11.9. 常见术语¶
11.9.1. 系统相关¶
WMI (Windows Management Instrumentation)
11.9.2. 网络相关¶
11.9.2.1. 网络协议¶
轻型目录访问协议 (Lightweight Directory Access Protocol, LDAP)
SMB (Server Message Block)
SMTP (Simple Mail Transfer Protocol)
简单网络管理协议 (Simple Network Management Protocol, SNMP)
POP3 (Post Office Protocol 3)
IMAP (Internet Mail Access Protocol)
HTTP (HyperText Transfer Protocol)
HTTPS (HyperText Transfer Protocol over Secure Socket Layer)
动态主机配置协议 (Dynamic Host Configuration Protocol, DHCP)
RPC (Remote Procedure Call)
Java调试线协议 (Java Debug Wire Protocol, JDWP)
NFS (Network File System)
服务主体名称 (Service Principal Names, SPN)
11.9.2.2. 路由系统¶
自治系统 (Autonomous System, AS)
内部网关协议 (Interior Gateway Protocol, IGP)
外部网关协议 (External Gateway Protocol, EGP)
域内路由选择 (interdomain routing)
域间路由选择 (intradomain routing)
路由信息协议 (Routing Information Protocol, RIP)
开放最短路径优先 (Open Shortest Path First, OSPF)
动态路由协议 (Dynamic Routing Protocols, DRP)
首跳冗余性协议 (First Hop Redundancy Protocols, FHRP)
热备份路由器协议 (Hot Standby Router Protocol, HSRP)
虚拟路由冗余协议 (Virtual Router Redundancy Protocol, VRRP)
网关负载均衡协议 (Gateway Load Balancing Protocol, GLBP)
网络地址转换 (Network Address Translation, NAT)
点对点协议 (Point-to-Point Protocol, PPP)
生成树协议 (Spanning Tree Protocol, STP)
11.9.2.3. 网络应用¶
证书透明度 (Certificate Transparency, CT)
DNS证书颁发机构授权 (DNS Certification Authority Authorization, CAA)
应用级网关 (Application Level Gateway, ALG)
11.9.3. 开发相关¶
REST (Representation State Transformation)
持续集成 (Continuous Integration, CI)
持续交付 (Continuous Deployment, CD)
函数即服务 (Function as a Service, FaaS)
容器即服务 (Container as a Service, CaaS)
软件即服务 (Software as a Service, SaaS)
平台即服务 (Platform as a Service, PaaS)
基础设施即服务 (Insfrastructure as a Service, IaaS)
11.9.4. 安全相关¶
- 缺点 (defect / mistake)
软件在实现上和设计上的弱点
缺点是缺陷和瑕疵的统称
- 缺陷 (bug)
实现层面的软件缺点
容易被发现和修复
例如:缓冲区溢出
- 瑕疵 (flaw)
一种设计上的缺点,难以察觉
瑕疵往往需要人工分析才能发现
软件系统中错误处理或恢复模块,导致程序不安全或失效
- 漏洞 (vulnerability)
可以用于违反安全策略的缺陷或瑕疵
IAST (Interactive Application Security Testing)
DAST (Dynamic Application Security Testing)
SAST (Static Application Security Testing)
ATT&CK™ (Adversarial Tactics, Techniques, and Common Knowledge, ATT&CK)
11.9.4.1. 安全开发¶
安全信息和事件管理 (Security Information Event Management, SIEM)
自动化响应SOAR模型 (Security Orchestration, Automation and Response, SOAR)
SDL (Security Development Lifecycle)
11.9.4.2. 安全策略¶
跨域资源共享策略 (Cross-Origin Resource Sharing, CORS)
发件人策略框架 (Sender Policy Framework, SPF)
域名密钥识别邮件 (DomainKeys Identified Mail, DKIM)
基于域名的消息认证报告与一致性协议 (Domain-based Message Authentication, Reporting and Conformance, DMARC)
DNSSEC (The Domain Name System Security Extensions)
基于DNS的命名实体身份验证 (DNS-based Authentication of Named Entities, DANE)
11.9.5. 攻击相关¶
11.9.5.1. 漏洞类型¶
跨站脚本攻击 (Cross Site Scripting, XSS)
跨站请求伪造 (Cross-Site Request Forgery, CSRF)
中间人攻击 (Man-in-the-middle, MITM)
服务端请求伪造 (Server Side Request Forgery, SSRF)
高级持续威胁 (Advanced Persistent Threat, APT)
11.9.5.2. 攻击方式¶
鱼叉攻击 (Spear Phishing)
水坑攻击 (Water Holing)
11.9.6. 防御相关¶
IoC (Indicators of Compromise)
11.9.6.1. 防御技术¶
网络检测响应 (Network-based Detection and Response, NDR)
终端检测响应 (Endpoint Detection and Response, EDR)
托管检测响应 (Managed Detection and Response, MDR)
扩展检测响应 (Extended Detection and Response, XDR)
自适应安全架构 (Adaptive Security Architecture, ASA)
零信任网络访问 (Zero Trust Network Access, ZTNA)
云安全配置管理 (Cloud Security Posture Management, CSPM)
11.9.6.2. 防护设施¶
入侵检测系统 (Intrusion Detection System, IDS)
主机型入侵检测系统 (Host-based Intrusion Detection System, HIDS)
RASP (Runtime Application Self-protection)
统一端点管理 (Unified Endpoint Management, UEM)
11.9.7. 运维¶
智能运维 (Artificial Intelligence for IT Operations, AIOps)
风险和脆弱性评估 (Risk and Vulnerability Assessments, RVA)
11.9.8. 认证¶
双因素认证 (Two-Factor Authentication, 2FA)
多因素认证 (Multi-Factor Authentication, MFA)
一次性密码 (One-Time Password, OTP)