Post

Abbreviations

Abbreviations

I am following Udemy Jason Dion’s course for Security +

Abbreviations

    
AAAAuthentication, Authorization, and Accounting  
ACLAccess Control List  
AESAdvanced Encryption Standard  
AES-256Advanced Encryption Standard 256-bit  
AHAuthentication Header  
AIArtificial Intelligence  
AISAutomated Indicator Sharing  
ALEAnnualized Loss Expectancy  
APAccess Point  
APIApplication Programming Interface  
APTAdvanced Persistent Threat  
AROAnnualized Rate of Occurrence  
ARPAddress Resolution Protocol  
ASLRAddress Space Layout Randomization  
ATT&CKAdversarial Tactics, Techniques, and Common Knowledge  
AUPAcceptable Use Policy  
AVAntivirus  
BASHBourne Again Shell  
BCPBusiness Continuity Planning  
BGPBorder Gateway Protocol  
BIABusiness Impact Analysis  
BIOSBasic Input/Output System  
BPABusiness Partners Agreement  
BPDUBridge Protocol Data Unit  
BYODBring Your Own Device  
CACertificate Authority  
CAPTCHACompletely Automated Public Turing Test to Tell Computers and Humans Apart  
CARCorrective Action Report  
CASBCloud Access Security Broker  
CBCCipher Block Chaining  
CCMPCounter Mode/CBC-MAC Protocol  
CCTVClosed-circuit Television  
CERTComputer Emergency Response Team  
CFBCipher Feedback  
CHAPChallenge Handshake Authentication Protocol  
CIAConfidentiality, Integrity, Availability  
CIOChief Information Officer  
CIRTComputer Incident Response Team  
CMSContent Management System  
COOPContinuity of Operation Planning  
COPECorporate Owned, Personally Enabled  
CPContingency Planning  
CRCCyclical Redundancy Check  
CRLCertificate Revocation List  
CSOChief Security Officer  
CSPCloud Service Provider  
CSRCertificate Signing Request  
CSRFCross-Site Request Forgery  
CSUChannel Service Unit  
CTMCounter Mode  
CTOChief Technology Officer  
CVECommon Vulnerability Enumeration  
CVSSCommon Vulnerability Scoring System  
CYODChoose Your Own Device  
DACDiscretionary Access Control  
DBADatabase Administrator  
DDoSDistributed Denial of Service  
DEPData Execution Prevention  
DESDigital Encryption Standard  
DHCPDynamic Host Configuration Protocol  
DHEDiffie-Hellman Ephemeral  
DKIMDomainKeys Identified Mail  
DLLDynamic Link Library  
DLPData Loss Prevention  
DMARCDomain Message Authentication Reporting and Conformance  
DNATDestination Network Address Translation  
DNSDomain Name System  
DoSDenial of Service  
DPOData Privacy Officer  
    
DRPDisaster Recovery Plan  
DSADigital Signature Algorithm  
DSLDigital Subscriber Line  
EAPExtensible Authentication Protocol  
ECBElectronic Code Book  
ECCElliptic Curve Cryptography  
ECDHEElliptic Curve Diffie-Hellman Ephemeral  
ECDSAElliptic Curve Digital Signature Algorithm  
EDREndpoint Detection and Response  
EFSEncrypted File System  
ERPEnterprise Resource Planning  
ESNElectronic Serial Number  
ESPEncapsulated Security Payload  
FACLFile System Access Control List  
FDEFull Disk Encryption  
FIMFile Integrity Monitoring  
FPGAField Programmable Gate Array  
FRRFalse Rejection Rate  
FTPFile Transfer Protocol  
FTPSSecured File Transfer Protocol  
GCMGalois Counter Mode  
GDPRGeneral Data Protection Regulation  
GPGGNU Privacy Guard  
GPOGroup Policy Object  
GPSGlobal Positioning System  
GPUGraphics Processing Unit  
GREGeneric Routing Encapsulation  
HAHigh Availability  
HDDHard Disk Drive  
HIDSHost-based Intrusion Detection System  
HIPSHost-based Intrusion Prevention System  
HMACHashed Message Authentication Code  
HOTPHMAC-based One-time Password  
HSMHardware Security Module  
HTMLHypertext Markup Language  
HTTPHypertext Transfer Protocol  
HTTPSHypertext Transfer Protocol Secure  
HVACHeating, Ventilation, Air Conditioning  
IaaSInfrastructure as a Service  
IaCInfrastructure as Code  
IAMIdentity and Access Management  
ICMPInternet Control Message Protocol  
ICSIndustrial Control Systems  
IDEAInternational Data Encryption Algorithm  
IDFIntermediate Distribution Frame  
IdPIdentity Provider  
IDSIntrusion Detection System  
IEEEInstitute of Electrical and Electronics Engineers  
IKEInternet Key Exchange  
IMInstant Messaging  
IMAPInternet Message Access Protocol  
IoCIndicators of Compromise  
IoTInternet of Things  
IPInternet Protocol  
IPSIntrusion Prevention System  
IPSecInternet Protocol Security  
IRIncident Response  
IRCInternet Relay Chat  
IRPIncident Response Plan  
ISOInternational Organization for Standardization  
ISPInternet Service Provider  
ISSOInformation Systems Security Officer  
IVInitialization Vector  
KDCKey Distribution Center  
KEKKey Encryption Key  
L2TPLayer 2 Tunneling Protocol  
LANLocal Area Network  
LDAPLightweight Directory Access Protocol  
LEAPLightweight Extensible Authentication Protocol  
MaaSMonitoring as a Service  
MACMandatory Access Control / Media Access Control / Message Authentication Code  
MANMetropolitan Area Network  
MBRMaster Boot Record  
MD5Message Digest 5  
MDFMain Distribution Frame  
MDMMobile Device Management  
MFAMulti-Factor Authentication  
MFDMultifunction Device  
MFPMultifunction Printer  
MLMachine Learning  
MMSMultimedia Message Service  
MOAMemorandum of Agreement  
MOUMemorandum of Understanding  
MPLSMultiprotocol Label Switching  
MSAMaster Service Agreement  
MSCHAPMicrosoft Challenge Handshake Authentication Protocol  
MSPManaged Service Provider  
MSSPManaged Security Service Provider  
MTBFMean Time Between Failures  
MTTFMean Time to Failure  
    
MTTRMean Time to RecoverCritical for disaster recovery planning 
MTUMaximum Transmission UnitNetwork packet size limit 
NACNetwork Access ControlEnsures endpoint compliance (e.g., 802.1X) 
NATNetwork Address TranslationMasks private IPs (e.g., home routers) 
NDANon-disclosure AgreementLegal confidentiality requirement 
NFCNear Field CommunicationContactless payments (range: ~4cm) 
NGFWNext-generation FirewallIncludes IPS, SSL inspection 
NIDSNetwork-based Intrusion Detection SystemPassive monitoring (e.g., Snort) 
NIPSNetwork-based Intrusion Prevention SystemActive blocking of threats 
NISTNational Institute of Standards & TechnologyPublishes cybersecurity frameworks 
NTFSNew Technology File SystemWindows file system with ACL support 
NTLMNew Technology LAN ManagerLegacy Windows auth protocol 
NTPNetwork Time ProtocolCritical for log synchronization 
OAUTHOpen AuthorizationAPI authorization framework 
OCSPOnline Certificate Status ProtocolReal-time cert revocation checks 
OIDObject IdentifierUnique identifier in PKI 
OSOperating SystemWindows, Linux, macOS security 
OSINTOpen-source IntelligenceThreat intelligence from public sources 
OSPFOpen Shortest Path FirstDynamic routing protocol 
OTOperational TechnologyIndustrial systems (SCADA, ICS) 
OTAOver the AirWireless updates (e.g., IoT devices) 
OVALOpen Vulnerability Assessment LanguageStandard for vulnerability checks 
P12PKCS #12Certificate container format 
P2PPeer to PeerDecentralized networks (risk: malware) 
PaaSPlatform as a ServiceCloud dev environment (e.g., Heroku) 
PACProxy Auto ConfigurationAutomated proxy settings 
PAMPrivileged Access ManagementControls admin access 
PAMPluggable Authentication ModulesLinux authentication framework 
PAPPassword Authentication ProtocolUnencrypted credential transmission 
PATPort Address TranslationNAT variant mapping multiple devices 
PBKDF2Password-based Key Derivation Function 2Key stretching algorithm 
PBXPrivate Branch ExchangeBusiness phone systems (VoIP risks) 
PCAPPacket CaptureNetwork traffic analysis (Wireshark) 
PCI DSSPayment Card Industry Data Security StandardCredit card security compliance 
PDUPower Distribution UnitData center power management 
PEAPProtected Extensible Authentication ProtocolWPA2-Enterprise authentication 
PEDPersonal Electronic DeviceBYOD security considerations 
PEMPrivacy Enhanced MailBase64-encoded cert format 
PFSPerfect Forward SecrecyEphemeral keys for session security 
PGPPretty Good PrivacyEmail/file encryption standard 
PHIPersonal Health InformationHIPAA-regulated data 
PIIPersonally Identifiable InformationGDPR/CCPA protected data 
PIVPersonal Identity VerificationUS govt smart card standard 
PKCSPublic Key Cryptography StandardsRSA-developed crypto standards 
PKIPublic Key InfrastructureDigital certificate framework 
POPPost Office ProtocolLegacy email retrieval protocol 
POTSPlain Old Telephone ServiceAnalog phone security risks 
PPPPoint-to-Point ProtocolDirect device connections 
PPTPPoint-to-Point Tunneling ProtocolInsecure VPN protocol (avoid) 
PSKPre-shared KeyWPA2-Personal authentication 
PTZPan-tilt-zoomSecurity camera controls 
PUPPotentially Unwanted ProgramGrayware (adware, spyware) 
RARecovery AgentKey escrow access for encrypted data 
RARegistration AuthorityPKI entity that verifies identities 
RADIUSRemote Authentication Dial-in User ServiceCentralized network authentication 
RAIDRedundant Array of Inexpensive DisksData redundancy (RAID 1/5/6) 
RASRemote Access ServerLegacy dial-up access systems 
RATRemote Access TrojanMalware for persistent access 
RBACRole-based Access ControlPermissions tied to job functions 
RC4Rivest Cipher version 4Insecure stream cipher (deprecated) 
RDPRemote Desktop ProtocolCommon attack vector (secure with NLA) 
RFIDRadio Frequency IdentifierPhysical access cards/cloning risks 
RSARivest, Shamir, & AdlemanAsymmetric encryption algorithm 
RTBHRemotely Triggered Black HoleDDoS mitigation technique 
RTORecovery Time ObjectiveMax acceptable downtime 
RPORecovery Point ObjectiveMax data loss tolerance 
S/MIMESecure/Multipurpose Internet Mail ExtensionsEncrypted email standard 
SaaSSoftware as a ServiceCloud apps (e.g., Office 365) 
SAMLSecurity Assertions Markup LanguageXML-based SSO standard 
SANStorage Area NetworkHigh-speed storage network 
SANSubject Alternative NameMulti-domain SSL certificates 
SCADASupervisory Control and Data AcquisitionIndustrial control systems 
SD-WANSoftware-defined Wide Area NetworkDynamic traffic routing 
SDLCSoftware Development LifecycleSecure development practices 
    
SDNSoftware-defined NetworkingDecouples control plane from data planeAttack surface for DDoS (e.g., ONOS controller exploits)
SELinuxSecurity-enhanced LinuxMandatory Access Control (MAC) for LinuxEnforces least privilege policies
SEDSelf-encrypting DrivesHardware-based full-disk encryptionComplies with FIPS 140-2, protects data-at-rest
SEHStructured Exception HandlerWindows memory management featureBuffer overflow exploitation target
SFTPSecured File Transfer ProtocolSSH-encrypted file transfer (port 22)Secure alternative to FTP
SHASecure Hashing AlgorithmSHA-256 (NIST standard), SHA-1 deprecatedIntegrity verification (e.g., file checksums)
SIEMSecurity Information and Event ManagementLog aggregation/analysis (e.g., Splunk)Detects multi-vector attacks via correlation
SIMSubscriber Identity ModuleMobile auth (e.g., 3G/4G/5G)SIM swapping attacks bypass 2FA
SLAService-level AgreementUptime guarantees (e.g., 99.9%)Cloud security responsibility matrix
SLESingle Loss ExpectancyAsset Value × Exposure FactorPart of risk calculation (ALE = SLE × ARO)
SMTPSimple Mail Transfer ProtocolEmail delivery (port 25)SPF/DKIM/DMARC combat spoofing
SNMPSimple Network Management ProtocolDevice monitoring (v3 encrypts traffic)Default community strings are a risk
SOARSecurity Orchestration, Automation, ResponseAutomates incident response (e.g., Phantom)Reduces MTTR for breaches
SOCSecurity Operations Center24/7 threat monitoring teamTiered analysts (T1-T3) workflow
SPFSender Policy FrameworkDNS TXT records to prevent email spoofingPart of email authentication triad
SQLiSQL Injection' OR 1=1-- bypasses authenticationOWASP Top 10 #1 risk
SSHSecure ShellEncrypted remote access (port 22)Key-based auth > passwords
SSL/TLSSecure Sockets Layer / Transport Layer SecurityTLS 1.2/1.3 are current standardsHeartbleed (CVE-2014-0160) exploited SSL
SSOSingle Sign-onCentralized auth (e.g., Okta, ADFS)Risk: Compromise gives broad access
STIX/TAXIIStructured Threat Information eXchange / Trusted Automated eXchange of Indicator InformationThreat intelligence sharing formatsUsed in MISP threat platforms
TACACS+Terminal Access Controller Access Control SystemCisco auth protocol (TCP/49)Encrypts entire payload (vs RADIUS)
TCP/IPTransmission Control Protocol/Internet ProtocolInternet protocol suiteSYN floods attack TCP handshake
TGTTicket Granting TicketKerberos authentication componentGolden Ticket attacks forge TGTs
TKIPTemporal Key Integrity ProtocolWPA encryption (deprecated)Vulnerable to WPA2 attacks
TLSTransport Layer SecurityReplaced SSL (e.g., TLS 1.3)Downgrade attacks (e.g., POODLE)
TOTPTime-based One-time PasswordGoogle Authenticator algorithmMore secure than SMS 2FA
TPMTrusted Platform ModuleHardware crypto processorStores BitLocker/RSA keys
TTPsTactics, Techniques, ProceduresMITRE ATT&CK framework structureDefenders use to profile threat actors
UDPUser Datagram ProtocolConnectionless (port 53 for DNS)DNS amplification attacks
UEFIUnified Extensible Firmware InterfaceReplaces legacy BIOSSecure Boot prevents rootkits
UPSUninterruptable Power SupplyBattery backup for graceful shutdownPrevents data corruption
URLUniform Resource Locatorhttps:// vs http://IDN homograph attacks
USB OTGUSB On the GoDirect device connectionsBadUSB exploits firmware
UTMUnified Threat ManagementAll-in-one security applianceIncludes FW/IPS/AV/web filtering
VDIVirtual Desktop InfrastructureCentralized desktop hostingReduces endpoint attack surface
VLANVirtual Local Area NetworkNetwork segmentation (802.1Q)VLAN hopping via double-tagging
VoIPVoice over IPSIP/RTP protocols (port 5060)Vishing/SIP brute-force risks
VPNVirtual Private NetworkIPsec (IKEv2) or SSL VPNsSplit tunneling risks
WAFWeb Application FirewallBlocks OWASP Top 10 (e.g., ModSecurity)Bypasses via 0-days
WEPWired Equivalent PrivacyBroken RC4 encryption (2001)Crackable in <1 minute
WPAWi-Fi Protected AccessWPA3 uses SAE (Dragonfly)KRACK attacks target WPA2
XDRExtended Detection and ResponseCross-layer threat detectionEvolved from EDR/MDR
XSSCross-site Scripting<script>alert(1)</script>Stored vs reflected XSS

To get in touch with me or for general discussion please visit ZeroDayMindset Discussion

This post is licensed under CC BY 4.0 by the author.