Updated: Dec 27, 2020
This article is a continued article of Common Knowledge Points of CompTIA Security+ Part 1
Telnet: It is used for remote network management based on TCP port number 23.
OCSP (Online Certificate Status Protocol): It is an HTTP-based certificate revocation list replacement scheme for checking certificate status.
CRL (Certificate Revocation List): It is a list of certificates revoked before the expiration date.
PKI (Public Key Infrastructure): It is a system composed of CA, certificates, software, services, and other cryptographic components to ensure the authenticity and validity of data or entities.
X.509: It is a standard for formatting certificates. It uses the information provided in the CSR to define the structure of the certificate.
Secure Transport Layer Protocol (TLS): It is used to provide confidentiality and data integrity between two communicating applications.
Session Initiation Protocol (SIP): It is an application-layer control protocol that can be used to create, modify, or terminate multimedia sessions, such as Internet phone calls.
SCP: It is a Secure copy, which is used for remote file copying, and the entire copying process is encrypted. Data transmission uses SSH, and uses the same authentication method as SSH, providing the same security guarantee.
Split tunneling: It is a computer network concept that allows mobile users to use the same or different network connections to simultaneously access different security domains.
Banner grabbing: It is a technology used to obtain information about computer systems on the network and services running on its open ports.
Port 465 is used for the secure SMTP protocol. Port 993 is used for the secure IMAP protocol. Port 995 is used for the secure POP3 protocol. By allowing these ports you allow encrypted mail. Port 25 is used for SMTP and is not encrypted. Port is used for unencrypted POP3, and port 143 (or 220) is used for unencrypted IMAP.
Radius (remote authentication dial-up user service): It provides a standard protocol for centralized authentication and authorization services for remote users.
Kerberos: It is an authentication service based on a time-sensitive ticket-granting system.
Diameter: It is an authentication protocol that allows multiple connection types (such as wireless connections) to be used.
TACACS (Terminal Access Controller Access Control System): It provides a remote access protocol for centralized authentication and authorization services for remote users.
PAP (Password Authentication Protocol): It is very old and will not re-authenticate. In fact, it even sends the password in clear text, so it should not be used anymore.
SPAP (Shiva Password Authentication Protocol): It adds password encryption to PAP, but does not re-authenticate.
OAUTH (Open Authentication): It is a password-based authentication protocol, usually used in conjunction with OpenID.
SAML (Security Assertion Markup Language): It is an XML-based framework used to exchange security-related information between the client and the server.
NTLM (NTLAN Manager): It is a challenge-response authentication protocol created by Microsoft and used in their products. It was eventually replaced by NTLM v2. Microsoft networks now use Kerberos.
MAC (Mandatory Access Control): Users with lower privileges are not allowed to see data with higher privilege levels.
DAC (discretionary access control): Let each data owner configure its own security, and the object will be configured with a list of users allowed to access the object.
RBAC (Role-Based Access Control): It is a system that controls access based on the user's role.
ABAC (Attribute-Based Access Control): It is used to evaluate a set of attributes owned by each subject to determine whether access can be authorized.
TOTP: A time-based one-time password can only be used once, and is only valid for a short period of time after it is released.
DAMP: Database activity monitoring and prevention system will be the most effective choice. These systems work similarly to IPS but are dedicated to databases.
PIV: Personal identity verification is standardized FIPS 201 (Federal Information Processing Standard Publication 201), which is applicable to federal employees.
SSO (Single Sign-On): It is one of the most popular solutions for enterprise business integration. The definition of SSO is that in multiple application systems, users only need to log in once to access all mutually trusted application systems.
HMAC (Hash-based Message Authentication Code): It is a method of verifying the integrity and authenticity of a message by combining a cryptographic hash function (such as MD5 or SHA-1) with a key.
DAC: Discretionary access control allows data owners to set access control.
EFS (Encrypted File System): NTFS-based public key encryption in Microsoft Windows.
UAC: User account control prevents unauthorized applications from running.
Shibboleth: It is a middleware solution for identity verification and identity management. It uses SAML (Security Assertion Markup Language) and runs on the Internet.
BIA (Business Impact Analysis): It is a systematic activity used to identify organizational risks and determine the impact on ongoing mission-critical businesses and processes.
PIA (Privacy Impact Assessment): It is a tool used to determine and analyze the risks to privacy in the life cycle of a program or system.
Extranet: This private network can provide access privileges to external parties, especially suppliers, partners, and specific customers.
Intranet: It is a private cloud that can only be accessed by the organization's own employees.
SAML (Security Assertion Markup Language): It is an XML-based framework for exchanging security-related information between the client and the server.
EAP (Extensible Authentication Protocol): A wireless authentication protocol. Enables the system to use hardware-based identifiers (such as fingerprint scanners or smart card readers) for identity verification.
EAP-FAST: It is used when the strong password policy cannot be enforced and the certificate is not used. It consists of three stages: EAP-FAST authentication, establishing a secure channel, and client authentication.
CSR (Certificate Signing Request): It is a request sent by the applicant to the CA to apply for a digital identity certificate.
RC4: It is an example of stream encryption, which encrypts one bit of data at a time.
DHE: Use temporary keys to provide a secure key exchange.
ECDHE (Elliptic Curve Diffie-Hellman Ephemeral): It is an encryption protocol that uses temporary keys and elliptic curve encryption technology to provide a secure key exchange. It is usually used with TLS to provide perfect forward secrecy.
AES: It is a sub-series of the Rijndael code developed by Vincent Rijmen and Joan Daemen. Rijndael is a series of cipher sets with different keys and group lengths, supporting 128, 192, and 256-bit key sizes.