Access Control Lists (ACLs) and security descriptors - A security descriptor is associated with each securable object. If permissions are configured for an object, the object’s security descriptor contains a Discretionary Access Control List (DACL), with Security Identifiers (SIDs) for the users and groups that are allowed or denied access. Access control is the process of authorizing users, groups, and computers access objects on the network by using permissions, user rights, and object auditing.
Access Tokens - An access token is a protected object that contains information about the identity and privileges associated with a user account. An access token identifies the user, the user's groups, and the user's privileges. The system uses the token to control access There are two kinds of access token, primary and impersonation.
Application Sandboxing - also called application containerization, is an approach to software development and mobile application management (MAM) that limits the environments in which certain code can execute. -WhatIs.com
"In the Windows world it primarily means running a process in a Job which limits its ability to interact with other processes." -msainsbury
Blacklisting - you allow everything and you create policies to block specific traffic or apps that you're concerned about.
- Less secure.
- Less work to manage.
*You can also create a mixture of white and blacklisting approaches.
Clients = any devices on a network that accesses something on another computer on your network.
Data Class = These are classes that have fields, getting and setting methods for the fields, and nothing else. Such classes are dumb data holders.
"I suppose it depends on how deep you’re going with the explanation. We actually use SQL to store the data, so your statement isn’t actually false, just not quite what I think we should convey. 'Metadata' leads me to believe we’re only describing data about the data. When, in fact, there isn’t anywhere else you would go to get at this data. It provides and storage and retrieval mechanisms for the actual data, not just the data about the data. Data Classes store data that is related to resources. There is metadata associated with the Data Class definition that describes the data — type, column name, etc. Data Classes are also associated to the type of resource that the data refers to." -kstephens
Domain Account - A domain account is the login required to access a managed section of resources on a network (i.e., domain). This allows a user to log into a computer that is connected to the domain, and be automatically connected to any network drive space that has been allocated for the domain account.
Extensibility = In software engineering, extensibility (not to be confused with forward compatibility) is a system design principle where the implementation takes future growth into consideration. It is a systemic measure of the ability to extend a system and the level of effort required to implement the extension. Extensions can be through the addition of new functionality or through modification of existing functionality. The central theme is to provide for change – typically enhancements – while minimizing impact to existing system functions.
GUID - (Globally Unique Identifier) is an ID number that provides a unique serial number that can be used on any item in the universe (e.g., Google pages, products on Amazon, articles on Wikipedia). It uses a format of 8-4-4-4-12 (e.g., 20dd870c-13ee-1f67-1847-8576fur83123).
Job Object - a job object allows groups of processes to be managed as a unit. https://msdn.microsoft.com/en-us/library/windows/desktop/ms684161(v=vs.85).aspx
Local Account - a local account controls access to one single, physical computer. Your local account credentials (username, password, and SID/UID) are stored locally on the computer's hard drive, and the computer checks its own files to authenticate your login. This differs from a network domain account which is created and stored on a network server (sometimes called a domain controller). Computers query the server for network access. A local account allows you some level of access to an individual computer. The local account's settings determine your rights for running programs, installing and removing programs, accessing files, and enabling or disabling services.
MS Silverlight = Microsoft's version of Flash.
MS Windows Server = type of OS that provides very specific functions.
Notification Server (NS) - Notification Server (NS) is the central component of the Symantec Management Platform (previously referred to as the Altiris Platform). Notification Server is the framework on which solution developers (internal or external to Symantec) build new solutions to provide integrated IT management. NS installs and manages the Symantec Agent, passes data to and from the CMDB, interacts with other Platform components, and displays information through the Symantec Management Console (the IT administrator's "view" into NS). (http://portals.altiris.com/portals/13/sdk/SMP%207.0/SMP/NotificationServerBasics.html)
Object - an object (or Windows object) is a data structure that represents a system resource, such as a file, thread, or graphic image. An application cannot directly access object data or the system resource that an object represents. Instead, an application must obtain an object handle which it can use to examine or modify the system resource. https://msdn.microsoft.com/en-us/library/windows/desktop/ms724457(v=vs.85).aspx
Policies = rules put in place to support the security of a network.
Network policies are sets of conditions, constraints, and settings that allow you to designate who is authorized to connect to the network and the circumstances under which they can or cannot connect. Network policies can be viewed as rules. Each rule has a set of conditions and settings. http://msdn.microsoft.com/en-us/library/cc754107.aspx
Policies per Arellia products = Policies define how often an endpoint needs to perform a certain action. Policies are downloaded and cached by endpoints.
Provisioning = to grant access to user groups.
Security Descriptors = data structures of security information for securable Windows objects, that is objects that can be identified by a unique name (Wikipedia). A security descriptor contains the security information associated with a securable object (Microsoft).
Server = a networked device that provides a service on your network (e.g., file server, print server).
Shim - a small library that transparently intercepts API calls and changes the arguments passed, handles the operation itself, or redirects the operation elsewhere. Shims typically come about when the behavior of an API changes, thereby causing compatibility issues for older applications which still rely on the older functionality. Shims can also be used for running programs on different software platforms than they were developed for. Go to Application Compatibility Actions.
Security Identifiers (SIDs) - Every account and group is automatically assigned a security identifier (SID) when the account or group is created.
"the system" = in reference to Arellia, it's the "Arellia Management Server system."
Tasks = functions for tools to complete that can be automated using the command console.
MM 01/07/15 "There's a difference, but there's not a difference [[between policies and tasks]]. There's a Basic Inventory Policy and a Basic Inventory Task that do the exact same thing. The difference is that Policies send feedback to the server at one set time, but Tasks can specify that feedback be sent to the server at any designated time or schedule. Most commonly, to get quick feedback about the user on a new computer on the network, go to Basic Inventory.
Anything you can do on a policy level with local security and the general policies, and even security analysis can be done under Tasks. These are items sent from the server to the agent, and as long as the agent has network connectivity the task will be executed by the agent and the feedback sent to the server."
Whitelisting - Application whitelisting is a computer administration practice used to prevent unauthorized programs from running. The purpose is primarily to protect computers and networks from harmful applications, and, to a lesser extent, to prevent unnecessary demand for resources.
Zero-day attack - a (or zero-hour or day zero) attack or threat is an attack that exploits a previously unknown vulnerability in a computer application or operating system, one that developers have not had time to address and patch.