminate or prefer certain types of traffic. |
|
|
Term
| Can Canadian ISP's block lawful content? |
|
Definition
|
|
Term
| How much can an individual be charged per court case in Canada? |
|
Definition
|
|
Term
|
Definition
Choke point for security reasons
Enforce security policies
Log activity
Keep Intrusions from spreading |
|
|
Term
| Packet Filtering (Firewalls) |
|
Definition
| Filter packets by protocol (TCP/UDP), source/destination address, and source/destination port. Most basic type of firewalls. |
|
|
Term
| Stateful Inspection (Firewalls) |
|
Definition
| Outgoing traffic is analyzed and placed in a table. When the traffic returns the state table is checked to ensure the arriving traffic was solicited from inside the firewall. |
|
|
Term
| Application Gateways (Firewalls) |
|
Definition
| Implement security at OSI layer 7. Most advanced firewalls, make decisions based on packet data rather than headers. |
|
|
Term
|
Definition
| Not really a firewall. Get data on behalf of a client, and return it to the client when its received. |
|
|
Term
|
Definition
| Control network throughput in various ways: give certain packets higher priority/bandwidth, slow down other services that are not time sensitive, etc. |
|
|
Term
|
Definition
| Gather and display information about network traffic over a period of time. Often can be filtered by interface, protocol, port, IP, etc. |
|
|
Term
|
Definition
| Allows the packet to pass as if the firewall didn't exist. |
|
|
Term
|
Definition
| Does not allow the packet through. Sends a response to the client. |
|
|
Term
|
Definition
| Simply discards the packet, does not reply to the client. |
|
|
Term
|
Definition
| A hostile, insecure network. |
|
|
Term
|
Definition
| A DMZ. Demilitarized zone. Isolated area on a network with machines that need to talk to the outside world. Can be reached by the private or public network but cannot reach back into the private network. |
|
|
Term
|
Definition
| A wireless network. Often isolated from the Green zone. |
|
|
Term
| Un-Encrypted web traffic is refereed to as: |
|
Definition
Hypertext Transfer Protocol
port 80 by default |
|
|
Term
| Encrypted Web Traffic is refereed to as: |
|
Definition
HTTPS HTTP Secure
port 443 by default |
|
|
Term
| In TLS communications who initiates communication? |
|
Definition
|
|
Term
| What are the steps of establishing a TLS Connection? |
|
Definition
1. Client Hello - Offer supported versions of TLS, Ciphers, etc.
2. Server Hello - Chooses TLS version, cipher, etc. Server sends its certificate.
3. Client Key Exchange - Secret PreMasterKey encrypted using servers public key
3. Server de-crypts messages using preciously exchanged keys
4. Client de-crypts messages using previously exchanged keys. |
|
|
Term
|
Definition
| Ensures a compromised server wont allow attackers to de-crypt previously captured traffic. (New keys are generated each time communication is negotiated.) |
|
|
Term
|
Definition
| An entity that issues and verifies digital certificates. |
|
|
Term
| Domain Validation (Certificate Authority) |
|
Definition
| A domain validation shows that you actually own a domain. It does not confirm the validity of an organization. |
|
|
Term
|
Definition
| Shows that you own a domain and provides some organizational checks. An OV certificate will have the "Issued to:" field occupied with the companies name it was issued to. |
|
|
Term
|
Definition
| Shows that you own a domain and provides significant extra checks to the validity of the Organization. |
|
|
Term
|
Definition
On your server generate a public/private key pair
Embed the public key in a container along with info the cert authority wants such as domain name of the server.
The CA verifies the information and adds a signature to the container using their private key that only they have access to. |
|
|
Term
| HTTP Strict Transport Security (HSTS) |
|
Definition
| Lets websites declare that users can only interact with them over HTTPS and never HTTP. |
|
|
