Question

12.14. 常见术语

12.14.1. Windows

• WMI (Windows Management Instrumentation)
• ETW (Event Tracing for Windows)
• WFP (Windows Filtering Platform)
• MS-RPC (Microsoft Remote Procedure Call)
• MS-SAMR (Security Account Manager Remote Protocol)
• MS-SCMR (Service Control Manager Remote Protocol)
• MS-DRSR (Directory Replication Service Remote Protocol)
• MS-TSCH (Task Scheduler Service Remoting Protocol)
• DCOM (Distributed Component Object Model)

12.14.2. 网络相关

12.14.2.1. 网络协议

• 轻型目录访问协议 (Lightweight Directory Access Protocol, LDAP)
• 标识名 (Distinguished Name, DN)
• 相对标识名 (Relative Distinguished Name, RDN)
• 服务器消息块 (Server Message Block, SMB)
• 网络文件共享系统 (Common Internet File System, CIFS)
• SMTP (Simple Mail Transfer Protocol)
• 简单网络管理协议 (Simple Network Management Protocol, SNMP)
• POP3 (Post Office Protocol 3)
• IMAP (Internet Mail Access Protocol)
• HTTP (HyperText Transfer Protocol)
• HTTPS (HyperText Transfer Protocol over Secure Socket Layer)
• 动态主机配置协议 (Dynamic Host Configuration Protocol, DHCP)
• 远程过程调用 (Remote Procedure Call, RPC)
• Java调试线协议 (Java Debug Wire Protocol, JDWP)
• 网络文件系统 (Network File System, NFS)
• 服务主体名称 (Service Principal Names, SPN)
• 简单身份验证 (Simple Authentication and Security Layer, SASL)
• 链路本地多播名称解析 (Link-Local Multicast Name Resolution, LLMNR)
• 分布式运行环境 / RPC (Distributed Computing Environment / Remote Procedure Calls, DCE/RPC)

12.14.2.2. 路由系统

• 自治系统 (Autonomous System, AS)
• 内部网关协议 (Interior Gateway Protocol, IGP)
• 外部网关协议 (External Gateway Protocol, EGP)
• 域内路由选择 (interdomain routing)
• 域间路由选择 (intradomain routing)
• 路由信息协议 (Routing Information Protocol, RIP)
• 开放最短路径优先 (Open Shortest Path First, OSPF)
• 动态路由协议 (Dynamic Routing Protocols, DRP)
• 首跳冗余性协议 (First Hop Redundancy Protocols, FHRP)
• 热备份路由器协议 (Hot Standby Router Protocol, HSRP)
• 虚拟路由冗余协议 (Virtual Router Redundancy Protocol, VRRP)
• 网关负载均衡协议 (Gateway Load Balancing Protocol, GLBP)
• 网络地址转换 (Network Address Translation, NAT)
• 点对点协议 (Point-to-Point Protocol, PPP)
• 生成树协议 (Spanning Tree Protocol, STP)
• QUIC (Quick UDP Internet Connections)

12.14.2.3. 网络应用

• 证书透明度 (Certificate Transparency, CT)
• DNS证书颁发机构授权 (DNS Certification Authority Authorization, CAA)
• 应用级网关 (Application Level Gateway, ALG)

12.14.2.4. Kerberos

• 密钥分发中心 (Key Distribution Center, KDC)
• 认证服务器 (Authentication Server, AS)
• 票据授权服务器 (Ticket Granting Server, TGS)

12.14.3. 开发相关

• REST (Representation State Transformation)

12.14.4. 安全相关

• 缺点 (defect / mistake)

  • 软件在实现上和设计上的弱点
  • 缺点是缺陷和瑕疵的统称

• 缺陷 (bug)

  • 实现层面的软件缺点
  • 容易被发现和修复
  • 例如：缓冲区溢出

• 瑕疵 (flaw)

  • 一种设计上的缺点，难以察觉
  • 瑕疵往往需要人工分析才能发现
  • 软件系统中错误处理或恢复模块，导致程序不安全或失效

• 漏洞 (vulnerability)

  • 可以用于违反安全策略的缺陷或瑕疵

• 交互式应用程序安全测试 (Interactive Application Security Testing, IAST)
• 动态应用程序安全测试 (Dynamic Application Security Testing, DAST)
• 静态应用程序安全测试 (Static Application Security Testing, SAST)
• ATT&CK™ (Adversarial Tactics, Techniques, and Common Knowledge, ATT&CK)
• 横向移动 (Lateral Movement)
• 入侵和攻击模拟 (Breach and Attack Simulation, BAS)

12.14.4.1. 安全开发

• 安全信息和事件管理 (Security Information Event Management, SIEM)
• 自动化响应SOAR模型 (Security Orchestration, Automation and Response, SOAR)
• SDL (Security Development Lifecycle)

12.14.4.2. 安全策略

• 跨域资源共享策略 (Cross-Origin Resource Sharing, CORS)
• 发件人策略框架 (Sender Policy Framework, SPF)
• 域名密钥识别邮件 (DomainKeys Identified Mail, DKIM)
• 基于域名的消息认证报告与一致性协议 (Domain-based Message Authentication, Reporting and Conformance, DMARC)
• DNSSEC (The Domain Name System Security Extensions)
• 基于DNS的命名实体身份验证 (DNS-based Authentication of Named Entities, DANE)

12.14.4.3. 安全模型

• 构建安全成熟度模型 (Building Security In Maturity Model, BSIMM)

12.14.5. 攻击相关

12.14.5.1. 漏洞类型

• 跨站脚本攻击 (Cross Site Scripting, XSS)
• 跨站请求伪造 (Cross-Site Request Forgery, CSRF)
• 中间人攻击 (Man-in-the-middle, MITM)
• 服务端请求伪造 (Server Side Request Forgery, SSRF)
• 高级持续威胁 (Advanced Persistent Threat, APT)
• 远程命令执行 (Remote Command Execute, RCE)
• 远程代码执行 (Remote Code Execute, RCE)
• 带外数据 (Out-Of-Band, OOB)

12.14.5.2. 攻击方式

• 鱼叉攻击 (Spear Phishing)
• 水坑攻击 (Water Holing)
• 分布式拒绝服务 (Distributed Denial of Service, DDoS)

12.14.6. 防御相关

• IoC (Indicators of Compromise)
• IoA (Indicators of Activity)

12.14.6.1. 防御技术

• 网络检测响应 (Network-based Detection and Response, NDR)
• 终端检测响应 (Endpoint Detection and Response, EDR)
• 托管检测响应 (Managed Detection and Response, MDR)
• 扩展检测响应 (Extended Detection and Response, XDR)
• 自适应安全架构 (Adaptive Security Architecture, ASA)
• 零信任网络访问 (Zero Trust Network Access, ZTNA)
• 云安全配置管理 (Cloud Security Posture Management, CSPM)

12.14.6.2. 防护设施

• 入侵检测系统 (Intrusion Detection System, IDS)
• 主机型入侵检测系统 (Host-based Intrusion Detection System, HIDS)
• 主机入侵防御系统 (Host Intrusion Prevent System, HIPS)
• RASP (Runtime Application Self-protection)
• 统一端点管理 (Unified Endpoint Management, UEM)

12.14.7. 运维

• 智能运维 (Artificial Intelligence for IT Operations, AIOps)
• 风险和脆弱性评估 (Risk and Vulnerability Assessments, RVA)
• 计算机安全应急响应组 (Computer Emergency Response Team, CERT)

12.14.8. 认证

• 单点登录 (Single Sign-On, SSO)
• 双因素认证 (Two-Factor Authentication, 2FA)
• 多因素认证 (Multi-Factor Authentication, MFA)
• 一次性密码 (One-Time Password, OTP)

12.14.8.1. Kerbose

• 认证服务器 (Authentication Server, AS)
• 密钥分发中心 (Key Distribution Center, KDC)
• 票据授权票据，票据的票据 (Ticket Granting Ticket, TGT)
• 票据授权服务器 (Ticket Granting Server, TGS)
• 特定服务提供端 (Service Server, SS)

12.14.9. 可信计算

• 可信平台模块 (Trusted Platform Module, TPM)

12.14.10. 云

12.14.10.1. 容器

• 容器运行时 (Container Runtime Interface, CRI)
• 开放容器标准 (Open Container Initiative, OCI)
• 开放容器格式标准 (Open Container Format, OCF)

12.14.10.2. 计算

• 弹性云计算 (Elastic Compute Cloud, EC2)
• 阿里云弹性云计算 (Elastic Compute Service, ECS)
• 云服务器 (Cloud Virtual Machine, CVM)

12.14.10.3. 存储

• 简单存储服务 (Simple Storage Service, S3)
• 对象存储 (Cloud Object Storage, COS)

12.14.10.4. XaaS

• 函数即服务 (Function as a Service, FaaS)
• 容器即服务 (Container as a Service, CaaS)
• 软件即服务 (Software as a Service, SaaS)
• 平台即服务 (Platform as a Service, PaaS)
• 基础设施即服务 (Insfrastructure as a Service, IaaS)

12.14.10.5. 特定平台

• OCI (Oracle Cloud Infrastructure)

12.14.10.6. 其他服务

• 元数据服务 (Instance Metadata Service, IMDS)
• 持续集成 (Continuous Integration, CI)
• 持续交付 (Continuous Deployment, CD)
• 边缘计算机器 (Edge Computing Machine, ECM)