Rule-based access control (RBAC) – Access determined by a set of rules, evaluates factors such as user role, time of day, and the status of the workstation.
Tabletop Exercise – Security team meets to talk though what they would do in a given scenario and takes notes on what works and what doesn’t.
Incident Response Process – Preparation > Detection > Analysis > Containment > Eradication > Recovery > Lessons Learned
Attribute Based Access Control (ABAC) – Grants user access based on user attributes such as location, age, rank, or other relevant factors
Rule Based Access Control (R BAC) – Determines access based on a user’s role within on organization.
Role Based Access Control – Determines access based on the users role in the organization.
Mandatory Access Control (MAC) – Enforces access control through centralized control. Uses a classification or clearance system.
Discretionary Access Control – Allows owners to dictate access, modifications, and other operations.
Endpoint Detection & Response (EDR) – Aimed at detecting anomalies and addressing issues, but does not extend to serving as a malware analysis tool. Capability to search an explore data, identify suspicious activities, and facilitate coordinated responses.
SELinux – Linux kernel module offering diverse security capabilities and access control methods, including support for mandatory access control on Linux systems.
Quarantine – Placing a malicious or suspicious file in a secure location, where it remains until a specified timeframe elapses or an administrator intervenes.
Containment – Restricts the scope of an incident or attack.
Isolation – Prevents a system or device from connecting to others.
Input Validation – Prevent unexpected or malicious input by removing control characters, validating data, and performing various actions to sanitize input before it undergoes processing by the application or is stored for future use.
WPA3 – Upgrade over WPA2 that utilizes secure authentication of equals (SAE), replacing WPA2’s preshared key session key negotiation process.
OAuth – Widely adopted authorization service employed for cloud services, enabling users to grant access to their information to specific websites or applications without divulging their passwords.
OpenID – Open protocol for the authentication layer often utilized in conjunction with OAuth.
NXLog – Tool for collecting and centralizing logs.
Network Traffic Monitoring – IPFix, Netflow, and SFlow gather information about network traffic, such as the source and destination addresses, ports, protocols, and data volume, which can be collected for analysis.
Static Code Analysis – Beneficial in identifying business logic issues.
Fuzzing – Used to observe the application’s response to possible malicious input in text fields.
Secure Cookie Flag – Http flag that ensures cookies are secure at the transport layer; cookies must be sent using TLS encryption.
Compensating Control – Used to address an unmitigated vulnerability.
Sender Policy Framework (SPF) – enumerated the IP addresses of authorized systems permitted to send emails in DNS TXT records for a domain.
DominKeys Identified mail (DKIM) – Authenticates a domain’s identity through a public key pair, validating the sender’s authenticity.
Domain-based Message Authentication, Reporting, and Conformance (DMARC) – manages the handling of unauthenticated messages by mailbox providers, allowing actions such as quarantining, rejecting, or flagging messages.
Authenticated Scan – type of vulnerability assessment that uses valid credentials to log in to a system.
Nessus – Network based tool for vulnerability scanning.
Leave a Reply