1. One-Way Authentication vs Mutual Authentication:
- One-Way: Only the server is authenticated. Used in most websites (e.g., HTTPS)
- Mutual: Used in VPNs, financial systems, or other high-security environments.
2. Hardware Root of Trust: A secure hardware module that provides a foundation for trust in a system by encuring hardware-based security. (e.g, TPM)
3. TPM (Trusted Platform Module): A chip that securely stroes cryptographic keys, certificates, and other sensitive data.
4. SSL (Secure Socket Layer): A protocol for encrypting internret communciation. Replaced by TLS
5. LDAP (Lightweight Directory Access Protocol): A protocol used to query and manage directories like Active Directory.
6. DNS poisoning vs hijacking vs spoofing:
- Scale: Hijacking > Poisoning > Spoofing
- Hijacking: Most severe, altering DNS records globally at the source. Takes conrol of a domain's DNS records.
- Poisoning: Affects multiple users via a compromised DNS resolver. Inserts malicious DNS records into a cache.
- Spoofing: Short-lived and targeted at devices or networks. Sends fake DNS response temporarily.
7. FS (Forward secrecy): Ensures that even if the server's private key is compromised, past encrypted sessions remain secure. Achieved using ephemeral keys (temporary keys generated for each session)
8. DHE (Diffie-Hellman Ephemeral): A variation of Diffie-Hellman where ephemeral (temporary) keys are used.
9. DNSSEC (Domain Name System Security Extensions) : Ensures the integrity and authenticity of DNS responses by digitally signing them. Does not encrypt DNS queries. For encrypted DNS, use DoT (DNS-over-TLS) or DoH (DNS-over-HTTPS)
10. CASBs (Cloud access security brokers): Sits btw cloud users and cloud providers to monitor data access and usage and enforce policies like encryption, DLP and detect shadow IT
11. PSK (pre-shared key): A secret key that is shared btw parties before establishing secure communication. Common in home networks.
12. WPA2: A secure wireless protocol supporting PSK and 802.1X
13. Attestation: A process that verifies the integrity of firmware, software, or systems using cryptographic techniques (e.g., TPM)
14. Firmware: Low-level software embedded in hardware, controlling basic functions (e.g., BIOS, IoT devices)
15. DAI (Dynamic ARP Inspection (DAI): Validates ARP packets based on trusted sources.
16. BIOS (Basic Input/Output system): Firmware embedded on a computer's motherboard that initializes and manages hardware during the boot process. Text-based and slow and 16-bit.
17. UEFI (Unified Extensible Firmware Interface): Modern replacement for the BIOS. Firmware that initializes hardware during the boot process and provides an interface btw the OS and the computer's hardware. Graphical and mouse-supported and fast and 32-bit and 64bit.
