Guardians of the Gate
A software or hardware device that filters incoming and outgoing network traffic based on predetermined security rules.
What is a firewall?
Scrambling the characters used in a message so that the message can be seen but not understood or modified unless it can be deciphered.
What is encryption?
A person or entity responsible for an event that has been identified as a security incident or as a risk.
Who is a threat actor?
A method of validating a particular entity’s or individual’s unique credentials.
What is authentication?
A means of determining a receiver’s position on Earth based on information received from orbital satellites.
What is a global positioning system (GPS)?
The process of gathering and submitting computer evidence for trial. Digital evidence is latent, meaning that it must be interpreted.
What is digital forensics?
A software application running on a single host and designed to protect only that host.
What is a host-based firewall?
A message digest encrypted using the sender’s private key that is appended to a message to authenticate the sender and prove message integrity.
What is a digital signature?
Social engineering techniques for gathering valid credentials to use to gain unauthorized access.
What is credential harvesting?
The process of determining what rights and privileges a particular entity has.
What is authorization?
A secure tunnel created between two endpoints connected via an unsecure transport network (typically the Internet).
What is a virtual private network (VPN)?
In digital forensics, a tool that shows the sequence of file system events within a source image in a graphical format.
What is a timeline?
A firewall designed specifically to protect software running on web servers and their back-end databases from code injection and DoS attacks.
What is a web application firewall (WAF)?
A password that is generated for use in one specific session and becomes invalid after the session ends.
What is a one-time password (OTP)?
Malware that creates a backdoor remote administration channel to allow a threat actor to access and control the infected host.
What is a remote access Trojan (RAT)?
An authentication scheme that requires the user to present at least two different factors as credentials.
What is multifactor authentication (MFA)?
Services that use software-defined mechanisms and routing policies to implement virtual tunnels and overlay networks over multiple types of transport network.
What is a Software-Defined Wide Area Network (SD-WAN)?
In digital forensics, being able to trace the source of evidence to a crime scene and show that it has not been tampered with.
What is provenance?
Advances in firewall technology, from app awareness, user-based filtering, and intrusion prevention to cloud inspection.
What is a next-generation firewall (NGFW)?
In PKI, a CA that issues certificates to intermediate CAs in a hierarchical structure.
What is a root certificate?
A cryptographic attack where the attacker exploits the need for backward compatibility to force a computer system to abandon the use of encrypted messages in favor of plaintext messages.
What is a downgrade attack?
Authentication technology that enables a user to authenticate once and receive authorizations for multiple services.
What is single sign-on (SSO)?
Provisioning virtual network appliances, such as switches, routers, and firewalls, via VMs and containers.
What is network functions virtualization (NFV)?
A forensic tool to prevent the capture or analysis device or workstation from changing data on a target disk or media.
What is a write blocker?
A server that redirects requests and responses for clients configured with the proxy address and port.
What is a non-transparent proxy?
A server that guarantees subject identities by issuing signed digital certificate wrappers for their public keys.
What is a certificate authority (CA)?
Any type of physical, application, or network attack that affects the availability of a managed resource.
What is a denial of service (DoS) attack?
In a federated network, the service that holds the user account and performs authentication.
What is an identity provider (IdP)?
A firewall designed specifically to protect software running on web servers and their back-end databases from code injection and DoS attacks.
What is a web application firewall (WAF)?
Record of handling evidence from collection to presentation in court to disposal.
What is chain of custody?
A type of proxy server that protects servers from direct contact with client requests.
What is a reverse proxy?
A Base64 ASCII file that a subject sends to a CA to get a certificate.
What is a certificate signing request (CSR)?
An attack that involves the use of infected Internet-connected computers and devices to disrupt the normal flow of traffic of a server or service by overwhelming the target with traffic.
What is a distributed DoS (DDoS) attack?
A number used in conjunction with authentication devices such as smart cards; as the PIN should be known only to the user, loss of the smart card should not represent a security risk.
What is a personal identification number (PIN)?
A type of IDS that monitors a computer system for unexpected behavior or drastic changes to the system’s state.
What is a host-based intrusion detection system (HIDS)?
A technique used to determine the true cause of the problem that, when removed, prevents the problem from occurring again.
What is a root cause analysis?
A server that redirects requests and responses without the client being explicitly configured to use it.
What is a transparent (or forced or intercepting) proxy?
A list of certificates that were revoked before their expiration date.
What is a certificate revocation list (CRL)?
A DoS attack where the attacker sends numerous SYN requests to a target server, hoping to consume enough resources to prevent the transfer of legitimate traffic.
What is a SYN flood attack?
A wireless network authentication mode where a passphrase-based mechanism is used to allow group authentication to a wireless network.
What is a pre-shared key (PSK)?
Endpoint protection that can detect and prevent malicious activity via signature and heuristic pattern matching.
What is a host-based intrusion prevention system (HIPS)?
An analysis of events that can provide insight into how to improve response and support processes in the future.
What is a lessons learned report (LLR)?