4. Notes¶
This document is structured on MIL-STD-498, described at A forgotten military standard that saves weeks of work (by providing free project management templates), by Kristof Kovacs. Specifically, this document is modelled on SSS.html.
4.1. Glossary of Terms¶
- Agile
- A programming methodology based on short cycles of feature-specific changes and rapid delivery, as opposed to the “Waterfall” model of system development with long requirements definition, specification, design, build, test, acceptance, delivery sequences of steps.
- Botnets System
- The name given to the re-implementation of Einstein 1 technology. See http://web.archive.org/web/20131115180654/http://www.botnets.org/
- cron
- A Unix/Linux service daemon that is responsible for running background tasks on a scheduled basis.
- CIFglue
- “Simple rails app to quickly add indicators to the Collective Intelligence Framework”
- Cryptographic Hash
Cryptographic Hashing Algorithm - A mathematical method of uniquely representing a stream of bits with a fixed-length numeric value in a numeric space sufficiently large so as to be infeasible to predictably generate the same hash value for two different files. (Used as an integrity checking mechanism). Commonly used algorithms are MD5, SHA1, SHA224, SHA256, RIPEMD-128. (See also http://en.wikipedia.org/wiki/Cryptographic_hash_function).
- CSCI
- An aggregation of software that satisfies an end use function and is designated for separate configuration management by the acquirer. CSCIs are selected based on tradeoffs among software function, size, host or target computers, developer, support concept, plans for reuse, criticality, interface considerations, need to be separately documented and controlled, and other factors.
- Einstein 1
- A network flow based behavioral and watchlist based detection system developed by University of Michigan and Merit Networks, Inc. for use by US-CERT. The re-implementation is known as the Botnets System.
- Fusion Center
- Entities created by DHS to integrate federal law enforcement and intelligence resources with state and local law enforcement for greater collaboration and information sharing across levels of SLTT governments.
- Git
- A source code version management system in widespread use.
- MUTEX
- Mutual Exclusion (object or lock, used to synchronize execution of independent threads or processes that must share a common resource in an exclusive manner, or to ensure only one copy of a program is running at a time)
- NetFlow
- Record format developed by Cisco for logging and storing Network Flow information (see also SiLKTools).
- NoSQL
- The term for database that does not use the typical table-based relational schema as Relational Database Management Systems (RDBMS)
- Ops-Trust (ops-t)
- Operational Security Trust organization (see http://ops-trust.net/)
- Port forwarding
- A mechanism used by NAT firewalls to forward a connection by port number to a host behind the NAT firewall. Also known as Destination NAT, or “DNAT”. (See NAT, DNAT.)
- Redis
- A “NoSQL” database system used to store files in a key/value pair model via a RESTful HTTP/HTTPS interface.
- SiLKTools
- A network flow logging and archiving format and tool set developed by Carnegie Mellon’s Software Engineering Institute (in support of CERT/CC).
- Team Cymru
- (Pronounced “COME-ree”) – “Team Cymru Research NFP is a specialized Internet security research firm and 501(c)3 non-profit dedicated to making the Internet more secure. Team Cymru helps organizations identify and eradicate problems in their networks, providing insight that improves lives.”
- Tupelo
- A host-based forensic system (client and server) developed at the University of Washington, based on the Honeynet Project “Manuka” system.
4.2. List of Acronyms¶
- AAA
- Authentication, Authorization, and Accounting
- AMQP
- Advanced Message Queuing Protocol
- API
- Application Programming Interface
- AS
- Autonomous System
- ASN
- Autonomous System Number
- CI
- Critical Infrastructure
- CIDR
- Classless Internet Domain Routing
- CIF
- Collective Intelligence Framework
- CIP
- Critical Infrastructure Protection
- CISO
- Chief Information and Security Officer
- CLI
- Command Line Interface
- COA
- Course of Action (steps to Respond and Recover)
- CONOPS
- Concept of Operations
- CRADA
- Cooperative Research and Development Agreement
- CSIRT
- Computer Security Incident Response Team
- CSV
- Comma-separated Value (a semi-structured file format)
- DNAT
- Destination NAT (see NAT and “port forwarding”)
- DIMS
- Distributed Incident Management System
- DNS
- Domain Name System
- DoS
- Denial of Service
- DDoS
- Distributed Denial of Service
- EO
- Executive Order
- GZIP
- Gnu ZIP (file compression program)
- HSPD
- Homeland Security Presidential Directive
- ICT
- Information and Communication Technology
- IOC
- Indicators of Compromise
- IP
- Internet Protocol (TCP and UDP are examples of Internet Protocols)
- IRC
- Internet Relay Chat (an instant messaging system)
- JSON
- JavaScript Object Notation
- MAPP
- Microsoft Active Protections Program
- MNS
- Mission Needs Statement
- NCFTA
- National Cyber-Forensics & Training Alliance
- NAT
- Network Address Translation
- NTP
- Network Time Protocol (a service exploited to perform reflected/amplified DDoS attacks by spoofing the source address of requests, where the much larger responses flood the victim)
- OODA
- Observe, Orient, Decide, and Act (also known as the “Boyd Cycle”)
- PPD
- Presidential Policy Directive
- PRISEM
- Public Regional Information Security Event Management
- RBAC
- Role Based Access Control
- RESTful
- Representational State Transfer web service API
- RPC
- Remote Procedure Call
- SCADA
- Supervisory Control and Data Acquisition
- SIEM
- Security Information Event Management (sometimes referred to as Security Event Information Management, Security Event Monitoring, causing some to pronounce it as “sim-sem”.)
- SLTT
- State, Local, Territorial, and Tribal (classification of non-federal government entities)
- SOC
- Security Operations Center
- SoD
- Security on Demand (PRISEM project support vendor)
- SSH
- Secure Shell
- STIX
- Structure Threat Information Expression. A standard for information exchange developed by MITRE in support of DHS US-CERT.
- TAXII
- Trusted Automated Exchange of Indicator Information
- TCP
- Transmission Control Protocol (one of the Internet Protocols)
- TLP
- Traffic Light Protocol
- TTP
- Tools, Tactics, and Procedures
- UC
- Use Case
- UDP
- Unreliable Datagram Protocol (one of the Internet Protocols)
- WCX
- Western Cyber Exchange