OSI Model

A = Authenticate / Address / Access

B = Border

C = Contol(er) / Code

D = Domain / Device / Datagram / Document / Directory

E = Extensible / Enrollment / Exchange

F = Forgery

G = Gateway

H = Human / Hash

I = Internet / Infrastructure / Information

J = Java

K = Key

L = LAN / Layer

M = Message (ing) / Model

N = Network / Name

O = Object / One

P = Protocol / Packet / Port /Private

Q = Quality

R = Resolution / Remote / Request

S = Service / Site / Simple

T = Time / Tunnel / Transport / Translate / Tree

U = User

V = Virtual / Validate / Vector

W = Wireless / WiFi

X = X / Cross

Y =

Z = Zone

ARP = Address Resolution Protocol

ICMP = Internet Control Message Protocol

UDP = User Datagram Protocol

NDES = Network Device Enrollment Support

Radius = Remote Authentication Dial-In User Service EAP Over LAN

MAC = Message Authentication Code

L2TP = Layer 2 tunneling protocol (UDP port 1701)

PPTP = Point to Point Tunneling Protocol

FRR = False Rejection Rate

MTBF = Mean time between failures

POP = Post Office Protocol

PIV = Personal Identity Verification - Certificate based

OTP = One Time password

PRNG = Psuedo Random Number Generator

SPAN = Switched Port Analyzer

STP = Spanning Tree Protocol (redundency can add multiple paths to the same destination, STP stops loops)(also RSTP, Rapid Spanning Tree Protocol)

IPsec - OSI Layer 3 UDP port 500 and 4500

RDP - 3389

SNMP UDP 161

LDAP Port 389 SSL/TLS Port 636 (Entries are in the DIT - Directory Information Tree)

NNTP TCP 119

TFTP UDP 69

IDEA Key 128 bits

Correlation Engines examine FireWall logs to anyalyze possible attacks

Tripwire monitors baseline configuration and changes to it

DDoS uses clients, handles, agents and targets

Threat actors = script kiddies, hacktivist, criminal syndicartes, state actors, advanced persistent threats (APT),

insiders, hackers, shadow IT, competitors

Kerberos = KDC (Key Distro Center) Most important, uses TGT, with symmetric keys Port 88 Protocol & Service

VLANs = Switches and Routers (ACLs also)

Cookies = Persistent web settings

X.509 = PFX Certificate

Macro Virus is written in some form of VB and is platform-independent

ACLs are on ROUTERS and Packet Filtering FireWalls

Bastion Host = trusted relay for inbound connections (Jump Server, Cloud)

DMZ is created by a Fire Wall

Control Types

Preventative - Prevents Security breaches

Detective - Detects Security breaches as they occur

Corrective - Restores control and attempts to correct any damage from a Security breache

Deterrent - Deters potential violations

Recovery - Restores resources

Compensative - Provides alternative control when no other control is available (All controls)

Directive - Mandtory controls based on Regulator or Environmental requirements

Certificate Information

SAN - Subject Alternative Name - Allows the addition of info like IP or hostname associated with the Cert

OCSP = Online Certificate Status Protocol (Replacing CRL)

CRL = Certificate Revokation List

Promiscious mode - Ignores MAC address

Switches - Layer 2, MAC listing, Can have admin port with all traffic for sniffing (Don't understand IP addresses) (trunking ports are switch to switch)

Routers Isolate broadcast traffic - Layer 3 - Can seperate into Subnets

Layer 3 Switches with VLAN (understands IP Address)

Non-Repudiation assures the data's origin is known.

CER = Crossover Error Rate (meausre of accuracy)

SLE (Single Loss Expectancy)

AV = Asset Value

EF = Exposure Factor

AV x EF = SLE

ALE = Annual Loss Expectancy

ARO = Annual Rate of Occurence

TOTP = Time-based One Time Password

HOTP = Hashed One Time Password

Transitive trust requires at least 3 parties. Federation can be 2 parties that agree to trust.

DEP = Data Execution Prevention

ASLR = Address Space Layout Randomization

HSTS = HTTP Strict Transport Security