Thursday, August 27, 2015

link might be good

https://quizlet.com/subject/redhat/

http://www.flashcardmachine.com/

Description of Symmetric and Asymmetric Encryption

Symmetric Encryption

Symmetric encryption is the oldest and best-known technique. A secret key, which can be a number, a word, or just a string of random letters, is applied to the text of a message to change the content in a particular way. This might be as simple as shifting each letter by a number of places in the alphabet. As long as both sender and recipient know the secret key, they can encrypt and decrypt all messages that use this key.

Symmetric encryption uses the identical key to both encrypt and decrypt the data.  Symmetric key algorithms are much faster computationally than asymmetric algorithms as the encryption process is less complicated.  The length of the key size is critical for the strength of the security.  NIST has recommendations on how long a key should be– in general, 160-512 bits.   There are inherent challenges with symmetric key encryption in that the key must somehow be managed.  Distributing a shared key is a major security risk.


Asymmetric Encryption

The problem with secret keys is exchanging them over the Internet or a large network while preventing them from falling into the wrong hands. Anyone who knows the secret key can decrypt the message. One answer is asymmetric encryption, in which there are two related keys--a key pair. A public key is made freely available to anyone who might want to send you a message. A second, private key is kept secret, so that only you know it.  So, asymmetric encryption uses two related keys (public and private) for data encryption and decryption, and takes away the security risk of key sharing. The private key is never exposed.

Any message (text, binary files, or documents) that are encrypted by using the public key can only be decrypted by applying the same algorithm, and using the matching private key. Any message that is encrypted by using the private key can only be decrypted by using the matching public key.

This means that you do not have to worry about passing public keys over the Internet (the keys are supposed to be public). A problem with asymmetric encryption, however, is that it is slower than symmetric encryption. It requires far more processing power to both encrypt and decrypt the content of the message.


Digital Certificates

To use asymmetric encryption, there must be a way for people to discover other public keys. The typical technique is to use digital certificates (also known simply as certificates). A certificate is a package of information that identifies a user or a server, and contains information such as the organization name, the organization that issued the certificate, the user's e-mail address and country, and the user's public key.

When a server and client require a secure encrypted communication, they send a query over the network to the other party, which sends back a copy of the certificate. The other party's public key can be extracted from the certificate. A certificate can also be used to uniquely identify the holder.

RHEL - Commands you should master

lp print

ls list

pwd Present Working Directory

cat Views file

more Displays text file one screen at a time

file Displays file type

less Displays file with scroll and search capability

date Displays or changes system date

system-config-date Opens a GUI tool to Display or change system date

passwd Changes password

id [username] Displays user and group information for specified username

su - username Switches user while keeping environmental variables

su username Switches user without environmental variables

su - Switches to root user

exit Exits su to original user

chage Sets password age limit

whoami Shows original user id logged in as

groups Shows group memberships for each username

history Shows commands entered since login

!# Enters command with command history number #

!A Enters last command with the first letter A

[partial command] TAB TAB Displays commands similar to partial command entered

bg Runs a process ID in the background

fg Runs a process ID in the foreground

ctrl Z Breaks or pauses a process

ctrl C Kills a process

jobs Shows jobs running on machine

ctrl-alt-f5 Switches to virtual console 5

ctrl-alt-f1 Returns to GUI from virtual console

virt-manager Opens a GUI tool for virtual machine manager

echo $PATH Displays path of commands used

echo $ Displays environmental variable value or prints script info to user screen

cd Changes directory

cp Copies files

ln Creates a hard link

ln -s Creates a symbolic link or alias

mv Moves a file

rm Removes a file or directory

touch Creates or updates access and modification times of a file

mkdir Creates a directory

rmdir Removes an empty directory

alias Creates a command alias in .bashrc file

reset Clears terminal log history and terminal window

clear Clears terminal window but not log

where is Locates executable command paths

locate Searches for a file path in nightly indexed file database

updatedb Creates or updates the indexed file database used by locate command

find Searches for a file in a directory hierarchy

system-release Displays RedHat Version information

nano Text editor and file creator

gedit Opens a GUI text editor

man Opens a manual page for a command

man -k Suggests manual page similar to text entered

makewhatis Updates man database after packet installation

pinfo Advanced lynx based viewer for commands info page or its manual page if one does not exist

firefox Opens a GUI web browser

sudo Allows a user to execute a command at another users access level

lpadmin Configures a printer

lp [filename] Prints filename to default printer

palimpsest Opens a GUI disk utility

fdisk Mbr disk partitioner

df -h Shows mapping of disk partitions

mount Mounts a directory as a partition

umount Unmounts a directory as a partition

pvcreate Creates a logical physical volume

pvdisplay Displays logical physical volumes

vgcreate Creates a volume group from physical volume physical extents

vgdisplay Displays volume groups

lvcreate Creates a logical volume made of physical extents

lvdisplay Displays logical volumes

mkfs Formats a partition and creates a filesystem

vgextend Extends a volume group to a new partition

resize2fs Extends a logical volume group filesystem

lsblk Displays overview of partitions and logical volumes

kill -l Displays a list of process signals

kill Sends a signal to a process

nice Runs a command with a modified niceness scheduling priority

renice Alters the niceness scheduling priority of a process

top Opens command line process manager

ps Displays processes running from current window

ps -e Displays every process running on system

du Displays disk usage

du -sh Displays total disk usage of all directorys under current directory

yum Yellowdog updater modified package manager

rpm Redhat package manager

Package manager that does not resolve dependencies Rpm package manager

Package manager that does resolve dependencies Yum package manager

createrepo Creates yum repository

system-config-network Opens a GUI for configuring network interfaces

arp Modify the system arp cache

ip Displays IP address and network information similar to ifconfig

ifconfig Displays IP address and network information similar to ip

route Displays or modifies routing table of system

iproute Second way to display routing table of system

netstat -r Display only routing table of system

host Simple DNS hostname or IP look up tool based on the same engine as DIG

nslookup Older DNS lookup tool that queries it's own DNS table before contacting a DNS server and then showing IP and Host as well as the lookup server

hostname Displays or nonpersistantly modifies hostname entry in /proc/sys/kernel/hostname

service network restart Restarts network services with new settings

dig In depth DNS lookup utility similar to host that gives entire DNS message

tail Displays last ten lines of a file

chsh Changes shell

chage Changes password aging similar to passwd-x or usermod

passwd -x Changes password aging similar to chage or usermod

usermod Changes user attributes

useradd Adds a user to passwd but will not assign a password

groupadd Adds a group to groups or directory

chown Changes user ownership of a file or directory

chmod Changes mode of a file

chgrp Changes group ownership of a file or directory

ssh Opens a secure shell terminal

scp Secure copies a file

rsync Syncs remote files to local files

ssh-keygen Generates, manages, and converts authentication keys for ssh

ssh-copy-id Installs ~/.ssh/id_rsa.pub in a remote machines ~/.ssh/authorized_keys file

file-roller Opens a GUI archive manager

chkconfig Displays or modifies services run at boot

vncpasswd Sets your VNC password on the VNC server

vncviewer Opens a GUI VNC window

getsebool Displays SE Linux variables

iptables Sets up, maintains, and inspects the tables of IP packet filter rules in the linux kernel (firewalls)

seinfo Queries SE linux policy

getenforce Displays SE linux status

setenforce Changes SE linux status

restorecon Restores SE linux file context based on dir it is in

chcon Changes SE linux file context

tune2fs Displays or modifies tunable filesystem parameters on ext filesystems

blkid Displays or modifies block id attributes of disks

setfacl Sets file access control lists

swapon Enables a swap partition

swapoff Disables a swap partition

uname -r Displays currently running kernel

cat /proc/cmdline Displays arguments passed to kernel at boot

init Sets init runlevel for next boot

runlevel Displays previous and current system runlevel

umask Sets file mode creation mask for files and directories

tar Creates a tar file

gpg Encryption and signing tool allowing private key use to run scripts

service Displays status, starts, stops, or restarts a system init script

ftp Opens text based ftp client

sealert Opens a GUI SE linux browser and troubleshooter

grep flags /proc/cpuinfo Displays processor stats

virsh Creates a virtual machine

lvrename Renames a logical volume

lvremove Removes a logical volume

ctrl - Decreases font size

ctrl + Increases font size

vim Opens a text editor similar to vi

squid Proxy caching server

partprobe Informs kernel of partition table changes to nonprimary partions

kpartx Creates device maps from partition tables

w Displays currently logged in users

last Displays last lines of a file or log

makewhatis Creates or renews man -k database

wc Displays word count on a file

sort Sorts lines in a file for output

unique Displays non adjacent unique lines in a file

tee Reads from standard input and writes to a file

e2label Changes label on ext partition

cryptsetup Encrypts a partition

reboot Restarts system

mkswap Create a linux swap area in a file or partition

lvm Open text based logical volume manager

info Displays Info pages of a command

dmsetup Low level logical volume manager

vgreduce Shrinks a volume group by removing a physical volume from it.

fsck Checks and repairs the health of an unmounted filesystem

pvs Checks available extents in a physical volume

pvmove Moves data off a physical volume that is to be removed.

lvreduce Shrinks a logical volume to a defined size

lvextend Extends a logical volume to a defined size or by a defined amount

showmount Displays the mount information for an NFS server

smbclient Samba ftp client to access SMB/CIFS resources on servers

service autofs reload Reinitializes autofs after updating /etc/auto.master

userdel Removes a user from /etc/passwd file

groupdel Removes a group from /etc/groups file

vipw Locks the passwd file and opens it for editing user information

vigr Locks the groups file and opens it for editing group information

pwconv Syncs the /etc/shadow and /etc/passwd files

pwchk Checks the /etc/passwd file for errors

automount manages autofs mount points

system-config-users Opens a GUI tool for managing users and groups

autoconfig Opens a TUI interface for managing NIS, LDAP, Kerberos 5, and SMB, by editing the /etc/sysconfig/network, /etc/passwd, and /etc/shadow files.

system-config-authentication Opens a GUI tool for managing NIS, LDAP, Kerberos 5, and SMB, by editing the /etc/sysconfig/network, /etc/passwd, and /etc/shadow files.

getent Searches a given database file like passwd, group, aliases, shadow, etc.. for a defined term and returns matching entries

getfacl Displays file acl for provided file path

grpconv Syncs /etc/group and /etc/gshadow files

newgrp Changes group id to a named group. Similar su - command for changing users.

gpasswd Sets group password in /etc/gshadow

wget Non-Interactive file downloader that allows a user to retrieve a file while not logged in. Designed to work over slow or unstable network connections.

ps -eZ Displays SE linux information for processes

semanage fcontext Displays SE linux defaults used by restorecon

setsebool Sets specific SE linux rules on or off

lsof Displays list of files opened by system

nc Opens netcat utility for troubleshooting tcp/udp connections

service rsyslog restart Restarts log server after changes to rsyslog.conf

logger Sends a test message to the log server

logwatch Monitors logs and emails a summary to root

killall Kills all processes with a specific name

crontab Configures cron files in the /var/spool/ directory used by the crond process

anacron Similar to cron, it runs commands listed in the /etc/anacrontab file based on date it was last run, so cron commands are not missed in the event of a system being shut down.

dmesg Displays boot messages from the kernel ring buffer /proc/ksmsg

sysctl Configures kernel parameters for next boot cycle

modinfo Displays information about a kernel module

lsmod Displays what modules are loaded by kernel

modprobe Adds or removes modules from the kernel

RHEL7 - Services

systemctl

String search and matching pattern


Wildcard to match any character string
$ [cmd] ab*

Wildcard to match any single character
$ ls m?n

Wildcard to match any character in a set of characters
[chars]

Not wildcard
!

Wildcard to match any character not in a set of characters
[!chars]

Wildcard to match the alphanumeric character group
[:alnum:]

Wildcard to match the numerical character group
[:digit:]

Wildcard to match the uppercase alphanumeric character group
[:upper:]

Wildcard to match the lowercase alphanumeric character group
[:lower:]

Pathname expansion using echo command
To print output all filenames and directories in a directory
$ echo *

To output everything beginning with a and ending with z in a directory
$ echo a*z

To output everything beginning with a capitol letter in a directory $ echo [[:upper:]]*

To output all directories containg a subdirectory /tmp/ in the /usr/ directory
$ echo /usr/*/tmp/

Tilde expansion using echo command
T o output home directory of current user
$ echo ~

To output home director of [user] echo ~[user]

Arithmetic expansion of echo command
To output value of expression 5 + 5 = echo $((5+5))

The basic syntax echo $(([numeral] [operand] [numeral]))

To output value of expression (5 * 2) 3 = echo $(((5*2)3))

Arithmetic operand for
remainder %
squared **
divided /

Brace expansion of echo comand
To output " count_1 count_2 count_3 count_4 count_5 " echo count_{1..5}

To output " Z Y X W V U T S R " echo {Z..R}

To output " aA1b aA2b aB1b aB2b " echo a{A{1,2},B{1,2}}b

Brace expansion of mkdir command to output directorys for every month in 2011-2012 in the format of YYYY_MM mkdir {2011..2012}_0{1..9} {2011..2012}_{10..12}

Input output redirection and filter

1. Redirect the output of a command to a file
Note: If you have existing file, it will be over written
$ [cmd] > [file]

2. Redirect and append the output of a command to a file.
Note: Existing file content will not be over written.
$ [cmd] >> [file]

3. Input redirection to a command from a file
$ [cmd] < [file]

4. Input redirection to a command from file1 and output to file2
$ [cmd] < [file1] > [file2]

5. Redirect output of one command into a second command (pipes)
$ [cmd1] | [cmd2]

Redirect filter to,
7. Sort standard input to standard output
$ [cmd] | sort

8. Examine input for specific lines of characters and return matching lines to standard output
$ [cmd] | grep string

9. Examine input for adjacent duplicates and return unique lines to standard output
$ [cmd] | uniq

10. Read text from standard input and return formated text to standard output
$ [cmd] | fmt

11. Format standard input with page breaks, headers, footers, etc for output to a printer
$ [cmd] | pr

12. Return first 10 lines of input to standard output
$ [cmd] | head

13. Return last 10 lines of input to standard output
$ [cmd] | tail

14. Translate, sqeeze, or delete characters of standard input to standard output
$ [cmd] | tr

15. Stream edit standard input and return to standard output
$ [cmd] | sed

16. Process standard input with gawk pattern scanning and programming language and return standard output
$ [cmd] | awk

17. Display standard input one page at a time
$ [cmd] | more

18. Display standard input with scroll and search capability
$ [cmd] | less

RHEL7 - Samba client info


Samba client package
cifs-utils

How to identify smb shares on a server

smbclient -L //serverX


Mount SMB share on client machine

# mkdir -p <mp>
# mount -t cifs -o guest //<server>/<share> /<mountpoint>

Mount SMB share with user authentication
# mount -t cifs -o username=<username> //<server>/<share> /<mountpoint>

Mount SMB share with credentical file
# mount -t cifs -o credentials=<file_location> //<server>/<share> /<mountpoint>

SMB credential file entry

# cat ~/userinfo
username=username
password=password
domain=domain


SMB autofs mapping file syntax

<mp> -fstype=cifs,credentials=<file> ://serverX/<mp>

RHEL7 - Configure autofs

Setup/configure autofs

Steps on server
1. Iinstall autofs packages

2. Create master-map file

3. Create mapping-file

4. Enable autofs

5. Start autofs


on Client

Client mount

To use indirect wildcard mapping in mapping file, use the following entry

*    -rw,sync               <server>:<sharename>/&



master map file entry for home directory (autofs)
# cat /etc/auto.master
/home/<dir> /etc/auto.home

home directory mapping file entry
# cat /etc/auto.home
* -rw,sync <server>:/home/<dir>/&

Wednesday, August 26, 2015

Some technical terms used on Computing Security

CompTIA Security+ Certification Exam


1. What is Data at-Rest
Is an IT term referring to inactive data which is stored physically in any digital form (e.g. databases, data warehouses, spreadsheets, archives, tapes, off-site backups, mobile devices etc.).


2. What is Data in-Motion?
DLP systems, which are software or hardware tools that monitor network traffic in order to detect sensitive data that is being sent in violation of information security policies.

3. What is a SCADA?
Is a type of industrial control system. Industrial control systems are computer controlled systems that monitor and control industrial processes that exist in the physical world. (Wide Area)


4. What is Infrastructure as a Service?
Infrastructure as a Service (IaaS) Infrastructure as a service (IaaS) is a standardized, highly automated offering, where compute resources, complemented by storage and networking capabilities are owned and hosted by a service provider and offered to customers on-demand.


5. What is Software as a Service?
A software distribution model in which applications are hosted by a vendor or service provider and made available to customers over a network, typically the Internet.





6. What are Public Clouds?
A public cloud is a set of computers and computer network resources based on the standard cloud computing model, in which a service provider makes resources, such as applications and storage, available to the general public over the Internet.


What are Private Clouds?      
is a dedicated server that the customer uses exclusively. The platform and applications, however, are still maintained by the cloud provider.                


What are Hybrid Clouds?
is a cloud computing environment in which an organization provides and manages some resources in-house and has others provided externally. For example, an organization might use a public cloud service, such as Amazon Simple Storage Service (Amazon S3) for archived data but continue to maintain in-house storage for operational customer data.


7. What is Cloud Based Storage?
Cloud storage is a model of networked enterprise storage where data is stored in virtualized pools of storage which are generally hosted by third parties.


8. What is a Acceptable User Policy? (AUP)
Acceptable Use Policy (AUP), also known as an acceptable usage policy or fair use policy, is a set of rules applied by the owner or manager of a network, website or large computer system that restrict the ways in which the network, website or system may be used.


9. What is a Privacy Policy?
Is a statement or a legal document (privacy law) that discloses some or all of the ways a party gathers, uses, discloses and manages a customer or client's data.


10. What is a Security Policy?
Is a definition of what it means to be secure for a system, organization or other entity. For an organization, it addresses the constraints on behavior of its members as well as constraints imposed on adversaries by mechanisms such as doors, locks, keys and walls. For systems, the security policy addresses constraints on functions and flow among them, constraints on access by external systems and adversaries including programs and access to data by people.


11. What is a Human Resource Policy?
Are systems of codified decisions, established by an organization, to support administrative personnel functions, performance management, employee relations and resource planning[1] . Each company has a different set of circumstances, and so develops an individual set of human resource policies.


12. What is Spear Phishing?
Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. Spear phishing attempts are not typically initiated by "random hackers" but are more likely to be conducted by perpetrators out for financial gain, trade secrets or military information.


13. What is a Digital Signature?
A digital signature is basically a way to ensure that an electronic document (e-mail, spreadsheet, text file, etc.) is authentic. Authentic means that you know who created the document and you know that it has not been altered in any way since that person created it.




14. What is a Digital Certificate?
A digital certificate is an electronic "passport" that allows a person, computer or organization to exchange information securely over the Internet using the public key infrastructure (PKI). A digital certificate may also be referred to as a public key certificate.




15. What is a Incident Handling Response? [PDF]
A. Reconstruction
B. Plan of Action
C. Reconstruction
D. Lesson Learned




16. What is LDAP?
Is an application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network.


17. What is Kerberos?
Is a computer network authentication protocol which works on the basis of 'tickets' to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed it primarily at a client–server model and it provides mutual authentication—both the user and the server verify each other's identity. Kerberos protocol messages are protected against eavesdropping and replay attacks.




18. What is a Unified Threat Managment (UTM)?
Is a comprehensive solution that has recently emerged in the network security industry, and since 2004 it has gained widespread currency as a primary network gateway defense solution for organizations.[1] In theory, UTM is the evolution of the traditional firewall into an all-inclusive security product able to perform multiple security functions within one single appliance: network firewalling, network intrusion prevention and gateway antivirus (AV), gateway anti-spam, VPN, content filtering, load balancing, data leak prevention and on-appliance reporting.


19. What is a Access Control List (ACL)?
Is a list of permissions attached to an object. An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects.[1] Each entry in a typical ACL specifies a subject and an operation. For instance, if a file has an ACL that contains (Alice, delete), this would give Alice permission to delete the file.




20. What is an Eye Witness in Security?
Is someone who has, who claims to have, or is thought, by someone with authority to compel testimony, to have knowledge relevant to an event or other matter of interest. In law a witness is someone who, either voluntarily or under compulsion, provides testimonial evidence, either oral or written, of what he or she knows or claims to know about the matter before some official authorized to take such testimony.


21. What is Chain of Custody in Security?
In legal contexts, refers to the chronological documentation or paper trail, showing the seizure, custody, control, transfer, analysis, and disposition of physical or electronic evidence.


22. What is Expert Witness in Security?
A person who is permitted to testify at a trial because of special knowledge or proficiency in a particular field that is relevant to the case.


23. What is Data Analysis in Security?
Analysis of data is a process of inspecting, cleaning, transforming, and modeling data with the goal of discovering useful information, suggesting conclusions, and supporting decision making.


24. What is Application Whitelisting?
Application whitelisting is a computer administration practice used to prevent unauthorized programs from running. The purpose is primarily to protect computers and networks from harmful applications, and, to a lesser extent, to prevent unnecessary demand for resources.


25. What is Remote Wiping in Security?
When a device is lost or stolen to erase all data on the device and to do a factory reset for the device. All data is erased from the device (and SD card, if applicable), including email, calendar, contacts, photos, music, and a user's personal files.


26. What is an Acceptable Use Policy in Security (AUP) ?
This has already been answered please see no. 8 of this doc.


27. What is Mobile Device Management in Security (MDM) ?
Mobile device management (MDM) is a type of security software used by an IT department to monitor, manage and secure employee's mobile devices that are deployed across multiple mobile service providers and across multiple mobile operating systems being used in the organization.


28. What is Role-Based Management in Security?
The theory is that instead of putting your users into groups, you put them into roles, which correspond to their actual job titles. Magically, their role memberships get them access to all the files, folders, databases, mailboxes and whatnot that they need.


29. What is TKIP-based Encryption?
Was a stopgap security protocol used in the IEEE 802.11 wireless networking standard. TKIP was designed by the IEEE 802.11i task group and the Wi-Fi Alliance as an interim solution to replace WEP without requiring the replacement of legacy hardware. This was necessary because the breaking of WEP had left WiFi networks without viable link-layer security, and a solution was required for already deployed hardware. TKIP is no longer considered secure and was deprecated in the 2012 revision of the 802.11 standard.[1]


30. What is CCMP-based Encryption?
Counter Mode Cipher Block Chaining Message Authentication Code Protocol, Counter Mode CBC-MAC Protocol or simply CCMP (CCM mode Protocol) is an encryption protocol designed for Wireless LAN products that implement the standards of the IEEE 802.11i amendment to the original IEEE 802.11 standard. CCMP is an enhanced data cryptographic encapsulation mechanism designed for data confidentiality and based upon the Counter Mode with CBC-MAC (CCM) of the AES standard.[1] It was created to address the vulnerabilities presented by WEP, a dated, insecure protocol.[1]


31. What is a SAN?
A storage area network (SAN) is a dedicated network that provides access to consolidated, block level data storage. SANs are primarily used to enhance storage devices, such as disk arrays, tape libraries, and optical jukeboxes, accessible to servers so that the devices appear like locally attached devices to the operating system. A SAN typically has its own network of storage devices that are generally not accessible through the local area network by other devices.


32. What is CHAP?
In computing, the Challenge-Handshake Authentication Protocol (CHAP) authenticates a user or network host to an authenticating entity. That entity may be, for example, an Internet service provider. CHAP is specified in RFC 1994. CHAP provides protection against replay attacks by the peer through the use of an incrementally changing identifier and of a variable challenge-value. CHAP requires that both the client and server know the plaintext of the secret, although it is never sent over the network. The MS-CHAP variant does not require either peer to know the plaintext, but has been broken.[1] Thus, CHAP provides better security as compared to Password Authentication Protocol (PAP).






33. What is Security Assertion Markup Language (SAML)?
Security Assertion Markup Language (SAML, pronounced "sam-el"[1]) is an XML-based open standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. The single most important requirement that SAML addresses is web browser single sign-on (SSO). Single sign-on solutions are common at the intranet level (using cookies, for example) but extending these solutions beyond the intranet has been problematic and has led to the proliferation of non-interoperable proprietary technologies. (Another more recent approach to addressing the browser SSO problem is the OpenID protocol.)




34. What is Kerberos?
This has already been answered please see no. 17 of this doc.


35. What is Diameter?
Diameter is an authentication, authorization, and accounting protocol for computer networks. It evolved from and replaces the much less capable RADIUS protocol that preceded it.




36. What is Encrypted TCP Wrappers?
Is a freely available IP packet filtering facility written by Wieste Venema. It provides for greater and more specific control over local network services and which hosts are allowed to access them. It also makes use of the standard syslog facility to track local network use. Although it was written many years ago and has not changed much over time, TCP Wrappers remains useful because it can be configured quickly and easily, and it adds an additional layer of protection even when used in conjunction with more robust packet filters (like iptables).




37. What is Firmware Version Control?
The task of keeping a software system consisting of many versions and configurations well organized.


38. What is an Anomaly based IDS?
An Anomaly-Based Intrusion Detection System, is a system for detecting computer intrusions and misuse by monitoring system activity and classifying it as either normal or anomalous. The classification is based on heuristics or rules, rather than patterns or signatures, and attempts to detect any type of misuse that falls out of normal system operation. This is as opposed to signature based systems which can only detect attacks for which a signature has previously been created.


39. What is a Signature Based IDS?
Signature-based IDS monitors packets in the network, and compares them with pre-configured and pre-determined attack patterns, known as signatures.


40. What are Role Based Access Controls?
Role-based access control (RBAC) is a method of regulating access to computer or network resources based on the roles of individual users within an enterprise. In this context, access is the ability of an individual user to perform a specific task, such as view, create, or modify a file. Roles are defined according to job competency, authority, and responsibility within the enterprise.


41. What are Mandatory Access Controls?
In computer security, mandatory access control (MAC) refers to a type of access control by which the operating system constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target. In practice, a subject is usually a process or thread; objects are constructs such as files, directories, TCP/UDP ports, shared memory segments, IO devices etc. Subjects and objects each have a set of security attributes. Whenever a subject attempts to access an object, an authorization rule enforced by the operating system kernel examines these security attributes and decides whether the access can take place.


42. What are Discretionary Access Controls?
In computer security, discretionary access control (DAC) is a type of access control defined by the Trusted Computer System Evaluation Criteria[1] "as a means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject (unless restrained by mandatory access control)".


43. What is a Security Manager?
A security manager is an employee at a company responsible for security and safety at the company. This can take a number of different forms, though typically the manager will be responsible for physical, real world security or digital security. The security manager at a company, especially a small company, may be responsible for both forms of security as well as other tasks that are also applicable.


44. What is a Security Administrator?
The person charged with monitoring and implementing security controls and procedures for a system. Whereas each university will have one Information Security Officer, technical management may designate a number of security administrators.


45. What are Routine Audits?
An information security audit occurs when a technology team conducts an organizational review to ensure that the correct and most up-to-date processes and infrastructure are being applied. An audit also includes a series of tests that guarantee that information security meets all expectations and requirements within an organization. During this process, employees are interviewed regarding security roles and other relevant details.


46. What is Chain of Custody in Security?
This has already been answered please see no. 21 of this doc.


47. What is a System Image?
In computing, a system image is a copy of the entire state of a computer system stored in some non-volatile form such as a file. A system is said to be capable of using system images if it can be shut down and later restored to exactly the same state.


48. What are Take Hashes?
Is a hash function that takes an arbitrary block of data and returns a fixed-size bit string, the cryptographic hash value, such that any (accidental or intentional) change to the data will (with very high probability) change the hash value.


49. What is Order of Volatility?
When collecting data for a computer forensic investigation you want to collect the most volatile data first as it will be lost the quickest. The order of volatility shows which data will be lost first.


Order of Volatility
  1. Memory contents
  2. Swap files
  3. Network processes
  4. System processes
  5. File system information
  6. Raw disk blocks
Memory contents, swap files, network processes, and system processes will all be lost when the suspect system is shut down.


50. What is a Computer Emergency Response Team? (CERT)
Is an organization that receives reports of security breaches, conducts analyses of the reports and responds to the senders. A CSIRT may be an established group or an ad hoc assembly.


51. What are Internal Operating Procedures in Security?
Are set of written procedures that operate internally in a business.


52. What are Standard Operating Procedures in Security?
Every Security Business must operate within the guidelines of their Standard Operating Procedures and General Orders. eg: rules/regs, harassment, illegal drugs, smoking, etc...


53. What is Hashing in Security?
A hash value (or simply hash), also called a message digest, is a number generated from a string of text. The hash is substantially smaller than the text itself, and is generated by a formula in such a way that it is extremely unlikely that some other text will produce the same hash value.


54. What is a Key Escrow in Security?
Key escrow (also known as a “fair” cryptosystem) is an arrangement in which the keys needed to decrypt encrypted data are held in escrow so that, under certain circumstances, an authorized third party may gain access to those keys. These third parties may include businesses, who may want access to employees' private communications, or governments, who may wish to be able to view the contents of encrypted communications.


54. What is Non-Repudiation in Security?
A service that provides proof of the integrity and origin of data. Non-repudiation refers to a state of affairs where the purported maker of a statement will not be able to successfully challenge the validity of the statement or contract. The term is often seen in a legal setting wherein the authenticity of a signature is being challenged. In such an instance, the authenticity is being "repudiated".


55. What is Steganography?
Is the art and science of encoding hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message. Steganography includes the concealment of information within computer files. In digital steganography, electronic communications may include steganographic coding inside of a transport layer, such as a document file, image file, program or protocol. Media files are ideal for steganographic transmission because of their large size. For example, a sender might start with an innocuous image file and adjust the color of every 100th pixel to correspond to a letter in the alphabet, a change so subtle that someone not specifically looking for it is unlikely to notice it.


56. What is a Packet Filter Firewall?
A firewall that forwards or blocks packets based on the information in the network-layer and transport-layer headers.


57. What is a Stateful Firewall?
In computing, a stateful firewall is a firewall that keeps track of the state of network connections traveling across it. The firewall is programmed to distinguish legitimate packets for different types of connections.


58. What is a Proxy Firewall?
A firewall that filters a message based on the information available in the message itself (at the application layer).


59. What is an Application Firewall?
An application firewall is a form of firewall which controls input, output, and/or access from, to, or by an application or service. It operates by monitoring and potentially blocking the input, output, or system service calls which do not meet the configured policy of the firewall.


60. What is an Information Assurance Officer?
An Information Assurance Security Officer (IASO) in the United States Army is primarily responsible for the security and integrity of the information systems in his or her area of responsibility.


61. What are Environmental Control Measures in Security?
Unauthorized physical access, loss, damage or interference to the organization's premises and infrastructure, or interruptions to its critical operations, should be prevented using physical and environmental controls appropriate to the identified risks and the value of the assets protected.


62. What is TPM in Security?
The Trusted Platform Module (TPM) is an international standard for a secure cryptoprocessor. The TPM technical specification was written by a computer industry consortium called the Trusted Computing Group (TCG). The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) standardized the specification as ISO/IEC 11889 in 2009.[1]


63. What is 802.1x in Security?
IEEE 802.1X is an IEEE Standard for Port-based Network Access Control (PNAC). It is part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a LAN or WLAN. 802.1X authentication involves three parties: a supplicant, an authenticator, and an authentication server.


64. What are Flood Guards in Security?
Network floods can cause outages and affect the security of our enterprise networks. In this video, you'll learn how to use flood guards to prevent DoS, SYN floods, ping floods, and more.


65. What are Man Traps in Security?
A mantrap is a small room with an entry door on one wall and an exit door on the opposite wall. One door of a mantrap cannot be unlocked and opened until the opposite door has been closed and locked.


66. What are Proximity Cards in Security?
Is a smart card which can be read without inserting it into a reader device, as required by earlier magnetic stripe cards such as credit cards.[2] To use, the proximity card is held near an electronic reader unit for a moment. The reader usually produces a beep or other sound to indicate the card has been read.


67. What are Biometrics Authentication in Security?
Biometrics (or biometric authentication)[note 1] refers to the identification of humans by their characteristics or traits. Biometrics is used in computer science as a form of identification and access control.[1] It is also used to identify individuals in groups that are under surveillance.


68. What is a SaaS site in Security?
This has already been answered please see no. 5 of this doc.


69. What is a Cold site in Security?
A cold site is a similar type of disaster recovery service that provides office space, but the customer provides and installs all the equipment needed to continue operations. A cold site is less expensive, but it takes longer to get an enterprise in full operation after the disaster


70. What is a Warm site in Security?
Typically contains the data links and pre-configured equipment necessary to rapidly start operations, but does not contain live data. Thus commencing operations at a warm site will (at a minimum) require the restoration of current data.


71. What is a Hot site in Security?
A hot site is a commercial disaster recovery service that allows a business to continue computer and network operations in the event of a computer or equipment disaster. For example, if an enterprise's data center becomes inoperable, that enterprise can move all data processing operations to a hot site. A hot site has all the equipment needed for the enterprise to continue operation, including office space and furniture, telephone jacks and computer equipment.


72. What is Hardening in Security?
In computing, hardening is usually the process of securing a system by reducing its surface of vulnerability. A system has a larger vulnerability surface the more functions it fulfills; in principle a single-function system is more secure than a multipurpose one. Reducing available vectors of attack typically includes the removal of unnecessary software, unnecessary usernames or logins and the disabling or removal of unnecessary services.


73. What is Fuzzing in Security? [link]
Fuzz testing or fuzzing is a software testing technique used to discover coding errors and security loopholes in software, operating systems or networks by inputting massive amounts of random data, called fuzz, to the system in an attempt to make it crash. If a vulnerability is found, a tool called a fuzz tester (or fuzzer), indicates potential causes.


74. What is Non Repudiation in Security?
This has already been answered please see no. 54 of this doc.


75. What is a  MOU in Security?
A memorandum of understanding is a document describing a bilateral or multilateral agreement between two or more parties. It expresses a convergence of will between the parties, indicating an intended common line of action.


76. What is a Data Loss Prevention (DLP) in Security? [link]
Data loss prevention (DLP) is a strategy for making sure that end users do not send sensitive or critical information outside of the corporate network. The term is also used to describe software products that help a network administrator control what data end users can transfer.


77. What is Fuzzy Hashes in Security? [link]
Library for calculating context triggered piecewise hashes (CTPH) also called fuzzy hashes. Fuzzy hashes can be used to match data that have similarities, such as two sets of data with sequences of identical bytes in the same order, although bytes in between these sequences may be different in both content and length.


78. What is HMAC in Security?
In cryptography, a keyed-hash message authentication code is a specific construction for calculating a message authentication code involving a cryptographic hash function in combination with a secret cryptographic key.


79. What is SHA-512 in Security?
SHA-2 is a set of cryptographic hash functions (SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256) designed by the U.S. National Security Agency (NSA) SHA-256 and SHA-512 are novel hash functions computed with 32 and 64-bit words, respectively. They use different shift amounts and additive constants, but their structures are otherwise virtually identical, differing only in the number of rounds.


80. What is TwoFish in Security?
Is a symmetric key block cipher with a block size of 128 bits and key sizes up to 256 bits. It was one of the five finalists of the Advanced Encryption Standard contest, but it was not selected for standardization. Twofish is related to the earlier block cipher Blowfish.


81. What is PGP in Security?
Pretty Good Privacy (PGP) is a popular program used to encrypt and decrypt e-mail over the Internet. PGP uses a variation of the public key system. In this system, each user has a publicly known encryption key and a private key known only to that user. You encrypt a message you send to someone else using their public key. When they receive it, they decrypt it using their private key. Since encrypting an entire message can be time-consuming, PGP uses a faster encryption algorithm to encrypt the message and then uses the public key to encrypt the shorter key that was used to encrypt the entire message. Both the encrypted message and the short key are sent to the receiver who first uses the receiver's private key to decrypt the short key and then uses that key to decrypt the message.


82. What is Asymmetric Encryption in Security?
Cryptography in which a pair of keys is used to encrypt and decrypt a message. The sender of the message encrypts the message with the recipient’s public key. The recipient then decrypts the message with his/her private key.


83. What is a Certificate Authority (CA) ?
A trusted third party whose purpose is to sign certificates for network entities it has authenticated using secure means. Other network entities can check the signature to verify that a CA has authenticated the bearer of a certificate.


84. What is Xmas in Security?
In information technology, a Christmas tree packet is a packet with every single option set for whatever protocol is in use. The term derives from a fanciful image of each little option bit in a header being represented by a different-colored light bulb, all turned on, as in, "the packet was lit up like a Christmas tree." It can also be known as a kamikaze packet, nastygram or a lamp test segment.


85. What is DoS in Security?
In computing, a denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.


86. What is a XSS in Security?
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy.


87. What is a Buffer Overflow?
In computer security and programming, a buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory. This is a special case of violation of memory safety.


88. What is Blue Snarfing?
Bluesnarfing is the unauthorized access of information from a wireless device through a Bluetooth connection, often between phones, desktops, laptops, and PDAs. This allows access to a calendar, contact list, emails and text messages, and on some phone users can copy pictures and private videos.



88. What is Trusted Platform Module (TPM)?
The Trusted Platform Module offers facilities for the secure generation of cryptographic keys, and limitation of their use, in addition to a random number generator.[4][5] It also includes capabilities such as remote attestation and sealed storage, as follows: Remote attestation, Binding, and Sealing.


89. What is a Certificate Revocation List (CRL)?
Certificate Revocation List (CRL) is one of two common methods when using a public key infrastructure for maintaining access to servers in a network. The other, newer method, which has superseded CRL in some cases, is Online Certificate Status Protocol (OCSP).


90. What is XSRF?
Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts.


91. What is Stream Cipher?
A stream cipher is a method of encrypting text (to produce ciphertext) in which a cryptographic key and algorithm are applied to each binary digit in a data stream, one bit at a time. This method is not much used in modern cryptography. The main alternative method is the block cipher in which a key and algorithm are applied to blocks of data rather than individual bits in a stream.


92. What are Bollards in Security?


93. What is NDP in Security?


94. What is NCP in Security?


95. What is MTBF?



96. What is Vishing?

Voice phishing is the criminal practice of using social engineering over the telephone system to gain access to private personal and financial information from the public for the purpose of financial reward. The term is a combination of "voice" and phishing. Voice phishing exploits the public's trust in landline telephone services, which have traditionally terminated in physical locations known to the telephone company, and associated with a bill-payer. Voice phishing is typically used to steal credit card numbers or other information used in identity theft schemes from individuals.

Spear Pushing
Attacker gains confidential company -> targeted ceo & board members

hoax
Attacker posts link to fake AV software -> Multiple social networks -> broad set of victims 

Vishing
Attacker collecting credit card details -> Phone based victims 
Phone calls to individual stating an IT issue

Phishing
Attacker mass mails product info to parties -> broad set of recipients 
Email sent to multiple users to a link to verify credentials .

Pharming
Attacker redirects name resolution entries from legimate site to fraudulent site -> forward fraudulent Site, block legitimate site

SPIM
on social media site & IM pops up from a friend

Social engineering
A friend/colleague ask you questions of a personal nature

Whaling
Phone calls made to CEO asking various data

Source: https://docs.google.com/document/d/1ZIcE7WM_Je6k5c19e7asaghfC9FYsgCXD2JXD7BIo-E/edit