Flashcards: CISSP - Practice
About these flashcards
Created by:
Maestro_07 on July 16, 2010
Subjects:
Description:
ALL domains studies in various methods, combined others desks with my own.
Credits: aread327 and higgi
Groups:
Integrated Chinese Level 1 Part 1
Log in to favorite or report as inappropriate.All 564 terms
Terms | Definitions |
|---|---|
 Data Remanence | The remains of partial or even the entire data set of digital information |
| Disaster Recovery Planning (DRP) | Deals with restoring normal business operations after the disaster takes place...works to get the business back to normal |
| Maximum tolerable downtime | The maximum period of time that a critical business function can be inoperative before the company incurs significant and long-lasting damage. |
| 802.5 | IEEE standard defines the Token Ring media access method |
| Recovery Time Objective | The balance against the cost of recover and the cost of disruption |
| Resource Requirements | portion of the BIA that lists the resources that an organization needs in order to continue operating each critical business function. |
| Checklist | Test is one in which copies of the plan are handed out to each functional area to ensure the plan deal with their needs |
| Information Owner | The one person responsible for data, its classification and control setting |
| Job Rotation | To move from location to location, keeping the same function |
| Differential power analysis | A side-channel attack carry-out on smart cards that examining the power emission release during processing |
| Mitigate | Defined as real-time monitoring and analysis of network activity and data for potential vulnerabilities and attacks in progress. |
| Electromagnetic analysis | A side-channel attack on smart cards that examine the frequencies emitted and timing |
| Analysis | Systematic assessment of threats and vulnerabilities that provides a basis for effective management of risk. |
| Change Control | Maintaining full control over requests, implementation, traceability, and proper documentation of changes. |
| Containment | Mitigate damage by isolating compromised systems from the network. |
| 30 to 90 Days | Most organizations enforce policies to change password ranging from |
| Isochronous | Process must within set time constrains, applications are video related where audio and video must match perfectly |
| Detection | Identification and notification of an unauthorized and/or undesired action |
| Electronic Vaulting | Periodic, automatic and transparent backup of data in bulk. |
| Fault Tolerance | Mitigation of system or component loss or interruption through use of backup capability. |
| Incremental | A backup method use when time and space are a high importance |
| Secure HTTP | Protocol designed to same individual message securely |
| Criminal | Conduct that violates government laws developed to protect society |
| Class C | Has 256 hosts |
| RAID 0 | Creates one large disk by using several disks |
| Trade secrets | Deemed proprietary to a company and often include information that provides a competitive edge, the information is protected as long the owner takes protective actions |
| X.400 | Active Directory standard |
| Prevention | Controls deployed to avert unauthorized and/or undesired actions. |
| Redundant Array Of Independent Drives (RAID) | A group of hard drives working as one storage unit for the purpose of speed and fault tolerance |
| Proprietary | Define the way in which the organization operates. |
| Gateway | Used to connect two networks using dissimilar protocols at different layers of the OSI model |
| Classification | The assignment of a level of sensitivity to data (or information) that results in the specification of controls for each level of classification. |
| Data Integrity | The property that data meet with a priority expectation of quality and that the data can be relied upon. |
| Alarm Filtering | The process of categorizing attack alerts produced from an IDS in order to distinguish false positives from actual attacks |
| Coaxial Cable | A cable consisting of a core, inner conductor that is surrounding by an insulator, an outer cylindrical conductor |
| Concentrator | Layer 1 network device that is used to connect network segments together, but provides no traffic control (a hub). |
| Digital Signature | An asymmetric cryptography mechanism that provides authentication. |
| Eavesdropping | A passive network attack involving monitoring of traffic. |
| E-Mail Spoofing | Forgery of the sender's email address in an email header. |
| Emanations | Potentially compromising leakage of electrical or acoustical signals. |
| Fiber Optics | Bundles of long strands of pure glass that efficiently transmit light pulses over long distances. Interception without detection is difficult. |
| Fraggle | A Denial of Service attack initiated by sending spoofed UDP echo request to IP broadcast addresses. |
| Hijacking | Interception of a communication session by an attacker. |
| Hub | Layer 1 network device that is used to connect network segments together, but provides no traffic control (a concentrator). |
| Injection | An attack technique that exploits systems that do not perform input validation by embedding partial SQL queries inside input. |
| Interception | Unauthorized access of information (e.g. Tapping, sniffing, unsecured wireless communication, emanations) |
| IP Address Spoofing | Forging of an IP address. |
| IP Fragmentation | An attack that breaks up malicious code into fragments, in an attempt to elude detection. |
| Kerberos | A trusted third party authentication protocol |
| Incident response | Team should consist of: management, IT, legal, human resources, public relations, security etc. |
| Modification | A type of attack involving attempted insertion, deletion or altering of data. |
| Multiplexers | A device that sequentially switches multiple analog inputs to the output. |
| Open Mail Relay Servers | A mail server that improperly allows inbound SMTP connections for domains it does not serve. |
| Enticement | The legal act of luring an intruder, with intend to monitor their behavior |
| Packet Filtering | A basic level of network access control that is based upon information contained in the IP packet header. |
| Patch Panels | Provides a physical cross connect point for devices. |
| Private Branch Exchange (PBX) | A telephone exchange for a specific office or business. |
| Phishing | A social engineering attack that uses spoofed email or websites to persuade people to divulge information. |
| Physical Tampering | Unauthorized access of network devices. |
| Proxies | Mediates communication between un-trusted hosts on behalf of the hosts that it protects. |
| Repeaters | Layer 1 network device that is used to connect network segments together, but provides no traffic control (a concentrator). |
| Radio Frequency Interference (RFI) | A disturbance that degrades performance of electronic devices and electronic communications. |
| Rogue Access Points | Unauthorized wireless network access device. |
| Routers | A layer 3 device that used to connect two or more network segments and regulate traffic. |
| Satellite | A specialized wireless receiver/ transmitter placed in orbit that facilitates long distance communication. |
| Sequence Attack | An attack involving the hijacking of a TCP session by predicting a sequence number. |
| Shielding | Enclosure of electronic communication devices to prevent leakage of electromagnetic signals. |
| Smurf | A Denial of Service attack initiated by sending spoofed ICMP echo request to IP broadcast addresses. (See Fraggle) |
| Sniffing | Eavesdropping on network communications by a third party. |
| Source Routing Exploitation | A vulnerability in IP that allows an attacker to dictate the path of a communication and thereby access an internal network. |
| Spam | Unsolicited commercial email |
| Switches | A layer 2 device that used to connect two or more network segments and regulate traffic. |
| SYN Flooding | A Denial of Service attack that floods the target system with connection requests that are not finalized. |
| Tapping | Eavesdropping on network communications by a third party. |
| Tar Pits | Mitigation of spamming and other attacks by delaying incoming connections as long as possible. |
| Teardrop | A Denial of Service attack that exploits systems that are not able to handle malicious, overlapping and oversized IP fragments. |
| TEMPEST | A codename that refers to the study and mitigation of information disclosure via electromagnetic emanations from electronic equipment. |
| Twisted Pair | A simple, inexpensive cabling technology consisting of two conductors that are wound together to decrease interference. |
| War Dialing | Reconnaissance technique, involving automated, brute force identification of potentially vulnerable modems. |
| Worldwide Interoperability for Microwave Access (WI-MAX ) | A specification for wireless Metropolitan Area Networks (IEEE 802.16) that provides an alternative to the use of cable and DSL for last mile delivery. |
| Accreditation | The managerial approval to operate a system based upon knowledge of risk to operate |
| 1029 | 18 USC - Fraud and Related Activity in Connection with Access Devices |
| Certification | The technical and risk assesment of a system within the context of the operating environment |
| Common Criteria | The current internationally accepted set of standards and processes for information security products evaluation and assurance, which joins function and assurance requirements |
| Covert Channel | An unintended communication path |
| Data Hiding | A software design technique for abstraction of a process |
| Embedded | Hardware or software that is part of a larger system |
| NIDS | Usually inspect the header, because the data payload is encrypted in most cases |
| Framework | Third party processes used to organize the implementation of an architecture |
| Internet Architecture Board | Committee for internet design, engineering, and management, responsible for the architectural oversight of the IETF |
| 1024-49151 | Registered ports as defined by IANA |
| ITSEC | The past internationally accepted set of standards and processes for information security products evaluation and assurance, which separates function and assurance requirements |
| 6 | Semiformally verified design and tested |
| Memory Management | A program in the operating system responsible for maintaining the hierarchical storage relocation requirements for processes and data from RAM to hard drives |
| Race Condition | Processes carry out their tasks on a shared resource in an incorrect order |
| Multi-Processing | To execute more than one instruction at an instant in time |
| Multi-Processor | More than one processor sharing same memory, also know as parallel systems |
| Multi-Programming | Rapid switching back and forth between programs from the computer's perspective and appearing to do more that one thing at a time from the user's perspective |
| Multi-Tasking | More than one process in the middle of executing at a time |
| Preemptive | A type of multitasking that allows for more even distribution of computing time among competing request |
| Primary Storage | Memory - RAM |
| Process Isolation | A form of data hiding which protects running threads of execution from using each other's memory |
| Protection | Memory management technique that allows two processes to run concurrently without interaction |
| Reference Monitor | The hardware and software mediator of all subject and object interactions which has as its primary goal security policy enforcement. |
| Relocation | Memory management technique which allows data to be moved from one memory address to another |
| Ring Protection | Implementation of operating system protection mechanism, where more sensitive built upon the layering concept |
| Trademarks | Protect words, names, product shapes, symbols, colors, or a combination of these, used to identify product a company |
| Secondary Storage | The hard drive |
| Virtual Memory | Memory management programming which make the limited RAM of the physical machine appear to be more by using a portion of the hard drive |
| Wiretapping | A passive attack that eavesdrops on communications, only legal with prior consent or warrant |
| Electronic Vaulting | Makes copies of files as they are modified and periodically transmits them to an off-site backup site |
| Security Kernel | Subset of operating systems components dedicated to protection mechanisms |
| Structured Walk-through | Representatives from each functional area or department review the plan in its entirely |
| State Machine Model | Abstract and mathematical in nature, defining all possible states, transitions and operations |
| Internal use only | Information that can be distribute within the organization but could harm the company if disclosed externally |
| Synchronous token | Generates a one-time password that is only valid for a short period of time |
| User Mode | (problem or program state) the problems solving state, the opposite of supervisor mode |
| TCSEC (Orange Book) | The past U.S. military accepted set of standards and processes for computer systems evaluation and assurance, which combines function and assurance requirements |
| Threads | A unit of execution |
| TNI (Red Book) | The past U.S. military accepted set of standards and processes for network evaluation and assurance, which combines function and assurance requirements |
| Trusted Computing Base | All of the protection mechanism in a computer system |
| 636 | Many implementations run LDAP on SSL on this port |
| Activation | To start business continuity processes |
| Access Control Process | 1- Defining resources 2- Determining users 3- Specifying how users use recourse |
| Alternate Site | Location to perform the business function |
| Business Continuity Planning (BCP) | Organization's prior arrangements made to maintain the functions and processes important to the existence of the organization |
| Business Continuity Program | An ongoing program supported and funded by executive staff to ensure business continuity requirements are assessed, resources are allocated and, recovery and continuity strategies and procedures are completed and tested. |
| Business Continuity Steering Committee | A committee of decision makers, business owners, technology experts and continuity professionals, tasked with making strategic recovery and continuity planning decisions for the organization. |
| Asynchronous | Encrypt/Decrypt are processes in queues, key benefit utilization of hardware devices and multiprocessor systems |
| Copyright | Protects the expression of an idea, rather than the idea itself |
| Business Interruption Insurance | Insurance coverage for disaster related expenses that may be incurred until operations are fully recovered after a disaster. |
| Digital Signatures | Message encrypted is input into the hash function then the hash value is encrypted with the sender's private key |
| Business Recovery Timeline | The chronological sequence of recovery activities, or critical path, that must be followed to resume an acceptable level of operations following a business interruption. |
| Business Unit Recovery | The component of Disaster Recovery which deals specifically with the relocation of a key function or department in the event of a disaster, including personnel, essential records, communication facilities, fax, mail services, etc. |
| Checklist Test | (desk check) a test that answers the questions: Does the organization have the documentation it needs? Can it be located? |
| Cold Site | Recovery alternative, a building only with sufficient power, and HVAC |
| Discretionary | Enables data owners to dictate what subjects have access to the objects they own |
| Contingency Plan | A plan used by an organization or business unit to respond to a specific systems failure or disruption of operations. May use any number of resources (e.e workaround procedures, alternate work area, etc.) |
| Crisis | A critical event, which, if not handled in an appropriate manner, may dramatically impact an organization's profitability, reputation, or ability to operate. |
| Critical Functions | Business activities or information that could not be interrupted or unavailable for several business days without significantly jeopardizing operation of the organization. |
| Critical Infrastructure | Systems whose incapacity or destruction would have a debilitating impact on the economic security of an organization, community, nation, etc |
| Critical Records | Records or documents that, if damaged or destroyed, would cause considerable inconvenience and/or require replacement or recreation at considerable expense. |
| Damage Assessment | The process of assessing damage, following a disaster, to computer hardware, vital records, office facilities, etc. And determining what can be salvaged or restored and what must be replaced. |
| Data Backup Strategies | Those actions and backup processes determined by an organization to be necessary to meet its data recovery and restoration objectives, including timeframes, technologies, offsite storage, and will ensuretime objectives can be met. |
| Data Backups | The back up of system, application, program and/or production files to secondary media. Data backups can be used to restore corrupted or lost data or to recover entire systems and databases in the event of a disaster. |
| Data Recovery | The restoration of computer files from backup media to restore programs and production data to the state that existed at the time of the last safe backup. |
| Database Replication | The partial or full duplication of data from a source database to one or more destination databases. |
| Declaration | A formal announcement by pre-authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre-arranged mitigating actions (e.g. A move to an alternate site.) |
| Desk Check Test | A test that answers the questions: Does the organization have the documentation and people it needs. Do they understand the documentation? |
| Disaster | An event which stops business from continuing. |
| Disaster Recovery Plan | The document that defines the resources, actions, tasks and data required to manage the business recovery process in the event of a business interruption within the stated disaster recovery goals. |
| Disaster Recovery Teams (Business Recovery Teams) | A structured group of teams ready to take control of the recovery operations if a disaster should occur. |
| Red box | Simulates the alert tones of coins being deposited into a pay phone |
| Distributed Processing | A back up type, where the organization has excess capacity in another location. |
| Network Address Hijacking | Enable the attacker to re-route traffic from a network device to a personal machine |
| 4 | EAL Methodically designed, tested, and reviewed |
| Emergency | A sudden, unexpected event requiring immediate action due to potential threat to health and safety, the environment, or property. |
| Accidental threats | More than 3-4 of all security violations are linked to insiders of a company are |
| Emergency Procedures | A plan of action to commence immediately to prevent the loss of life and minimize injury and property damage. |
| Executive Succession | Planning for the delegation of authority required when decisions must be made without the normal chain of command |
| Disk Shadowing | Ensure availability of data and provide fault-tolerance by creating and maintaining two identical disks, provide online backup storage, but is very expensive |
| Forward Recovery | The process of recovering a database to the point of failure by applying active journal or log data to the current backup files of the database. |
| Full Test (Full Interruption) | A BCP testing type, a test that answers the question: Can the organization operate at the alternate location only? |
| High-Risk Areas | Heavily populated areas, particularly susceptible to high-intensity earthquakes, floods, tsunamis, or other disasters, for which emergency response may be necessary in the event of a disaster. |
| Hot Site | Recovery alternative, everything needed for the business function, except people and last backup |
| Full-interruption | Regular operations is completely stop and move to the alternative site |
| Incident Response | The response of an organization to a disaster or other significant event that may significantly impact the organization, its people, or its ability to function productively. |
| Integrated Test | A test conducted on multiple components of a plan, in conjunction with each other, typically under simulated operating conditions |
| Phreakers | Hackers who specialize in committing telephone fraud |
| Maximum Tolerable Downtime (MTD) | Amount of time for restoring a business process or function to normal operations without major loss |
| Data Source Name | A logical name for the data store and does not use the drive letter or directory location of the database. Can be use when programming ODBC |
| Mission-Critical Application | An application that is essential to the organization's ability to perform necessary business functions. Loss of the mission-critical application would have a negative impact on the business, as well as legal or regulatory impacts. |
| Mobile Recovery | A mobilized resource purchased or contracted for the purpose of business recovery. |
| 14443-4 | ISO/IEC standard for smart cards - Transmission protocol |
| Mock Disaster | One method of exercising teams in which participants are challenged to determine the actions they would take in the event of a specific disaster scenario. Mock disasters usually involve all, or most, of the applicable teams. |
| Data Mining | The act of collecting and analyzing large quantities of information to determine pattern of behavior and use them to form a conclusion about past, current, and future behavior |
| Off Site | A backup of data located where staff can not gain access readily and a regional disaster will not cause harm |
| Off-Site Storage | Alternate facility, other than the primary production site, where duplicated vital records and documentation may be stored for use during disaster recovery. |
| Dispersion | Spreading out of light pulses which overlap the preceding or upcoming purses, most prevalent in fiber optic cabling |
| Operational Exercise | One method of exercising teams in which participants perform some or all of the actions they would take in the event of plan activation. Operational exercises are typically performed under actual operating conditions |
| Operational Impact Analysis | Determines the impact of the loss of an operational or technological resource. The loss of a system, network or other critical resource may affect a number of business processes. |
| Operational Test | A test conducted on one or more components of a plan under actual operating conditions. |
| Synchronous (TIME BASED) dynamic | Uses time or a counter between the token and the authentication server, secure-ID is an example |
| Reciprocal Agreement | Agreement between two organizations (or two internal business groups) with basically the same equipment/same environment that allows each one to recover at each other's site. |
| Recovery Period | The time period between a disaster and a return to normal functions, during which the disaster recovery plan is employed. |
| Recovery Point Objective (RPO) | The point in time to which systems and data must be recovered after an outage. |
| Recovery Strategy | An approach by an organization that will ensure its recovery and continuity in the face of a disaster or other major outage. Plans and methodologies are determined by the organizations strategy. |
| Recovery Time Objectives | Maximum tolerance for loss of certain business function, basis of strategy |
| Remote Journaling | A database backup type which records at the transaction level |
| 2 | EAL Structurally tested |
| Digital Linear Tape | Is only 4mm in size, but compression technique and head scanning makes it a large capacity and fast |
| Mandatory | Users have clearances, and resources have security levels that contain data classifications |
| Risk Assessment / Analysis | Process of identifying the risks to an organization, assessing the critical functions, defining the controls in place to reduce organization exposure and evaluating the cost for such controls. |
| Risk Mitigation | Implementation of measures to deter specific threats to the continuity of business operations, and/or respond to any occurrence of such threats in a timely and appropriate manner. |
| Shadowing | (file shadowing) a backup type, for databases at a point in time |
| Security Domain | An area where common processes and security control work to separate all entities involved in these processes from other entities |
| Access | A flow of information between a subject and an object |
| Structured Walkthrough | One method of testing a specific component of a plan. Typically, a team member makes a detailed presentation of the component to other team members (and possibly non-members) for their critique and evaluation. |
| System Downtime | A planned or unplanned interruption in system availability. |
| Restricted | Information that utmost protection or, if discovered by unauthorized personnel, would caused irreparable damage |
| Hot Site | Fully configured with hardware, software, and environmental needs, can be up and running quickly, expensive |
| Uninterruptible Power Supply (Online) | A backup supply that provides continuous power to critical equipment in the event that commercial power is lost. |
| Vital Record | A record that must be preserved and available for retrieval if needed. |
| Warm Site | Recovery alternative which includes cold site and some equipment and infrastructure is available |
| IT Contingency | Plan for systems,networks, and major applications recovery procedures after disruptions, should be develop for each major system and application |
| Spiral | A design methodology which addresses risk early and often |
| Business Continuity Plan | Provides procedures for emergency responses, extended backup operations, and post-disaster recovery |
| System Life Cycle | Robust project management process of new systems with at least the following phases: design and development, production, distribution, operation, maintenance, retirement, and disposal |
| Object Oriented Programming (OOP) | A programming design philosophy and a type of programming language, which breaks a program into smaller units. Each unit has its own function. |
| Compartmentalization | The process of separating group of people and information from other groups such as isolated from each other thus information does not flow between them |
| Entrapment | Induces an individual to commit a crime other wise he won't, it is illegal |
| Dumpster diving | Refers to going through someone's trash to find information, it is legal, unless involves trespassing |
| Method | OOP concept of an object's abilities, what it does |
| Encapsulation | OOP concept of a class's details to be hidden from object |
| Polymorphism | Objects or programming that looks the different but act same |
| Inheritance | OOP concept of a taking attributes from the original or parent |
| Assembler | Converts a high level language into machine language |
| Compiler | Converts source code to an executable |
| Interpreter | Line by line translation from a high level language to machine code |
| Machine Language (Machine Code) | Program instructions based upon the CPU's specific architecture |
| 2-Phase Commit | A distributed system's transaction control that requires updates to complete or rollback |
| Black box | Manipulates line voltage to enable toll-free calling |
| Data Dictionary | A description of a database |
| Checkpoint | Part of a transaction control for a database which informs the database of the last recorded transaction |
| Trojan Horse | A program with an inappropriate second purpose |
| X.25 | Packet-switching technology that is used by telecom services for data-only traffic, operate at L3 and L2 |
| Federated identity | A portable identity, and its associated entitlements, that can be used across business boundaries, allow user to be authenticated across multiple IT systems |
| Logic Bomb | A program that waits for a condition or time to occur that executes an inappropriate activity |
| Data Diddler | Malware that makes small random changes to many data points |
| Remote Access Trojan | A Trojan horse with the express underlying purpose of controlling host from a distance |
| Rootkit | Malware that subverts the detective controls of an operating system |
| Payload | Final purpose or result |
| Botnet | Organized group of compromised computers |
| Spyware | Program that inappropriately collects private data or activity |
| Adware | Unsolicited advertising software |
| Deadlock | A condition in which neither party is willing to stop their activity for the other to complete |
| Business Impact Analysis | Qualitative & quantitative data is gathered, analyzed, interpreted, and presented to management |
| Damage Assessment | Responsible for determining: cause of the disaster, potential for further damage, and identify affected areas. |
| Fiber Distributed Data Interface | A token-passing ring scheme, has a second ring that remains dormant until an error condition is detected |
| Race Condition | A state where two subjects can access the same object without proper mediation |
| Time Of Check/Time Of Use | A race condition where the security changes during the object's access |
| Denial Of Service | An availability attack, to consume resources to the point of exhaustion |
| Distributed Denial Of Service | An availability attack, to consume resources to the point of exhaustion from multiple vectors |
| Trapdoors (Backdoors) (Maintenance Hooks) | A programming device use in development to circumvent controls |
| Buffer Overflow | Unchecked data which spills into another location in memory |
| Alternate Data Streams (File System Forks) | A covert storage channel on the file attribute |
| Malformed Input | Inappropriate data |
| Dangling Pointer | False memory reference |
| SQL Injection | A type of malformed input that takes advantage of an appropriate true conditional logic statement adding a request for data that is against the security policy |
| Cross-Site Scripting | Malware that uses the trust on a website to redirect users to untrusted websites which captures data or installs more malware |
| Kerberos | A network authentication protocol, provide protection by: authentication, authorization, and auditing |
| Separation of Duties | Distributing tasks and associated privileges among multiple people, primary objective to prevent fraud and errors |
| Confidential | Information that if release outside of the organization could create severe problems for the organization |
| Application Programming Interface | A library of commands maintained by a system for other programs to use, provides consistency and integrity for the programs |
| Synchronous | Each encryption and decryption request is perform immediately |
| Atomicity, Consistency, Isolation, Durability | A set of best practices for programmers to seek in all application or data base design |
| Atomicity | Indivisible, data field must contain only one value that either all transactions take place or none do |
| RIP | Distance vector routing protocol, doesn't offer security and is interior gateway protocol |
| Isolation | Another subject cannot see an ongoing or pending update until it is complete |
| Subject | An active entity that requests access to a passive entity |
| Cognitive | Passwords base on user's opinion or life experience |
| 5 Rules Of Evidence | Evidence must be: admissible, authentic, complete, accurate, and convincing |
| Accurate | Pertaining to law, high degree of veracity |
| Active Data | Information residing on computer systems, that is readily visible to the operating system with which it was created and is immediately accessible to users without deletion, modification or reconstruction. |
| Wireless Application Protocols | A specification for a set of communication protocols to standardize the way that wireless devices |
| Secure MIME | A standard for encrypting and digitally signing electronic mail and for secure data transmissions. |
| Archival Data | Archival Data is information that is not directly accessible to the user of a computer system but that the organization maintains for long-term storage and record keeping purposes. |
| Acronym for American Standard Code for Information Interchange (ASCII) | Text that does not include special formatting features and therefore can be exchanged and read by most computer systems |
| Information Classification | The practice of evaluating the risk levels of an organization's information to ensure that it receives the appropriate level of protection |
| Discretionary Access Control | The owner determines who has access to the data and what privileges they have - user centric |
| Binary | Ertaining to a number system that has just two unique digits. |
| Bit | A measurement of data. It is the smallest unit of data. A bit is either the "1" or "0" component of the binary code. |
| Remote journaling | Transmit the journal or transaction log offsite to a backup location |
| Burn | Slang for making (burning) a CD-ROM copy of data, whether it is music, software, or other data. |
| Targeted Attack | An attack that sends specially developed bot only to one or a few IP Addresses in the target organization |
| ALE | ARO X SLE |
| Cache | A type a computer memory that temporarily stores frequently used information for quick access. |
| Chain Of Custody | Recording the Who What When Where How of evidence |
| Civil Or Code Law | System of law based upon what is good for society |
| Mobile Code | Software that is transmitted across the network from a remote source to a local system then executed at the local system |
| Administrative | Covers standards of performance or conduct expected by government agencies from companies, industries, certain officials |
| Convincing | Pertaining to law, lending it self to one side of an argument |
| Cookie | Small data files written to a user's hard drive by a web server. |
| Copyright | Intellectual property protection for the expression of an idea |
| Salvage team | Responsible for starting the recovery of the original site |
| Deletion | Process whereby data is removed from active files and other data storage structures |
| Disaster Recovery Tape | Portable media used to store data that is not presently in use by an organization to free up space but still allow for disaster recovery. May also be called "Backup Tapes." |
| Excessive privileges | Employee has more rights than necessary to complete his tasks |
| Due Diligence | Actions measured against either a policy or what a reasonable person would do |
| Encryption | A procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it. |
| Diverse routing | A method of providing telecommunication continuity which involve routing traffic through split or duplicate cable facilities |
| File Extension | A tag of three or four letters, preceded by a period, which identifies a data file's format or the application used to create the file. |
| File Level Deletion | Renders the file inaccessible to the operating system, available to reuse for data storage. |
| Host-to-host | TCP/IP protocol provides for reliable end-to-end communication, ensure error free delivery, handles data's packet sequencing, and maintains the data's integrity |
| File Sharing | One of the key benefits of a network is the ability to share files stored on the server among several users. |
| Firewall | A system designed to prevent unauthorized access to or from a private network. |
| Forensic Copy | An exact bit-by-bit copy of the entire physical hard drive or floppy disk, including slack and unallocated space. Only forensic copy quality will hold up in court. |
| Fragmented Data | Fragmented data is live data that has been broken up and stored in various locations on a single hard drive or disk. |
| DNS | Relies on UDP whereas services such as: FTP, Telnet and SMTP rely on TCP |
| Hard Disk | A peripheral data storage device that may be found inside a desktop or laptop as permanent storage solution. The hard disk may also be a transportable version and attached to a desktop or laptop. |
| Simulation | Practice execution of the plan takes place, focus on specifics scenario, continues up to the point of actual relocation of the alternative site |
| Honeypot | A computer designed for the purpose of studying adversaries |
| Investigation | Methodical research of an incident with the purpose of finding the root cause |
| JPEG (Joint Photographic Experts Group) | An image compression standard for photographs |
| Legacy Data | Information which has retained its importance, but which has been created or stored by software/hardware that has been rendered obsolete. |
| 1030 | 18 USC - Fraud and Related Activity in Connection with Computers |
| Mirroring | The duplication of data for purposes of backup or to distribute network traffic among several computers with identical data. |
| Continuous authentication | A type of authentication that provides protections against impostors who can see, alter, and insert information passed between the claimant and verifier even after the claimant/verifier authentication is complete |
| Hierarchical Storage Management | Provides continuous online backup by using optical or tape jukeboxes |
| Residual Data | Residual Data (sometimes referred to as "Ambient Data") refers to data that is not active on a computer system. |
| Sampling | Process of statistically testing a data set for the likelihood of relevant information. |
| TIFF (Tagged Image File Format) | One of the most widely supported file formats for storing bit-mapped images. Files in TIFF format often end with a .tif extension. |
| Business Continuity Plan | Strategy documents that provide detailed procedures that: ensure business functions are maintained, help minimize losses of life, operations, and systems |
| Reciprocal Agreement | Two companies agreed to share their facility in the event of a disaster, not enforceable |
| Algorithm | Mathematical function that determines the cryptographic operations |
| Asymmetric | Encryption system using a pair of mathematically related unequal keys |
| Evidence | It must be legally permissible, meaning it was seized legally, and the chance of custody was not alter |
| Checksum | A mathematical tool for verifying no unintentional changes have been made |
| Cipher Text | Scrambled form of the message or data |
| Content-Dependent | This control is based on the actual information within the data rather than the general definition |
| ALE | ARO X SLE |
| HR Database | Normally consider the authority source for user identities because is where they are developed |
| Cryptanalysis | Code breaking, practice of defeating the protective properties of cryptography. |
| Social engineering | Act of tricking or deceiving a person into giving confidential or sensitive information |
| Cryptology | The study of cryptography and cryptanalysis |
| Civil Law | Wrongs against individuals or companies, resulting in damage or loss |
| Nondiscretionary | The administrator define and control access to rules for files in system |
| Class B | Has 65,536 hosts |
| Salami | Executed by carrying out smaller crimes with the hope that a larger crime will not be noticed |
| Encipher | Act of scrambling the cleartext message by using a key. |
| Initialization Vector | Randomly-generated value used by many cryptosystems to ensure that a unique ciphertext is generated |
| Key Clustering | Two different keys decrypt the same cipher text |
| Key Escrow | For PKI, to store another copy of a key |
| X.500 | Lightweight Directory Access Protocol |
| Key Space | Total number of keys available that may be selected by the user of a cryptosystem |
| Keyed-Hashing For Message Authentication | A hash that has been further encrypted with a symmetric algorithm |
| Least Privilege | Subjects and objects are given the minimum level of access required to perform functions or, tasks |
| 14443-1 | ISO/IEC standard for smart card physical characteristics |
| Router | A device where the two connecting networks must have the same network protocol |
| Blue box | Simulates a particular calling tone, enabling the theft of long distance service |
| Data diddling | Act of willfully modifying information, programs, or documentation in an effort to commit fraud or disrupt production |
| One Time Pad | A running key using a random key that is never used again |
| Permutation /Transposition | Moving letters around |
| Plain Text | Natural or human-readable form of message |
| Public Key Infrastructure (PKI) | A cooperative collection of business processes and technologies used for the purpose of binding individuals to a digital certificate |
| Occupant emergency plan | Establish personnel safety and evacuation procedures |
| Running Key | An encryption method that has a key as long as the message |
| SMTP | Works as an email transfer agent at the application layer |
| Side Channel Attack | Inference about encrypted communications |
| Steganography | Hiding the fact that communication has occurred |
| Cyberinsurance | Cover losses caused by Denial-of-Service, Malware damage, hackers, electronic theft, privacy-related lawsuits, and more |
| Symmetric | Encryption system using shared key/private key/single key/secret key |
| Watermarking | Intellectual property management technique for identifying after distribution |
| Work Factor | Effort/time needed to overcome a protective measure |
| Blackout | Prolonged, complete loss of electric power |
| Brownout | Reduction of voltage by the utility company for a prolonged period of time |
| Bumping | Hitting a filed down key in a lock with a hammer to open without real key |
| IPS | A system that's configured to automatically block suspected attacks in process without any intervention required by an operator |
| Fault | Momentary loss of power |
| Fire Detection | Alerts personnel to the presence of a fire |
| Restoration team | Responsible for getting the alternative site into a functioning environment |
| Fire Suppression | To reduce fire |
| Generator | Fault tolerance for power |
| Inrush Current | Initial surge of current |
| Asynchronous communication | Transfers data by sending bits of data in irregular timing patterns |
| 14443-3 | ISO/IEC standard for smart cards initialization and anticollision |
| Picking | Using small special tools all tumblers of the lock are aligned, opening the door |
| Warm Site | No computers, just peripheral, disk drives, controllers, and tape drives, most widely use option |
| Hearsay | Second hand evidence and usually not admissible in court |
| Surge | Sudden rise in voltage in the power supply. |
| Off-site media storage | ensures that up-to-date data is available in the event that the primary data center is damaged or destroyed. |
| cold site | an empty computer room with environmental facilities (UPS; heating, ventilation, and air conditioning [HVAC]; and so on) but no computing equipment. |
| warm site | is basically a cold site, but with computers and communications links already in place. |
| 5 | EAL Semiformally designed and tested |
| reciprocal site | your organization and another organization sign a reciprocal agreement in which you both pledge the availability of your organization's data center in the event of a disaster. |
| multiple data centers | larger organizations can consider the option of running daily operations out of two or more regional data centers that are hundreds (or more) of miles apart. |
| 3 | EAL Methodically tested and checked |
| Patent | Grants ownership and enables owner to legally enforce his rights to exclude others from using the invention. |
| MAC | The system applies controls based on the clearance of a user and the classification of an object or data - the owner provide the need to know |
| checklist | This type of DRP test is a detailed review of DRP documents, performed by individuals working on their own. It is used to identify inaccuracies, errors, and omissions in DRP documentation. |
| structured walkthrough | This type of DRP test is where several business and technology experts in the organization gather to "walk" through the BCP plan documents. |
| Simulation | This type of DRP test uses all the designated disaster recovery personnel practice going through the motions associated with a real recovery. |
| Parallel | A BCP test - Some systems are run at the alternate site |
| interruption (a.k.a. cutover) | this type of DRP test is similar to a parallel test except that in this test a function's computer systems are actually shut off or disconnected. |
| Desire service | Describe the destination for a TCP/UDP packet |
| Packet filtering firewall | Are not vulnerable to DOS attacks, should be place in the outermost boundary with an untrusted network |
| Parity Information | RAID 2 - Created using hamming code, detects errors and establishes location of the error on the drive |
| Object-Oriented Database | Reduces maintenance, ease of reusing code |
| Public Key Infrastructure | ISO authentication framework, provide: Integrity, Confidentially, Access Control, Authentication, and Nonrepudation |
| Offiline printing | Other unauthorized copies of reports could be printed |
| 0-1023 | Well Known ports |
| Black Boxes | Manipulates line voltage for toll free calls |
| Audit | Ensured system accountability |
| Identification | Recognition of an individual's assertion of identity, does not ensure accountability |
| RADIOUS | Central service, classified as AAA server, does not comparable with other similar server |
| Authentication - Biometric | one-to-one search to verify identity |
| CSMA/CD | LAN media access method |
| NFS | Use to share file between Unix computers |
| L2TP/PPTP | Tunneling protocols, operate at the Data Link Layer |
| Encapsulating Security Payload | Are limited due non-inclusion of IP header information |
| System development and maintenance | Can be perform by the same person in a well-controlled environment |
| Computing in Galois fields | Uses mathematical properties of modular arithmetic to make RSA more feasible for computer use |
| Rijndael | Maximum allow key size is 256 |
| Vibration detection devices | Are vulnerable to non-adversary disturbances |
| Identity Management | Most be able to scale to support the volume of data |
| LAN attack | Attacker sends spoofed packet SYSN flag set to the victim's IP address |
| Teardrop | Overlapping packets when the victims attempts to re-construct the packets the machine hangs |
| Smurf | Attacker sends spoofed ICMP echo traffic to a broadcast addresses |
| IPSec - Tunnel model | Required when the communication is gateway-to-gateway or host-to-host |
| What, how, where, when | Proper BACKUP procedure steps |
| 1994 U.S Communication Assistance for Law enforcement Act | Requires all communications carriers to make wiretaps possible |
| Risk Analysis | (1) Identify assets and their values (2) Identify vulnerabilities and threats (3) Quantify the probability and business impact of these potential threats (4) Provide an economic balance between the impact of threat and the cost of the countermeasure |
| RAID 1 | Mirroring, has the higher cost per megabyte |
| Twisted pair | Consist of two insulated wires arranged in a spiral pattern |
| PPP | Supports multiple network types in the same serial link |
| Dynamic packet filtering | Create ACLs on the fly, allows dynamic ports higher 1023 |
| SSL/TLS | Support server (mandatory) and client (optional) authentication |
| VDSL | Can delivery 52 Mbps downstream over a single cooper twisted wire |
| SDSL and HDSL | Deliver 1.544 of bandwidth each way |
| ADSL | Delivers a max of 9 Mpbs downstream |
| TCP | IP Header Field = 6 |
| UPD | IP Header Field = 17 |
| ICMP | IP Header Field = 1 |
| IGMP | IP Header Field = 2 |
| • Project initiation • Functional design analysis & planning • Security requirements developed • System design specifications • Software developments • Installation • Maintenance support • Revision and replacement | System Development Life Cycle phase |
| NIACAP | Establishes minimal levels national standards for certifying national security systems |
| Passwords management | Is a preventive control |
| Connection-Oriented protocols | Provide reliability at the Transport Layer |
| Authentication Header | Provides integrity, authentication, and (depend on the the algorithm) nonrepudation |
| Business continuity plan | Sustain organization's business |
| Access Control | The process of allowing only authorized users, programs, or other computer systems, to observe, modify, or otherwise take possession of the resources of a computer system. It also limit authorized users to some resources. |
| Facilities | Access control protect entry to, and movement around, an organization's physical location to protect its assets |
| Which users can access a system What resources they can access What operations they can perform Enforce accountability for their actions | Four Key to access control Specify: |
| EICAR | Use to test response of antivirus software on a computer system, a detectable string is use |
| Asset management | Involved knowing and keeping all company's IT assets up to date |
| Kernel proxy | All inspection and processing takes place within it at the lower layer |
| Frame relay | Allows multiple companies and networks to share WAN media |
| Data Terminal Equipment | The equipment use at the company-end in a frame relay environment |
| Data Circuit-Terminating Equipment | The equipment use by the service provider in a frame relay environment |
| Disaster, Interim operations, Alternate operations, Normal operations | Represents the correct sequence of tasks in a event of a disaster |
| Authentic, accurate, complete, convincing, admissible | 5 Rules of evidence |
| Smoke-Activated detectors | Early-warning device to start in evacuation, use photo-electric, detect variations in light intensity |
| The Federal Privacy act | Protects US citizen's sensitive information collected by government agencies |
| Port Address Translation | Minimize the number of public IP addresses that organization purchases |
| Grid computing | Massive computational power is available but is not suitable for processing sensitive data |
| ISO/IEC 27001 | Specifies requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented information security management system |
| ISO 9001 | ISO standard related to Quality management |
| ISO 14001 | ISO standard related to Environmental management |
| ISO 31000 | ISO Standard related to Risk Management |
| NIST-800-34 | The Business Continuity plan guidelines are defined |
| Monolithic | Operating systems functionality takes place in ring zero in privileged or supervisory mode |
| Checksums | Simple method used in symmetric key cryptography to ensured data integrity |
| Polyinstantiation | To protect sensitive data such as top secret, users lower-level users received fake view of the data |
| Electromagnetic Interference | Caused by electronic Motors, lightning, etc |
| Radio Frequency Interference | Caused by Components of Electrical System, Cables, Fluorescent Lighting, Truck Ignitions. Can cause permanent damage to sensitive system components |
| Magnetic Media | Affected from 100 degrees Fahrenheit |
| Disks | Damaged at 150 degrees Fahrenheit |
| Computer equipment | Damaged at 175 degrees Fahrenheit |
| Paper products | Damaged at 350 degrees Fahrenheit |
| EMI- Common Mode Noise | Noise from Radiation Generated by the difference between Hot and Ground wires |
| EMI- Traverse Mode Noise | Noise from Radiation Generated by the difference between Hot and Neutral wires |
| Brownout | Prolong loss of power |
| Project Initiation | Involves getting management support, developing the scope of the plan, and securing funding and resources |
| Transients | Line noise that is superimposed on the supply Circuit can cause fluctuation in power |
| Inrush Current | The initial surge of current required when there is an increase in power demand i.e starting a large motor |
| Electrostatic Discharge | Power surge generated by a person or device contacting another device and transferring high voltage shock. Affected by low humidity |
| Greater than 60 | Causes problems with condensation on computer equipment, corrosion of electrical connections |
| Less than 40 | Causes Increase in Electrostatic Discharge, up 4000 Volts under normal humidity and up to 25000 volts under very low humidity |
| Hygrometer | Measure humidity levels |
| 40 Volts | Static charge damage Sensitive Circuits and Transistors |
| 1000 Volts | Static charge damage Scramble Monitor Display |
| 1500 Volts | Static charge damage Disk Drive, causing data loss |
| 2000 Volts | Static charge damage System Shutdown |
| 4000 Volts | Static charge damage Printer Jam |
| 17000 Volts | Static charge damage Permanent Chip |
| Class A Fire | Common Combustibles such as paper, wood, furniture, clothing - Water, Foam |
| Class B Fire | Burnable fuels such as gasoline, oil, or alcohol - Inert Gas, CO2 |
| Class C Fire | Electrical fires such as computers and electronics - Inert Gas, CO2 - Turn off electricity first |
| Class D Fire | Special Fires, such as chemical, metal - Dry powder |
| Class K Fire | Commercial Kitchens - Wet Chemicals |
| Wet Pipe | Always contains water - most popular and reliable, 165 Fuse Melts - can freeze in winter - pipe breaks can cause floods |
| Dry Pipe | No water in Pipe - preferred for computer installations, use a clapper to hold the water, air blows out of pipe |
| Deluge | Water Discharge is large, not recommended for computer installations |
| Preaction | Most recommended for computer room, combines both dry and wet pipes, water released into pipe first then after fuse melts in nozzle the water is dispersed |
| Confidentiality | Efforts to prevent unauthorized discloser of information to those who do not the need, or right to see it |
| Pretty Good Privacy | First widespread public key encryption program, provide C by using IDEA and with MD5 |
| MOM | Motive, opportunity, and means |
| Administrative Control | These include the developing and publishing of policies, standards, procedures, guidelines, risk management, and security awareness training |
| Technical Control | These consist in implementing and maintaining access control mechanisms, password and resource management, identification and authentication methods, configuration of the infrastructure |
| Physical Control | These entail controlling access to a facility, and protecting its perimeter |
| Due Care | Term and concept used to help determine liability in a court of law, ensure someone is acting responsible |
| CobiT | A framework developed by the Information Systems Audit and Control Association and the IT Governance Institute. Defines the goals for the controls that should be used to properly manage IT and ensure IT maps to business needs. Four domains: Plan and Organize, Acquire and Implement, Deliver and Support, and Monitor and Evaluate |
| Class A | Has 16,777,216 host |
| Threat | The possibility that someone or something would exploit a vulnerability, intentionally, or accidentally |
| Risk | The probability of a threat agent exploiting a vulnerability and the loss potential |
| Strategic | Planning for longer term - 5 years or more |
| Tactical | Midterm planning - less than 5 years |
| Bastion host | A strongly protected computer that is in a network protected by a firewall (or is part of a firewall) and is the only host (or one of only a few hosts) in the network that can be directly accessed from networks on the other side of the firewall |
| Assurance | Degree of confidence that certain security level provided |
| Governance | Set of responsibilities and practices exercised by the board and executive management with the goal of providing strategic direction, ensured objectives are achieved and risks are properly managed. |
| OECD | An International organization that helps different governments to collaborate in order to tackled economic, social and governance challenges of the globalized economy |
| Total Risk | Threats x vulnerability x asset value = |
| Residual Risk | (Threats x vulnerability x asset value) x control gap = |
| Risk management | The process of identifying, assessing, and reducing risk to an acceptable level and implementing various mechanisms to maintain that level of risks |
| ALE | SLE x ARO = |
| Need to Know | Defines the minimum level of access for subjects based on their job or business requirements |
| Cipher-Only | The attacker has the ciphertext of several message, each message encrypted using the same algorithm. His goal is to discover the key used in the encryption process |
| Known-Plaintext | The attacker has the plaintext and ciphertext of one more messages. His goal is to discover the key used in the encryption process |
| Chosen-Plaintext | The attacker has the plaintext and ciphertext, but can choose the plaintext that gets encrypted to see the corresponding ciphertext |
| Chosen-Ciphertext | The attacker can choose the ciphertext to be decrypted and has access to the resulting decrypted plaintext. Hard to accomplished, the attacker may need to have control of the system |
| Differential cryptanalysis | The attacker takes two messages of plaintext and follows the changes that take place to the blocks as they go through the different S-boxes, each message is encrypted with same key |
| Linear Cryptanalysis | Attacker carries out a known-plaintext attack on several different messages encrypted with the same key, identifying specific output combination allows him to assign probability values to different keys, resulting on key display a pattern |
| Side-Channel Attack | Gathering outside information by watching how it behaves with the goal of uncovering the encryption key |
| Cryptography | The science of protecting information by encoding it into an unreadable format |
| Enigma | The most famous rotor machine used by the Germans in Word War II |
| Algorithms | The mathematical rules that dictate the functions of enciphering and deciphering |
| Cryptanalysis | The study of breaking cryptosystems |
| Key clustering | An instance in which two different keys generate the same ciphertext from the same plaintext |
| Polyalphabetic | Uses more than one alphabet to defeat frequency analysis |
| Steganography | A method of hiding data within another media type, such as graphic, WAV file, or document |
| Symmetric Key | Provide confidentially, but does not provide authentication or nonrepudiation |
| Symmetric algorithms | DES, 3DES, Blowfish, IDEA, RC4-RC6, and AES are |
| Asymmetric Key | Provide authentication or nonrepudiation, but is slower than its counterpart |
| Asymmetric algorithms | RSA, ECC, Diffie-Hellman, El Gamal, Knapsack, and DSA |
| Stream cipher | Use a keystream generator and encrypt a message one bit at a time, usually implemented in hardware |
| Block cipher | Divides the message into groups of bits and encrypts them, usually implemented in software |
| DES | A block cipher that divides a message into 64-bit blocks and employs S-box-type functions on them |
| 3DES | Uses 48 rounds of computation and up to three different keys |
| IDEA | A symmetric block cipher with a key of 128 bits |
| RSA | asymmetric algorithm developed three individuals, one named Adleman, is de facto standard for digital signatures |
| ECC | Asymmetric algorithm, provide digital signature, secure key distribution, and encryption. Use much less resources, more suitable for wireless device and cell phone encryption |
| Public Key Infrastructure | Framework of programs, procedures, communication protocols, and public key cryptography, enable secure communication among diverse individual |
| Certificate authority | Trusted third party that generates and maintains user certificates, which hold their public key |
| Certification revocation list | Keep track of revoked certificates |
| Certificate | A mechanism use to associate a public key to person's identity |
| Registration authority | Validates the user's identity and then sends a request to another entity to fulfill user's request |
| Hashing | These algorithms provide data integrity only |
| RSA | Based one a one-way function that factors large numbers into prime numbers, only the private key knows the trapdoor to decrypt the message |
| Message digest - Digital Signature | When a hash algorithm is applied to a message, it produces _________ and this value is signed with a private key to produce ___________ |
| HAVAL | Produces a variable-length hash value |
| Birthday | The attacker tries to create two messages with the same hashing value, brute force |
| SHA-1 | Produces a 160-bit hash value and is used in DSS |
| One-time pad | Random values XOred againts the message to produce ciphertext |
| Digital Signature | Result of a user performing an action on a hash value with a private key, provides authentication, nonrepudiation, and data integrity |
| RSA, El Gamal, ECDSA, and DSA | Algorithm use for digital signature |
| Key management | Most challenging task in cryptography, pertains to creating, maintaining, distributing, and destroying it |
| Diffie-Hellman | A key agreement protocol, does not provide any security services nor digital signature |
| Criminal Law | Individual's conduct violate certain criteria developed to protect the public |
| Privacy-Enhance Mail | An Internet standard that provides secure e-email over the Internet by using encryption, digital signatures, and key management |
| Message Security Protocol | The military version of Privacy-Enhance Mail |
| Pretty Good Privacy | An e-mail security that uses public key encryption, employs a web of trust |
| S-HTTP | Provides protection for message sent between two computers, but not the actual link |
| 49152-65535 | Dynamic and/or private ports |
| Secure Electronic Transaction | Proposed electronic commerce technology that provides a safer method for customer and merchant to perform transactions over the a public domain |
| Transport mode | The data payload is protected - IPSec |
| Tunnel mode | The payload and headers are protected - IPSec |
| X509 | Standard dictates different type of fields used within a certificate and the value within those fields |
| Electronic Code Book | Each block is encrypted independently, allowing randomly accessed files to be encrypted and still accessed without having to process the file in a linear encryption, for each block of plaintext the same block of ciphertext is produced - very short message 64 bits in length |
| Cipher Block Chaining | The result of encrypting one data is fed back into the process to encrypt the next block of data - Authentication |
| Cipher Feedback | Each bit produced in the keystream is the result of a predetermined number of fixed ciphertext bits - Authentication |
| Output Feedback | In The keystream is generated independently of the message - Authentication |
| Counter (CTR) | A 64 bit random data block is used as the first initialization - Used in high speed apps such as IPSec and ATM |
| Link Encryption | Encrypts all the data along a specific communication path i.e satellite, T3 line or telephone circuit. Data is decrypt and encrypt at each point - Layer 1 & 2 |
| End-to-end Encryption | The headers, addresses, routing, and trailer are not encrypted, provided at the end-user computer as result more flexible - Layer 7 |