IPsec (Internet Protocol Security):

IPsec is a protocol suite used for securing Internet Protocol (IP)

communications by authenticating and encrypting each IP
packet in a data stream. It provides confidentiality, integrity,
and authentication to network communications, commonly
used in VPN (Virtual Private Network) connections to ensure
secure data transmission over public networks.

Containment:

Containment refers to the practice of isolating and restricting

the scope of a security incident to prevent its spread to other
parts of the network. It involves actions such as quarantining
infected devices, blocking network access, and limiting
privileges to contain the impact of a security breach.

Isolation:

Isolation involves separating potentially compromised or

vulnerable systems from the rest of the network to prevent the
spread of threats. Isolation can be achieved through network
segmentation, VLANs (Virtual Local Area Networks), or physical
separation to minimize the impact of security incidents and
protect critical assets.

Segmentation:

Segmentation involves dividing a network into smaller, isolated

segments to improve security and performance. Segmentation
can be implemented using firewalls, routers, and switches to
control traffic flow between segments, reducing the attack
surface and limiting the impact of security breaches.

Certificates:

Digital Certificates:

Digital certificates are electronic documents that bind an

entity's identity (such as an individual, organization, or device)
to a public key cryptographically. They are primarily used for
authentication, data integrity, and encryption in secure
communications over networks.

X.509 Certificates:
X.509 is a standard format for public key certificates defined by
the International Telecommunication Union (ITU-T). X.509
certificates are widely used in various security protocols and
applications, including SSL/TLS, S/MIME (Secure/Multipurpose
Internet Mail Extensions), and digital signatures.

Self-Signed Certificates:

Self-signed certificates are certificates where the entity signs its

own public key instead of being signed by a CA. While self-
signed certificates can provide encryption, they lack the
validation provided by CA-signed certificates.

Wildcard Certificates:

Wildcard certificates allow a single certificate to be used for

multiple subdomains within a domain. They simplify certificate
management by securing multiple subdomains with a single
certificate.

Extended Validation (EV) Certificates:

EV certificates are a type of SSL/TLS certificate that undergoes a
more rigorous validation process to verify the identity of the
certificate holder. They are used primarily by e-commerce
websites and other online services to provide users with visual
indicators of enhanced identity validation and trustworthiness.

Certificate Authorities (CAs):

Public Key Infrastructure (PKI):

PKI is a framework of hardware, software, policies, and

procedures used to create, manage, distribute, and revoke
digital certificates. It enables secure communication and
transactions over the internet by providing mechanisms for
certificate issuance, validation, and trust management.

Root Certificate Authority:

Root CAs are the top-level CAs in a hierarchical PKI structure.
They issue and sign intermediate CA certificates and end-entity
certificates, establishing trust anchors in PKI.

Intermediate Certificate Authority:

Intermediate CAs are subordinate to root CAs and issue

certificates on their behalf, enhancing the scalability and
security of PKI by delegating certificate issuance
responsibilities.

Certificate Revocation:

Certificate revocation is the process of invalidating a previously

issued certificate before its expiration date. CAs maintain
certificate revocation lists (CRLs) or use online certificate status
protocols (OCSP) to inform relying parties about revoked
certificates.
Understanding certificates and CAs is crucial for securing
communications, verifying identities, and maintaining trust in
digital transactions and interactions across networks.

Identity and Access Management (IAM) including

deprovisioning:

IAM involves managing and controlling user identities, their

access rights, and permissions to resources within an
organization's IT environment. IAM systems handle user
provisioning, deprovisioning, authentication, authorization, and
auditing to enforce security policies and ensure compliance.

Baselining:

Baselining involves establishing a baseline or standard

configuration for systems, networks, or applications to monitor
deviations and detect anomalies. Baselines serve as reference
points to assess the security posture, performance, and
compliance of IT assets, enabling proactive threat detection
and incident response.
Normalization:

Normalization involves organizing and standardizing data

formats, structures, or values to eliminate redundancy and
improve data integrity. In the context of security, normalization
helps detect and mitigate threats by normalizing logs, network
traffic, or access controls to identify patterns and anomalies
more effectively.

TLS 1.3 (Transport Layer Security):

TLS 1.3 is a cryptographic protocol used to secure

communication channels over a computer network, such as the
Internet. It provides encryption, authentication, and integrity
protection for data transmitted between clients and servers,
ensuring privacy and security for online transactions, web
browsing, and other applications.