Capability (Security)

Apr 3, 2021
Share on:

Top > Transversal > People and Process > Architectural Capabilities > Capability (Security)

  • ALPN - Application-Layer Protocol Negotiation Extension (ALPN) is a TLS extension, used in the HTTP/2 protocol, that helps decreasing website load times and encrypt connections faster by avoiding additional round trips.  🌐
  • Anti-Virus Scanning - The ability to scan for known worms, trojans, and other threats.  🌐
  • Backup and Restore - The ability to backup data, and restore relevant systems that rely on such data, in the event of a disaster, respectively.  🌐
  • Backup and Restore (Long term) - The ability to preserve (and restore) data for a long term (months or years), typically using tape technology, and geographically distributed sites.
  • CIDR - Classless InterDomain Routing (CIDR) is a method for fine-grained IP allocation ,using variable-length subnet masking (VLSM), that replaces the original classful network architecture which consists of classs A, B and C. The old classful architecture was too abrupt in its addressing range; for example, whether class C only allowed addressing 254 hosts, class D allowed 65,534 with no room for more specific ranges.  🌐
  • Container Security - The ability to scan container images (as well as live running containers) for security threats.  🌐
  • Denial-of-service (DoS) - A type of attack that seeks to make a machine or network resource unavailable to its intended users.   🌐
  • Disk Encryption - The ability to protect data at rest.  🌐
  • Distributed Denial-of-Service (DDoS) - Similar to a DoS attack except that the incoming traffic originates from many different sources.  🌐
  • IDS - An Intrusion Detection System (IDS) monitors a network or systems for malicious activity or policy violations.   🌐
  • IPS - A Intrusion Prevention System (IPS) is an enhanced form of IDS which adds the ability to block or stop malicious activity.  🌐
  • Key Management - The ability to generate, exchange, store, use, and destroy cryptographic keys.  🌐
  • OS Patching - The ability to patch an OS and its packages to mitigate vulnerabilities and bugs.  🌐
  • One-way TLS termination (TLS) - This is the capability used for most public-facing Internet websites.  🌐
  • Post-Quantum TLS - A project to make TLS resistant to future attacks from quantum computers.  🌐
  • Private CA - Similar to a Public CA but applicable in the context of private networks/intranets without access to the public Internet.  🌐
  • Privileged Access Management (PAM) - A set of cybersecurity strategies and technologies for exerting control over the elevated ("privileged") access and permissions for users, accounts, processes, and systems across an IT environment.  🌐
  • Public CA - A Certificate Authority (CA) typically generates, issues, and manages public and private SSL/TLS certificates for publicly accessible websites.  🌐
  • Rating / Limiting (e.g. max TPS) - CA-API-Authn
  • Stateful Firewall - A statefull firewall is TCP-aware and does not require the specification for outbound access for the likes of HTTP, SSH, etc.  🌐
  • Two-way TLS termination (mTLS) - This capability requires clients to be authenticated with the server as well. It is typically used in B2B scenarios.  🌐

Before You Leave

🤘 Subscribe to my 100% spam-free newsletter!

website counters