+
Related Flashcards
Cards In This Set
| Front | Back |
|
3DES
|
Triple Digital Encryption Standard Considered as weak encryption, symmetric block cipher encrypts 64-bit blocks
|
|
AAA
|
Authentication, Authorization, Accounting 1. Authentication has 2 components: Identification (Username or email address) and the authentication factor (Something you know, Something you have, Something you are, Somewhere you are or are not, Something you do) 2. Authorization: the rights and privileges assigned to a user to be able to perform their job. 3. Accounting or Auditing: Accounting is the process of recording system activities and resource access. Auditing is part of accounting where an administrator examines logs of what was recorded.
|
|
ABAC
|
Attribute-based Access Control: Access control based on different attributes: group membership, OS being used, IP address, the presence of up-to-date patches and anti-malware, geographic location. Typically used in an SDN (Software Defined Network).
|
|
ACL
|
Access Control List: A list of objects and what subjects can access them. For example; A user accesses a directory but only has read access to the documents inside.Routers and firewalls both employ ACLs, either allowing or denying access to different parts of the network.
|
|
AES
|
Advanced Encryption Standard: A symmetric block cipher. Three different block sizes; 128, 192, & 256 bit. Used in BitLocker
|
|
AH
|
Authentication Header: An IPSec protocol that provides authentication as well as integrity & protection from replay attacks. Uses protocol # 51.
|
|
AI
|
Artificial Intelligence
|
|
AIS
|
Automated Indicator Sharing Threat intelligence data feed operated by the DHS
|
|
ALE
|
Annual Loss Expectancy: The amount of money an organization would lose over the course of a year. The formula is the SLE (Single Loss Expectancy) times the ARO (Annual Rate of Occurrence). SLE x ARO = ALE.
|
|
AP
|
Access Point: Sometimes referred to as a WAP (Wireless Access Point). An AP is a bridge between wireless and wired networks.
|
|
API
|
Application Programming Interface A software module or component that identifies inputs and outputs for an application
|
|
APT
|
Advanced Persistent Threat: An attack that uses multiple attack vectors, attempt to remain hidden as to maintain a connection to compromised systems. You can normally tie this to nation-states (foreign countries)
|
|
ARO
|
Annual Rate of Occurrence: The number of times a year that a particular loss occurs. It is used to measure risk with ALE and SLE in a quantitative risk assessment.
|
|
ARP
|
Address Resolution Protocol: Matches the MAC address to a known IP address. Easily spoofed, used in MITM (Man-in-the-Middle) attack.
|
|
ATT&CK
|
Adversarial Tactics, Techniques,
and Common Knowledge A knowledge base maintained by MITRE |
