Term
|
Definition
Triple DES (3DES)
The modern implementation of DES, which weaves a 56-bit key through data three times, each time using a different key. |
|
|
Term
|
Definition
| The IEEE standard for wireless network encryption and authentication that uses the EAP authentication method, strong encryption, and dynamically assigned keys, which are different for every transmission. 802.11i specifies AES encryption and weaves a key into each packet. |
|
|
Term
|
Definition
| A vendor-independent IEEE standard for securing transmission between nodes according to the transmission's port, whether physical or logical. 802.1x, also known as EAPoL, is the authentication standard followed by wireless networks using 802.11i. |
|
|
Term
|
Definition
(authentication, authorization, and accounting)
The name of a category of protocols that establish a client's identity; check the client's credentials and, based on those, allow or deny access to a system or network; and, finally, track the client's system or network usage. |
|
|
Term
|
Definition
| A list of statements used by a router to permit or deny the forwarding of traffic on a network based on one or more criteria. |
|
|
Term
|
Definition
| A list of statements used by a router to permit or deny the forwarding of traffic on a network based on one or more criteria. |
|
|
Term
|
Definition
Access Control List
A list of statements used by a router to permit or deny the forwarding of traffic on a network based on one or more criteria. |
|
|
Term
| Advanced Encryption Standard |
|
Definition
| A private key encryption algorithm that weaves keys of 128, 160, 192, or 256 bits through data multiple times. The algorithm used in the most popular form of AES is known as Rijndael. AES has replaced DES in situations such as military communications, which require the highest level of security. |
|
|
Term
|
Definition
(Advanced Encryption Standard)
A private key encryption algorithm that weaves keys of 128, 160, 192, or 256 bits through data multiple times. The algorithm used in the most popular form of AES is known as Rijndael. AES has replaced DES in situations such as military communications, which require the highest level of security. |
|
|
Term
|
Definition
(authentication header)
In the context of IPSec, a type of encryption that provides authentication of the IP packet's data payload through public key techniques. |
|
|
Term
|
Definition
| A network host that runs a proxy service. Proxy servers may also be called gateways. |
|
|
Term
| Application layer gateway |
|
Definition
| A network host that runs a proxy service. Proxy servers may also be called gateways. |
|
|
Term
|
Definition
(authentication service)
In Kerberos terminology, the process that runs on a KDC (Key Distribution Center) to initially validate a client who's logging on. The authentication service issues a session key to the client and to the service the client wants to access. |
|
|
Term
|
Definition
| A type of encryption (such as public key encryption) that uses a different key for encoding data than is used for decoding the ciphertext. |
|
|
Term
| authentication, authorization, and accounting |
|
Definition
| The name of a category of protocols that establish a client's identity; check the client's credentials and, based on those, allow or deny access to a system or network; and, finally, track the client's system or network usage. |
|
|
Term
|
Definition
| In the context of IPSec, a type of encryption that provides authentication of the IP packet's data payload through public key techniques. |
|
|
Term
|
Definition
| A set of rules that governs how servers authenticate clients. Several types of authentication protocols exist. |
|
|
Term
|
Definition
| In Kerberos terminology, the process that runs on a KDC (Key Distribution Center) to initially validate a client who's logging on. The authentication service issues a session key to the client and to the service the client wants to access. |
|
|
Term
|
Definition
| In Kerberos authentication, the user's time stamp encrypted with the session key. The authenticator is used to help the service verify that a user's ticket is valid. |
|
|
Term
|
Definition
| A method of authentication in which a device scans an individual's unique physical characteristics (such as the color patterns in her iris or the geometry of her hand) to verify the user's identity. |
|
|
Term
|
Definition
| An attempt to discover an encryption key or password by trying numerous possible character combinations. Usually, a brute force attack is performed rapidly by a program designed for that purpose. |
|
|
Term
|
Definition
(certificate authority)
An organization that issues and maintains digital certificates as part of the Public-key Infrastructure. |
|
|
Term
|
Definition
| An organization that issues and maintains digital certificates as part of the Public-key Infrastructure. |
|
|
Term
|
Definition
| A random string of text issued from one computer to another in some forms of authentication. It is used, along with the password (or other credential), in a response to verify the computer's credentials. |
|
|
Term
| Challenge Handshake Authentication Protocol |
|
Definition
| An authentication protocol that operates over PPP and that requires the authenticator to take the first step by offering the other computer a challenge. The requestor responds by combining the challenge with its password, encrypting the new string of characters and sending it to the authenticator. The authenticator matches to see if the requestor's encrypted string of text matches its own encrypted string of characters. If so, the requester is authenticated and granted access to secured resources. |
|
|
Term
|
Definition
(Challenge Handshake Authentication Protocol)
An authentication protocol that operates over PPP and that requires the authenticator to take the first step by offering the other computer a challenge. The requestor responds by combining the challenge with its password, encrypting the new string of characters and sending it to the authenticator. The authenticator matches to see if the requestor's encrypted string of text matches its own encrypted string of characters. If so, the requester is authenticated and granted access to secured resources. |
|
|
Term
|
Definition
| The unique data block that results when an original piece of data (such as text) is encrypted (for example, by using a key). |
|
|
Term
|
Definition
| In the context of SSL encryption, a message issued from the client to the server that contains information about what level of security the client's browser is capable of accepting and what type of encryption the client's browser can decipher (for example, RSA or Diffie-Hellman). The client_hello message also establishes a randomly generated number that uniquely identifies the client, plus another number that identifies the SSL session. |
|
|
Term
| content-filtering firewall |
|
Definition
| A firewall that can block designated types of traffic from entering a protected network. |
|
|
Term
|
Definition
| A popular private key encryption technique that was developed by IBM in the 1970s. |
|
|
Term
|
Definition
| A technique in which attackers run a program that tries a combination of a known user ID and, for a password, every word in a dictionary to attempt to gain access to a network. |
|
|
Term
|
Definition
| The first commonly used public, or asymmetric, key algorithm. Diffie-Hellman was released in 1975 by its creators, Whitfield Diffie and Martin Hellman. |
|
|
Term
|
Definition
| A password-protected and encrypted file that holds an individual's identification information, including a public key and a private key. The individual's public key is used to verify the sender's digital signature, and the private key allows the individual to log on to a third-party authority who administers digital certificates. |
|
|
Term
|
Definition
| The perimeter of a protected, internal network where users, both authorized and unauthorized, from external networks can attempt to access it. Firewalls and IDS/IPS systems are typically placed in the DMZ. |
|
|
Term
|
Definition
| A security attack in which a system becomes unable to function because it has been inundated with requests for services and can't respond to any of them. As a result, all data transmissions are disrupted. |
|
|
Term
|
Definition
(Data Encryption Standard)
A popular private key encryption technique that was developed by IBM in the 1970s. |
|
|
Term
|
Definition
(demilitarized zone)
The perimeter of a protected, internal network where users, both authorized and unauthorized, from external networks can attempt to access it. Firewalls and IDS/IPS systems are typically placed in the DMZ. |
|
|
Term
|
Definition
| A security attack in which an outsider forges name server records to falsify his host's identity. |
|
|
Term
|
Definition
(Extensible Authentication Protocol)
A Data Link layer protocol defined by the IETF that specifies the dynamic distribution of encryption keys and a preauthentication process in which a client and server exchange data via an intermediate node (for example, an access point on a wireless LAN). Only after they have mutually authenticated can the client and server exchange encrypted data. EAP can be used with multiple authentication and encryption schemes. |
|
|
Term
|
Definition
| A vendor-independent IEEE standard for securing transmission between nodes according to the transmission's port, whether physical or logical. 802.1x, also known as EAPoL, is the authentication standard followed by wireless networks using 802.11i. |
|
|
Term
|
Definition
(EAP over LAN)
A vendor-independent IEEE standard for securing transmission between nodes according to the transmission's port, whether physical or logical. 802.1x, also known as EAPoL, is the authentication standard followed by wireless networks using 802.11i. |
|
|
Term
| Encapsulating Security Payload |
|
Definition
| In the context of IPSec, a type of encryption that provides authentication of the IP packet's data payload through public key techniques. In addition, ESP also encrypts the entire IP packet for added security. |
|
|
Term
|
Definition
| The use of an algorithm to scramble data into a format that can be read only by reversing the algorithm—decrypting the data—to keep the information private. The most popular kind of encryption algorithm weaves a key into the original data's bits, sometimes several times in different sequences, to generate a unique data block. |
|
|
Term
|
Definition
| Computers or specialized adapters inserted into other devices, such as routers or servers, that perform encryption. |
|
|
Term
|
Definition
(Encapsulation Security Payload)
In the context of IPSec, a type of encryption that provides authentication of the IP packet's data payload through public key techniques. In addition, ESP also encrypts the entire IP packet for added security. |
|
|
Term
|
Definition
| An exploit in which a rogue access point masquerades as a legitimate access point, using the same SSID and potentially other identical settings. |
|
|
Term
|
Definition
| In the context of network security, the means by which a hacker takes advantage of a vulnerability. |
|
|
Term
| Extensible Authentication Protocol |
|
Definition
| A Data Link layer protocol defined by the IETF that specifies the dynamic distribution of encryption keys and a preauthentication process in which a client and server exchange data via an intermediate node (for example, an access point on a wireless LAN). Only after they have mutually authenticated can the client and server exchange encrypted data. EAP can be used with multiple authentication and encryption schemes. |
|
|
Term
|
Definition
| A security attack in which an Internet user sends commands to another Internet user's machine that cause the screen to fill with garbage characters. A flashing attack causes the user to terminate her session. |
|
|
Term
|
Definition
| A security exploit in which an FTP client specifies a different host's IP address and port number for the requested data's destination. By commanding the FTP server to connect to a different computer, a hacker can scan the ports on other hosts and transmit malicious code. To thwart FTP bounce attacks, most modern FTP servers will not issue data to hosts other than the client that originated the request. |
|
|
Term
|
Definition
| Traditionally, a person who masters the inner workings of operating systems and utilities in an effort to better understand them. More generally, an individual who gains unauthorized access to systems or networks with or without malicious intent. |
|
|
Term
|
Definition
| One of several protocols within SSL, and perhaps the most significant. As its name implies, the handshake protocol allows the client and server to authenticate (or introduce) each other and establishes terms for how they securely exchange data during an SSL session. |
|
|
Term
|
Definition
| (host-based intrusion detection) |
|
|
