Microsoft Security Terms

If you find any errors feel free to email me at my school email. Happy studying!
STUDY
PLAY

Terms in this set (...)

Access control
The process of restricting access to a resource to only permitted users, applications, or computer systems.
Attack surface
The exposure, the reachable and exploitable vulnerabilities that a system or technology has.
Availability
Describes a resource being accessible to a user, application, or computer system when required. In other words, availability means that when a user needs to get to information, he or she has the ability to do so.
Confidentiality
The characteristic of a resource ensuring access is restricted to only permitted users, applications, or computer systems.
Defense in depth
Using multiple layers of security to defend your assets.
Flash drive
A small drive based on flash memory.
Integrity
The consistency, accuracy, and validity of data or information. One of the goals of a successful information security program is to ensure that data is protected against any unauthorized or accidental changes.
Keylogger
A physical or logical device (either software or hardware) used for tracking keystrokes to capture passwords and other critical data directly from the keyboard.
Principle of least privilege
A security discipline that requires that a particular user, system, or application be given no more privilege than necessary to perform its function or job.
Removable device
A storage device that is designed to be taken out of a computer without turning the computer off.
Residual risk
The risk that remains after measures have been taken to reduce the likelihood or minimize the effect of a particular event.
Risk
The probability that an event will occur. In reality, businesses are concerned only about risks that would negatively impact the computing environment.
Risk acceptance
The act of identifying and then making an informed decision to accept the likelihood and impact of a specific risk.
Risk assessment
Identifies the risks that might impact your particular environment.
Risk avoidance
The process of eliminating a risk by choosing not to engage in an action or activity.
Risk management
The process of identifying, assessing, and prioritizing threats and risks.
Risk mitigation
Taking steps to reduce the likelihood or impact of a risk.
Risk transfer
The act of taking steps to move responsibility for a risk to a third party through insurance or outsourcing.
Social engineering
A method used to gain access to data, systems, or networks, primarily through misrepresentation. This technique typically relies on the trusting nature of the person being attacked.
Threat
An action or occurrence that could result in the breach, outage, or corruption of a system by exploiting known or unknown vulnerabilities.
access control list (ACL)
A list of all users and groups that have access to an object.
accounting
Also known as auditing, is the process of keeping track of a user's activity while accessing network resources, including the amount of time spent in the network, the services accessed while there, and the amount of data transferred during each session.
Active Directory
A directory service technology created by Microsoft that provides a variety of network services, including Lightweight Directory Access Protocol (LDAP), Kerberos-based and single sign-on (SSO) authentication, DNS-based naming and other network information and a central location for network administration and delegation of authority.
Administrative share
A shared folder typically used for administrative purposes.
Asymmetric encryption
Also known as public key cryptography, uses two mathematically related keys for encryption. One key is used to encrypt the data, while the second is used to decrypt it.
Auditing
The process of keeping track of a user's activity while accessing network resources, including the amount of time spent in the network, the services accessed while there, and the amount of data transferred during each session.
Authentication
The process of identifying an individual, usually based on a username and password.
Authorization
The process of giving individuals access to system objects based on their identity.
Biometrics
An authentication method that identifies and recognizes people based on physical traits, such as fingerprints, face recognition, iris recognition, retinal scans, and voice recognition.
BitLocker To Go
A new feature in Windows 7 that enables users to encrypt removable USB devices, such as flash drives and external hard disks.
Brute force attack
A type of attack that tries as many possible combinations of characters as time and money permit.
Built-in groups
The default groups that are included within Windows or Active Directory.
Certificate chain
Also known as the certification path, is a list of certificates used to authenticate an entity. It begins with the certificate of the entity and ends with the root CA certificate.
Certificate Revocation List (CRL)
A list of certificates (or more specifically, a list of serial numbers for certificates) that have been revoked or are no longer valid and therefore should not be relied on.
Computer account
A logical object that provides a means for authenticating and auditing a computer's access to a Windows network, as well as its access to domain resources.
Decryption
The process of converting data from encrypted format back to its original format.
Digital certificate
An electronic document that contains an identity, such as a user or organization name, along with a corresponding public key. Because it is used to prove a person's identity, it can also be used for authentication.
Digital signature
A mathematical scheme that is used to demonstrate the authenticity of a digital message or document. It is also used to prove that the message or document has not been modified.
Domain controller
A Windows server that stores a replica of the account and security information of a domain and defines the domain boundaries.
Domain user
A user account stored on the domain controller and allows you to gain access to resources within the domain, assuming you have been granted permissions to access those objects.
Effective permissions
Actual permissions when logging in and accessing a file or folder. They consist of explicit permissions plus any inherited permissions.
Encryption
The process of converting data into a format that cannot be read by another user. Once a user has encrypted a file, that file automatically remains encrypted when it is stored on disk.
Explicit permission
Permissions granted directly to a file or folder.
Group(s)
A collection or list of user accounts or computer accounts.
Hash function
as a one-way encryption, which means that after something has been encrypted with this method, it cannot be decrypted.
Inherited permission
Permissions granted to a folder (parent object or container) that flows into child objects (subfolders or files) inside that folder.
IP Security (IPsec)
A suite of protocols that provides a mechanism for data integrity, authentication, and privacy for the Internet Protocol. It is used to protect data that is sent between hosts on a network by creating secure electronic tunnels between two machines or devices. IPsec can be used for remote access, VPN, server connections, LAN connections, or WAN connections.
Kerberos
The default domain computer network authentication protocol, which allows hosts to prove their identity over a non-secure network in a secure manner.
Key
Can be thought of as a password, is applied mathematically to plain text to provide cipher or encrypted text. Different keys produce different encrypted output.
Local user account
A user account that is stored in the Security Account Manager (SAM) database on the local computer.
Member server
A server that is not running as a domain controller.
Multifactor authentication
When two or more authentication methods are used to authenticate someone.
Nonrepudiation
Prevents one party from denying the actions it has carried out.
NTFS
The preferred file system for today's Windows operating system.
NTFS Permission
Permissions that allow you to control which users and groups can gain access to files and folders on an NTFS volume.
NTLM
The default authentication protocol for Windows NT, stand-alone computers that are not part of a domain, and situations in which you are authenticating to a server using an IP address.
Organizational units (OU)
A container used in Active Directory to help organize objects within a domain and minimize the number of domains.
Owner
A identity that controls an object including what permissions are set on the object and to whom permissions are granted.
Password
A secret series of characters that enables a user to access a particular file, computer, or program.
Permission
Defines the type of access that is granted to an object (an object can be identified with a security identifier) or object attribute.
Personal Identification Number (PIN)
A secret numeric password shared between a user and a system that can be used to authenticate the user to the system.
Public Key Infrastructure (PKI)
A system consisting of hardware, software, policies, and procedures that create, manage, distribute, use, store, and revoke digital certificates. Within it the certificate authority binds a public key with respective user identities and issues digital certificates containing the public key.
Registry
A central, secure database in which Windows stores all hardware configuration information, software configuration information, and system security policies. Components that use the registry include the Windows kernel, device drivers, setup programs, hardware profiles, and user profiles.
Right
Authorizes a user to perform certain actions on a computer, such as logging on to a system interactively or backing up files and directories on a system. User rights are assigned through local policies or Active Directory group policies.
Secure Sockets Layer (SSL)
A cryptographic system that uses two keys to encrypt data, a public key known to everyone and a private or secret key known only to the recipient of the message. The public key is published in a digital certificate, which also confirms the identity of the web server.
Security Account Manager (SAM)
A local security database found on most Windows computers.
Security token
A physical device that an authorized computer services user is given to ease authentication.
Share permissions
permissions assigned to shared folders or drives.
Shared folder
Technology that allows access of data files over the network.
Single sign-on (SSO)
Technology that allows you to log on once and access multiple related but independent software systems without having to log in again.
Smart card
A pocket-sized card with embedded integrated circuits consisting of nonvolatile memory storage components and perhaps dedicated security logic.
Symmetric encryption
Uses a single key to encrypt and decrypt data.
Syslog
A standard for logging program messages that can be accessed by devices that would not otherwise have a method for communications.
User account
A logical object that enables a user to log on to a computer and domain.
Virtual private network (VPN)
Technology that links two computers through a wide-area network such as the Internet. To keep the connection secure, the data sent between the two computers is encapsulated and encrypted.
Account lockout
Refers to the number of incorrect logon attempts permitted before a system locks an account. Each bad logon attempt is tracked by the bad logon counter, and when the counter exceeds the account lockout threshold, no further logon attempts are permitted.
Cracked password
A password that gets access to an encrypted password file from a workstation or server. Once he or she has access, the attacker starts running password cracking tools against the file, with an eye toward breaking as many passwords as possible and leveraging them to further compromise the company's network and systems.
Dictionary attack
A form of attach which attempts all words in one or more dictionaries. Lists of common passwords are also typically tested.
Group Policy Object (GPO)
A set of rules that allow an administrator granular control over the configuration of objects in Active Directory (AD), including user accounts, operating systems, applications, and other AD objects.
Sniffers
A specially designed software (and in some cases hardware) applications that capture network packets as they traverse a network, displaying them for the attacker.
Strong password
A password that is hard to guess because it is long and has a mix of different types of characters. It also has random enough where it could not be easily guessed.
Application-level firewall
A form of firewall that controls all input, output, and access to and from an application or service by monitoring and potentially what does not meet its configured policy. It is is typically built to control network traffic on OSI layers up to Application. Can be network based or host based.
Circuit-level firewall
A form of firewall that operates at the OSI Session layer. It monitors TCP handshaking between packets to determine whether a requested session is legitimate. They conceal the network itself from the external, which is helpful for interdicting access to impostors. They are relatively inexpensive and have the advantage of hiding information about the private network they protect. They do not filter individual packets.
DMZ (demilitarized zone)
A physical or logical sub-network that functions as a small, isolated network positioned between the Internet and the private network and, if its design is effective, allows the organization extra time to detect and address breaches before they would further penetrate into the internal networks.
DNS Security Extensions (DNSsec)
Provides domain name service clients with source authentication, data integrity and authenticated denial of existence.
DNS poisoning
A type of attack that exploits vulnerabilities in the domain name system to divert Internet traffic away from legitimate servers and towards fake ones.
DNS spoofing
A form of computer security hacking where corrupt domain name system data is fed into the DNS resolver's cache, causing the name server to return an incorrect result record, resulting in traffic being diverted to an unintended computer.
Firewall
A part of a computer system or network that is designed to block unauthorized access while permitting outward communication.
Honeynet
A network set up with intentional vulnerabilities to invite attacks, so an attacker's activities and methods can be studied to increase network security.
Honeypot
A computer security mechanism similar to a police sting operation, where fake data is set up in a network site to appear vulnerable, but is carefully monitored to block attackers.
Host firewall
A firewall that runs on host computers and controls network traffic in and out of those machines
Intrusion detection systems (IDS)
A device or software application that monitors a network or systems for malicious activity or policy violations.
Intrusion prevention systems (IPS)
A system of active components developed to increase the IT security of an IT system by identifying harmful activities, recording their relative information, and then attempting to block and report them.
MAC address
A unique identifier assigned to network interface controllers for communications at the data-link layer of a network segment.
Network Access Protection (NAP)
A Microsoft technology for controlling network access of a computer, based on its health, such as status of firewalls and current updates installed.
Network firewall
A firewall that filters traffic between two or more networks and runs on network hardware.
Open Systems Interconnect (OSI)
A computer netoworking standard started in 1977 byas started in 1977 by the International Organization for Standardization (ISO).
Padded cell
A system that waits for an IDS to detect an attacker
and then transfers the attacker to a special host where he or she cannot do any damage to the
production environment.
Personal firewall
An firewall that controls network traffic to and from a computer, permitting or denying communications based on a security policy.
Secure Content Management (SCM)
An appliance specializing in content and threat analysis by integrating different functions and
features including antivirus, anti-spam, and content filtering.
Spoofing
An attack where one person or program successfully masquerades as another by falsifying data, thereby gaining an illegitimate advantage.
Stateful inspection
A firewall that specializes in packet filtering by analyzing each packet to determine whether to permit or deny it.
Unified Threat Management (UTM)
An approach to information security whereby a single hardware or software installation provides multiple security functions.
Adware
Software that generates revenue for its developer by automatically generating online advertisements in the user interface of the software or on a screen presented to the user during the installation process.
Backdoor
An often secret method of bypassing normal authentication or encryption in a computer system or other device.
Bayesian filter
A special algorithm used to help determine whether or not an email is considered spam.
Content zones
Different levels of security are assigned to different internet zones on some browsers, such as Microsoft's Internet Explorer.
Cookie
A small piece of data sent from a website and stored on the user's computer by the user's web browser while the user is browsing.
Malicious software (malware)
Any form of hostile or intrusive software or intentionally harmful program.
Microsoft Baseline Security Analyzer (MBSA)
A Microsoft software tool designed to determine a security state by assessing missing security updates and less-secure security settings within the Windows OS and programs.
Offline files
Copies of network files stored on your computer for access when there is no access to the network.
Pharming
A cyber attack intended to redirect a website's traffic to a fake site.
Phishing
The attempt to obtain sensitive information such as usernames, passwords, credit card details, or money, often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.
Pop-up window
A window that appears above a website, often blocking view of the site. Some are legitimate, but many are simply annoying advertisements.
Rootkit
A collection of hidden, malicious computer software designed to enable access to a computer or areas of its software that is not otherwise allowed.
Sender Policy Framework (SPF)
A simple email validation system designed to detect email spoofing by providing a mechanism to allow receiving mail exchangers to check that incoming mail from a domain comes from a host authorized by that domain's administrators.
Spam
Unsolicited communication or email.
Spyware
Software that aims to gather information about a person or organization without their knowledge, that may send such information to another entity without the consumer's consent, or that asserts control over a device without the consumer's knowledge.
Trojan horse
Any malicious computer program which misleads users of its true intent.
User Account Control (UAC)
Security infrastructure designed by Microsoft to enhance computer security by allowing administrators more control of the permissions granted to individual users.
Virus
A type of malicious software program that, when executed, replicates itself by modifying other computer programs and inserting its own code.
Virus hoax
A message warning the recipients of a non-existent computer virus threat, often within a chain e-mail that tells the recipients to forward it to everyone they know.
Windows Defender
Antimalware software that comes standard on most Windows operating systems.
Windows Firewall
Firewall software that comes standard on most Windows operating systems.
Windows Server Update Server (WSUS)
A Microsoft computer program that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers in a corporate environment.
Windows updates
Updates to the Windows operating system.
Worm
A standalone malware computer program that replicates itself in order to spread to other computers.