信息安全術(shù)語.docVIP

信息安全技術(shù)術(shù)語（中英文）1.0 Network Security 網(wǎng)絡(luò)安全1.1 Implementsecurity configuration parameters on network devices and othertechnologies. 在網(wǎng)絡(luò)設(shè)備和其他設(shè)備上實施安全配置參數(shù)Firewalls 防火墻Routers 路由器Switches 交換機(jī)Load Balancers 負(fù)載均衡Proxies 代理Web security gateways Web安全網(wǎng)關(guān)VPN concentrators VPN網(wǎng)關(guān)NIDS and NIPS 網(wǎng)絡(luò)入侵檢測與網(wǎng)絡(luò)入侵防范* Behavior based 基于行為* Signature based 基于特征* Anomaly based 基于異常* Heuristic 啟發(fā)式Protocol analyzers 協(xié)議分析儀Spam filter 垃圾郵件過濾UTM security appliances 統(tǒng)一威脅管理* URL filter URL過濾* Content inspection 內(nèi)容檢查* Malware inspection 惡意軟件檢查Web application firewall vs. network firewallWeb應(yīng)用防火墻與網(wǎng)絡(luò)防火墻Application aware devices 應(yīng)用端設(shè)備* Firewalls 防火墻* IPS 入侵防御* IDS 入侵檢測* Proxies 代理1.2 Given a scenario,use secure network administration principles.給定一個場景，應(yīng)用安全網(wǎng)絡(luò)管理原則Rule-based management 基于規(guī)則的管理Firewallrules 防火墻規(guī)則VLAN management VLAN管理Secure router configuration 安全路由配置Access control lists 訪問控制列表Port Security 端口安全802.1x 802.1xFlood guards 流量攻擊防護(hù)Loop protection 環(huán)路保護(hù)Implicit deny 默認(rèn)拒絕Network separation 網(wǎng)絡(luò)隔離Log analysis 日志分析Unified Threat Management 統(tǒng)一威脅管理1.3 Explain networkdesign elements and components.解釋網(wǎng)絡(luò)設(shè)計的元素和組件DMZ 非軍事化區(qū)DMZSubnetting 子網(wǎng)VLAN 虛擬局域網(wǎng)NAT 網(wǎng)絡(luò)地址翻譯Remote Access 遠(yuǎn)程接入Telephony 電話NAC 網(wǎng)絡(luò)接入控制NACVirtualization 虛擬化Cloud Computing 云計算* Platform as a Service 平臺即服務(wù)* Software as a Service 軟件即服務(wù)* Infrastructure as a Service 基礎(chǔ)設(shè)施即服務(wù)* Private 私有云* Public 公有云* Hybrid 混合云* Community 社區(qū)Layered security / Defense in depth 分層安全/深度防御1.4 Given a scenario,implement common protocols and services.給定一個場景，實施通用的協(xié)議和服務(wù)Protocols 協(xié)議* IPSec* SNMP* SSH* DNS* TLS* SSL* TCP/IP* FTPS* HTTPS* SCP* ICMP* IPv4* IPv6* iSCSI* Fibre Channel* FCoE* FTP* SFTP* TFTP* TELNET* HTTP* NetBIOSPorts 端口* 21* 22* 25* 53* 80* 110* 139* 143* 443* 3389OSI relevance OSI相關(guān)1.5 Given a scenario,troubleshoot security issues related to wireless networking.給定一個場景，對無線組網(wǎng)中的安全問題進(jìn)行故障排查WPAWPA2WEPEAPPEAPLEAPMAC filter MAC過濾Disable SSID broadcast 禁用SSID廣播TKIPCCMPAntenna PlacementPower level controlsCaptive portalsAntenna typesSite surveysVPN (over open wireless)2.0 Compliance and Operational Security 合規(guī)與運維安全2.1 Explain theimportance of risk related concepts.解釋風(fēng)險相關(guān)概念的重要性Control types 控制類型* Technical 技術(shù)性* Management 管理性* Operational 操作性False positives 誤報False negatives 漏報Importance of policies in reducing risk 風(fēng)險降低策略的重要性* Privacy policy 隱私策略* Acceptable use 可接受使用* Security policy 安全策略* Mandatory vacations 強(qiáng)制度假* Job rotation 工作輪換* Separation of duties 職責(zé)分離* Least privilege 最小特權(quán)Risk calculation 風(fēng)險計算* Likelihood 可能性* ALE 年度預(yù)期損失* Impact 影響* SLE 單次預(yù)期損失* ARO 年度發(fā)生率* MTTR 平均故障維修時間* MTTF 平均失效前時間* MTBF 平均故障間隔時間Quantitative vs. qualitative 定量 vs. 定性Vulnerabilities 漏洞Threat vectors 威脅Probability / threat likelihood 可能性/威脅可能性Risk-avoidance, transference, acceptance,mitigation, deterrence風(fēng)險規(guī)避，轉(zhuǎn)移，接受，降低，威懾Risks associated with Cloud Computing andVirtualization云計算與虛擬化相關(guān)的風(fēng)險Recovery time objective and recovery pointobjective恢復(fù)時間目標(biāo)與恢復(fù)點目標(biāo)2.2 Summarize thesecurity implications of integrating systems and data with third parties. 總結(jié)與第三方集成系統(tǒng)與數(shù)據(jù)的安全含義On-boarding/off-boarding business partners 駐場/場外的業(yè)務(wù)合作伙伴Social media networks and/or applications 社交媒體網(wǎng)絡(luò)與應(yīng)用Interoperability agreements 互操作協(xié)議* SLA 服務(wù)水平協(xié)議* BPA* MOU 備忘錄* ISAPrivacy considerations 隱私考慮Risk awareness 風(fēng)險意識Unauthorized data sharing 非授權(quán)數(shù)據(jù)共享Data ownership 數(shù)據(jù)所有權(quán)Data backups 數(shù)據(jù)備份Follow security policy and procedures 遵從安全策略與程序Review agreement requirements to verifycompliance and performance審核協(xié)議需求來確認(rèn)合規(guī)性與性能standards 標(biāo)準(zhǔn)2.3 Given a scenario,implement appropriate risk mitigation strategies.給定一個場景，實施正確的風(fēng)險降低策略Change management 變更管理Incident management 事件管理User rights and permissions reviews 用戶權(quán)限審核Perform routine audits 執(zhí)行日常審計Enforce policies and procedures to prevent dataloss or theft加強(qiáng)策略和程序來阻止數(shù)據(jù)的損失或失竊Enforce technology controls 加強(qiáng)技術(shù)控制* Data Loss Prevention (DLP) 數(shù)據(jù)防泄漏（DLP）2.4 Given a scenario,implement basic forensic procedures.給定一個場景，實施基本的取證程序Order of volatility 波動的順序Capture system image 獲取系統(tǒng)鏡像Network traffic and logs 網(wǎng)絡(luò)流量與日志Capture video 獲取視頻錄像Record time offset 記錄時間偏離Take hashes 進(jìn)行哈希校驗Screenshots 截屏Witnesses 目擊者Track man hours and expense 跟蹤記錄人員時間和花費Chain of custody 證據(jù)鏈Big Data analysis 大數(shù)據(jù)分析2.5 Summarize commonincident response procedures.總結(jié)通用的事件響應(yīng)程序Preparation 準(zhǔn)備Incident identification 事件識別Escalation and notification 升級與通知Mitigation steps 緩解步驟Lessons learned 經(jīng)驗學(xué)習(xí)Reporting 匯報Recovery/reconstitution procedures 恢復(fù)/重建程序First responder 第一響應(yīng)人Incident isolation 事件隔離* Quarantine 隔離區(qū)* Device removal 設(shè)備清除Data breach 數(shù)據(jù)泄露Damage and loss control 災(zāi)害與損失控制2.6 Explain theimportance of security related awareness and training.解釋安全相關(guān)意識和培訓(xùn)的重要性Security policy training and procedures 安全策略培訓(xùn)與程序Role-based training 基于角色的培訓(xùn)Personally identifiable information 個人可識別信息Information classification 信息分級* High 高* Medium 中* Low 低* Confidential 機(jī)密* Private 隱私* Public 工控Data labeling, handling anddisposal 數(shù)據(jù)標(biāo)簽、處理與廢棄Compliance with laws, best practices andstandards 法律、最佳實踐與標(biāo)準(zhǔn)的合規(guī)User habits 用戶習(xí)慣* Password behaviors 密碼行為* Data handling 數(shù)據(jù)處理* Clean desk policies 桌面清理策略* Prevent tailgating 防止尾隨* Personally owned devices 個人擁有的設(shè)備New threats and new security trends/alerts 新威脅與新安全趨勢/警告* New viruses 新病毒* Phishing attacks 釣魚攻擊* Zero-day exploits 零日攻擊Use of social networking and P2P 社會工程和P2P的使用Follow up and gather training metrics tovalidate compliance and security遵從并收集培訓(xùn)度量來驗證合規(guī)與安全posture 態(tài)度2.7 Compare andcontrast physical security and environmental controls.比較和對比物理安全環(huán)境控制Environmental controls 環(huán)境控制* HVAC 空調(diào)暖通* Fire suppression 滅火* EMI shielding 防電磁泄漏* Hot and cold aisles 冷熱通道* Environmental monitoring 環(huán)境監(jiān)控* Temperature and humidity controls 溫濕度控制Physical security 物理安全* Hardware locks 硬件鎖* Mantraps 陷門（雙重門）* Video Surveillance 視頻監(jiān)控* Fencing 籬笆* Proximity readers 接近探測* Access list 訪問列表* Proper lighting 正確的照明* Signs 標(biāo)記* Guards 門衛(wèi)* Barricades 柵欄* Biometrics 生物識別* Protected distribution (cabling) 分發(fā)保護(hù)（線纜）* Alarms 報警* Motion detection 活動探測Control types 控制類型* Deterrent 威懾性* Preventive 預(yù)防性* Detective 檢測性* Compensating 補(bǔ)償性* Technical 技術(shù)性* Administrative 管理性2.8 Summarize riskmanagement best practices.總結(jié)風(fēng)險管理的最佳實踐Business continuity concepts 業(yè)務(wù)連續(xù)性概念* Business impact analysis 業(yè)務(wù)影響分析* Identification of critical systems and components識別關(guān)鍵系統(tǒng)與組件* Removing single points of failure 消除單點故障* Business continuity planning and testing 業(yè)務(wù)連續(xù)性規(guī)劃與測試* Risk assessment 風(fēng)險評估* Continuity of operations 運維連續(xù)性* Disaster recovery 災(zāi)難恢復(fù)* IT contingency planning IT連續(xù)性規(guī)劃* Succession planning 接班人規(guī)劃* High availability 高可用性* Redundancy 冗余* Tabletop exercises 桌面演練Fault tolerance 容錯* Hardware 硬件* RAID RAID磁盤陣列* Clustering 集群* Load balancing 負(fù)載均衡* Servers 服務(wù)器Disaster recovery concepts 災(zāi)難恢復(fù)概念* Backup plans/policies 備份計劃/策略* Backup execution/frequency 備份執(zhí)行/頻率* Cold site 冷站* Hot site 熱站* Warm site 溫站2.9 Given a scenario,select the appropriate control to meet the goals of security.給定一個場景，選擇合適的控制來滿足安全目標(biāo)Confidentiality 機(jī)密性* Encryption 加密* Access controls 訪問控制* Steganography 隱寫術(shù)Integrity 完整性* Hashing 哈希* Digital signatures 數(shù)字簽名* Certificates 證書* Non-repudiation 抗抵賴Availability 可用性* Redundancy 冗余* Fault tolerance 容錯* Patching 補(bǔ)丁Safety 場所安全* Fencing 柵欄* Lighting 照明* Locks 門禁* CCTV 閉路電視* Escape plans 逃生計劃* Drills 演練* Escape routes 逃生路徑* Testing controls 測試控制重信息安全管理，對技術(shù)的涉及也不太深入，只有Security+認(rèn)證才是技術(shù)人員專屬的。貼兩章Security+學(xué)習(xí)大綱你就知道有多牛了，Security+認(rèn)證一共有六章內(nèi)容，以下僅僅是2個章節(jié)的樣例。1.0 Network Security 網(wǎng)絡(luò)安全1.1 Implementsecurity configuration parameters on network devices and othertechnologies. 在網(wǎng)絡(luò)設(shè)備和其他設(shè)備上實施安全配置參數(shù)Firewalls 防火墻Routers 路由器Switches 交換機(jī)Load Balancers 負(fù)載均衡Proxies 代理Web security gateways Web安全網(wǎng)關(guān)VPN concentrators VPN網(wǎng)關(guān)NIDS and NIPS 網(wǎng)絡(luò)入侵檢測與網(wǎng)絡(luò)入侵防范* Behavior based 基于行為* Signature based 基于特征* Anomaly based 基于異常* Heuristic 啟發(fā)式Protocol analyzers 協(xié)議分析儀Spam filter 垃圾郵件過濾UTM security appliances 統(tǒng)一威脅管理* URL filter URL過濾* Content inspection 內(nèi)容檢查* Malware inspection 惡意軟件檢查Web application firewall vs. network firewallWeb應(yīng)用防火墻與網(wǎng)絡(luò)防火墻Application aware devices 應(yīng)用端設(shè)備* Firewalls 防火墻* IPS 入侵防御* IDS 入侵檢測* Proxies 代理1.2 Given a scenario,use secure network administration principles.給定一個場景，應(yīng)用安全網(wǎng)絡(luò)管理原則Rule-based management 基于規(guī)則的管理Firewallrules 防火墻規(guī)則VLAN management VLAN管理Secure router configuration 安全路由配置Access control lists 訪問控制列表Port Security 端口安全802.1x 802.1xFlood guards 流量攻擊防護(hù)Loop protection 環(huán)路保護(hù)Implicit deny 默認(rèn)拒絕Network separation 網(wǎng)絡(luò)隔離Log analysis 日志分析Unified Threat Management 統(tǒng)一威脅管理1.3 Explain networkdesign elements and components.解釋網(wǎng)絡(luò)設(shè)計的元素和組件DMZ 非軍事化區(qū)DMZSubnetting 子網(wǎng)VLAN 虛擬局域網(wǎng)NAT 網(wǎng)絡(luò)地址翻譯Remote Access 遠(yuǎn)程接入Telephony 電話NAC 網(wǎng)絡(luò)接入控制NACVirtualization 虛擬化Cloud Computing 云計算* Platform as a Service 平臺即服務(wù)* Software as a Service 軟件即服務(wù)* Infrastructure as a Service 基礎(chǔ)設(shè)施即服務(wù)* Private 私有云* Public 公有云* Hybrid 混合云* Community 社區(qū)Layered security / Defense in depth 分層安全/深度防御1.4 Given a scenario,implement common protocols and services.給定一個場景，實施通用的協(xié)議和服務(wù)Protocols 協(xié)議* IPSec* SNMP* SSH* DNS* TLS* SSL* TCP/IP* FTPS* HTTPS* SCP* ICMP* IPv4* IPv6* iSCSI* Fibre Channel* FCoE* FTP* SFTP* TFTP* TELNET* HTTP* NetBIOSPorts 端口* 21* 22* 25* 53* 80* 110* 139* 143* 443* 3389OSI relevance OSI相關(guān)1.5 Given a scenario,troubleshoot security issues related to wireless networking.給定一個場景，對無線組網(wǎng)中的安全問題進(jìn)行故障排查WPAWPA2WEPEAPPEAPLEAPMAC filter MAC過濾Disable SSID broadcast 禁用SSID廣播TKIPCCMPAntenna PlacementPower level controlsCaptive portalsAntenna typesSite surveysVPN (over open wireless)2.0 Compliance and Operational Security 合規(guī)與運維安全2.1 Explain theimportance of risk related concepts.解釋風(fēng)險相關(guān)概念的重要性Control types 控制類型* Technical 技術(shù)性* Management 管理性* Operational 操作性False positives 誤報False negatives 漏報Importance of policies in reducing risk 風(fēng)險降低策略的重要性* Privacy policy 隱私策略* Acceptable use 可接受使用* Security policy 安全策略* Mandatory vacations 強(qiáng)制度假* Job rotation 工作輪換* Separation of duties 職責(zé)分離* Least privilege 最小特權(quán)Risk calculation 風(fēng)險計算* Likelihood 可能性* ALE 年度預(yù)期損失* Impact 影響* SLE 單次預(yù)期損失* ARO 年度發(fā)生率* MTTR 平均故障維修時間* MTTF 平均失效前時間* MTBF 平均故障間隔時間Quantitative vs. qualitative 定量 vs. 定性Vulnerabilities 漏洞Threat vectors 威脅Probability / threat likelihood 可能性/威脅可能性Risk-avoidance, transference, acceptance,mitigation, deterrence風(fēng)險規(guī)避，轉(zhuǎn)移，接受，降低，威懾Risks associated with Cloud Computing andVirtualization云計算與虛擬化相關(guān)的風(fēng)險Recovery time objective and recovery pointobjective恢復(fù)時間目標(biāo)與恢復(fù)點目標(biāo)2.2 Summarize thesecurity implications of integrating systems and data with third parties. 總結(jié)與第三方集成系統(tǒng)與數(shù)據(jù)的安全含義On-boarding/off-boarding business partners 駐場/場外的業(yè)務(wù)合作伙伴Social media networks and/or applications 社交媒體網(wǎng)絡(luò)與應(yīng)用Interoperability agreements 互操作協(xié)議* SLA 服務(wù)水平協(xié)議* BPA* MOU 備忘錄* ISAPrivacy considerations 隱私考慮Risk awareness 風(fēng)險意識Unauthorized data sharing 非授權(quán)數(shù)據(jù)共享Data ownership 數(shù)據(jù)所有權(quán)Data backups 數(shù)據(jù)備份Follow security policy and procedures 遵從安全策略與程序Review agreement requirements to verifycompliance and performance審核協(xié)議需求來確認(rèn)合規(guī)性與性能standards 標(biāo)準(zhǔn)2.3 Given a scenario,implement appropriate risk mitigation strategies.給定一個場景，實施正確的風(fēng)險降低策略Change management 變更管理Incident management 事件管理User rights and permissions reviews 用戶權(quán)限審核Perform routine audits 執(zhí)行日常審計Enforce policies and procedures to prevent dataloss or theft加強(qiáng)策略和程序來阻止數(shù)據(jù)的損失或失竊Enforce technology controls 加強(qiáng)技術(shù)控制* Data Loss Prevention (DLP) 數(shù)據(jù)防泄漏（DLP）2.4 Given a scenario,implement basic forensic procedures.給定一個場景，實施基本的取證程序Order of volatility 波動的順序Capture system image 獲取系統(tǒng)鏡像Network traffic and logs 網(wǎng)絡(luò)流量與日志Capture video 獲取視頻錄像Record time offset 記錄時間偏離Take hashes 進(jìn)行哈希校驗Screenshots 截屏Witnesses 目擊者Track man hours and expense 跟蹤記錄人員時間和花費Chain of custody 證據(jù)鏈Big Data analysis 大數(shù)據(jù)分析2.5 Summarize commonincident response procedures.總結(jié)通用的事件響應(yīng)程序Preparation 準(zhǔn)備Incident identification 事件識別Escalation and notification 升級與通知Mitigation steps 緩解步驟Lessons learned 經(jīng)驗學(xué)習(xí)Reporting 匯報Recovery/reconstitution procedures 恢復(fù)/重建程序First responder 第一響應(yīng)人Incident isolation 事件隔離* Quarantine 隔離區(qū)* Device removal 設(shè)備清除Data breach 數(shù)據(jù)泄露Damage and loss control 災(zāi)害與損失控制2.6 Explain theimportance of security related awareness and training.解釋安全相關(guān)意識和培訓(xùn)的重要性Security policy training and procedures 安全策略培訓(xùn)與程序Role-based training 基于角色的培訓(xùn)Personally identifiable information 個人可識別信息Information classification 信息分級* High 高* Medium 中* Low 低* Confidential 機(jī)密* Private 隱私* Public 工控Data labeling, handling anddisposal 數(shù)據(jù)標(biāo)簽、處理與廢棄Compliance with laws, best practices andstandards 法律、最佳實踐與標(biāo)準(zhǔn)的合規(guī)User habits 用戶習(xí)慣* Password behaviors 密碼行為* Data handling 數(shù)據(jù)處理* Clean desk policies 桌面清理策略* Prevent tailgating 防止尾隨* Personally owned devices 個人擁有的設(shè)備New threats and new security trends/alerts 新威脅與新安全趨勢/警告* New viruses 新病毒* Phishing attacks 釣魚攻擊* Zero-day exploits 零日攻擊Use of social networking and P2P 社會工程和P2P的使用Follow up and gather training metrics tovalidate compliance and security遵從并收集培訓(xùn)度量來驗證合規(guī)與安全posture 態(tài)度2.7 Compare andcontrast physical security and environmental controls.比較和對比物理安全環(huán)境控制Environmental controls 環(huán)境控制* HVAC 空調(diào)暖通* Fire suppression 滅火* EMI shielding 防電磁泄漏* Hot and cold aisles 冷熱通道* Environmental monitoring 環(huán)境監(jiān)控* Temperature and humidity controls 溫濕度控制Physical security 物理安全* Hardware locks 硬件鎖* Mantraps 陷門（雙重門）* Video Surveillance 視頻監(jiān)控* Fencing 籬笆* Proximity readers 接近探測* Access list 訪問列表* Proper lighting 正