Acronym List taken directly from CompTIA Security+: Get Certified Get Ahead Appendix A
Terms in this set (212)
A port based authentication protocol. Wireless can use 802.1X.
Uses multiple keys and multiple passes
Not as efficient as AES
Authentication, authorization, and accounting.
Protocol used in remote access systems such as TACACS+
Access Control Entry
Identifies a user or group that is granted permission to a resource.
Contained within a DACL in NFTS
Access control list. A list of rules used to grant access to a resource.
In NFTS, a list of ACEs makes up the ACL.
In a firewall, an ACL identifies traffic that is allowed or blocked based on IP addresses, networks, ports, and some protocols.
Advanced Encryption Standard.
A symmetric algorithm used to encrypt data and provide confidentiality.
It is quick, highly secure, and used in a wide assortment of cryptography schemes.
It includes key sizes of 128 bits, 192 bits, or 256 bits.
Advanced Encryption Standard 256 bit.
AES sometimes includes the number of bits used in the encryption keys and AES256 uses 256-bit encryption keys.
IPSec includes both AH and ESP. AH provides authentication and integrity, and ESP provides confidentiality, integrity, and authentication.
AH is identified with protocol ID 51.
Annualized Loss Expectancy.
Used to measure risk with annualized rate of occurrence (ARO) and single loss expectancy (SLE).
ALE identifies the total amount of loss expected for a given risk.
ALE = SLE * ARO
Access Point, short for wireless access point (WAP). APs provide access to a wired network to wireless clients. Many APs support isolation mode to segment wireless users from other wireless users.
Annualized rate of occurrence.
Used to measure risk with annualized loss expectancy (ALE) and single loss expectancy (SLE).
ARO identifies how many times a loss is expected to occur in a year.
ARO = ALE/SLE
Address Resolution Protocol.
Resolves IP addresses to MAC addresses.
ARP Poisoning attacks can redirect traffic through an attacker's system by sending false MAC address updates. VLAN segregation helps prevent the scope of ARP poisoning attacks within a network.
Acceptable Use Policy. An AUP defines proper system usage. It will often describe the purpose of computer systems and networks, how users can access them, and the responsibilities of users when accessing the systems.
Business Continuity Plan.
A plan that helps an organization predict and plan for potential outages of critical services or functions.
Includes Disaster Recovery Plan (DRP) and Business Impact Analysis (BIA)
Business Impact Analysis
The BIA identifies critical business or mission requirements and includes elements such as Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) but it does not identifiy solutions.
Basic Input/Output System.
A computer's firmware used to manipulate different settings such as the date and time, boot drive, and access password
Automated program or system used to perform one or more tasks.
Attackers use malware to join computers to botnets.
An organization that manages, issues, and signs certificates and is part of a PKI.
Certificates are an important part of asymmetric encryption.
Common Access Card
A specialized type of smart card used by United States Department of Defense. It includes photo identification and provides confidentiality, integrity, and authentication, and non-repudiation for the users. It is similar to a PIV.
Controller Area Network. A standard that allows microcontrollers and devices to communicate with each other without a host computer.
Counter mode with Cipher Block Chaining Message Authentication Code Protocol.
An encryption protocol based on AES used with WPA2 for wireless security.
It is more secure than TKIP, used with the original release of WPA.
This is a detective control that provides video surveillance.
Provides reliable proof of a person's location and activity. Can be used to verify if any equipment or data is being removed.
Computer Emergency Response Team. A group of experts that respond to security incidents. Also known as CIRT, SIRT, or IRT.
Challenge Handshake Authentication Protocol. Authentication mechanism where a server challenges a client.
MS-CHAPv2 is an improved over CHAP and uses mutual authentication
Confidentiality, Integrity, and Availability.
These three form the security triad.
Computer Incident Response Team. Same as CERT
Continuity of Operations Plan
A COOP site provides an alternate location for operations after a critical outage.
A Hot site is a COOP site that includes personnel, equipment, software, and communications capabilities of the primary site with all the data up to date.
Can provide failover in less than an hour
A warm site is a compromise between a hot site and a cold site
A cold site will have power and connectivity needed for COOP activation.
Cyclical Redundancy Check
An error detection code used to detect accidental changes that can affect the integrity of data.
Certification Revocation List
A List of certificates that have been revoked. Certificates are commonly revoked if they are compromised. The certificate authority (CA) that issued the certificate publishes a CRL, and a CRL is public
Discretionary Access Control
An access control model where all objects have owners and owners can modify permission for the objects (files and folders).
NTFS uses DAC model
Discretionary Access Control List.
List of Access Control Entries (ACEs) in Mircosoft's NTFS. Each ACE includes a security identifier (SID) and a permission.
An attack on a system launched from multiple sources intended to make a computer's resources or services unavailable to users. DDoS attacks are often launched from zombies in botnets.
DDoS attacks typically included sustained, abnormally high network traffic.
A Performance Baseline helps administrators detect a DDoS.
Data Execution Prevention.
A security feature in some operating systems that helps prevent an application or service from executing code from a non executable memory region.
Digital Encryption Standard
An older symmetric encryption standard used to provide confidentiality.
DES uses 56 bits and is considered cracked
Dynamic Host Configuration Protocol
A service used to dynamically assign TCP/IP configuration information to clients. DHCP is often used to assign IP addresses, subnet masks, default gateways, DNS server addresses, and much more.
Dynamic Link Library.
A compiled set of code that can be called from other programs
Data Loss Protections
A network-based DLP system can examine and analyze network traffic. It can detect if confidential company data or any PII data is included in e-mail and reduce the risk of internal users e-mailing data outside the organization.
Area between two firewalls separating the internet and an internal network. A DMZ provides a layer of protection for Internet-facing servers. It allows access to a server or service for internet users while segmenting and protecting access to the internal network.
Domain Name System.
Used to resolve host names to IP addresses. DNS is the primary name resolution service used on the internet and is also used on internal networks.
Uses port 53.
Attempts to modify or corrupt cached DNS results.
A specific type of DNS poisoning that redirects a website's traffic to another website.
Denial of Service
An attack from a single source that attempts to disrupt the services provided by another system.
Examples include: SYN flood, Smurf, and some buffer overflow attacks.
Disaster Recovery Plan
A document designed to help a company respond to disasters such as hurricanes, floods, and fires.
Testing validates the plan.
Final phase of DRP includes a review to identify any lessons learned and then update the DRP
Encrypted hash of a message. The sender's private key encrypts the hash of the message to create the digital signature. The recipient decrypts the hash with the sender's public key.
It provides authentication, non-repudiation, and integrity.
Extensible Authentication Protocol
An authentication framework that provides general guidance for authentication methods. Variations include LEAP and PEAP
Elliptic curve cryptography
Commonly used with smaller wireless devices. It uses smaller key sizes and requires less processing power than many other encryption methods
Encrypting File System
A feature within NFTS on Windows systems that supports encrypting individual files or folders for confidentiality.
Interference caused by motors, power lines, and fluorescent lights. Cables can be shielded to protect signals from EMI. Shielding also prevents signal emanation
Encapsulating Security Protocol
Protocol ID 50
IPsec includes ESP which provides confidentiality, integrity, and authentication
File Transfer Protocol
Ports 20 and 21
Secure File Transfer Protocol
Uses SSH for encryption
Uses SSL or TLS for encryption
Ports 989 and 990
GNU Privacy Guard
Free software that is based on the OpenPGP standard It is similar to PGP but avoids any conflict with existing licensing by using open standards.
Group Policy Object
Used within Microsoft Windows to manage users and computers. It is implemented on a domain controller within a domain. Administrators use it to create password policies, lock down the GUI, configure host-based firewalls, and much more.
Global Positioning System
GPS tracking can help locate lost mobile phones.
Remote wipe, or remote sanitize, erases all data on lost devices. Full disk encryption protects the data on the device if it is lost.
Generic Routing Encapsulation
A tunneling protocol developed by Cisco Systems
Graphical User Interface
Hard Disk Drive
A disk drive that has one or more platters and a spindle. In contrast, USB flash drives use flash memory
Host-based Intrusion Detection System
An IDS used to monitor an individual server or workstation. It protects local resources on the host such as the operating system files.
Host-based Intrusion Prevention System
An extension of a HIDS Designed to react in real time to catch an attack in progress.
Hash-Based Message Authentication Code
HMAC is a fixed length string of bits similar to other hashing algorithms such as MD5 and SHA-1, but it also uses a secret key to add some randomness to the result
Hardware Security Module
A removable or external device that can generate, store, and manage RSA keys used in asymmetric encryption.
High-volume e-commerce sites use HSMs to increase the performance of SSL sessions. High-availability clusters needing encryption services can use clustered HSMs
Hypertext Markup Language
Hypertext Transfer Protocol
Web traffic on the internet and in intranets
Hypertext Transfer Protocol Secure
Encrypts HTTP traffic with SSL or TLS.
Heating, Ventilation, and Air Conditioning
Increase availability by regulating airflow within data centers and server rooms. They use hot and cold to regulate the cooling, thermostats to ensure a relatively constant temperature, and humidity controls to reduce the potential for static discharges, and damage from condensation.
Often integrated with the fire alarm systems and either have dampers or the ability to be turned off in the even of fire.
Infrastructure as a Service
A cloud computing technology useful for heavily utilized systems and networks. Organizations can limit their hardware footprint and personnel costs by renting access to hardware such as servers.
Internet Control Message Protocol
Used for diagnostics such as ping. Many DoS attacks use ICMP.
It is common to block ICMP at firewalls and routers. If ping fails, but other connectivity to a server succeeds, it indicates that ICMP is blocked
Intrusion Detection System
A detective control.
uses a database of predefined traffic patterns
starts with a performance baseline of normal behavior and compares network traffic against this baseline
Institute of Electrical and Electronics Engineers
Internet Group Management Protocol
Used for multicasting. Computers belonging to a multicasting group have multicasting IP address in addition to a standard unicast IP address
Internet Information Services
A Microsoft Windows Web Server
Internet Key Exchange
Used with IPsec to create a secure channel over port 500 in a VPN tunnel
Internet Message Access Protocol v4
Used to store e-mail on servers and allow clients to manage their e-mail on the server
Intrusion Prevention System
Will stop an attack in progress. Similar to an IDS except that it's placed in line with traffic. It can monitor data streams, detect malicious content, and stop attacks in progress
Internet Protocol Security
Used to encrypt traffic on the wire and can operate in both tunnel mode and transport mode. It uses tunnel mode for VPN traffic.
IPsec is built into IPv6, but can also work with IPv4 and it includes both AH and ESP.
Internet Protocol v4
32-bit IP Address
Internet Protocol v6
128-bit IP Address
Internet Relay Chat
A form of real-time internet text messaging often used with chat sessions
Incident Response Team. See CERT
Internet Service Provider
Company that provides internet access to customers
An IV provides randomization of encryption keys to help ensure that keys are not reused.
WEP was susceptible to IV attacks because it used relatively small IVs. In an IV attack, the attacker uses packet injection, increasing the number of packets to analyze, and discovers the encryption key.
Key Distribution Center
Part of the Kerberos protocol used for network authentication.The KDC issues time-stampted tickets that expire
Layer 2 Tunneling Protocol.
Tunneling protocol used with VPNs. L2TP is commonly used with IPsec.
Local Area Network
Group of hosts connected within a network
Local area network manager
Older authentication protocol used to provide backward compatibility to Windows 9x clients. LANMAN passwords are easily cracked due to how they are stored
Lightweight Directory Access Protocol
Language used to communicate with directories such as Microsoft Active Directory.
Lightweight Extensible Authentication Protocol
A modified version of CHAP created by Cisco
MAC (Type of Access Control Model)
Mandatory Access Control
Access control model that uses sensitivity labels assigned to objects (files and folders) and subjects (users).
SELinux (deployed in both Linux and Unix platforms) is a trusted operating system platform using the MAC control.
Media Access Control
48-bit address used to uniquely identify network interface cards.
It is also called a hardware address or physical address
** Port security on a switch can limit access using MAC filtering.
Metropolitan Area Network
A computer network that spans a metropolitan area such as a large city or a large campus
Master Boot Record
An area on a hard disk in its first sector. When the BIOS boots a system, it looks at the MBR for instructions and information on how to boot the disk and load the operating system.
Message Digest 5
A hashing function used to provide integrity.
128-bit hashes. Verifies Integrity
Man in the Middle
This attack is a form of active interception allowing an attacker to intercept traffic and insert malicious code sent to other clients. Kerberos provides mutual authentication and helps prevent MITM attacks
Microsoft Challenge Handshake Authentication Protocol
Microsoft's version of CHAP
Provides Mutual Authentication
Maximum Transmission Unit
MTU identifies the size of data that can be transferred
Network access control
Inspects clients for health and can restrict network access to unhealthy clients to a remediation network. Clients run agents and these agents report status to a NAC server. NAC is used for VPN and internal clients. MAC filtering is a form of NAC.
Network Address Translation
A service that translates public IP addresses to private and private IP addresses to public It hides address on an internal network.
Network-based Intrusion Detection System
IDS used to monitor a network.
It can detect network-based attacks, such as a smurf attack. A NIDS cannot monitor encrypted traffic, and cannot monitor traffic on individual hosts
Network-based Intrusion Prevention System
An IPS that monitors the network. An IPS can actively monitor data streams, detect malicious content, and stop attacks in progress.
National Institute of Standards and Technology
No Operation, aka NOP
NOP slides used in buffer overflow attacks
Network Operating System
Software that runs on a server and enables the server to manage resources on a network
New Technology File System
A file system used in Microsoft operating systems that provide security. NTFS uses the DAC model.
New Technology LANMAN
Authentication protocol intended to improve LANMAN. The LANMAN protocol stores passwords using a hash of the password by first dividing the password into two seven-character blocks, and then converting all lowercase letters to uppercase. This makes LANMAN easy to crack. NTLM stores passwords in LANMAN format for backward compatibility, unless the passwords are greater than 15 characters. NTLMv1 has known vulernabilities. NTLMv2 is newer and secure.
Network Time Protocol
Protocol used to synchronize computer times
Open Vulnerability Assessment Language
International standard proposed for vulnerability assessment scanners to follow
Peer to peer
P2P applications allow users to share files such as music, video, and data over the internet. Data leakage occurs when users install P2P software and unintentionally share files. Organizations block P2P software at the firewall and detect running software with port scans
Platform as a Service
Provides cloud customers with an easy-to-configure operating system and on-demand computing capabilities.
Password Authentication Protocol
An older authentication protocol where passwords are sent across the network in clear text
Port Address Translation
A form of network address translation
Private Branch Exchange
A telephone switch used to telephone calls
Protected Extensible Authentication Protocol
PEAP provides an extra layer of protection for EAP
PEAP-TLS uses TLS to encrypt the authentication process by encapsulating and encrypting the EAP conversation in a TLS tunnel. Since TLS requires a certificate, PEAP-TLS requires a CA to issue certificates
Personal Electronic Device
Pretty Good Privacy
Commonly used to secure e-mail communications between two private individuals but is also used in companies. It provides confidentiality, integrity, authentication, and non-repudiation. It can digitally sign and encrypt e-mail. It uses both asymmetric and symmetric encryption
Personally Identifiable Information
PII Includes: full name, birth date, biometric data, and identifying numbers such as SSN
Personal Identification Number
A number known by a user and entered for authentication. Sometimes paired with smart cards to provide two-factor authentication
Personal Identity Verification Card
A specialized type of smart card used by United States federal agencies. It includes photo identification and provides confidentiality, integrity, authentication, and non-repudiation for the users.
Public Key Infrastructure
Group of technologies used to request, create, manage, store, distribute, and revoke digital certificates.
Post Office Protocol v3
Used to transfer e-mail from mail servers to clients
Plain Old Telephone Service
Used to create remote access connections
Point-to-Point Tunneling Protocol
Tunneling protocol used with VPNs
TCP Port 1723
A secret shared among different systems. Wireless networks support Personal Mode, where each device uses the same PSK. In contrast, Enterprise Mode uses an 802.1X or RADIUS server for authentication
A designated individual who can recover or restore cryptographic keys. In the context of PKI, a recovery agent can recover private keys to access encrypted data
Remote Authentication Dial-In User Service
Provides central authentication for remote access clients. RADIUS encrypts the password packets and uses UDP. In contrast, TACACS+ encrypts the entire authentication process and uses TCP.
Redundant Array of Inexpensive Disks
Multiple disks added together to increase performance or provide protection against faults
Improves performance but does not provide fault tolerance
Uses 2 disks and provides fault tolerance
Disk Stripping with Parity
Uses three or more disks and provides fault tolerance
Random Access Memory
Volatile memory within a computer that holds active processes, data, and applications.
Remote Access Service
A server used to provide access to an internal network from an outside location RAS is also known as Remote Access Server and sometimes referred to as Network Access Service (NAS)
Role-based Access Control
An access control model that uses roles to define access and it is often implemented with groups. A user account is placed into a role, inheriting the rights and permissions of the role.
Ron's Code or Rivest's Cipher.
Symmetric encryption algorithm that includes versions RC2, RC4, RC5, and RC6.
RC4 is a secure stream cipher
RC5/6 are block ciphers
Radio Frequency Interference
Interference from RF sources such as AM and FM
RACE Integrity Primitives Evaluation Message Digest
A hash function used for integrity. It creates fixed length hashes of 128, 160, 256, or 320 bits
Recovery Point Objective
A recovery point objective identifies a point in time where data loss is acceptable. It is related to the RTO and the BIA often includes both RTOs and RPOs
An asymmetric algorithm used to encrypt data and digitally sign transmissions. It is named after its creators, Rivest, Shamir, and Adleman, and RSA is also the name of the company they founded together. RSA relies on the mathematical properties of prime numbers when creating public and private keys.
Rapid Spanning Tree Protocol
An improvement over STP. STP and RSTP protocols are enabled on most switches and protect against switching loop, such as those caused when two ports of a switch are connected together.
Recovery Time Objective
An RTO identifies the maximum amount of time it can take to restore a system after an outage. It is related to the RPO and the BIA often includes both RTOs and RPOs
Real-time Transport Protocol
A standard used for delivering audio and video over an IP network
Secure/Multipurpose Internet Mail Extensions
Used to secure e-mail. S/MIME provides confidentiality, integrity, authentication, and non-repudiation. It can digitally sign and encrypt e-mail, including encryption of e-mail at rest and it transit. It uses RSA, with public and private keys for encryption and decryption, and depends on PKI for certificates
Software as a Service
Applications provided over the internet or in the cloud
Security Content Automation Protocol
A method with automated vulnerability management, measurement, and policy compliance evaluation tools
Based on SSH
Small Computer System Interface
Set of standards used to connect peripherals to computers
Software Development Life Cycle
A software development process
A trusted operating system platform that prevents malicious or suspicious code from executing on both Linux and UNIX systems. Uses the MAC model
Secure Hashing Algorithm
A hashing function used to provide integrity. SHA1 uses 160 bits and SHA-256 uses 256 bits.
Alternative to HTTPS, infrequently used.
Subscriber Identity Module
A small smart card that contains programming and information for small devices such as cell phones
Security Incident Response Team
Service Level Agreement
An agreement between a company and a vendor that stipulates performance expectations, such as minimum uptime and maximum downtime levels
Single Loss Expectancy
Used to measure risk with annualized loss expectancy (ALE) and annualized rate of occurrence (ARO). The SLE identifies the expected dollar amount for a single event resulting in a loss.
SLE = ALE / ARO
Simple Mail Transfer Protocol
Used to transfer e-mail between clients and servers and between e-mail servers and other e-mail servers.
Simple Network Management Protocol
Used to manage network devices such as routers or switches.
SNMP agents report information via notifications known as SNMP traps or SNMP device traps
Synchronous Optical Network Technology
A multiplexing protocol used to transfer data over optical fiber
Spam over Internet Messaging
A form of spam using instant messaging that targets instant messaging users
Single Point of Failure
Any component whose failure results in the failure of the entire system
Structured Query Language
Websites integrated with SQL DBs are subject to SQL Injection attacks. Input validation prevents SQL injection.
Microsoft SQL Server uses Port 1433
SSH encrypts a wide variety of traffic such as SFTP, Telnet, and SCP
Service Set Identifier
Identifies the name of a wireless network.
Disabling SSID broadcast can hide the network from casual users but an attacker can easily discover the name of the network with a sniffer
Recommended to change the default name
Secure Sockets Layer
Used to encrypt traffic on the wire. SSL is used with HTTPS to encrypt HTTP traffic on the internet using both symmetric and asymmetric encryption algorithms.
Port 443 when encrypting HTTP traffic
Authentication method where users can access multiple resources on a network using a single account. SSO can provide central authentication against a federated database for different operating systems
Secure Socket Tunneling Protocol
A tunneling protocol that encrypts VPN traffic using SSL over Port 443
Spanning Tree Protocol
Protects against switching loops on a switch
Shielded Twisted Pair
Cable type that prevents EMI and RFI
The first packet in an TCP handshake.
Attackers send the SYN packet, but don't complete the handshake after receiving the SYN/ACK packet.
A flood guard is a logical control that protects against SYN flood attacks.
Terminal Access Controller Access-Control System
An older remote authentication protocol that was commonly used in UNIX networks.
UDP Port 49
Replaced by TACACS+
Terminal Access Controller Access-Control System+
Provides central authentication for remote access clients and used as an alternative to RADIUS. Encrypts entire authentication process, while RADIUS only encrypts the password.
TCP Port 49
Total cost of Ownership
A factor considered when purchasing new products and services. TCO attempts to identify the cost of a product or service over its lifetime
Transmission Control Protocol
Provides guaranteed delivery of IP traffic using a three-way handshake
Transmission Control Protocol/Internet Protocol
Represents the full suite of protocols
Trivial File Transfer Protocol
Used to transfer small amounts of data
UDP Port 69
Temporal Key Integrity Protocol
Wireless security protocol introduced to address the problem with WEP. TKIP was used with WPA but many implementations of WPA now support CCMP
Transport Layer Security
Replaced SSL, used to encrypt traffic on the wire
Trusted Platform Module
A hardware chip on the motherboard included on many newer laptops. A TPM includes a unique RSA asymmetric key, and it can generate and store other keys used for encryption, decryption, and authentication. TPM provides full disk encryption
User Datagram Protocol
Used instead of TCP when guaranteed delivery of each packet is not necessary. UDP uses a best-effort delivery mechanism
Universal Resource Locator
Universal Serial Bus
A serial connection used to connect peripherals such as printers, flash drives, and external hard disk drives.
Unshielded Twisted Pair
Cable type used in networks without concern of EMI or EFI
Virtual Local Area Network
VLAN can logically group several different computers together, or logically separate computers, without regard to their physical location.
It is possible to create multiple VLANs with a single switch
A virtual system hosted on a physical system
Can reduce footprint
An attack that allows an attacker to access the host system from within the virtual system
Voice over IP
A group of technologies used to transmit voice over IP networks.
Vishing is a form of phishing that sometimes uses VoIP
Virtual Private Network
Provides access to a private network over a public network such as the internet.
VPN Concentrators provide VPN access to large groups of users
Web Application Firewall
A firewall specifically designed for a web application. Inspects the contents of traffic to a web server, can detect malicious content, and block it
Wireless Access Point
Increasing the power level of a WAP increases wireless coverage of the WAP. Coverage can also be manipulated by moving the AP
Wired Equivalent Privacy
Original wireless security protocol. Had significant security flaws and was replaced by WPA, and ultimately WPA2. WEP used RC4 incorrectly making it susceptible to IV attacks
Wireless Intrusion Detection System
Wireless Intrusion Prevention System
Wireless Local Area Network
Wi-Fi Protected Access
Replaced WEP without replacing hardware
Newer security protocol used to protect wireless transmissions. It supports CCMP for encryption, which is based on AES and stronger than TKIP which was originally released with WPA.
Wireless Transport Security Layer
Extensible Markup Language
Extended Terminal Access Controller Access-Control System
An improvement over TACACS developed by Cisco systems and proprietary to Cisco systems. TACACS+ is more commonly used
Cross-Site Request Forgery
An attack that causes users to perform actions on websites without their knowledge. In some cases, attackers use header manipulation to steal cookies and harvest passwords
Allows hackers to redirect users to malicious websites and steal cookies.
YOU MIGHT ALSO LIKE...
Introduction to Business | Gaspar, Bierman, Kolari, Hise, Smith, Arreola-Risa
Security + Acronyms
CompTIA Security+ Acronyms
bryan block hall 8
OTHER SETS BY THIS CREATOR
Security+ Encryption or Hashing Algorithm
Security+ Well Known Ports
THIS SET IS OFTEN IN FOLDERS WITH...
Security+ Port Numbers
CompTIA Security+ (SY0-401)