Cyber Vocab Session 9

1. Cloud Computing (Category: Cloud)

Cloud computing is a technology that allows users to access and utilize computing resources, such as servers, storage, and applications, over the internet.

This model enables flexible, scalable, and often cost-effective solutions, as users can access services on-demand and pay only for what they use.

Cloud computing can pose security risks such as data breaches, unauthorized access, and vulnerabilities in shared infrastructure.

2. SaaS and other acronyms (Category: General)

1. SaaS (Software as a Service): A distribution model where software applications are hosted by a service provider and made available to customers over the internet.

2. IaaS (Infrastructure as a Service): A cloud computing service that provides virtualized computing resources over the internet.

3. PaaS (Platform as a Service): A cloud computing service that provides a platform allowing customers to develop, run, and manage applications without the complexity of building and maintaining the infrastructure.

4. DaaS (Desktop as a Service): A cloud computing service that delivers virtual desktops to end-users over the internet, which are hosted on a central server.

5. FaaS (Function as a Service): A cloud computing service that allows users to execute code in response to events without the complexity of building and maintaining the infrastructure.

6. CaaS (Container as a Service): A cloud service model that allows users to manage and deploy containers, applications, and clusters through container-based virtualization.

7. STaaS (Storage as a Service): A data storage provisioning model in which a service provider rents space in their storage infrastructure to a customer.

8. NaaS (Network as a Service): A business model for delivering network services virtually over the internet on a pay-per-use or subscription basis.

3. Reconnaissance (Category: General)

In cybersecurity, reconnaissance refers to the preliminary phase where attackers gather information about their target, such as system vulnerabilities, network structures, and user behaviors, to plan their attack.

This process can involve techniques like scanning networks, researching public data, and social engineering to identify potential entry points and weak spots in the target's defenses.

Reconnaissance is run by both black hat and white hat hackers.

4. Threat Modeling (Category: General)

Threat modeling in cybersecurity is a structured process used to identify, assess, and prioritize potential threats to a system, including vulnerabilities and the potential impact of different types of attacks.

This proactive approach helps in designing and implementing effective security measures and strategies to mitigate identified risks before they can be exploited by attackers.

Notable threat modeling solutions include Microsoft's Threat Modeling Tool, OWASP's Threat Dragon, and IriusRisk, which provide frameworks and tools for systematically identifying, analyzing, and addressing potential security threats in software and systems.

5. Virtualization (Category: Blue Team)

Virtualization in cybersecurity involves creating virtual versions of physical hardware, like servers and storage devices, to run multiple, isolated operating environments on a single physical system.

Software solutions such as VMware, Oracle VirtualBox, Microsoft Hyper-V, and Citrix XenServer are commonly used for virtualization, allowing for the creation and management of virtual machines on a single physical host.

This technology not only enhances resource efficiency and scalability but also improves security by isolating different applications and systems, reducing the risk of widespread damage from cyber attacks.