12.14. 常见术语¶

12.14.1. Windows¶

WMI (Windows Management Instrumentation)
ETW (Event Tracing for Windows)
WFP (Windows Filtering Platform)
MS-RPC (Microsoft Remote Procedure Call)
MS-SAMR (Security Account Manager Remote Protocol)
MS-SCMR (Service Control Manager Remote Protocol)
MS-DRSR (Directory Replication Service Remote Protocol)
MS-TSCH (Task Scheduler Service Remoting Protocol)
DCOM (Distributed Component Object Model)

12.14.2. 网络相关¶

12.14.2.1. 网络协议¶

轻型目录访问协议 (Lightweight Directory Access Protocol, LDAP)
标识名 (Distinguished Name, DN)
相对标识名 (Relative Distinguished Name, RDN)
服务器消息块 (Server Message Block, SMB)
网络文件共享系统 (Common Internet File System, CIFS)
SMTP (Simple Mail Transfer Protocol)
简单网络管理协议 (Simple Network Management Protocol, SNMP)
POP3 (Post Office Protocol 3)
IMAP (Internet Mail Access Protocol)
HTTP (HyperText Transfer Protocol)
HTTPS (HyperText Transfer Protocol over Secure Socket Layer)
动态主机配置协议 (Dynamic Host Configuration Protocol, DHCP)
远程过程调用 (Remote Procedure Call, RPC)
Java调试线协议 (Java Debug Wire Protocol, JDWP)
网络文件系统 (Network File System, NFS)
服务主体名称 (Service Principal Names, SPN)
简单身份验证 (Simple Authentication and Security Layer, SASL)
链路本地多播名称解析 (Link-Local Multicast Name Resolution, LLMNR)
分布式运行环境 / RPC (Distributed Computing Environment / Remote Procedure Calls, DCE/RPC)

12.14.2.2. 路由系统¶

自治系统 (Autonomous System, AS)
内部网关协议 (Interior Gateway Protocol, IGP)
外部网关协议 (External Gateway Protocol, EGP)
域内路由选择 (interdomain routing)
域间路由选择 (intradomain routing)
路由信息协议 (Routing Information Protocol, RIP)
开放最短路径优先 (Open Shortest Path First, OSPF)
动态路由协议 (Dynamic Routing Protocols, DRP)
首跳冗余性协议 (First Hop Redundancy Protocols, FHRP)
热备份路由器协议 (Hot Standby Router Protocol, HSRP)
虚拟路由冗余协议 (Virtual Router Redundancy Protocol, VRRP)
网关负载均衡协议 (Gateway Load Balancing Protocol, GLBP)
网络地址转换 (Network Address Translation, NAT)
点对点协议 (Point-to-Point Protocol, PPP)
生成树协议 (Spanning Tree Protocol, STP)
QUIC (Quick UDP Internet Connections)

12.14.2.3. 网络应用¶

证书透明度 (Certificate Transparency, CT)
DNS证书颁发机构授权 (DNS Certification Authority Authorization, CAA)
应用级网关 (Application Level Gateway, ALG)

12.14.2.4. Kerberos¶

密钥分发中心 (Key Distribution Center, KDC)
认证服务器 (Authentication Server, AS)
票据授权服务器 (Ticket Granting Server, TGS)

12.14.3. 开发相关¶

REST (Representation State Transformation)

12.14.4. 安全相关¶

缺点 (defect / mistake)
- 软件在实现上和设计上的弱点
- 缺点是缺陷和瑕疵的统称
缺陷 (bug)
- 实现层面的软件缺点
- 容易被发现和修复
- 例如：缓冲区溢出
瑕疵 (flaw)
- 一种设计上的缺点，难以察觉
- 瑕疵往往需要人工分析才能发现
- 软件系统中错误处理或恢复模块，导致程序不安全或失效
漏洞 (vulnerability)
- 可以用于违反安全策略的缺陷或瑕疵
交互式应用程序安全测试 (Interactive Application Security Testing, IAST)
动态应用程序安全测试 (Dynamic Application Security Testing, DAST)
静态应用程序安全测试 (Static Application Security Testing, SAST)
ATT&CK™ (Adversarial Tactics, Techniques, and Common Knowledge, ATT&CK)
横向移动 (Lateral Movement)
入侵和攻击模拟 (Breach and Attack Simulation, BAS)

12.14.4.1. 安全开发¶

安全信息和事件管理 (Security Information Event Management, SIEM)
自动化响应SOAR模型 (Security Orchestration, Automation and Response, SOAR)
SDL (Security Development Lifecycle)

12.14.4.2. 安全策略¶

跨域资源共享策略 (Cross-Origin Resource Sharing, CORS)
发件人策略框架 (Sender Policy Framework, SPF)
域名密钥识别邮件 (DomainKeys Identified Mail, DKIM)
基于域名的消息认证报告与一致性协议 (Domain-based Message Authentication, Reporting and Conformance, DMARC)
DNSSEC (The Domain Name System Security Extensions)
基于DNS的命名实体身份验证 (DNS-based Authentication of Named Entities, DANE)

12.14.4.3. 安全模型¶

构建安全成熟度模型 (Building Security In Maturity Model, BSIMM)

12.14.5. 攻击相关¶

12.14.5.1. 漏洞类型¶

跨站脚本攻击 (Cross Site Scripting, XSS)
跨站请求伪造 (Cross-Site Request Forgery, CSRF)
中间人攻击 (Man-in-the-middle, MITM)
服务端请求伪造 (Server Side Request Forgery, SSRF)
高级持续威胁 (Advanced Persistent Threat, APT)
远程命令执行 (Remote Command Execute, RCE)
远程代码执行 (Remote Code Execute, RCE)
带外数据 (Out-Of-Band, OOB)

12.14.5.2. 攻击方式¶

鱼叉攻击 (Spear Phishing)
水坑攻击 (Water Holing)
分布式拒绝服务 (Distributed Denial of Service, DDoS)

12.14.6. 防御相关¶

IoC (Indicators of Compromise)
IoA (Indicators of Activity)

12.14.6.1. 防御技术¶

网络检测响应 (Network-based Detection and Response, NDR)
终端检测响应 (Endpoint Detection and Response, EDR)
托管检测响应 (Managed Detection and Response, MDR)
扩展检测响应 (Extended Detection and Response, XDR)
自适应安全架构 (Adaptive Security Architecture, ASA)
零信任网络访问 (Zero Trust Network Access, ZTNA)
云安全配置管理 (Cloud Security Posture Management, CSPM)

12.14.6.2. 防护设施¶

入侵检测系统 (Intrusion Detection System, IDS)
主机型入侵检测系统 (Host-based Intrusion Detection System, HIDS)
主机入侵防御系统 (Host Intrusion Prevent System, HIPS)
RASP (Runtime Application Self-protection)
统一端点管理 (Unified Endpoint Management, UEM)

12.14.7. 运维¶

智能运维 (Artificial Intelligence for IT Operations, AIOps)
风险和脆弱性评估 (Risk and Vulnerability Assessments, RVA)
计算机安全应急响应组 (Computer Emergency Response Team, CERT)

12.14.8. 认证¶

单点登录 (Single Sign-On, SSO)
双因素认证 (Two-Factor Authentication, 2FA)
多因素认证 (Multi-Factor Authentication, MFA)
一次性密码 (One-Time Password, OTP)

12.14.8.1. Kerbose¶

认证服务器 (Authentication Server, AS)
密钥分发中心 (Key Distribution Center, KDC)
票据授权票据，票据的票据 (Ticket Granting Ticket, TGT)
票据授权服务器 (Ticket Granting Server, TGS)
特定服务提供端 (Service Server, SS)

12.14.9. 可信计算¶

可信平台模块 (Trusted Platform Module, TPM)

12.14.10. 云¶

12.14.10.1. 容器¶

容器运行时 (Container Runtime Interface, CRI)
开放容器标准 (Open Container Initiative, OCI)
开放容器格式标准 (Open Container Format, OCF)

12.14.10.2. 计算¶

弹性云计算 (Elastic Compute Cloud, EC2)
阿里云弹性云计算 (Elastic Compute Service, ECS)
云服务器 (Cloud Virtual Machine, CVM)

12.14.10.3. 存储¶

简单存储服务 (Simple Storage Service, S3)
对象存储 (Cloud Object Storage, COS)

12.14.10.4. XaaS¶

函数即服务 (Function as a Service, FaaS)
容器即服务 (Container as a Service, CaaS)
软件即服务 (Software as a Service, SaaS)
平台即服务 (Platform as a Service, PaaS)
基础设施即服务 (Insfrastructure as a Service, IaaS)

12.14.10.5. 特定平台¶

OCI (Oracle Cloud Infrastructure)

12.14.10.6. 其他服务¶

元数据服务 (Instance Metadata Service, IMDS)
持续集成 (Continuous Integration, CI)
持续交付 (Continuous Deployment, CD)
边缘计算机器 (Edge Computing Machine, ECM)