#
0-Day Vulnerability (Zero Day): A vulnerability that is not known to the software developer or vendor, but is known to an attacker
802.1X with EAP-TLS: Offers arguably the best security available, assuming proper and secure handling of the PKI aspects of it
802.1X: It is the IEEE standard for encapsulating EAP or Extensible Authentication Protocol traffic over the 802 networks
A
Absolute path: It is one that starts from the main directory
Access Control Entries: The individual access permissions per object that make up the ACL
Access Control List (ACL): It is a way of defining permissions or authorizations for objects
Accounting: Keeping records of what resources and services your users access or what they did when they were using your systems
ACL: Access Control Lists
Activation threshold: Triggers a pre-configured action when it is reached and will typically block the identified attack traffic for a specific amount of time
Administrator: A user that has complete control over a machine
Advanced Encryption Standard (AES): The first and only public cipher that's approved for use with top secret information by the United States National Security Agency
Adware: Software that displays advertisements and collects data
Alias: A nickname for common commands
Analyzing logs: The practice of collecting logs from different network and sometimes client devices on your network, then performing an automated analysis on them
Antivirus software: It monitors and analyze things like new files being created or being modified on the system in order to watch for any behavior that matches a known malware signature
App Store apps: A Package Manager that acts as a repository
App store repository: A app store service that also acts as a repository
App stores: A central managed marketplace for app developers to publish and sell mobile apps
Appending flags: A way to add the data of the file without erasing existing data
Application policies: Defines boundaries of what applications are permitted or not, but they also help educate folks on how to use software more securely
APPX: An APPX is another way to package contents of a file to act like a unit of distribution
Archive: An archive is comprised of one or more files that are compressed into a single file
Asymmetric encryption: Systems where different keys are used to encrypt and decrypt
Attack surface: It's the sum of all the different attack vectors in a given system
Attack vector: Method or mechanism by which an attacker or malware gains access to a network or system
Attack: An actual attempt at causing harm to a system
Auditing: It involves reviewing records to ensure that nothing is out of the ordinary
Authentication server (AS): It includes the user ID of the authenticating user
Authentication: A crucial application for cryptographic hash functions
Authorization: It pertains to describing what the user account has access to or doesn't have access to
Availability: Means that the information we have is readily accessible to those people that should have it
B
Backdoor: A way to get into a system if the other methods to get in a system aren't allowed, it's a secret entryway for attackers
Background processes/Daemon processes: Processes that run or take place in the background
Baiting: An attack that happens through actual physical contact, enticing a victim to do something
Bash: The language used to interact with the shell
Bastion hosts or networks: A server used to provide access to a private network from an external network
Binary whitelisting software: It's a list of known good and trusted software and only things that are on the list are permitted to run
Bind: It is how clients authenticate to the server
Biometric authentication: Authentication that uses Biometric data
Biometric data: A way of protecting your accounts and information using biometric data such as facial recognition and fingerprint
Block ciphers: The cipher takes data in, places that into a bucket or block of data that's a fixed size, then encodes that entire block as one unit
Block devices: A system that acts like USB drives and hard drive by transmitting data
Botnet: A collection of one or more Bots
Bots: Machines compromised by malware that are utilized to perform tasks centrally controlled by an attacker
Brute force attacks: A common password attack which consists of just continuously trying different combinations of characters and letters until one gets access
C
CA (Certificate authority): It's the entity that's responsible for storing, issuing, and signing certificates. It's a crucial component of the PKI system
Cache: The assigned stored location for recently or frequently accessed data; on a mobile app it is where anything that was changed or created with that app is stored
Caesar cipher: A substitution alphabet, where you replace characters in the alphabet with others usually by shifting or rotating the alphabet, a set of numbers or characters
CBC-MAC (Cipher block chaining message authentication codes): A mechanism for building MACs using block ciphers
CCMP (counter mode CBC-MAC protocol): A mode of operation for block ciphers that allows for authenticated encryption
Central repository: It is needed to securely store and index keys and a certificate management system of some sort makes managing access to storage certificates and issuance of certificates easier
Certificate fingerprints: These are just hash digests of the whole certificate, and aren't actually fields in the certificate itself, but are computed by clients when validating or inspecting certificates
Certificate Revocation List (CRL): A means to distribute a list of certificates that are no longer valid
Certificate Signature Algorithm: This field indicates what public key algorithm is used for the public key and what hashing algorithm is used to sign the certificate
Certificate Signature Value: The digital signature data itself
Certificate-based authentication: It is the most secure option, but it requires more support and management overhead since every client must have a certificate
Character devices: A way to transmit data character by character like a keyboard and mouse
Chocolatey: A third party package manager for Windows
CIA Triad: Confidentiality, integrity, and availability. Three key principles of a guiding model for designing information security policies
CLI: Command line interpreter
Client certificates: They operate very similarly to server certificates but are presented by clients and allow servers to authenticate and verify clients
Client/Server runtime subsystem: System that handles running Windows GUI and Command line
Closed source packages: A source code that does not allow public access
CMACs (Cipher-based Message Authentication Codes): The process is similar to HMAC, but instead of using a hashing function to produce a digest, a symmetric cipher with a shared keys used to encrypt the message and the resulting output is used as the MAC
Code signing certificates: It is used for signing executable programs and allows users of these signed applications to verify the signatures and ensure that the application was not tampered with
Command line mode: When you are able to run commands while still in your current shell
Command line: A text interface program for a computer that inputs text commands and translates them to the operating system
Computer management: A tool that lets you manage a local or remote computer
Confidentiality: Keeping things hidden
Correlation analysis: The process of taking log data from different systems, and matching events across the systems
Counter-based tokens: They use a secret seed value along with the secret counter value that's incremented every time a one-time password is generated on the device
Cross-site scripting (XSS): A type of injection attack where the attacker can insert malicious code and target the user of the service
Cryptanalysis: Looking for hidden messages or trying to decipher coded message
Cryptographic hashing: It is distinctly different from encryption because cryptographic hash functions should be one directional
Cryptography: The overarching discipline that covers the practice of coding and hiding messages from third parties
Cryptology: The study of cryptography
Cryptosystem: A collection of algorithms for key generation and encryption and decryption operations that comprise a cryptographic service
D
DACL: Discretionary Access Control List
Data binding and sealing: It involves using the secret key to derive a unique key that's then used for encryption of data
Data buffer: A region of RAM that’s used to temporarily store data while it’s being moved around
Data exfiltration: The unauthorized transfer of data from a computer. It's also a very important concern when a security incident happens
Data handling policies: Should cover the details of how different data is classified
Data information tree: A structure where objects will have one parent and can have one or more children that belong to the parent object
Data: Actual content of a file
Debian(.deb): A Debian package is packaged as a .deb file
Decryption: The reverse process from encryption; taking the garbled output and transforming it back into the readable plain text
Defense in depth: The concept of having multiple overlapping systems of defense to protect IT systems
Defragmentation: A process of taking all the files stored on a given disk and reorganizing them into neighboring locations
Denial-of-Service (DoS) attack: An attack that tries to prevent access to a service for legitimate users by overwhelming the network or server
DES (Data Encryption Standard): One of the earliest encryption standards
Deterministic: It means that the same input value should always return the same hash value
Device manager: A console management system for your device
DH (Diffie-Hellman): A popular key exchange algorithm, named for its co-inventors
Dictionary attack: A type of password attack that tries out words that are commonly used in passwords, like password, monkey, football
Disk Management utility: Native tool for Windows that helps with managing disk space
Distinguished name (DN): A unique identifier for each entry in the directory
Distributed Denial-of-Service (DDoS) attack: A DoS attack using multiple systems
DNS Cache Poisoning Attack: It works by tricking a DNS server into accepting a fake DNS record that will point you to a compromised DNS server
Driver: Used to help our hardware devices interact with our Operating System
DSA (Digital Signature Algorithm): It is another example of an asymmetric encryption system, though its used for signing and verifying data
Dynamic ARP inspection (DAI): A feature on enterprise switches that prevents certain types of attacks
Dynamic-link libraries: Programs that want to use functionality that the code provides can tap into it if they need to (shared libraries)
E
EAP-TLS: One of the more common and secure EAP methods
ECDH & ECDSA: Elliptic curve variants of Diffie-Hellman and DSA, respectively
Eliptic curve cryptography (ECC): A public key encryption system that uses the algebraic structure of elliptic curves over finite fields to generate secure keys
Encapsulating security payload: It's a part of the IPsec suite of protocols, which encapsulates IP packets, providing confidentiality, integrity, and authentication of the packets
Encryption algorithm: The underlying logic or process that's used to convert the plaintext into ciphertext
Encryption: The act of taking a message (plaintext), and applying an operation to it (cipher), so that you receive a garbled, unreadable message as the output (ciphertext)
End-entity (leaf certificate): A certificate that has no authority as a CA
Enterprise app management: A management system that allows an organization to distribute custom mobile apps
Entropy pool: A source of random data to help seed random number generators
Entry point: the act to determine the entry point to figure out how the attacker got in, or what vulnerability the malware exploited
Environment: Whatever settings or variables a child process inherits from the parent’s process
Escape characters: A concept that means that the next character after the back tick should be treated literally
Evil twin: The premise of an evil twin attack is for you to connect to a network that is identical to yours but that is controlled by an attacker. Once connected to it, they will be able to monitor your traffic
Executable file: A file containing instructions for a computer to execute when they’re run
Exploit: Software that is used to take advantage of a security bug or vulnerability
Extensible authentication protocol (EAP over LAN, or EAPOL): A standard authentication protocol
F
Fail to ban: A common open source flood guard protection tool
File permissions: A process for setting permissions for who has access to certain files
File record number: The index of the files entry in the MFT
File system: Used to keep track of files and file storage on a disk
File-based encryption: Guarantees confidentiality and integrity of files protected by encryption
FIPS (Federal Information Processing Standard): The DES that was adopted as a federal standard for encrypting and securing government data
Flood guards: Provide protection against DoS or Denial of Service Attacks
Forward secrecy: This is a property of a cryptographic system so that even in the event that the private key is compromised, the session keys are still safe
Four-Way Handshake: It is designed to allow an AP to confirm that the client has the correct pairwise master key in a WPA-PSK setup without disclosing the PMK
Frequency analysis: The practice of studying the frequency with which letters appear in ciphertext
Full control: A user or group with full control that can do anything they want to files
Full disk encryption (FDE): It is the practice of encrypting the entire drive in the system
G
Groups: A collection of users
GTK (Groupwise Transient Key): A temporal key, which is actually used to encrypt data
GUI: A graphical user interface
H
Hacker: Someone who attempts to break into or exploit a system
Half-open attacks: A way to refer to SYN floods
Hard link: When created in NTFS, an entry is added to the MFT that points to the linked file record number, not the name of the file. This means the file name of the target can change and the hard link will still point to it
Hardware ID: A special string of characters assigned to hardware
Hash collisions: Two different inputs mapping to the same output
Hashing (Hash function): A type of function or operation that takes in an arbitrary data input and maps it to an output of a fixed size, called a hash or a digest
Having dependencies: A process of counting on other pieces of software to make an application work since one bit of code depends on another in order to work
Hidden files: A set of files that are not visible either to avoid alteration or simply because you don’t want someone to see them
High value data: usually includes account information, like usernames and passwords. Typically, any kind of user data is considered high value, especially if payment processing is involved
HMAC (Keyed-Hash Message Authentication Codes): It uses a cryptographic hash function along with a secret key to generate a MAC
Host-based firewalls: Protects individual hosts from being compromised when they're used in untrusted and potentially malicious environments
Hot key: A keyboard shortcut that does a particular task
HTTPS: Hypertext Transfer Protocol Secure is a secure version of HTTP that ensures the communication your web browser has with the website is secured through encryption
Hubs: Devices that serve as a central location through which data travels through; a quick and dirty way of getting packets mirrored to your capture interface
I
I/O Streams: An input stream handles data flowing into and out of a program
Identification: The idea of describing an entity uniquely
Impact: The impact of an incident is also an important issue to consider
Implicit deny: A network security concept where anything not explicitly permitted or allowed should be denied
Inherit only: A permission group that means that a DACL will be inherited, but not applied to a container
Injection attacks: A common security exploit that can occur in software development and runs rampant on the web, where an attacker injects malicious code
Inode: A file structure for metadata and files
Installing from source: A process of installing from a source
Integrity: Means keeping our data accurate and untampered with
Interactive mode: When the parted tool launches you into a separate program
Intermediary (subordinate) CA: It means that the entity that this certificate was issued to can now sign other certificates
Intrusion detection and intrusion protection systems (IDS/IPS): Operates by monitoring network traffic and analyzing it
IP source guard (IPSG): It can be enabled on enterprise switches along with DHCP snooping
IPsec (Internet Protocol security): A VPN protocol that was designed in conjunction with IPv6
Issuer Name: This field contains information about the authority that signed the certificate
K
Kerberos: A network authentication protocol that uses tickets to allow entities to prove their identity over potentially insecure channels to provide mutual authentication
Kerckhoff's principle: A principle that states that a cryptosystem, or a collection of algorithms for key generation and encryption and decryption operations that comprise a cryptographic service should remain secure, even if everything about the system is known except for the key
Kernel module: It extends the kernel's functionality so developers don't have to actually touch the Linux kernel
Key escrow: Allows encryption key to be securely stored for later retrieval by an authorized party
Key length: It defines the maximum potential strength of the system
Key signing parties: Organized by people who are interested in establishing a web of trust, and participants perform the same verification and signing
Key size: It is the total number of bits or data that comprises the encryption key
Key: A crucial component of a cipher, which introduces something unique into your cipher
Keylogger: A common type of spyware that's used to record every keystroke you make
L
L2TP (Layer 2 Tunneling Protocol): It is typically used to support VPNs
Library: A way to package a bunch of useful code that someone else wrote
Lightweight Directory Access Protocol (LDAP): An open industry-standard protocol for accessing and maintaining directory services; the most popular open-source alternative to the DAP
List folder contents: A command that will execute and list folder contents and is an alias for Read and Execute
Logic bomb: A type of Malware that's intentionally installed
Logs analysis systems: They are configured using user-defined rules to match interesting or atypical log entries
M
MACs (Message Authentication Codes): A bit of information that allows authentication of a received message, ensuring that the message came from the alleged sender and not a third party masquerading as them
Malware: A type of malicious software that can be used to obtain your sensitive information or delete or modify files
Manifest: A library used if an application needs to use a shared library
Master boot record (MBR): a traditional partition table within a storage disk that lets you have volume sizes of 2 terabytes or less and is mostly used in the Windows OS
Master file table (MFT): A way NTFS stores and represents the files on your operating system
MD5: A popular and widely used hash function designed in the early 1990s as a cryptographic hashing function
Meddler in the middle (formerly known as Man in the Middle): An attack that places the attacker in the middle of two hosts that think they're communicating directly with each other
Memory manager: A Windows OS program that helps manage virtual memory
Metadata: Tells us everything we need to know about a file, including who created it, when it was last modified, who has access to it, and what type of file it is.
MIC (Message Integrity Check): It is essentially a hash digest of the message in question
Microsoft Install Package(.msi) and MSI files: Microsoft Install Package is a file extension used to guide a program called Windows Installer in the installation, maintenance, and removal of programs of the windows operating systems. MSI files are a combination of of databases that contain installation instructions in different tables along with all the files
Mobile applications: Software that is distributed on mobile OS devices
Mobile device management: A system used to apply and enforce rules about how the device has to be configured and used
Modify: An umbrella permission that includes read and execute and write
Monitor mode: It allows to scan across channels to see all wireless traffic being sent by APs and clients
Mounting: Making a file or hard disk accessible to the computer
Multifactor authentication (MFA): A system where users are authenticated by presenting multiple pieces of information or objects
Multilingual user interface: Interface that offers and support different languages
N
Network hardening: Is the process of securing a network by reducing its potential vulnerabilities through configuration changes, and taking specific steps
Network separation (network segmentation): A good security principle for an IT support specialists to implement. It permits more flexible management of the network, and provides some security benefits. This is the concept of using VLANs to create virtual networks for different device classes or types
Network software hardening: Includes things like firewalls, proxies, and VPNs
Network time protocol (NTP): A network protocol used to synchronize the time between the authenticator token and the authentication server
NIST: National Institute of Standards and Technology
Normalization: It's the process of taking log data in different formats and converting it into a standardized format that's consistent with a defined log structure
O
OAuth: An open standard that allows users to grant third-party websites and applications access to their information without sharing account credentials
OES (Operating Encounter Mode): It turns a block cipher into a stream cipher by using a random seed value along with an incrementing counter to create a key stream to encrypt data with
One-time password (OTP) tokens: Another very common method for handling multifactor
One-time password (OTP): A short-lived token, typically a number that's entered along with a username and password
OpenID: An open standard that allows participating sites known as Relying Parties to allow authentication of users utilizing a third party authentication service
Organizational units (OUs): Folders that let us group related objects into units like people or groups to distinguish between individual user accounts and groups that accounts can belong to
P
Packaged archives: The core or source software files that are compressed into one file
Packaged managers: An application that makes package installation and removal easier
Packet sniffing (packet capture): the process of intercepting network packets in their entirety for analysis
Pairwise Transient Key (PTK): It is generated using the PMK, AP nonce, Client nonce, AP MAC address, and Client MAC address
Parameter: A value that is associated with a command
Parent directory & child directories: A parent directory is a directory that houses all subsequent child directories
Partition table: How the disk is partitioned on an OS
Password attacks: Utilize software like password crackers that try and guess your password
Password salt: Additional randomized data that's added into the hashing function to generate the hash that's unique to the password and salt combination
Paths: A main directory that branches off and holds other directories and files
PBKDF2 (Password Based Key Derivation Function 2): Password Based Key Derivation Function 2
PCI DSS: Payment Card Industry Data Security Standard
Penetration testing: The practice of attempting to break into a system or network to verify the systems in place
Personal package archives: A software repository for uploading source packages to be built and published
PGP (Pretty Good Privacy) encryption: An encryption application that allows authentication of data along with privacy from third parties relying upon asymmetric encryption to achieve this
Phishing attack: It usually occurs when a malicious email is sent to a victim disguised as something legitimate
Physical tokens: They take a few different forms, such as a USB device with a secret token on it, a standalone device which generates a token, or even a simple key used with a traditional lock
PIN authentication method: It uses PINs that are eight-digits long, but the last digit is a checksum that's computed from the first seven digits
Ping flood: It sends tons of ping packets to a system. If a computer can't keep up with this, then it's prone to being overwhelmed and taken down
PKI system: A system that defines the creation, storage and distribution of digital certificates
Platform key: It's the public key corresponding to the private key used to sign the boot files
Port mirroring: Allows the switch to take all packets from a specified port, port range, or the entire VLAN and mirror the packets to a specified switch port
Portable Executable (PE) format: Windows unique version of .exe
Post-fail analysis: Investigating how a compromise happened after the breach is detected
Pre-shared key: It's the Wi-Fi password you share with people when they come over and want to use your wireless network
Primary account: The initial account you made during setup
Principle of least privilege: Helps to ensure that sensitive data is only accessed by people who are authorized to access it
Privacy policies: Oversees the access and use of sensitive data
Process Explorer: A utility Microsoft created to let IT support specialists and system administrators look at running processes
Process ID: Unique identifier for processes on your computer
Process monitoring: A way of monitoring what processes are happening during installation
Processes: Help the computer run programs
Programs: The applications that we can run
Promiscuous mode: A type of computer networking operational mode in which all network data packets can be accessed and viewed by all network adapters operating in this mode
Prompt: A prompt shows you which directory you’re currently in
Proxy: Can be useful to protect client devices and their traffic. They also provide secure remote access without using a VPN
Pseudo-random: Something that isn't truly random
Public key authentication: A key pair is generated by the user who wants to authenticate
Public key signatures: Digital signature generated by composing the message and combining it with the private key
R
RA (Registration Authority): It is responsible for verifying the identities of any entities requesting certificates to be signed and stored with the CA
Rainbow table attacks: To trade computational power for disk space by pre-computing the hashes and storing them in a table
Rainbow tables: A pre-computed table of all possible password values and their corresponding hashes
Random numbers: A very important concept in encryption because it avoids some kind of pattern that an adversary can discover through close observation and analysis of encrypted messages over time
Ransomware: A type of attack that holds your data or system hostage until you pay some sort of ransom
RC4 (Rivest Cipher 4): Asymmetric stream cipher that gained widespread adoption because of its simplicity and speed
Read and execute permission: Permissions that grant you access to read the file that exists and execute it if its runnable
Read permission: Permissions that grant you access to read the file that exists
Recoverability: How complicated and time-consuming the recovery effort will be
Regular expression: A pattern matching language that describes words, phrases, or more complicated patterns; regular expressions are used to help you do advanced pattern based selection
Relative path: It is a path from your current directory
Remote attestation: The idea of a system authenticating its software and hardware configuration to a remote system
Remote Authentication Dial-in User Service (RADIUS): A protocol that provides AAA services for users on a network
Repository: A server that acts like a central storage location for packages
Resource monitoring: The most common way to quickly take a peek at how system resources are doing
Reverse proxy: A service that might appear to be a single server to external clients, but actually represents many servers living behind it
Risk mitigation: Understanding the risks your systems face, take measures to reduce those risks, and monitor them
Risk: The possibility of suffering a loss in the event of an attack on the system
Rogue Access Point (AP) Attack: An access point that is installed on the network without the network administrator's knowledge
Rogue DHCP server attack: An attacker can hand out DHCP leases with whatever information they want by deploying a rogue DHCP server on your network, setting a gateway address or DNS server, that's actually a machine within their control
Root certificate authority: They are self signed because they are the start of the chain of trust, so there's no higher authority that can sign on their behalf
Root directory: A parent directory for all other directories in a file system
Root user: It is the first user that gets automatically created when we install a Linux OS and has all the privileges on the OS. Also called the super user. There's technically only one superuser or root account, but anyone that's granted access to use their powers can be called a superuser too
Rootkit: A collection of software or tools that an admin would use
RSA: One of the first practical asymmetric cryptography systems to be developed, named for the initials of the three co-inventors: Ron Rivest, Adi Shamir and Leonard Adleman
S
SACL's: System Access Control List
Screen lock: A security feature that helps prevent unwanted access by creating an action you have to do to gain entry
SD devices: Mass storage devices like hard drives
Secure boot protocol: It uses public key cryptography to secure the encrypted elements of the boot process
Secure channel: It is provided by IPsec, which provides confidentiality, integrity, and authentication of data being passed
Secure element: It's a tamper resistant chip often embedded in the microprocessor or integrated into the mainboard of a mobile device
Secure Shell (SSH): A secure network protocol that uses encryption to allow access to a network service over unsecured networks
Security information and event management systems (SIEMS): Form of centralized logging for security administration purposes
Security keys: Small embedded cryptoprocessors, that have secure storage of asymmetric keys and additional slots to run embedded code
Security patch: A piece of software that is meant to fix up a security hole
Security through obscurity: The principle that if no one knows what algorithm is being used or general security practices, then one is safe from attackers
Security: It's all about determining risks or exposure understanding the likelihood of attacks; and designing defenses around these risks to minimize the impact of an attack
Self-signed certificate: This certificate has been signed by the same entity that issued the certificate
Serial number: A unique identifier for their certificate assigned by the CA which allows the CA to manage and identify individual certificates
Session hijacking (cookie hijacking): A common meddler in the middle attack
Session key: The shared symmetric encryption key using TLS sessions to encrypt data being sent back and forth
Session manager subsystem: Process that is in charge of setting some stuff up to work for the OS
Severity: Includes factors like what and how many systems were compromised and how the breach affects business functions
SHA1: It is part of the secure hash algorithm suite of functions, designed by the NSA and published in 1995
Shannon's maxim: It states that the system should remain secure, even if your adversary knows exactly what kind of encryption systems you're employing, as long as your keys remain secure
Shell: A shell is a command line interpreter for Linux
Shortcut: An entry in the MFT that has a reference to some destination, so that when you open it up, you get taken to that destination
Side-by-side assemblies: A system that manages most shared libraries and resources on Windows and supports access to multiple versions of the same shared library automatically
Side-loading: A process of installing mobile apps directly without using an app store
Signal: A way to tell a process that something has just happened
Simple permissions: Special or specific permissions
Single sign on (SSO): An account that grants you access to multiple accounts without require constant entry of a password or username
Social engineering: An attack method that relies heavily on interactions with humans instead of computers
Softlinks: A shortcut in Linux, that allows us to link to another file using a file name
Software signing certificate: Trust mechanism where a software vendor can cryptographically sign binaries they distribute using a private key
Spear phishing: Phishing that targets individual or group - the fake emails may contain some personal information like your name, or the names of friends or family
Spoofing: When a source is masquerading around as something else
Spyware: The type of malware that's meant to spy on you
SQL Injection Attack: An attack that targets the entire website if the website is using a SQL database
SSL 3.0: The latest revision of SSL that was deprecated in 2015
SSL/TLS Client Certificate: Certificates that are bound to clients and are used to authenticate the client to the server, allowing access control to a SSL/TLS service
SSL/TLS Server Certificate: A certificate that a web server presents to a client as part of the initial secure setup of an SSL, TLS connection
Standard error (stderr): A data stream that redirect the output of error messages in a different output stream. It works both in Linux and Windows
Standard In (stdin): A data stream in which the input that you provide through the keyboard goes to the standard in stream of the process that you're interacting with. It works both in Linux and Windows
Standard out (stdout): A data stream that when a process creates output, it adds data to the standard out stream, which flows out of the process. It works both in Linux and Windows
Standard user: A user who is given access to the machine but has restricted access to do thing like install software or change certain setting
StartTLS: It permits a client to communicate using LDAP v3 over TLS
Stdin, stdout, stderr: Three data streams created when you launch a Linux command
Steganography: The practice of hiding information from observers, but not encoding it
Stream ciphers: It takes a stream of input and encrypts the stream one character or one digit at a time, outputting one encrypted character or digit at a time
Subdirectories: A directory below or at a deeper level in the directory hierarchy
Subject Public Key Info: These two subfields define the algorithm of the public key along with the public key itself
Subject: This field contains identifying information about the entity the certificate was issued to
Substitution cipher: An encryption mechanism that replaces parts of your plaintext with ciphertext
Suspended apps: A command that will tell the OS to suspend background mobile apps
Swap space: The allocated space where the virtual memory is stored on the hard drive when the amount of physical memory space is used up or full
Symbolic links: Work similarly to shortcuts, but at the file system level. The key difference is that the operating system treats them like substitutes for the file they're linked to in almost every meaningful way
Symmetric key algorithm: Encryption algorithms that use the same key to encrypt and decrypt messages
SYN flood: The server is bombarded with SYN packets
Sysinternals package: A set of tools released by Microsoft that can help you troubleshoot
System properties: A control panel applet that allows you to edit the size and number and location of paging files
T
Tab completion: A way to auto-complete a command or file names and directories
TACACS+: It is a device access AAA system that manages who has access to your network devices and what they do on them
Tailgating: Gaining access into a restricted area or building by following a real employee in
Task Manager: A Windows utility that allows you to gain information about what tasks you have running in the background
Tcpdump: It's a super popular, lightweight command-line based utility that you can use to capture and analyze packets
Termination signal: A kill command that will stop whatever process you tell it to
Threat: The possibility of danger that could exploit a vulnerability
Threats & password policies: Protects Data & IP, Data Protection, Infrastructure Defense, Identity Management, and users
Ticket granting service (TGS): It decrypts the Ticket Granting Ticket using the Ticket Granting Service secret key, which provides the Ticket Granting Service with the client Ticket Granting Service session key
Time-based token (TOTP): A One-Time-Password that's rotated periodically
TKIP (Temporal Key Integrity Protocol): To address the shortcomings of WEP security
TLS 1.2 with AES GCM: A specific mode of operation for the AES block cipher that essentially turns it into a stream cipher
TLS 1.2: The current recommended revision of SSL
TLS Handshake: A mechanism to initially establish a channel for an application to communicate with a service
TPM (Trusted Platform Module): This is a hardware device that's typically integrated into the hardware of a computer, that's a dedicated crypto processor
Transport mode: One of the two modes of operations supported by IPsec. When used, only the payload of the IP packet is encrypted, leaving the IP headers untouched
Trim: A command to delete unused data blocks so the space can be used for the computer's storage needs
Trojan: Malware that disguises itself as one thing but does something else
Trusted execution environment (TEE): It provides a full-blown isolated execution environment that runs alongside the main OS
Tunnel mode: One of the two modes of operations supported by IPsec. When used, the entire IP packet, header, payload, and all, is encrypted and encapsulated inside a new IP packet with new headers
Tunnel: It is provided by L2TP, which permits the passing of unmodified packets from one network to another
U
U2F (Universal 2nd Factor): It's a standard developed jointly by Google, Yubico and NXP Semiconductors that incorporates a challenge-response mechanism, along with public key cryptography to implement a more secure and more convenient second-factor authentication solution
UEFI: A new standard for BIOS
Unbind: It closes the connection to the LDAP server
Username and password authentication: Can be used in conjunction with certificate authentication, providing additional layers of security
UUID: Universally Unique ID
V
Validity: This field contains two subfields, Not Before and Not After, which define the dates when the certificate is valid for
Vendor risk review: Questionnaire that covers different aspects of their security policies procedures and defenses
Version: What version of the X.509 standard certificate adheres to
Virtual memory: A combination of hard drive space and RAM that acts like memory which our processes can use
Viruses: The best known type of malware
Volume: A format for a filesystem on a partition
VPN (Virtual Private Network): A secure method of connecting a device to a private network over the internet. Commonly used to provide secure remote access, and link two networks securely
Vulnerability scanner: Detect lots of things, ranging from misconfigured services that represent potential risks, to detecting the presence of back doors and systems
Vulnerability: A flaw in the system that could be exploited to compromise the system
W
Web of trust: It is where individuals instead of certificate authorities sign other individuals' public keys
WEP (Wired Equivalent Privacy): First security protocol introduced for Wi-FI networks
Wildcard: A character that is used to help select files based on a certain pattern
Windows domain: A network of computers and users that are added to a central database
Windows Search service: A service that indexes files on your computer by looking through them on a schedule
Windows store: A Windows store is an application repository or warehouse where you can download and install universal Windows platform apps
Windows update client service: System that runs in the background on your computer to download and install updates and patches for your operating system
Wireshark: It's another packet capture and analysis tool that you can use, but it's way more powerful when it comes to application and packet analysis, compared to tcpdump
Worms: They are similar to viruses except that instead of having to attach themselves onto something to spread, worms can live on their own and spread through channels like the network
WPA (Wi-fi protected access): Designed as a short-term replacement that would be compatible with older WEP-enabled hardware with a simple firmware update
WPA2 Enterprise: It's an 802.1x authentication to Wi-Fi networks
WPS (Wifi Protected Setup): It's a convenience feature designed to make it easier for clients to join a WPA-PSK protected network
Write permission: A permission that allows you to make changes to a file
X
X.509 standard: It is what defines the format of digital certificates, as well as a certificate revocation list or CRL
XTACACS: It stands for Extended TACACS, which was a Cisco proprietary extension on top of TACACS
Z
0-Day Vulnerability (Zero Day): A vulnerability that is not known to the software developer or vendor, but is known to an attacker.