Security+ SYO-401 Term 2015
Terms in this set (495)
The IEEE standard that defines port-based security for wireless network access
Acceptable use policies
Agreed-upon principles set forth by a company to govern how the employees of that company may use resources such as computers and Internet access.
The means of giving or restricting user access to network resources. Access control can be accomplished through the use of an access control list (ACL).
Access control list (ACL)
A table or data file that specifies whether a user or group has access to a specific resource on a computer or network.
Access point (AP)
The point at which access to a network is accomplished. This term is often used in relation to a wireless access point (WAP).
A policy that provides information to the reader about who to contact if a problem is discovered.
A response generated in real time
Any action a user undertakes.
Address Resolution Protocol (ARP)
Protocol used to map know IP addresses to unknown physical addresses.
Address Resolution Protocol (ARP) poisoning
An attack that convinces the network that the attacker's MAC address is the one associated with an allowed address so that traffic is wrongly sent to attacker's machine
A control implemented through administrative policies or procedures.
The user who is accountable and responsible for the network.
Advanced Encryption Standard (AES)
A Federal Information Processing Standards (FIPS) publication that specifies a cartographic algorithm for use by the U.S government.
Software that gather information to pass on to marketers or that intercepts personal data such as credit card numbers and makes them available to third parties.
An implementation of Advanced Encryption Standard (AES) that uses 256-bit encryption.
A notification that an unusual condition exists and should be investigated.
An appliance that performs multiple functions.
The component or process that analyzes the data collected by the sensor.
Annual Loss Expectancy (ALE)
A calculation used to identify risks and calculated the expected loss each year.
Annualized Rate of Occurrence (ARO)
A calculation of how often a threat will occur. For example, a threat that occurs once every five years has an annualized rate of occurrence of 1/5, or 0.2.
Variation from normal operations.
Anomaly-detection IDS (AD-IDS)
An anomaly-detection intrusion detection system work by looking for deviations from a pattern of normal network traffic.
Software that identifies the presence of a virus and is capable of removing or quarantining the virus.
Anything as a Service (XaaS)
A cloud computing model that can work with a combination of other modesl: SaaS, IaaS, or PaaS.
A freestanding device that operates in a largely self-contained manner.
The seventh layer of the Open Systems Interconnection (OSI) model. This layer deal with how application access the network and describes application functionality, such as file transfer and messaging.
Application Programming Interfaces (APIs)
An abstract interface to the services and protocols provided by an operating system
A device or software that recognizes application-specific commands and offers granular control over them.
Arbitrary code execution
Accepting commands unrelated to a program and running them on the host machine within a shell, or command interpreter.
An approach to security that involves using a control framework to focus on the foundational infrastructure.
A virus that is protected in a way that makes disassembling it difficult. The difficulty make is "armored" against antivirus programs that have trouble getting to, and understanding, its code.
More commonly known as ARP poisoning, this involves the MAC (Media Access Control) address of the data being faked.
An algorithm that uses two keys.
Encryption in which two keys must be used. One key is used to encrypt data, and the other is needed to decrypt the data.
Any unauthorized intrusion into the normal operations of a computer or computer network.
The area of an application that is available to users--those who are authenticated and, more importantly, those who are not.
Attack surface reduction (ASR)
Minimizing the possibility of exploitation by reducing the amount of code and limiting potential damage.
The act of tracking resource usage by users.
The means of verifying that someone is who they say they are.
Authentication Header (AH)
A header used to proved connectionless integrity and data origin authentication for IP datagrams and to provide protection against replays.
A type of certificate technology that allows ActiveX components to be validated by a server
Automated System Recovery (ASR) disk
A utility used with Windows 7 and 8 for creating a copy of the configuration setting necessary to reach the present state after a disaster.
An opening left in a program application (usually by the developer) that allows additional access to data.
A reversion, or roll back to a previous state, from a change that had negative consequences.
A usable copy of data made to media.
A generator that can supply power in the event the primary provider is unable to deliver it.
A documented plan governing backup situations. It can include alternate or secondary plans as well.
A written policy detailing the frequency of backups and the location of storage media.
Looking at the banner, or the header information messages sent with data, to find out about a system(s).
Comparing performance to a historic metric.
A host with multiple network interface cards so that it can reside on multiple networks.
A set of rules governing basic operations.
Big Data analysis
Data that is too large to be dealt with by traditional database management means.
A probability method of finding collision in hash function.
A Microsoft utility used to encrypt a drive.
A method of encryption that processes blocks of data rather than streams.
A type of symmetric block cipher created by Bruce Schneier.
The sending of unsolicited messages over a Bluetooth connection.
The gaining of unauthorized access through a Bluetooth connection.
A router used to translate from LAN framing to WAN framing.
An automated software program (network robot) that collects information on the Web.
Bridge trust model
A trust model in which a peer-to-peer relationship exists among the rot certificate authorites
A type of attack that relies purely on trial and error and tries all possible combinations.
A type of denial-of-service (DoS) attack that occurs when more data is put into a buffer than it can hold, thereby overflowing it
Business continuity planning (BCP)
A contingency plan that allows a business to keep running in the event of a disruption to vital resources.
Business Impact Analysis (BIA)
A study of the possible impact if a disruption to a business's vital resources were to occur.
A physical security deterrent used to protect a computer.
An access point that requires users to agree to some condition before they use the network or Internet.
A type of symmetric block cipher defined by RFC 2144
A digital entity that establishes who you are and is often used with e-commerce. It contains your name and other identifying data and usually includes the public key in PKI.
Certificate authority (CA)
An issuer of digital certificates (which are then used for digital signatures or key pairs).
Certificate Management Protocol (CMP)
A messaging protocol used between PKI entities. This protocol is used in some PKI environments.
Certificate Practice Statement (CPS)
The principles and procedures employed in the issuing and managing of certificates.
The act of making a certificate invalid.
Certificate revocation list (CRL)
A list of digital certificate revocations that must be regularly downloaded to stay current.
Challenge Handshake Authentication Protocol (CHAP)
A protocol that challenges a system to verify identity.
Management included in the making of a change in the scope of any particular item.
An algorithm, also know as a cryptoraphic algorithm, used to encrypt and decrypt data.
The part of a client-server network where the computing is usually done.
Closed-circuit television (CCTV)
A surveillance camera used for physical-access
Moving the execution of an application to the cloud on an as-needed basis.
A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources.
A method of balancing loads and providing fault tolerance.
The storage and conditions for release of source code provided by a vendor, partner, or other party.
Looking at all custom written code for holes that may exist.
A physical site that can be used if the main site is inaccessible (destroyed) but that lacks all the resources necessary to enable an organization to use it immediately.
An agreement between individual to commit fraud or deceit.
Common Access Card (CAC)
A standard identification card used by the Department of Defense (DoD) and other employers. It is used for authentication as well as identificataion.
Common Criteria (CC)
A document of specifications detailing security evaluation methods for IT products and systems.
Cloud delivery model in which the infrastructure is shared by organizations with something in common.
A virus that creates a new program that runs in place of an expected program of the same name.
Gap controls that fill in the coverage between the types of vulnerability mitigation techniques.
Computer Security Incident Response Team (CSIRT)
A formalized or an ad hoc team you can call upon to respond to an incident after it arises
Type of communications between two hosts that have a previous session established for synchronizing sent data. The receiving PC acknowledges the data. This method allows for guaranteed delivery of data between PCs.
A plan that allows a business to keep running in the event of a disruption to vital resources
Processes or actions used to respond to situation or events.
Technical or administrative measures in place to assits with resource management.
A plain-text file stored on your machine that contains information about you (and your preferences) and is used by a server.
Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)
A wrapper that uses 128-bit AES encryption with a 48-bit initialization vector.
Critical Business Functions (CBF)
Functions on which the livelihood of the company depends.
Cross-Site Request Forgery (XSRF)
A form of web-based attack in which unauthorized commands are sent from a user that a website trusts.
Cross-site scripting (XSS)
Running a script routine on a user's machine from a website without their permission.
The study and practice of finding weakness in ciphers.
A person who does cryptanalysis
A person who participates in the study of cryptographic algorithms.
An algorithm, also know as cipher, used to encrypt and decrypt data
The field of mathematics focused on encrypting and decrypting data.
Getting rid of/destroying media no longer needed.
Data Encryption Standard (DES)
The primary standard used in government and industry until it was replaced by AES
Data loss prevention (DLP)
Any systems that indentify, monitor, and protect data to prevent if from unauthorized use, modification, or destruction.
A policy dealing with some aspect of data (usage, destruction, retention, etc.)
Deception active response
A response that fools the attacker into thinking that the attack is succeeding while the system monitors the activity and potentially redirects the attacker to a system that is designed to be broken.
Demilitarized zone (DMZ)
An area for placing web and other servers outside the firewall. The purpose for so doing is not specifically to protect them but to protect the internal network.
A type of attack that prevents any users-even legitimate ones-from using a system
Reviewing the security design, including examining the ports and protocols used, the rules, segmentation, and access control.
Controls that are intended to identify and characterize an incident in progress
The act of attempting to crack passwords by testing them against a list of dictionary words.
A type of backup that includes only new files or files that have changed since the last full backup.
Diffie-Hellman key exchange
An asymmetric standard for exhanging keys. This cryptographic algorithm is used primarily to send secret keys across public networks.
An asymmetrically encrypted signature whose sole purpose is to authenticate the sender.
Directory traversal attack
An attack that involves navigating to other directories and gaining access to files/directories that would be otherwise restricted.
The act of recovering data following a disaster that has destroyed it.
A plan outlining the procedure by which data is recovered after a disaster.
Discretionary Access Control (DAC)
A method of restricting access to objects based on the identity of the subjects or the groups to which they belong. The user can assign permissions to data and assets at their discretion.
Technology that uses two controllers and two disks to keep identical copies of data to prevent the loss of data if one disk fails.
Technology that keeps identical copies of data on two disks to prevent the loss of data if one disk fails.
Technology that enables writing data to multiple disks simultaneously in small portions called stipes.
Disk striping with parity
A fault-tolerance solution of writing data across a number of disks and recording the parity on another.
Distributed denial-of-service (DDoS)
A derivative of a DoS attack in which multiple hosts in multiple locations all focus on one target to reduce its availability to the public.
An attack method in which a daemon caches DNS reply packets, which sometimes contain other information.
The DNS server is given information about a name server that it thinks is legitimate when it isn't
Domain Name System (DNS)
The network service used in TCP/IP networks that translates hostnames to IP addresses.
A host that resides on more than one network and possesses more that one physical network card.
Looking through trash for clues-often in the form of paper scraps-to find user's passwords and other pertinent information.
EAP over LAN (EAPOL)
The IEEE standaard that defines port-based security for wireless network access control. It offers a means of authentication and defines the Extensible Authentication Protocol (EAP) over IEEE 802, and it is often know as 802.1x
Dynamic provisioning of resources as needed.
Electromagnetic interference (EMI)
The interference that can occur during transmissions over coper cable because of electromagnetic energy outside the cable. The result is the degradation of the signal.
A device that identifies you electronically in the same way as the cards you carry in your wallet.
Elliptic Curve Cryptography (ECC)
A type of public key cryptosystem that requires a shorter key length than many other cryptography systems (including the de facto industry standard, RSA).
Encapsulating Security Payload (ESP)
A header used to provide a mix of security services in IPv4 and IPv6. It can be used alone or in combination with the IP Authentication Header (AH).
The process of enclosing data in a packet.
The process of converting data into a form that makes it less likely to be usable to anyone intercepting it if they can't decrypt it.
A string of alphanumeric characters used to decrypt encrypted data.
The process of luring someone
The process of encouraging an attacker to perform an act, even if they don't want to do it.
A key that exists only for that session
The act of moving something up in priority.
Evaluation assurance levels (EALs)
A level of assurance, expressed as a numeric value, based on standards set by the Common Criteria Recognition Agreement (CCRA)
Any noticeable action or occurrence
A statement that differs from the norm
Extensible Authenticaiton Protocol (EAP)
An authentication protocol used in wireless networks and point-to-point connections.
The process of reconstructing a system or switching over to other systems when a failure is detected.
An event that should be flagged but isn't
A flagged event that isn't really an event and has been falsely triggered
An electrically conductive wire mesh or other conductor woven into a "cage" that surrounds a room and prevents electromagnetic signals from entering or leaving the room through the walls.
The ability to withstand a fault (failure) without losing data.
FCoE (Fiber Channel over Ethernet)
A networking protocol that is not routable at the IP layer and thus cannot work acroos large networks
Federal Information Processing Standard (FIPS)
A set of guidelines for U.S. federal government information systems
A means of linking a user's identity with their privileges in a manner that can be used across business boundaries.
A collection of computer networks that agree on standards of operation, such as security standards.
A high-speed networking technology
File Allocation Table (FAT)
Microsoft's earliest filesystem
File Transfer Protocol (FTP)
TCP/IP and software that permit transferring files between computer systems and use cleartext passwords.
The act of stopping a fire and preventing it from spreading.
A combination of hardware and software that protects a network from attack by hackers who would gain access through public networks, including the Internet.
Five nines availability
A system that is up and running at least 99.999 percent of the time.
The process of systematically identifying the networl and its security posture. This is typically a passive process.
In terms of security, the act of looking at all the data at your disposal to try to figure out who gained unauthorized access and the extent of that access
A property of any key exchange system that ensures that if one key is compromised, subsequent keys will not also be compromised
FTP over SSL (FTPS)
A secure form of FTP
Full Archival method
A concept that works on the assumption that any information created on any system is stored forever
A backup that copies all data to the archive medium
An information classification stating that the data so classified is available to anyone
A technique of penetration testing. It can include providing unexpected values as input to an application in order to make it crash.
Gap in the WAP
Vulnerability possible when the interconnection between the WAP server and the Internet isn't encrypted and packets between the devices may be intercepted.
Grandfather, Father, Son method
One of the most popular methods of backup tape rotation. Three sets of tapes are rotated in this method. The most recent backup after the full backup is the Son. As newer backups are made, the Son becomes the Father, and the Father, in turn, becomes the Grandfather.
Virtual machines running on a physical machine
Rules, policies, or procedures that are advisory or nonmandatory
The process of making certain that an entity is as secure as it can be
A system that bases actions on the heuristics it observes. It is used in intrusion detection and prevention systems and coupled with if-then analysis
Hierarchical storage management (HSM)
A newer backup that provides continuous online backup by using optical or tape jukeboxes. It appears as an infinite disk to the system, and it can be configured to provide the closest version of an available real-time backup.
Hierarchical trust model
A trust, model, also know as a tree, in which a root CA at the top provides all the information
High availability (HA)
A clustering solution to provide resource reliability and availability.
HMAC (Hash-Based Message Authentication Code)
"A mechanism for message authentication using cryptographic hash functions," per the draft of the Federal Information Processing Standard (FIPS) publication. Addressed in RFC 2104.
Typically an email message warning of something that isn't true, such as an outbreak of a new virus. It can send users into a panic and cause more harm than the virus.
A bogus system set up to attract and show down a hacker. A honeypot can also be used to learn about the hacking techniques and methods that hackers employ.
Any network device with a TCP/IP network address or physical machines running virtual machines.
Host-based IDS (HIDS)
An intrusion detection system that is host based. An alternative is an intrusion detection system that is network based.
A server room aisle that removes hot air.
A location that can provide operations within hours of a failure
Another word for a pacth. When Microsoft rolls a bunch of hotfixes together, they become known as a service pack
HSM (Hardware Security Module)
A cryptoprocessor chip (or circuit mounted within the computer) that can be used to enhance security and is commonly used with PKI systems.
HTTP Secure (HTTPS)
A combination of HTTP with Secure Sockets Layer (SSL) that results in a secure connection. It uses port 443 by default
A password attack that uses a combination of dictionary entries and brute force.
Cloud delivery model that combines other types.
Hybrid trust model
A trust model that can use the capabilities of any or all the structures of other trust models.
Hypertext Markup Language (HTML)
A set of codes used to format text and graphics that will be displayed in a browser. The codes define how data will be displayed
Hypertext Transfer Protocol (HTTP)
The protocol used for communication between a web server and a web browser
The software that allows virtual machines to exist
The process of proofing invoked when a person claims that they are the user but cannot be authenticated, such as when they lose their password.
Pretending to be another to gain information
A condition that states that unless otherwise given, the permission will be denied
An attempt to violate a security policy, a successful penetration, a compromise of a system, or unauthorized access to information.
How an organization responds to an incident
Incident response plan (IRP)
A policy that defines how an organization will respond to an incident
A type of backup in which only new files or files that have changed since the last full backup or the last incremental backup are included.
The process of determining what information is accessible to what parties and for what puposes
Infrastructure as a Service (IaaS)
A model of cloud computin that utilizes virtualization; clients pay an outsourcer for the resources used
Instant messaging (IM)
Immediate communication that can be sent back and forth between users who are currentlly logged on.
Institute of Electrical and Electronics Engineers (IEEE)
An international organization that sets standards for various electrical and electronics issues.
Putting too much information into too small of a spcace that has been set aside for numbers.
An obstruction to the signal
An information classification stating that the data so classified is limited to internal employes only
International Data Encryption Algorithm (IDEA)
An algorithm that uses a 128-bit key. It is similar in speed and capability to Digital Encryption Standard (DES), but it's more secure.
International Telecommunication Union (ITU)
Organization responsible for communications standards, spectrum management, and the development of communications infrastructures in underdeveloped nations.
Internet Assigned Numbers Authority (IANA)
The organization responsible for governing IP addresses
Internet Control Message Protocol (ICMP)
A message and management protocol for TCP/IP.
Internet Engineering Tast Force (IETF)
An international orgaization that works under the Internet Architecture Board to establish standards and protocols relating to the Internet.
The network layer responsible for routing, IP addressing, and packaging.
Internet Message Access Protocol (IMAP)
A protocol with a store-and-forward capability. It can also allow messges to be stored on an email server instead of downloaded to the client.
Internet Protocol (IP)
The protocol in the TCP/IP suite responsible for network addressing.
Internet Protocol Security (IPSesc)
A set of protocols that enable encrytion, authentication, and integrity over IP.
Internet Society (ISOC)
A professional membership group composed primarily of Internet experts. It oversees a number of committees and groups, including the Internet Engineering Task Force (IETF)
The act of entering a system without authorization to do so
Intrusion detection system (IDS)
Tools that identify and respond to attacks using defined logic or rules.
Penetration-type testing that involves trying to break into the network.
Making the data look as if it came from a trusted host when it didn't
iSCSI (Internet Small Computer Systems Interface)
A protocol that enables the creation of storage area networks (SANs) and is used in sending storage-related command over IP networks
An attack that involves looking at repeated results in order to crack the WEP secret key.
Purposely obstructing or interfering with a signal
Job rotation policy
A policy of rotating employees through various jobs.
The ability of a filesystem to use a log file of all changes and transactions that have occurred within a set period of time
An authentication scheme that uses tickets (unique keys) embedded within messages.
A principle that states that the security of an algorithm should depend only on the secrecy of the key and not onthe secrecy of the algorithm itself.
Key distribution center (KDC)
An organization or facility that generates keys for users and is part of Kerberos.
Key escrow agency
An agency that stores keys for the purpose of law-enforcement access
The act of creating keys for use by users
Key Exchange Algorithm (KEA)
A method of offering mutual authentication and establishing data encryption keys.
The temporary deferment of a key for a period of time
The wait time between the call for an action or activity and the actual execution of that action.
The concept that access differs at different levels. Often used in discussion with various access models as well as with cryptography to differentiate between security levels based on user/group lables.
Layer 2 Forwarding (L2F)
A tunneling protocol often used with virtual private networks (VPNs).
Layer 2 Tunneling Protocol (L2TP)
A tunneling protocol that adds functionality to the Point-to-Point Protocol (PPP). This protocol was created by Microsoft and Cisco, and it is often used with virtual private networks (VPNs)
LDAP injection attack
Exploiting weaknesses in LDAP (Lightweight Directory Access Protocol) implementations by not properly filtering input. The result can be executed commands, modified content, or results returned to unauthorized queries.
A permission method in which users are granted only the privileges necessary to perform their job function
Least privilege policy
The policy of giving a user only the minimum permissions needed to do the work that must be done.
Lightweight Directory Access Protocol (LDAP)
A set of protocols that was derived from X.500 and operates at port 389
Lightweight Extensible Authentication Protocol (LEAP)
An authentication protocol created by Cisco as an extention to EAP.
Assigning a quantitative number to the chance that something will occur
Describes information that isn't inteded for realese to the public. This category of information isn't secret, but it's private.
Link Control Protocol (LCP)
The protocol used to establish, configure, and test the link between a client and the PPP host.
Dividing a load for greater efficiency of management amont multiple devices.
Local registration authority (LRA)
An authority used to identify or establish the identity of an individual for certificate issuance
Any code that is hidden within an application and causes something unexpected to happen based on some criteria being met. For example, a programmer could create a program that always makes sure her name appears on the payroll roster; if it doesn't then key files begin to be erased
Limiting network access to a list of the MAC addresses associated with known user's computers
A software exploitation virus that works by using the macro feature included in many application, such as Microsoft Office.
Any code that is meant to do harm
Malicious insider threat
A threat from someone inside the organization intent of doing harm.
Mandatory Access Control
A security polivy in which lables are used to identify the sensitivity of objects. When a user attempst to access an object, the label is checked to see if access should be allowed (that is, whether the user is operating at the same sensitivity level)
Mandatory vacation policy
A policy requiring earned vacation time to be used or lost.
An attack that occurs when someone/something that is trusted intercepts packets and retransmits them to another party.
A device, such as a small room, that limits access to one or few individuals.
Mean time between failures (MTBF)
The measurement of the anticipated incidence of failure of a system or component.
Mean time to failure (MTTF)
The measurement of the average of how long it takes a system or component to fail.
Mean time to restore (MTTR)
The measurement of how long it takes to repair a systme or component once a failure occurs
Media Access Control (MAC)
A sublayer of the Data Link layer of the Open Systems Interconnection (OSI) model that controls the way multiple devices use the same media channel. It controls which devices can transmit and when they can transmit.
Mesh trust model
A trust model that expands the concepts of the bridge model by supporting multiple paths and multiple root certificate authorities.
Message Authentication Code (MAC)
A common method of verifying integrity. It is derived from the message and a secret key.
The cryptographic hash containing a string of digits within a message.
In a three-tier database model, this server accepts request from client, evaluates them, and then sends them on to the database server for processing.
Misuse-detection IDS (MD-IDS)
An intrusion detection system that works by detecting misuse
Residing on more than one network
A virus that attacks a system in more than one way
Whenever two or more parties authenticate each other
National Institute of Standards and Technology (NIST)
An agency that has been involved in developing and supporting standards for the U.S. government for over 100 years. Involved in cryptography standards, systems, and technology in a variety of areas.
National Software Reference Library (NSRL)
An organization with the purpose of collecting "known, traceable software applications" through their hash values and storing them in a Reference Data Set (RDS) for law enforcement.
Near field communication (NFC)
Technology that requires a user to bring the client close to the AP in order to verify (often through RFID or Wi-Fi) that the device is present.
An early networking protocol from Microsoft
Networking access control (NAC)
The set of standards defined by the network for clients attempting to access it. Usually, requires that clients be virus free and adhere to specified policies before allowing them on the network.
Network Address Translation (NAT)
A server that acts as a go-between for clients accesssing the Internet. All communication looks as if they originated from a proxy server because the IP address of the user making a request is hidden.
Network Control Protocol (NCP)
The protocol Point-to-Point Protocol (PPP) employs for encapsulation network traffic
Network intrusion prevention system (NIPS)
An intrusion prevention system that is network based
Another term for MAC filtering
Network-based IDS (NIDS)
An approach to an intrusion detection system (IDS), it attaches the system to a point in the network where it can monitor and report on all network traffic.
Penetration/vulnerability testing that takes a passive approach rather than actually trying to break into the network
Making sure the sender can't repudiate (dispute) sending the data
A database that is not a relational database and does not use SQL.
Storing data off the premise, usually in a secure location
An antenna type that receives a signal from all directions
a database model in which the database and the application exist on a single system
A type of encryption in which plain text is paired with secret keys and then encrypted. This greatly increases the difficulty of cracking
Online Certificate Status Protocol (OCSP)
A real-time protocol that replaces CRLs to immeditely verify a certificate's authenticity.
Storing backup data at the same site as the servers on which the original data resides.
A firewall technology that accepts or rejects packets based on their content
The process of looking through message packets to find data
The computation of parity for a given set of data.
The correct method of extinguishing a fire with an extinguisher: pull, aim, squeeze, and sweep.
A nonactive response, such as logging. Is the most common type of respone to many intrusions.
Attempting to ascertain a password that you should not know
A fix for a known software problem
PBKDF2 (Password-Based Key Derivation Fucntion 2)
Applies some function (like a hash or HMAC) to the password or passphrase along with Salt to produce a derived key.
Security set up on the outside of the network or server to protect it.
Personal Identity Verification (PIV)
Card required of federal employees and contractors to gain access (physical and logical) to government resources.
Personally identifiable information (PII)
Information that can be uniquely used to identify, contact, or locate a single person. Examples include Social Security number, driver's license number, fingerprints, and handwriting.
A virus that modifies and alters other programs and databases.
A form of redirection in which traffic intended for one host is sent to another.
A form of social engineering in which you simply ask someone for a piece of information that you are missing by making it look as if it is a legitimate request. Commonly sent via email.
Ping of death
A large Internet Contol Message Protocol (ICMP) packet sent to overflow the remote host's buffer.
Plain-old telephone service (POTS)
Standard telephone service, as opposed to other connection technologies like Digital Subscriber Line (DSL)
Platform as a Service (PaaS)
A cloud service model wherein the consumer can deploy but does not manage or control any of the underlying cloud infrastructure.
When portable data storage devices (such as an iPod) are plugged directly into a machine and used to bypass the network security measures and illicitly download confidential data.
Point-to-Point Protocol (PPP)
A full-duplex line protocol that supersedes Serial Line Internet Protocol (SLIP). It's part of the standard TCP/IP suite and is often used in dial-up connections.
Point-to-Point Tunneling Protocol (PPTP)
An extension to Point-to-Point Protocol (PPP) that is used in virtual private networks (VPNs)
Rules or standards governing usage. These are typically high level in nature.
An attribute of some viruses that allows them to mutate and appear differently each time they crop up. The mutations make it harder for virus scanners to detect (and react) to the viruses
Port Address Translation (PAT)
A means of translating between ports on a public and private network. Similar to Network Address Trasnlation (NAT), which translates addresses between public and private
Scanning a server for open ports that can be taken advantage of by sending messges to ports to see which ones are available and which ones aren't
Connection available within TCP/IP
Post Office Protocol (POP)
An email access program that can be used to retrieve email from an email server
Post Office Protocol Version 3 (POP3)
The protocol used to download email from and SMTP email server to a network client.
Anything that occurs "after the fact" such as an audit or review
Controls intended to prevent attacks or intrusions
A state of security in which information isn't seen by unauthorized parties without the express permission of the party involved.
Screens that restrict viewing of monitors to only those sitting in front of them.
A cloud delivery model owned and managed internally.
An asymmetric encryption technology in which both the sender and the receiver have different keys. A public key is used to encrypt messages and the private key is used to decrypt them.
The result when a user obtain access to a resource they wouldn't normally be able to access.
The likelihood of something occurring
A mode wherein a network interface card (NIC) intercepts all traffic crossing the network wire and not just the traffic intended for it.
Protected distribution system (PDS)
A network in which physical network security has been substituted for encryption security.
Protected Extensible Authentication Protocol (PEAP)
An authentication protocol that replaces LEAP and for which there is native support in Windows
A software and hardware troubleshooting tool is used to decode protcol information to try to determine the source of a network problem and to establish baselines.
Card that can be read by being near a reader
Readers capable of networking with proximity cards
A type of system that prevents direct communication between a client and a host by acting as an intermediary.
A proxy server that also acts as a firewall, blocking network access from external networks
A type of server that makes a single Internet connection and services requests on behalf of many users.
Cameras that can pan, tilt, and zoom
A cloud delivery model available to others
A technology that facilitates encryption using two keys-a public key and a private key-to facilitate communication
Public-Key Cryptography Standards (PKCS)
A set of voluntary standards created by RSA security and industry security leaders
Public-key infrastructure (PKI)
A two-key encryption system wherein messages are encrypted with a private key and decrypted with a public key
Public-Key Infrastructure X.509 (PKIX)
The Internet Engineering Task Force (IETF) working group developing standards and models for the Public Key Infrastructure (PKI) environment. The most current version is v3.
QoS (quality of service)
A collection of technologies that provide the ability to balance network traffic and prioritize workloads
Used in risk management, it involves measuring the quality of something (as opposed to the quantity)
Numerically measuring the quantity of something (as opposed to the quality)
Cryptography based on changing the polarity of a photon. It makes the process of interception difficult because any attempt to intercept the message changes the value of the message
Radio frequency interference (RFI)
The byproduct of electrical processes, similar to electromagnetic interference. The major difference is that RFI is usually projected acroos a radio spectrum
A table of hashed phrases/words that can be used in a password attack
Software that demands payment before restoring the data or system infected
Recovery point objective (RPO)
Within business continuity planning, this is the point of maximum tolerable loss for a system due to a major incident
Recovery time objective (RTO)
The maximum amount of time that a process or service is allowed to be down and the consequences still to be considered acceptable
Redundant Array of Independent Disks (RAID)
A configuration of multiple hard disks used to provide fault tolerance should a disk fail.
Registration authority (RA)
An organization that offloads some of the work from a certificate authority (CA). It system operates as a middleman in the process. It can distribute keys, accept registrations for the CA, and validate identities. It doesn't issue certificates; that responsibility remains with the CA
A database technology that allows data to be viewed in dynamic ways based on the user's or administrator's needs
Remote Access Services (RAS)
A computer that has one or more connections installed ot enable remote connections to the network
Remote Authentication Dial-In User Service (RADIUS)
A network protocol that allows authentication of dial-in and other network connection. RADIUS is commonly used by Internet service providers (ISPs) and in the implementation of virtual private networks (VPNs)
Remote Desktop Protocol (RDP)
A protocol used to allow remote desktop connections.
Remote Procedure Call (RPC)
A programming interface that allows a remote computer to run programs on a local machine
The process of sending a command to remotely clear data.
An attack that captures portions of a session to play back later to convince a host that it is still talking to the original connection
A database or database server where the certificates are stored
Request for Comments (RFC)
A document-creation process and a set of practices that originated in 1969 and is used for proposed changes to Internet standards
Information that isn't made available to all and to which access is granted based on some criteria
A virus that attacks or bypasses the antivirus software installed on a computer
A strategy of dealing with risk in which it is decided the best approach is simply to accept that the risk exists
An evaluation of each risk that can be identified. Each risk should be outlined, described, and evaluated on the likelihood of it occurring.
An evaluation of how much risk you and your organization are willing to take. It must be performed before any other actions-such as how much to spend on security in terms of dollars and manpower-can be decided.
A strategy of dealing with risk in which it is decided that the best approach is to avoid the risk.
The process of calculating the risk that exist
A strategy of dealing with risk in which it is decided that the best approach is to discourage potential attackers from engaging in the behavior that leads to the risk
A strategy of dealing with risk in which it is decided that the best approach is to lessen the risk.
A strategy of dealing with risk in which it is decided that the best approach is to offload some of the risk
Rogue access points
An unauthorized wirless access point on a network
A form of malware that tries to convince the user to pay for a fake threat
Role-Based Access Control (RBAC)
A type of control wherein the level of security closely follow the structure of an organization. The role the person plays in the organization (accountant, salesman, and so on) corresponds to the level of security access they have to data.
Software program that has the ability to obtain root-level access and hide certain things from the operating system
A device that connects two or more networks and allows packets to be transmitted and received between them.
Routing and Remote Access Services (RRAS)
The current Microsoft server service for Windows-based clients that offers the ability to connect to remote systems
One of the providers of cryptography systems to industry and government. It maintains a list of standards for Public Key Cryptography Standards (PKCS)
SAN (storage area network)
A seperate network set up to appear as a server to the main organizational network.
Isolating applications to keep users of them from venturing to other data.
Software that tries to convince unsuspecting users that a threat exists
Scope and purpose
The section of a guideline that provides an overview and statement of the guideline's intent
The portion of the policy outlining what it intends to accomplish and which documents, laws, and practices the policy addresses
Secure Copy (SCP)
A replacement for FTP that allows secure copying of files from one host to another
Secure Electronic Transaction (SET)
A protocol developed by Visa and MasterCard for secure card transactions. It provides encrypted credit card numbers over the Internet, and it's most suited to small amounts of data transmission
Secure Hash Algorithm (SHA)
A one-way hash algorithm designed to ensure the integrity of a message
Secure Hypertext Transport Protocol (S-HTTP)
A protocol used for secure communications between a web server and a web browser
Secure Multipurpose Internet Mail Extensions (S/MIME)
A protocol used for secure communication between email servers
Secure Shell (SSH)
A replacement for rlogin in Unix/Linux that includes security. rlogin allowed one host to establish a conneciton with another with no real security being employed
Secure Sockets Layer (SSL)
A protocol that secures messages by operating between the Application layer (HTTP) and the Transport layer.
Security control testing (SCT)
Looking for weaknesses through interviews, examinations, and testing of systems
Policies related to security
A piece of data that contains the rights and access privileges of the token bearer as part of the token.
A method of isolating a system from other systems or networks.
The IDS compnent that collects data from the data source and passes it to the analyzer for analysis
Operating system updated from Microsoft
Service-level agreement (SLA)
An agreement that specifies performance requirements for a vendor. This agreement may use mean time before failure (MTBF) and mean time to repair (MTTR) as performance measures in the SLA
Protective coating around wiring often intended to protect it from interference.
Watching someone when they enter their username, password, or sensitive data.
The process of ignoring an attack
A system that acts based on the digital signature it sees
Simple Mail Transfer Protocol (SMTP)
The management protocol created for sending information about the health of the network-to-network management consoles.
Single loss expectancy (SLE)
The cost of single loss when it occurs. This loss can be a critical failure, or it can be the result of an attack
Single point of failure (SPOF)
A weakness that brings a system down
Single sign-on (SSO)
A relationship between the client and the network wherein the client is allowed ot log on one time, and all resources access is based on the logon
Single-factor authentication (SFA)
Authentication based on a single factor
A database model in which the database and the application exist on a single system
Involves listening in on an existing wireless network using commercially available technologies.
A physical card used for access control and security purposes. The card itself usually contain a small amount of memory that can be used to store permissions and access information
An attack in which large volumes of ICMP echo request (pings) are broadcast to all other machines on the network and in which the source address of the broadcast system has been spoofed to appear as though it came from the target computer. When all of the machines that received the broadcast respond, they flood the traget with more data than it can handle
Image of a virtual machine at a moment in time
A physical device that listens in (sniffs) on network traffic and looks for items it can make sense of. There is a legitimate purpose for these devices: Administrators use them to analyze traffic.
Analyzing data to look for passwords and anything else of value. It is also known as wiretapping, eavesdropping, packet sniffing, and network sniffing, among other terms
An attack that uses others by deceiving them. It does not directly target hardware or software but instead tragets and manipulates people.
Software as a Service (SaaS)
A model of cloud computing in which the consumer can use the provider's applications but they do not manage or control any of the underlying cloud infrastructure.
Unwanted, unsolicited email sent in bulk
Filters that try to eliminate unwanted, unsolicited email sent in bulk
A form of phishing in which the message is made to look as if it came from someone you know and trust as opposed to an informal third party.
An attempt by someone or something to masquerade as someone/something else.
Software programs that work-often actively-on behalf of a third party
SSH File Transfer Protocol (SFTP)
A replacment for FTP that allows secure copying of files from one host to another.
An access point's broadcasting of the network name
Derived from policies, deals with specific issues or aspects of a business.
Inspections that occur at all levels of the network and provide additional security using a state table that tracks every communications channel
virus that attempts to avoid detection by masking itself from applications
The science of hiding information within other information, such as a picture.
A method of encryption that encrypts streams of data rather than blocks
Structured Query Language (SQL)
A database language that allows queries to be configured in real time and passed to database servers.
Using subnet values to divide a network into smaller segments
A method of encryption in which one letter or item is substituted for another.
An outline of those internal to the organization who have the ability to step into positions when they open.
A network device that can replace a router or hub in a local network and get data from a source to a destination.
The keys used when the same key encrypts and decrypts data.
A snapshot of what exists
An exercise that involves individuals sitting around a table with a facilitator discussing situations that could arise and how best to respond to them.
Following someone through an entry point
Controls that rely on technology
A protocol that functions at the Application layer of the OSI model, providing terminal emulation capabilities
Temporal Key Integrity Protocol (TKIP)
A wrapper that works with wireless encryption to strengthen WEP implementations. It was designed to provide more secure encryption than the notoriously weak Wired Equivalent Privacy (WEP).
Terminal Access Controller Access-Control System (TACACS)
An authentication system that allows credentials to be accepted from multiple methods, including Kerberos.
Any perceivable risk's area of attack
A database model that effectively isolates the end user from the database by introducing a middle server.
A form of trust relationship often used between domains
Trust gained because one party (A) trusts another party (B), which then trusts another party (C). Since (B) trusts (C), then a relationship can exist where the first party (A) also may trust the third party (C).
Transmission Control Protocol (TCP)
The protocol found at the Host-to-Host layer of Department of Defense (DoD) model. This protocol breaks data packets into segments, numbers them, and sends them in order. The receiving computer reassembles the data so that the information is readable for the user. In the process, the sender and the receiver confirm that all data has been received; if not, it's resent.
Transport Layer Security (TLS)
A protocol whose purpose is to verify that secure communications between a server and a client remain secure
An encryption method that involves transposing or scrambling the letters in a certain manner.
A symmetric block cipher algorithm used for encryption
Trivial File Transfer Protocol (TFTP)
A UDP-based protocol similar to FTP that doesn't provide the security or error-checking features of FTP
Any application that masquerades as one thing in order to get past scrutiny and then does something malicious.
Trusted operating system (TOS)
Any operating system that meets the government's requirements for security.
Trusted Platform Module (TPM)
A method of using encryption and storing the passwords on a chip. The hardware holding the chip is then needed to unencrypt the data and make it readable.
The act of sending data across a public network by encapsulating it into other
Using two access methods as a part of the authentication process
database model in which the client workstation or system runs an application that communicates with the database that is running on a different server
Type I hypervisor
Virtualization method that is independent of the operating system and
boots before the OS.
Type II hypervisor
Virtualization method that is dependent on the operating system.
Creating domains that are based on the misspelling of another.
Uninterruptible power supply (UPS)
A device that can provide short-term power, usually
by using batteries.
Registering domains that are similar to those for a known entity but based
on a misspelling or typographical error.
User Datagram Protocol (UDP)
The protocol at the Host-to-Host layer of the TCP/IP Department of Defense (DoD) model, which corresponds to the Transport layer of the OSI model. Packets are divided into datagrams, given numbers, sent, and put back together at the receiving end.
Van Eck phreaking
Eavesdropping on CRT and LCD displays by detecting their electromagnetic emissions.
A multialphabet substitution cipher
Virtual local area network (VLAN)
A local area network (LAN) that allows users on different switch ports to participate in their own network, separate from but still connected to the other stations on the same or a connected switch
Virtual private network (VPN)
A system that uses the public Internet as a backbone for a
private interconnection (network) between locations.
Emulating one or more physical computers on the same host
A program intended to damage a computer system
Combining phishing with Voice over IP (VoIP).
The amount of time that you have to collect certain data before a window of opportunity is gone.
Identifying specific vulnerabilities in your network
Markings left, often written in chalk, by those who discover a vulnerability that provides a way into the wireless network.
Driving around with a laptop looking for open wireless access points with which to communicate.
A site that provides some capabilities in the event of a disaster
Watering hole attack
Identifying a site that is visited by those that they are targeting, poisoning that site, and then waiting for the results
Web application firewall (WAF)
A firewall that can look at every request between a web client and a web server and identify possible attacks.
Another term for social engineering
Phishing only large accounts.
A wireless network operating in the 2.4 GHz or 5 GHz range.
Wi-Fi Protected Access 2 (WPA2)
The second version of WPA
Wi-Fi Protected Setup (WPS)
An authentication process that requires the user to do something in order to complete the enrollment process. Examples include pressing a button on the router within a short time period, entering a PIN, or bringing the new device close
Windows Sockets (Winsock) API
Microsoft API used to interact with TCP/IP.
Wired Equivalent Privacy (WEP)
A security protocol for 802.11b (wireless) networks that attempts to establish the same security for them as would be present in a wired network.
Wireless access point
A connection device used for clients in a radio frequency (RF) network.
Wireless Application Protocol (WAP)
Technology designed for use with wireless devices.
Wireless Markup Language (WML)
Language used for Internet displays. WAP-enabled devices can also respond to scripts using WMLScript.
Wireless Transport Layer Security (WTLS)
The security layer of the Wireless Applications Protocol (WAP). It provides authentication, encryption, and data integrity for wireless devices.
Working copy backup
The copy of the data currently in use on a network
World Wide Web Consortium (W3C)
An association concerned with interoperability, growth, and standardization of the World Wide Web (WWW). This group is the primary sponsor of XML and other web-enabled technologies.
The working group formed by the IETF to develop standards and models for the PKI environment.
An advanced attack that tries to get around detection and send a packet with every single option enabled.
XML Key Management Specification (XKMS)
A specification designed to allow XML-based programs access to PKI services.
An attack that begins the very day an exploit is discovered.
Any system taking directions from a master control computer. They are often used in distributed denial-of-service (DDoS) and botnet attacks.