Shared Flashcard Set

Details

Security + SY0-501
Security + Flash Cards SY0-501 (SY0-401)
940
Computer Networking
Not Applicable
03/08/2018

Additional Computer Networking Flashcards

 


 

Cards

Term
3DES
Definition
A symmetric encryption algorithm that encrypts data by processing each block of data three times, using a different DES key each time.
Term
802.11
Definition
A family of protocols developed by the IEEE for wireless LAN communication between wireless devices or between wireless devices and a base station.
Term
802.11 a
Definition
A fast, secure, but relatively expensive protocol for wireless communication. The 802.11a protocol supports speeds up to 54 Mbps in the 5 GHz frequency.
Term
802.ll ac
Definition
A wireless communication protocol that improves upon 802.1ln by adding wider channels to increase throughput.
Term
802.11 b
Definition
The first specification to be called Wi-Fi,is the least expensive wireless network protocol used to transfer data among computers with wireless network cards, or between a wireless computer or device and a wired LAN. The 802.11 b protocol provides for an 11 Mbps transfer rate in the 2.4 GHz frequency.
Term
802.ll g
Definition
A specification for wireless data throughput at the rate of up to 54 Mbps in the 2.4 GHz band that is a potential replacement for 802.11b.
Term
802.ll n
Definition
A wireless standard for home and business implementations that adds QoS features and multimedia support to 802.11a
Term
802. TX
Definition
A standard for encapsulating EAP communications over a LAN or wireless LAN and that provides port-based authentication.
Term
AAA
Definition
A security concept where a centralized platform verifies object identification, ensures the object is assigned relevant permissions, and then logs these actions to create an audit trail.
Term
AAR
Definition
An analysis of events that can provide insight into how to improve response processes in the future.
Term
ABAC
Definition
An access control technique that evaluates a set of attributes that each subject possesses to determine if access should be granted.
Term
access control
Definition
The process of determining and assigning privileges to resources, objects, and data.
Term
access recertification
Definition
A security control where user access privileges are audited to ensure they are accurate and adhere to relevant standards and regulations.
Term
account management
Definition
A common term used to refer to the processes, functions, and policies used to effectively manage user accounts within an organization.
Term
account policy
Definition
A document that includes an organization's requirements for account creation, monitoring, and removal.
Term
accountability
Definition
The process of determining who to hold responsible for a particular activity or event.
Term
accounting
Definition
The process of tracking and recording system activities and resource access.
Term
ACL
Definition
On a router, a list that is used to filter network traffic and implement anti-spoofing measures. In a DAC access control scheme, a list that is associated with each object, specifying the subjects that can access the object and their levels of access.
Term
Active Directory
Definition
the standards-based directory service from Microsoft that runs on Microsoft Windows servers.
Term
active-active
Definition
A redundancy mode used by load balancers to router traffic through primary (active) Load balancer is on standby in case of failure of the active device
Term
active-passive
Definition
A redundancy mode used by load balancers to route traffic equally through two load balancers. balancers to route traffic through a primary (active) load balancer while the other (passive) load balancer is on standby in case of failure of the active Device
Term
adaptive chosen ciphertext attack
Definition
A cryptographic attack where the attacker repeatedly encrypts a selected cipher text message and tries to find the matching plain text. Each subsequent attack is based on the results of the previous attack.
Term
adaptive chosen plaintext attack
Definition
A cryptographic attack where the attacker repeatedly encrypts a selected plain text message and analyzes the resulting cipher-text to crack the cipher. Each subsequent attack is based on the results of the previous attack.
Term
adware
Definition
Software that automatically displays or downloads advertisements when it is used.
Term
AES
Definition
A symmetric 128-, 192-, or 256-bit block cipher based on the Rijndael algorithm developed by Belgian cryptographers Joan Daemen and Vincent Rijmen and adopted by the U.S. government as its encryption standard to replace DES.
Term
affinity
Definition
A scheduling approach used by load balancers to route traffic to devices that have already established connections with the client in question
Term
aggregation switch
Definition
A network device that combines multiple ports into a single link in order enhance redundancy and increase bandwidth.
Term
agile model
Definition
A software development model that focuses on iterative and incremental development to account for evolving requirements and expectations
Term
AH
Definition
An IPSec protocol that provides authentication for the origin of transmitted data as well as integrity and protection against replay attacks.
Term
air gap
Definition
A type of network isolation that physically separates a network from all other networks.
Term
ALE
Definition
The total cost of a risk to an organization on an annual basis.
Term
amplification attack
Definition
A network-based attack where the attacker dramatically increases the bandwidth sent to a victim during a DDoS attack by implementing an amplification factor
Term
anomaly-based monitoring
Definition
A network monitoring system that uses a baseline of acceptable outcomes or event patterns to identify events that fall outside the acceptable range.
Term
ANT
Definition
A proprietary wireless network technology that is similar to Bluetooth implementations that consume a smaller amount of energy.
Term
anti-malware software
Definition
A category of software programs that scan a computer or network for known viruses, Trojans, worms, and other malicious software.
Term
anti-spam
Definition
A program that will detect specific words that are commonly used in spam messages
Term
anti-spyware
Definition
Software that is specifically designed to protect systems against spyware attacks
Term
antivirus
Definition
An application that scans files for executable code that matches specific patterns that are known to be common to viruses.
Term
application blacklisting
Definition
The practice of preventing undesirable programs from running on a computer, computer network, or mobile device
Term
application container/Applicatio Cell
Definition
A virtualization method where applications run in isolated containers on the host operating system instead of in separate VM's
Term
application whitelisting
Definition
The practice of allowing approved programs to run on a computer, computer network, or mobile device
Term
APT
Definition
A threat that uses multiple attack vectors to gain unauthorized access to sensitive resources and then maintain that access for a long period of time.
Term
armored virus
Definition
A virus that can conceal its location or otherwise render itself harder to detect by anti-malware programs.
Term
ARO
Definition
How many times per year a particular loss is expected to occur.
Term
ARP
Definition
(Address Resolution Protocol) The mechanism by which individual hardware MAC addresses are matched to an IP address on a network.
Term
ARP poisoning
Definition
A network-based attack where an attacker with access to the target network redirects an IP address to the MAC address of a computer that is not the intended recipient.
Term
ARP spoofing
Definition
A network-based attack where an attacker with access to the target network redirects an IP address to the MAC address of a computer that is not the intended recipient
Term
asset management
Definition
The process of taking inventory of and tracking all of an organization's objects of value.
Term
asymmetric encryption
Definition
A two-way encryption scheme that uses paired private and public keys.
Term
attack
Definition
Any technique used to exploit a vulnerability in an application or physical computer system without the authorization to do so.
Term
attack surface
Definition
The portion of a system or application that is exposed and available to attackers.
Term
attacker
Definition
A term for users who gain unauthorized access or cause damage to computers and networks for malicious purposes.
Term
auditing
Definition
The portion of accounting that entails security professionals examining logs of what was recorded.
Term
AUP
Definition
A policy that defines the rules for user behavior with regard to using organizational resources.
Term
authentication
Definition
A method of validating a particular entity's or individual's unique credentials.
Term
authorization
Definition
The process of determining what rights and privileges a particular entity has.
Term
availability
Definition
The fundamental security goal of ensuring that computer systems operate continuously and that authorized persons can access data that they need.
Term
backdoor
Definition
A mechanism for gaining access to a computer that bypasses or subverts the normal method of authentication.
Term
backdoor attack
Definition
A type of attack where the attacker creates a software application or bogus user account to gain access to a system and its resources.
Term
backout contingency plan
Definition
A documented plan that includes specific procedures and processes that are applied in the event that a change or modification made to a system must be undone
Term
banner grabbing
Definition
The act of collecting information about network hosts by examining text-based welcome screens that are displayed by some hosts.
Term
baseline report
Definition
A collection of security and configuration settings that are to be applied to a particular system or network in the organization.
Term
BCP
Definition
A policy that describes and ratifies the organization's overall business continuity strategy.
Term
bcrypt
Definition
A key-derivation function based on the Blowfish cipher algorithm.
Term
behavior-based monitoring
Definition
A network monitoring system that detects changes in normal operating data sequences and identifies abnormal sequences.
Term
BIA
Definition
A systematic activity that identifies organizational risks and determines their effect on ongoing, mission critical operations.
Term
biometrics
Definition
Authentication schemes based on individuals' physical characteristics.
Term
BIOS
Definition
A firmware interface that initializes hardware for an operating system boot.
Term
birthday attack
Definition
A type of password attack that exploits weaknesses in the mathematical algorithms used to encrypt passwords, in order to take advantage of the probability of different password inputs producing the same encrypted output.
Term
bitcoin
Definition
A decentralized, encrypted electronic payment system that is used by legitimate entities and threat actors alike.
Term
black box test
Definition
A penetration test where the tester is given no information about the system being tested.
Term
black hat
Definition
A hacker who exposes vulnerabilities without organizational consent, for financial gain or for some malicious purpose.
Term
blacklisting
Definition
The practice of preventing undesirable programs from running on a computer, computer network, or mobile device
Term
block cipher
Definition
A type of symmetric encryption that encrypts data one block at a time, often in 64-bit blocks. It is usually more secure, but is also slower, than stream ciphers.
Term
Blowfish
Definition
A freely available 64-bit block cipher algorithm that uses a variable key length.
Term
bluejacking
Definition
A wireless attack where an attacker sends unwanted Bluetooth signals from a smartphone, mobile phone, tablet, or laptop to other Bluetooth-enabled devices.
Term
bluesnarfing
Definition
A wireless attack where an attacker gains access to unauthorized information on a wireless device by using a Bluetooth connection.
Term
Bluetooth
Definition
A short-range wireless radio network transmission medium normally used to connect two personal devices, such as a mobile phone and a wireless headset
Term
botnet
Definition
A set of computers that has been infected by a control program called a bot that enables attackers to exploit the computers to mount attacks.
Term
BPA
Definition
A business agreement that defines how a partnership between organizations will be conducted, and what is expected of each organization.
Term
brandjacking
Definition
A type of hijacking attack where the attacker steals a domain name by altering its registration information and then transferring the domain name to another entity. Sometimes referred to as brandjacking
Term
bridge
Definition
A device similar to a switch that has one port for incoming traffic and one port for outgoing traffic.
Term
brute force attack
Definition
A type of password attack where an attacker uses an application to exhaustively try every possible alphanumeric combination to crack encrypted passwords.
Term
buffer overflow
Definition
An application attack that exploits fixed data buffer sizes in a target piece of software by sending data that is too large for the buffer.
Term
business continuity
Definition
A collection of processes that enable an organization to maintain normal business operations in the face of some adverse event.
Term
BYOD
Definition
A mobile deployment model that describes how employees can use their own personal mobile devices to get work done, if they so choose.
Term
CA
Definition
A server that can issue digital certificates and the associated public/ private key pairs.
Term
CA hierarchy
Definition
A single CA or group of CAs that work together to issue digital certificates.
Term
CAC
Definition
A smart card that provides certificate-based authentication and supports two-factor authentication
Term
captive portal
Definition
A web page that a client is automatically directed to when connecting to a network, usually through public WI-FI.
Term
CASB
Definition
A service offered by some SECaaS vendors to establish security gateways sitting between the organization's on­ premises network and the cloud network, ensuring that traffic both ways complies with policy.
Term
CBC
Definition
An encryption mode of operation where an exclusive or (XOR) is applied to the first plain text block.
Term
CC
Definition
A set of standards developed by a group of governments working together to create a baseline of security assurance for a trusted operating system (TOS).
Term
CCMP
Definition
An AES cipher-based encryption protocol used in WPA2.
Term
CCTV
Definition
The use of surveillance cameras that do not openly broadcast signals.
Term
cellular network
Definition
A connection method that enables mobile devices to connect to wireless transceivers in fixed locations all over the world.
Term
CER
Definition
A metric for bio metric devices that describes the threshold values of the FAR and FRR. A low CER signifies a highly accurate biometric system.
Term
certificate chaining
Definition
A linked path of verification and validation to ensure the validity of a digital certificate's issuer
Term
certificate pinning
Definition
A method of trusting digital certificates that bypasses the CA hierarchy and chain of trust to minimize man-in-the-middle attacks.
Term
CFB
Definition
An encryption mode of operation where an initialization vector (IV) is encrypted before its result is XORed with the previous plain text block.
Term
chain of custody
Definition
The record of evidence history from collection, to presentation in court, to disposal.
Term
chain of trust
Definition
A linked path of verification and validation to ensure the validity of a digital certificate' issuer.
Term
change management
Definition
The process of approving and executing change in order to assure maximum security, stability, and availability of IT services.
Term
CHAP
Definition
An encrypted remote access authentication method that enables connections from any authentication method requested by the server, except for PAP and SPAP un-encrypted authentication.
Term
checkpoint
Definition
The state of a virtual machine at a specific point in time.
Term
chosen ciphertext attack
Definition
A cryptographic attack where the attacker analyzes a selected cipher text message and tries to find the matching plain text.
Term
chosen plaintext attack
Definition
A cryptographic attack where the attacker encrypts a selected plain text message and analyzes the resulting cipher text to crack the cipher.
Term
CIA triad
Definition
The three basic principles of security control and management: confidentiality, integrity, & availability. Also known as the information security triad or triple.
Term
cipher
Definition
An algorithm used to encrypt or decrypt data.
Term
cipher suite
Definition
A collection of symmetric and asymmetric encryption algorithms commonly used in SSL/TLS connections.
Term
ciphertext
Definition
Data that has been encoded and is unreadable
Term
ciphertext-only attack
Definition
A cryptographic attack where the attacker has access to the cipher text and tries to use frequency analysis or other methods to break the cipher
Term
cleartext
Definition
Unencrypted, readable data that is not meant to be encrypted
Term
clickjacking
Definition
A type of hijacking attack that forces a user to unintentionally click a link that is embedded in or hidden by other web page elements
Term
client-side Attack
Definition
A software attack that exploits the trust relationship between a client and the server it connects t
Term
cloud computing
Definition
A method of computing that involves real-time communication over large distributed networks to provide the resources, software, data, & media needs of a user, business, or organization
Term
COBIT 5
Definition
A framework for IT management and governance created by ISACA
Term
code review
Definition
An evaluation used to identify potential weaknesses in an application
Term
code signing
Definition
A form of digital signature that guarantees that source code and application binaries are authentic and have not been tampered wit
Term
cold site
Definition
A predetermined alternate location where a network can be rebuilt after a disaster
Term
collision
Definition
The act of two different plain text inputs producing the same exact cipher-text output
Term
compiled code
Definition
Code that is converted from high-level programming language source code into a lower level code that can then be directly executed by the system.
Term
compliance
Definition
The practice of ensuring that the requirements of legislation, regulation s, industry codes and standards, and organizational standards are me
Term
computer forensics
Definition
The practice of collecting and analyzing data from storage devices, computer systems, networks, and wireless communications and presenting the information as a form of evidence in the court of law
Term
confidentiality
Definition
The fundamental security goal of keeping information and communications private and protected from unauthorized access
Term
confusion
Definition
A cryptographic technique that makes the relationship between an encryption key and its cipher-text as complex and opaque as possible
Term
Context Aware Authentication
Definition
A mobile device feature that takes each individual situation into consideration when deciding whether or not to authenticate a user or authorize access to remote apps and data
Term
continuous monitoring
Definition
The practice of Constantly scanning an environment for threats, vulnerabilities and other areas of risk
Term
controls
Definition
Countermeasures that avoid, mitigate, or counteract security risks due to threats and attacks
Term
cookie
Definition
A piece of data-such as an authentication token that is sent by a website to a client and stored on the client's computer
Term
cookie manipulation
Definition
An application attack where an attacker injects a meta tag in an HTTP header, making it possible to modify a cookie stored in a browser
Term
COOP
Definition
See business continuity
Term
COPE
Definition
A mobile deployment model that allows the organization to choose which devices they want employees to work with, while still allowing the employee some freedom to use the device for personal activities
Term
correction controls
Definition
A security mechanism that helps mitigate the consequences of a threat or attack from adversely affecting the computer system
Term
cracker
Definition
A user who breaks encryption codes, defeats software copy protections, or specializes in breaking into systems
Term
credential manager
Definition
An application that stores passwords in an encrypted database for easy retrieval by the appropriate user
Term
CRL
Definition
A list of certificates that were revoked before their expiration date
Term
crypto-malware
Definition
A form of ransomware that uses encryption to render the victim's data inaccessible
Term
cryptographic attack
Definition
A software attack that exploits weaknesses in cryptographic system elements such as code, ciphers, protocols, and key management systems
Term
cryptographic module
Definition
Any software or hardware solution that implements one or more cryptographic concepts, such as different encryption and decryption algorithm
Term
cryptographic salt
Definition
A security countermeasure that mitigates the impact of a rainbow table attack by adding a random value to ('salting") each plain text input
Term
cryptography
Definition
The science of hiding information, most commonly by encoding and decoding a secret code used to send messages
Term
CSP
Definition
A cryptographic module that implements Microsoft's CryptoAPI
Term
CSR
Definition
A message sent to a certificate authority in which a resource applies for a certificate
Term
CSRF
Definition
A web application attack that takes advantage of the trust established between an authorized user of a website and the website itself
Term
CTM
Definition
An encryption mode of operation where a numerical counter value is used to create a constantly changing IV
Term
CTR
Definition
An encryption mode of operation where a numerical counter value is used to create a constantly changing IV
Term
CYOO
Definition
A mobile deployment model that allows employees to select a mobile device from a list of accepted devices to use for work purposes.
Term
DAC
Definition
In DAC, access is controlled based on a user's identity. Objects are configured with a list of users who are allowed access to them. An administrator has the discretion to place the user on the list or not. If a user i-s on the list, the user is granted access; if the user is not on the list, access is denied
Term
damage controls
Definition
Security Measures implemented to prevent key assets from being damaged
Term
data at rest
Definition
Information that is primarily stored on specific media, rather than moving from one medium to another
Term
data disposal
Definition
The practice of thoroughly eliminating data from storage media so that it cannot be recovered.
Term
data exfiltration
Definition
The process by which an attacker takes data that is stored inside of a private network and moves it to an external network
Term
data in transit
Definition
Information that primarily moves from medium to medium, such as over a private network or the Internet
Term
data in use
Definition
Information that is currently being created, deleted, read from, or written to
Term
data retention
Definition
The process of maintaining the existence of and control over certain data in order to comply with business policies and/or applicable laws and regulations
Term
data security
Definition
The security controls and measures taken to keep an organization's data safe and accessible, and to prevent unauthorized access to it
Term
data sovereignty
Definition
The sociopolitical outlook of a nation concerning computing technology and information
Term
DDoS attack
Definition
A network-based attack where an attacker hijacks or manipulates multiple computers (through the use of zombies or drones) on disparate networks to carry out a DoS attack
Term
deciphering
Definition
The process of translating ciphertext to plaintext
Term
decryption
Definition
A cryptographic technique that converts ciphertext back to plaintext
Term
deduplication
Definition
A technique for removing duplicate copies of repeated data. In SIEM, the removal of redundant information provided by several monitored systems
Term
deep web
Definition
Those portions of the World Wide Web that are not indexed by standard search engines.
Term
defense in depth
Definition
A more comprehensive approach to layered security that also includes non-technical defenses like user training and physical protection
Term
degaussing
Definition
A data disposal method that applies a strong magnetic force to a disk drive so that it loses its magnetic charge and is rendered inoperable.
Term
DEP
Definition
A Windows feature that prevents malicious code in memory from executing
Term
DES
Definition
(Data Encryption Standard) A symmetric encryption algorithm that encrypts data in 64- bit blocks using a 56-bit key, with 8 bits used for parity
Term
detection
Definition
The act of determining if a user has tried to access unauthorized data, or scanning the data and networks for any traces left by an intruder in any attack against the system.
Term
detection controls
Definition
A security mechanism that helps to discover if a threat or vulnerability has entered into the computer system
Term
device
Definition
A piece of hardware such as a. computer, server, printer, or smartphone
Term
DevOps
Definition
A combination of software development and systems operations, and refers to the practice of integrating one discipline with the other
Term
DH
Definition
A cryptographic protocol that provides for secure key exchange
Term
DHCP
Definition
A protocol used to automatically assign IP addressing information to IP network computers.
Term
DHE
Definition
A cryptographic protocol that is based on Diffie-Hellman and that provides for secure key exchange by using ephemeral keys.
Term
Diameter
Definition
An authentication protocol that allows for a variety of connection types, such as wireless.
Term
dictionary attack
Definition
A type of password attack that compares encrypted passwords against a predetermined list of possible password values
Term
Differential backup
Definition
A backup type in which all selected files that have changed since the last full bach-up are backed up
Term
diffusion
Definition
A cryptographic technique that makes ciphertext change drastically upon even the slightest changes in the plaintext input
Term
digital certificate
Definition
An electronic document that associates credentials with a public key
Term
digital signature
Definition
A message digest that has been encrypted again with a user's private key
Term
directory service
Definition
A network service that stores identity information about all the objects in a particular network, inchiding users, groups, servers, client computers, and printers
Term
directory traversal
Definition
An application attack that allows access to commands, files, and directories that may or may not be connected to the web document root directory
Term
disaster recovery
Definition
A major component of business continuity that focuses on repairing, reconstructing, restoring, and replacing systems, personnel, and other
Term
DLL injection
Definition
A software vulnerability that can occur when a Wmdows-based application attempts to force another mnning application to load a dynamic­ link library (DLL) in memory that could cause the victini application to experience instability or leak sensitive information
Term
DLP
Definition
A software solution that detects and prevents sensitive information in a system or network &om being stolen or otherwise falling into the wrong hands
Term
DMZ
Definition
A small section of a private network that is located behind one firewall or between two firewalls and made available for public access
Term
DNS
Definition
The service that maps names to IP addresses on most TCP/IP networks, including the Internet
Term
DNS hijacking
Definition
A hijacking attack where an attacker sets up a rogue DNS server This rogue DNS server responds to legitimate requests with IP addresses for malicious or non-existent websites
Term
DNS poisoning
Definition
A network-based attack where an attacker exploits the traditionally open nature of the DNS system to redirect a domain name to an IP address of the attacker's choosing
Term
DNS spoofing
Definition
A network-based attack where an attacker exploits the traditionally open nature of the DNS system to redirect a domain name to an IP address of the attacker's choosing
Term
DNSSEC
Definition
A security protocol that provides authentication of DNS data and upholds DNS data integrity
Term
domain hijacking
Definition
A type of hijacking attack where the attack.er steals a domain name by altering its registration information and then transferring the domain name to another entity. Sometimes referred to as brandjacking
Term
DoS attack
Definition
A network-based attack where the attacker disables systems that provide network services by consuming a network link's available bandwidth, consuming a single system's available resources, or exploiting programming flaws in an application or operating system
Term
downgrade attack
Definition
A cryptographic attack where the attacker exploits the need for backward compatibility to force a computer system to abandon the use of encrypted messages in favor of plaintext messages
Term
driver manipulation
Definition
A software attack where the attacker rewrites or replaces the legitimate device driver or application programming interface (API) to enable malicious activity to be performed
Term
drone
Definition
A computer that has been infected with a bot and is being used by an attackr to mount an attack-also called a Zombie
Term
DRP
Definition
A policy that describes and ratifies the organization's disaster recovery strategy\
Term
DSA
Definition
A public key encryption standard used for digital signatures that provides authentication and integrity verification for messages\
Term
dumpster diving
Definition
A human-based attack where the goal is to reclaim important information by inspecting the contents of trash containers\
Term
DV
Definition
A type of digital certificate that proves that some entity has control over a particular domain name. Considered to be weaker than EV\\
Term
EAL
Definition
A rating from 1 to 7 that states the level of secure features offered by an operating system as defined by the Common Criteria (CC)
Term
EAP
Definition
A wireless authentication protocol that enables systems to use hardware-based identifiers, such as fingerprint scanners or smart card readers, for authentication
Term
EAP-FAST
Definition
An EAP method that is expected to address the shortcomings of LEAP.
Term
EAP-TLS
Definition
An EAP method that requires a client-side certificate for authentication using SSL/TLS.
Term
eavesdropping attack
Definition
A network attack that uses special monitoring software to gain access to private communications on the network wire or across a wireless network. Also known as a sniffing attack.
Term
ECB
Definition
An encryption mode of operation where each plain-text block is encrypted with the same key
Term
ECC
Definition
An asymmetric encryption technique that leverages the algebraic structures of elliptic curves over finite fields
Term
ECDHE
Definition
A cryptographic protocol that is based on Diffie­ Hellman and that provides for secure key exchange by using ephemeral keys and elliptic curve cryptography
Term
EER
Definition
A metric for bio metric devices that describes the threshold values of the FAR and FRR. A low CER signifies a highly accurate bio metric system
Term
EFS
Definition
Microsoft Windows NTFS-based public key encryption
Term
EIGRP
Definition
An improvement over IGRP that includes features that support VLSM and classfull and classless sub net masks
Term
elasticity
Definition
The property by which a computing environment can instantly react to both increasing and decreasing demands in workload
Term
embedded system
Definition
A computer hardware and software system that has a specific function within a larger system
Term
EMI
Definition
A disruption of electrical current that occurs when a magnetic field around one electrical circuit interferes with the signal being carried on an adjacent circuit
Term
EMP
Definition
A short burst of electrical interference caused by an abrupt and rapid acceleration of charged particles, which can short-circuit and damage electronic components
Term
enciphering
Definition
The process of translating plain-text to cipher-text
Term
encryption
Definition
A security technique that converts data from plain-text form into coded (or cipher-text) form so that only authorized parties with the necessary decryption information can decode and read the data
Term
endpoint protection
Definition
Software that incorporates anti-malware scanners into a larger suite of security controls
Term
ESP
Definition
An IPSec protocol that provides authentication for the origin of transmitted data, integrity and protection against replay attacks, and encryption to support the confidentiality of transmitted data
Term
EV
Definition
Considered to be stronger than DV
Term
evil twin
Definition
A wireless access point that deceives users into believing that it is a legitimate network access point
Term
extranet
Definition
A private network that provides some access to outside parties, particularly vendors, partners, and select customers
Term
failover
Definition
A technique that ensures a redundant component, device, or application can quickly and efficiently take over the functionality of an asset that has failed
Term
false negative
Definition
Something that is identified by a scanner or other assessment tool as not being a vulnerability, when in fact it is
Term
false positive
Definition
Something that is identified by a scanner or other assessment tool as being a vulnerability, when in fact it is not
Term
FAR
Definition
A metric for bio metric devices that describes the percentage of unauthorized users who were incorrectly authenticated by a bio metric system
Term
Faraday cage
Definition
A wire mesh container that blocks external electromagnetic fields from entering into the container
Term
fault tolerance
Definition
The ability of a computing environment to withstand a foreseeable component failure and continue to provide an acceptable level of service
Term
FDE
Definition
A storage technology that encrypts an entire storage drive at the hardware level
Term
firewall
Definition
A software or hardware device that protects a system or network by blocking unwanted network traffic
Term
first responder
Definition
The first experienced person or team to arrive at the scene of an incident
Term
Flash cookies
Definition
Locally Shared Object-Data Stored on a users computer after visiting a website that uses Adobe Flash Player-these can be used to track a users's activity
Term
flood guard
Definition
A security control in network switches that protects hosts on the switch against SYN flood and ping flood DoS attacks.
Term
Fraggle attack
Definition
A DoS attack where the attacker sends spoofed UDP traffic to a router's broadcast address, intending for a large amount of UDP traffic to be .returned to the target computer
Term
frequency analysis
Definition
A cryptographic analysis technique where an attacker identifies repeated letters or groups of letters and compares them to how often they occur in plain-text, in an attempt to fully or partially reveal the plain-text message
Term
FRR
Definition
A metric for bio metric devices that describes the percentage of authorized users who were incorrectly rejected by a bio metric system
Term
FTP
Definition
A communications protocol that enables the transfer of files between a user's workstation and a remote host
Term
FTP over SSH
Definition
A secure version of the File Transfer Protocol that uses a Secure Shell tunnel as an encryption method to transfer, access, and manage files
Term
FTP-SSL
Definition
A protocol that combines the use of FTP with additional support for TLS and SSL
Term
FTPS
Definition
A protocol that combines the use of FTP with additional support for TLS and SSL
Term
full backup
Definition
A backup type in which all selected files,regardless of prior state, are backed up
Term
full connect scan
Definition
A type of port scan that completes the three way handshake, identifies open ports, and collects information about network hosts by banner grabbing
Term
fuzzing
Definition
A dynamic code analysis technique that involves sending a running application random and unusual input so as to evaluate how the app responds
Term
gain
Definition
The reliable connection range and power of a wireless signal, measured in decibels
Term
GCM
Definition
An encryption mode of operation that adds authentication to the standard encryption services of a cipher mode
Term
geofencing
Definition
The practice of creating a virtual boundary based on real-world geography
Term
geolocation
Definition
The process of identifying the real-world geographic location of an object, often by associating a location such as a street address with an IP address, hardware address, Wi-Fi positioning system, GPS coordinates, or some other form of information
Term
geotagging
Definition
The process of adding geographic location metadata to captured media such as pictures or videos
Term
GPG
Definition
A free open-source version of PG P that provides the equivalent encryption and authentication services
Term
grey box test
Definition
A penetration test where the tester may have knowledge of internal architectures and systems, or other preliminary information about the system being tested
Term
grey hat
Definition
A hacker who exposes security flaws in applications and operating systems without consent, but not ostensibly for malicious purposes
Term
guideline
Definition
Suggestions, recommendations, or best practices for how to meet a policy standard
Term
hacker
Definition
Someone who excels at programming or managing and configucing computer systems, or has the skills to gain access to computer systems through unauthorized or unapproved means
Term
hacktivist
Definition
A hacker who gains unauthorized access to and causes disruption in a computer system in an attempt to achieve political or social change
Term
hardening
Definition
A security technique in which the default configuration of a system is altered to protect the system against attacks
Term
hardware attack
Definition
An attack that targets a computer's physical components and peripherals, including its hard disk, motherboard, keyboard, network cabling, or smart card reader, and is designed to destroy hardware or acquire sensitive information stored on the hardware
Term
hash
Definition
The value that results from hashing encryption. Also known as hash value or message digest
Term
hash value
Definition
The value that results from hashing encryption. Also known as hash value or message digest
Term
hashing
Definition
A process or function that transforms plaintext into ciphertext that cannot be directly decrypted
Term
heuristic monitoring
Definition
A network monitoring system that uses known best practices and characteristics in order to identify and fix issues within the network
Term
HIDS
Definition
A type of IDS that monitors a computer system for unexpected behavior or drastic changes to the system's state
Term
high availability
Definition
The property that defines how closely systems approach the goal of providing data availability 100 percent of tl1e time while maintaining a high level of system performance
Term
hijacking
Definition
A group of network-based attacks where an attacker gains control of the communication between two systems, often masquerading as one of the entities
Term
HIPS
Definition
A type of IPS that monitors a computer system for unexpected behavior or drastic changes to the system's state and reacts in real time to block it
Term
HMAC
Definition
A method used to verify both the integrity and authenticity of a message by combining cryptographic hash functions, such as MDS or SHA -1, with a secret key
Term
hoax
Definition
An email-based, IM-based, or web-based attack that is intended to trick the user into performing unnecessary or undesired actions, such as deleting important system files in an attempt to remove a virus, or sending money or important information via email or online forms
Term
honeynet
Definition
An entire dummy network used to lure attackers
Term
honeypot
Definition
A security tool used to lure attackers away from the actual network components. Also called a decoy or sacrificial lamb
Term
host-based firewall
Definition
Software that is installed on a single system to specifically guard against networking attacks
Term
hot and cold aisle
Definition
A method used within data centers and computer rooms to control the temperature and humidity by directing the flow of hot and cold air
Term
hot site
Definition
A fully configured alternate network that can be online quickly after a disaster
Term
hotfix
Definition
A patch that is often issued on an emergency basis to address a specific security flaw
Term
HOTP
Definition
An algorithm that generates a one-time passwo.rd using a hash-based authentication code to verify the authenticity of the message
Term
HSM
Definition
A physical device that provides root of trust capabilities
Term
HTTP
Definition
A protocol that defines the interaction between a web server and a browser
Term
HTTPS
Definition
A secure version of HTTP that provides a secure connection between a web browser and a server
Term
HVAC
Definition
A system that controls the air quality and flow inside a building
Term
hybrid password attack
Definition
An attack that uses multiple attack methods, including dictionary, rainbow table, and brute force attacks when trying to crack a password
Term
hypervisor
Definition
A layer of software that separates a VM's software from the physical hardware it mns on
Term
laaS
Definition
A computing method that uses the cloud to provide any or all infrastructure needs
Term
IAM (I AM)
Definition
A security process that provides identification, authentication, and authorization mechanisms for users, computers, and other entities to work with organizational assets like networks, operating systems, and applications
Term
ICMP
Definition
An IP network service that reports on connections between two hosts
Term
ICS
Definition
A networked system that controls critical infrastructure such as water, electrical, transportation, and telecommunication services
Term
identification
Definition
The process of claiming some information about the nature of a paiticular entity
Term
identity federation
Definition
The practice of linking a single identity across multiple disparate identity management systems
Term
IDS
Definition
A software and/or hardware system that scans, audits, and monitors the security infrastructure for signs of attacks in progress
Term
IEEE
Definition
A professional association of electrical and electronics engineers that develops industry standards for a variety of technologies
Term
IGRP
Definition
A distance-vector routing protocol developed by Cisco as an improvement over RIP and RIP v2.
Term
IM
Definition
A type of communication service which involves a private dialogue between two persons via instant text-based messages over the Internet
Term
IMAP
Definition
A protocol used to retrieve email messages and folders from a mail server
Term
IMAP over SSL/TLS
Definition
a version of the internet Message Access Protocol that uses SSL or TLS to provide secure communication between mail client and the mail server
Term
IMAPS
Definition
a version of the internet Message Access Protocol that uses SSL or TLS to provide secure communication between mail client and the mail server
Term
immutable system
Definition
A system that is not upgraded in-place, but is progranunatically destroyed and then recreated from scratch every time the configuration changes
Term
impersonation
Definition
A type of social engineering in which an attacker pretends to be someone they are not, typically to pretend to be average user in distress, or a help desk representative
Term
implicit deny
Definition
The principle that establishes that everything that is not explicitly allowed is denied
Term
incident report
Definition
A description of the events that occurred during a security incident
Term
incident response
Definition
The practice of using an organized methodology to address and manage security breaches and attacks while limiting danlige and reducing recovery costs
Term
incremental backup
Definition
A backup type in which all selected files that have changed since the last full or incremental backup (whichever was most recent) are backed up
Term
information security
Definition
The protection of available information or information resources from unauthorized access, attack, theft, or data damage
Term
information security triad
Definition
The three basic principles of security control and management: confidentiality, integrity, and availability. Also known as the information security triad or triple triad
Term
infrared transmission
Definition
A form of wireless transmission in which signals are sent as pulses of infrared light
Term
infrastructure as code
Definition
An information technology strategy that asserts that the organization's infrastructure can be quickly configured and deployed as desired through programming scripts and other code-files, rather than through standard software tools.
Term
input validation
Definition
Limits what data a user can enter into specific fields, like not allowing special characters in a user name field
Term
insider
Definition
Present and past employees, contractors, partners, and any entity that has access to proprietary confidential information and whose actions result in compromised security
Term
integrity
Definition
The fundamental security goal of keeping organizational information accurate, free of errors, and without unauthorized modifications
Term
interference
Definition
In wireless networking, the phenomenon by which radio waves from other devices interfere with the 802.11 wireless signals used by computing devices and other network devices
Term
Internet Protocol suite
Definition
The collection of rules required for Internet connectivity
Term
intranet
Definition
A private network that is only accessible by the organization's own personnel
Term
loT
Definition
(Internet of Things)(electronic or not) that are connected to the wider Internet by using embedded electronic components
Term
IP address spoofing
Definition
An attack in which an attacker sends IP packets from a false (or spoofed) source address to communicate with targets
Term
IPS
Definition
An inline security device that monitors suspicious network and/or system traffic and reacts in real time to block it
Term
IPSec
Definition
A set of open, non-proprietary standards that are used to secure data through authentication and encryption as the data travels across the network or the Internet
Term
IPv4
Definition
(IP version 4) An Internet standard that uses a 32-bit number assigned to a computer on a TCP /IP network
Term
IPv6
Definition
(IP version 6) An Internet standard that increases the available pool of IP addresses by implementing a 128-bit binary address space.
Term
IRP
Definition
A document or series of documents that describe procedures for detecting, responding to, and minimizing the effects of security incidents
Term
ISA
Definition
A business agreement that focuses on ensuring security between organizations in a partnership
Term
IS0/IEC 27001
Definition
A standard model for information systems management practices created by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC)
Term
IT contingency plan
Definition
A component of the business continuity plan (BCP) that specifies alternate IT procedures to switch over to when the organization is faced with an attack m disruption of service leading to a disaster
Term
ITIL
Definition
A comprehensive IT management structure derived from recommendations originally developed by the United Kingdom Government's Central Computer and Telecommunications Agency (CCTA)
Term
IV
Definition
A technique used in cryptography to generate random numbers to be used along with a secret key to provide data encryption
Term
IV attack
Definition
A wireless attack where the attacker is able to predict or control the IV of an encryption process, thus giving the attacker access to view the encrypted data that is supposed to be hidden from everyone else except the user or network
Term
jaiIbreaking
Definition
The process of removing software restrictions on an iOS device, allowing the user to run apps not downloaded from the official App Store
Term
Jamming
Definition
In wireless networking, the phenomenon by which radio waves from other devices interfere with the 802.11 wireless signals used by computing devices and other network devices
Term
job rotation
Definition
A concept that states that personnel -should rotate between job roles to prevent abuses of power, reduce boredom, and improve professional skills
Term
Kerberos
Definition
An authentication service that is based on a time-sensitive ticket-granting system. It uses an SSO method where the user enters access credentials that a.re then passed to the authentication server, which contains the allowed access credentials
Term
key
Definition
A specific piece of information that is used in conjunction with an algorithm to perform encryption and decryption
Term
key escrow
Definition
A method for backing up private keys to protect them while allowing trusted third parties to access the keys under certain conditions
Term
key escrow agent
Definition
A third party that maintains a backup copy of private keys
Term
key exchange
Definition
Any method by which cryptographic keys are transferred among users, thus enabling the use of a cryptographic algorithm
Term
key generation
Definition
The asymmetric encryption process of producing a public and private key pair using a specific application
Term
key stretching
Definition
A technique that strengthens potentially weak cryptographic keys, such as passwords or passphrases created by people , against brute force attacks
Term
keylogger
Definition
A hardware device or software application that recognizes and records every keystroke made by a user
Term
keystroke authentication
Definition
A type of authentication that relies on detailed information that describes exactly when a keyboard key is pressed and released as someone types information into a computer or other electronic device
Term
KPA
Definition
A cryptographic attack where the attacker has access to plain-text and the corresponding cipher-text, and tries to derive the correlation between them
Term
L2TP
Definition
The de facto standard VPN protocol for tunneling PPP sessions across a variety of network protocols such as IP, Frame Relay, or ATM
Term
layered security
Definition
An approach to operational security that incorporates many different avenues of defense
Term
LDAP
Definition
A simple network protocol used to access network directory databases, which store information about authorized users and their privileges, as well as other organizational information
Term
LDAP injection
Definition
An application attack that targets web-based applications by fabricating LDAP statements that are typically created by user input
Term
LDAPS
Definition
A method of implementing LDAP using SSL/TLS encryption
Term
LEAP
Definition
Cisco Systems' proprietary EAP implementation
Term
least privilege
Definition
The principle that establishes that users and software should have the minimal level of access that is necessary for them to perform the duties required of them
Term
legal hold
Definition
A process designed to preserve all relevant information when litigation is reasonably expected to occur
Term
live boot
Definition
The process of booting into an operating system that runs directly on RAM rather than being installed on a storage device
Term
LLR
Definition
(after-action report) An analysis of events that can provide insight into how to improve response processes in the future
Term
load balancer
Definition
A network device that distributes the network traffic or computing workload among multiple devices in a network
Term
logging
Definition
The act of recording data about activity on a computer
Term
logic bomb
Definition
A piece of code that sits dormant on a target computer until it is triggered by the occurrence of specific conditions, such as a specific date and time
Term
loss controls
Definition
Security measures implemented to prevent key assets from being damaged
Term
LSO
Definition
Data stored on a user's computer after visiting a website that uses Adobe Flash Player. These can be used to track a user's activity.
Term
M of N scheme
Definition
A mathematical control that takes into account the total number of key recovery agents (N) along with the number of agents required to perform a key recovery
Term
MAC
Definition
A system in which objects (files and other resources) are assigned security labels of varying levels, depending on the object's sensitivity. Users are assigned a security level or clearance, and when they try to access an object, their clearance is compared to the object's security label. If there is a matcl1, the user can access the object; if there is no match, the user is denied access.
Term
MAC address
Definition
A unique physical address assigned to each network adapter board at the time of its manufacture
Term
MAC address spoofing
Definition
An attack in which an attacker falsifies the factory-assigned MAC address of a device's network interface
Term
MAC filtering
Definition
The security technique of allowing or denying specific mac addresses from connecting to a network device.
Term
malicious actor
Definition
an entity hat is partially or wholly responsible for an incident that affects or has the potential to affect an organization's security
Term
malicious code
Definition
Undesired or unauthorized software that is placed into a target system to disrupt operations or to redirect system resources for the attacker's benefit
Term
malware
Definition
Malicious code, such as viruses, Trojans, or worms, which is designed to gain unauthorized access to, make unauthorized use of, or damage computer systems and networks
Term
malware sandboxing
Definition
The practice of isolating malware in a viitual environment where it can be safely analyzed without compromising production systems or the rest of the network
Term
man-in-the-browser attack
Definition
A type of network-based attack that combines a man-in-the-middle attack with the use of a Trojan horse to intercept and modify web transactions in real time
Term
man-in-the-middle attack
Definition
A form of eavesdropping where the attacker makes an independent connection between two victims and steals information to use fraudulently
Term
management controls
Definition
Procedures implemented to monitor the adllerence to organizational security policies
Term
mandatory vacation
Definition
A concept that states that personnel should be required to go on vacation for a period of time so their activities can be reviewed
Term
mantrap
Definition
A physical security control system that has a door at each end of a secure chamber
Term
M04
Definition
A hash algorithm, based on RFC 1320, that produces a 128-bit hash value and is used in message integrity checks for data authentication
Term
MD5
Definition
A hash algorithm, based on RFC 1321, that produces a 128-bit hash value and is used in IPSec policies for data authentication
Term
MOM
Definition
The process of tracking, controlling, and securing an organization's mobile infrastructure
Term
media
Definition
A method that connects devices to the network and carries data between devices.
Term
memory leak
Definition
A software vulnerability that can occur when software does not release allocated memory when it is done using it, potentially leading to system instability
Term
message digest
Definition
The value that results from hashing encryption. Also known as hash value or message digest
Term
microcontroller
Definition
An embedded systems component that consolidates the functionality of a CPU, memory module, and peripherals. Also known as system on chip (SoC)
Term
MIME
Definition
An extension of SMTP that enables the exchange of audio, video, images, applications, and other data formats through email
Term
model verification
Definition
The process of evaluating how well a software project meets the specifications that were defined earlier in development
Term
MOU
Definition
A non-legally binding business agreement that defines a common goal that cooperating entities work toward without direct monetary compensation
Term
MS-CHAP
Definition
A protocol that strengthens the password authentication provided by Protected Extensible Authentication Protocol (PEAP)
Term
MTBF
Definition
The rating on a device or component that predicts the expected time between failures
Term
MTD
Definition
The longest period of time a business can be inoperable without causing irrevocable business failure
Term
MTTF
Definition
The average time a device or component is expected to be in operation
Term
MTTR
Definition
The average time taken for a device or component to be repaired, replaced, or otherwise recover from a failure
Term
multi-factor authentication
Definition
An authentication scheme that requires validation of at least two distinct authentication factors
Term
mutual authentication
Definition
A security mechanism that requires that each party in a communication verifies the identity of every other party in the communication
Term
NAC
Definition
The collection of protocols, policies, and hardware that govern access of devices connecting to a network
Term
NAS
Definition
A RADIUS server configuration that uses a centralized server and clients
Term
NAT
Definition
A simple form of Internet security that conceals internal addressing schemes from the public Internet by translating between a single public address on the external side of a router and private, non-mutable addresses internally
Term
NDA
Definition
A contract that states that an individual will not share certain sensitive information to outside parties under penalty of law
Term
NetBIOS
Definition
A service that enables applications to properly communicate over different computers in a network
Term
network adapter
Definition
Hardware that translates the data between the network and a device
Term
network isolation
Definition
The general practice of keeping networks separate from one another
Term
network loop
Definition
The process of multiple connected switches bouncing traffic back and forth for an indefinite period of time
Term
network mapper
Definition
A device or program that can identify the logical topology of a network to reveal its connection pathways
Term
network operating system
Definition
Software that controls network traffic and access to network resources
Term
network segmentation
Definition
The division of a large network into smaller logical networks
Term
network segregation
Definition
The general practice of keeping networks separate from one another.
Term
network tap
Definition
A security control on network devices that creates a copy of network traffic to forward to a sensor or monitor like an IDS
Term
network-based firewalls
Definition
A hardware/ software combination that protects all the computers on a network behind the firewall
Term
networking enumerator
Definition
A device or program that can identify the logical topology of a network to reveal its connection pathways
Term
NFC
Definition
A mobile device communication standard that operates at very short range, often through physical contact
Term
NIDS
Definition
A system that uses passive hardware sensors to monitor traffic on a specific segment of the network
Term
NIPS
Definition
An active, inline security device that monitors suspicious network and/or system traffic and reacts in real time to block it
Term
NIST 800 Series
Definition
Publications by the National Institute of Standards and Technology (NIST) that focus on computer security standards
Term
non-persistence
Definition
The property by which a computing environment is discarded once it has finished its assigned task
Term
non-repudiation
Definition
The security goal of ensuring that the party that sent a transmission or created data remains associated with that data and cannot deny sending or creating that data
Term
nonce
Definition
An arbitrary number used only once in a cryptographic communication, often to prevent replay attacks
Term
normalization
Definition
A software development technique that tries to "repair" invalid input to strip any special encoding and automatically convert the input to a specific format that the application can handle
Term
NTLM
Definition
A challenge-response authentication protocol created by Microsoft for use in its products
Term
NTP
Definition
An Internet protocol that enables synchronization of device clock times in a network of devices by exchanging time signals
Term
OAuth
Definition
A token-based authorization protocol that is often used in conjunction with OpenID
Term
obfuscation
Definition
A technique that essentially "hides" or "camouflages" code or other information so that it is harder to read by unauthorized users
Term
OCSP
Definition
An HTTP­ based alternative to a certificate revocation list that checks the status of certificates
Term
OCSP stapling
Definition
A method of checking the status of digital certificates where a web server queries the OCSP server at specific .intervals, and the OCSP server responds by providing a time­ stamped digital signature. The web server appends this signed response to the SSL/TLS handshake with the client so that the client can verify the certificate's status
Term
OFB
Definition
An encryption mode of operation where the result of the encrypted IV is fed back to the subsequent operation
Term
offline brute force attack
Definition
A cryptographic attack where the attacker steals the password, and then tries to decode it by systematically guessing possible keystroke combinations that match the encrypted password
Term
OID
Definition
A series of numbers, separated by periods, that describe the identity of the owner of a digital certificate
Term
online brute force attack
Definition
A Cryptographic attack where the attacker tries to enter a succession of passwords, using the same interface as the target user application
Term
OpenlD
Definition
An identity federation method that enables users to be authenticated on cooperating websites by a third-party authentication service
Term
OpenlD Direct
Definition
An authentication layer that sits on top of the OAuth 2.0 authorization protocol
Term
operational controls
Definition
Security measures implemented to safeguard all aspects of day-to-day operations, functions, and activities
Term
order of restoration
Definition
A concept that dictates what types of systems to prioritize in disaster recovery efforts
Term
order of volatility
Definition
The order in which volatile data should be recovered from various storage locations and devices after a security incident occurs
Term
OSI model
Definition
A method of abstracting how different layers of a network structure interact with one another
Term
OSINT
Definition
Information that is legally collected from publicly available origins
Term
OTP
Definition
A password that is generated for use in one specific session and becomes invalid after the session ends
Term
PaaS
Definition
A computing method that uses the cloud to provide any platform type services.
Term
packet analyzer
Definition
A device or program that monitors network communications on the network wire or across a wireless network and captures data
Term
packet sniffing
Definition
An attack on wireless networks where an attacker captures data and registers data flows in order to analyze what data is contained in a packet
Term
PAP
Definition
A -remote access authentication service that sends user IDs and passwords as clear text
Term
pass the hash attack
Definition
A network-based attack where the attacker steals hashed user credentials and uses them as­ is to try to authenticate to the same network the hashed credentials originated on
Term
password attack
Definition
Any attack where the attacker tries to gain unauthorized access to and use of passwords
Term
patch
Definition
A small unit of supplemental code meant to address either a security problem or a functionality flaw in a software package or operating system
Term
PBKDF2
Definition
A key derivation function used in key stretching to make potentially weak cryptographic keys such as passwords less susceptible to brute force attacks
Term
PCBC
Definition
A encryption mode of operation in which each plain-text block is XORed with the previous plain-text and cipher-text blocks
Term
PEAP
Definition
Similar to EAP-TLS, PEAP is an open standard developed by a coalition made up of Cisco Systems, Microsoft, and RSA Security
Term
penetration test
Definition
A method of evaluating security by simulating an attack on a system
Term
persistence
Definition
A penetration testing technique where the tester has concluded the initial exploitation, and is now interested in maintaining access to the network
Term
Personal Identity Verification card
Definition
A smart card that meets the standards for FIPS 201, in that it is resistant to tampering and provides quick electronic authentication of the card's owner
Term
personnel management
Definition
The practice of ensuring that all of an organization's personnel, whether internal or external, ace complying with policy
Term
PFS
Definition
A characteristic of session encryption that ensures if a key used during a certain session is compromised, it should not affect data previously encrypted by that key
Term
PGP
Definition
A method of securing emails created to prevent attackers from intercepting and manipulating email and attachments by encrypting and digitally signing the contents of the email using public key cryptography
Term
pharming
Definition
An attack in which a request for a website, typically an e-commerce site, is redirected to a similar-looking, but fake, website
Term
phishing
Definition
A type of email-based social engineering attack, in which the attacker sends email from a supposedly reputable source, such as a bank, to tty to elicit private information from the victim
Term
PIA
Definition
A tool for identifying and analyzing risks to privacy during the development life cycle of a program or system
Term
piggy backing
Definition
A human-based attack where an attacker enters a secure area by following a legitimate employee with the employee's knowledge or permission
Term
PII
Definition
The pieces of information that a company uses or prefers to use to identify or contact an employee or other individual
Term
PIV
Definition
A smart card that meets the standards for FIPS 201, in that it is resistant to tampering and provides quick electronic authentication of the card's owner
Term
pivoting
Definition
A penetration testing technique where the tester compromises one central host (the pivot) that allows the tester to access other hosts that would otherwise be inaccessible
Term
PKI
Definition
A system that is composed of a CA, certificates, software, services, and other cryptographic components, for the purpose of enabling authenticity and validation of data and/or entities
Term
plaintext
Definition
Un-Encrypted data that is meant to be encrypted before it is transmitted, or the result of decryption of encrypted data
Term
pointer dereference
Definition
A software vulnerability that can occur when the code attempts to remove the relationship between a pointer and the thing it points to (pointee). If the pointee is not properly established, the dereferencing process may crash the application and corrupt memory
Term
polymorphic malware
Definition
Malicious code that is designed to avoid detection by altering its decryption module each time it infects a new file
Term
POP
Definition
A protocol used to retrieve email from a mailbox on the mail server
Term
POP over SSL/TL5
Definition
a version of the Post Office Protocol that uses SSL or TLS to provide secure communications
Term
pop-up blocker
Definition
Software that prevents pop-ups from sites that are unknown or untrusted and prevents the transfer of unwanted code to the local system
Term
POP3S
Definition
a version of the Post Office Protocol that uses SSL over TLS to provide secure communications
Term
port
Definition
An endpoint of a logical connection that host computers use to connect to processes or services on other hosts
Term
port scanning attack
Definition
A network-based attack where an attacker scans computers and other devices to see which ports are listening, in an attempt to find a way to gain unauthorized access
Term
PPP
Definition
The VPN protocol that is an Internet standard for sending IP datagram packets over serial point-to-point links
Term
PPTP
Definition
A VPN protocol that is an extension of the PPP remote access protocol
Term
prevention
Definition
The security approach of blocking unauthorized access or attacks before they occur
Term
prevention controls
Definition
A security mechanism that helps to prevent a threat or attack from exposing a vulnerability in the computer system
Term
private key
Definition
The component of asymmetric encryption that is kept secret by one party during two-way encryption
Term
private root CA
Definition
A root CA that is created by a company for use primarily within the company itself
Term
privilege bracketing
Definition
The task of granting privileges to a user only when needed and revoking them as soon as the task is done
Term
privilege escalation
Definition
The practice of exploiting flaws in an operating system or other application to gain a greater level of access than was intended for the user or application
Term
privilege management
Definition
The use of authentication and authorization mechanisms to provide an administrator with centralized or decentralized control of user and group role-based privilege management
Term
PRNG
Definition
The process by which an algorithm produces numbers that approximate randomness without being truly random
Term
procedure
Definition
Step-by-step instructions that detail how to implement components of a policy
Term
protected distribution
Definition
A method of securing the physical cabling of a communications infrastructure
Term
protocol
Definition
Software that controls network communications using a set of rules
Term
protocol analyzer
Definition
This type of diagnostic software can examine and display data packets that are being transmitted over a network
Term
proxy
Definition
A device that acts on behalf of one end of a network connection when communicating with the other end of the connection
Term
PSK
Definition
A string of text that a VPN or other network service expects to receive prior to any other credentials. In the context of WPA/2-Personal, the key is generated from the wireless password
Term
PIA
Definition
A document used to determine when a PIA is required
Term
public key
Definition
The component of asymmetric encryption that can be accessed by anyone
Term
public root CA
Definition
A root CA that is created by a vendor for general access by the public
Term
RA
Definition
An authority in a PKI that processes requests for digital certificates from users
Term
race condition
Definition
A software vulnerability that can occur when the outcome from execution processes is directly dependent on the order and timing of certain events, and those events fail to execute in the order and timing intended by the developer
Term
RADIUS
Definition
A standard protocol for providing centralized authentication and authorization services for remote users
Term
RAID
Definition
A set of vendor-independent specifications that support redundancy and fault tolerance for configurations on multiple-device storage systems
Term
rainbow table attack
Definition
A type of password attack where an attacker uses a set of related plaintext passwords and their hashes to crack passwords
Term
ransomware
Definition
Software that enables an attacker to take control of a user's system or data and to demand payment for return of that control
Term
RAT
Definition
A specialized Trojan horse that specifically aims to provide an attacker with unauthorized access to or control of a target computer
Term
RBAC
Definition
A system in which access is controlled based on a user's role. Users are assigned to roles, and network objects are configured to allow access only to specific roles. Roles are created independently of user accounts
Term
RC
Definition
A series of variable key-length symmetric encryption algorithms developed by Ronald Rivest
Term
reconnaissance
Definition
A penetration testing technique where the tester tries to gather as much information as possible about the target(s)
Term
recovery
Definition
The act of recovering vital data present in files or folders from a crashed system or data storage devices when data has been compromised or damaged
Term
recovery agent
Definition
An individual with the necessary credentials to decrypt files that were encrypted by another user
Term
redundancy
Definition
The property by which a computing environment keeps one or more sets of additional resources in addition to the primary set of resources
Term
refactoring
Definition
The process of restructuring application code to improve its design without affecting the external behavior of the application, or to enable it to handle particular situations
Term
remote attestation
Definition
An authentication process that enables a host to verify its hardware and software configuration to a remote host, such as a server
Term
remote lockout
Definition
A security method of restricting access to sensitive data on a device without deleting it from memory
Term
remote wipe
Definition
A security method used to remove and permanently delete sensitive data from a mobile device when it is not in the authorized user's physical possession
Term
replay attack
Definition
A cryptographic attack where the attacker intercepts session keys or authentication traffic and uses them later to authenticate and gain access
Term
resource exhaustion
Definition
A software vulnerability that can occur when software does not properly restrict access to requested or needed resources
Term
reverse engineering
Definition
The practice of deconstructing software into its base components so that its properties are easier to understand
Term
RFID
Definition
A technology that uses electromagnetic fields to automatically identify and track tags or chips that a.re affixed to selected objects and that store information about the objects
Term
RIP
Definition
A routing protocol that configures routers to periodically broadcast their entire routing tables. RIP routers broadcast their tables regardless of whether or not any changes have occurred on the network
Term
RIPEMD
Definition
A message digest algorithm that is based on the design principles used in MD4
Term
risk
Definition
An information security concept that indicates exposure to the chance of damage or loss, and signifies the likelihood of a hazard or dangerous threat
Term
risk analysis
Definition
The security process used for assessing risk damages that affect an organization
Term
risk management
Definition
The process of identifying risks, analyzing iliem, developing a response strategy for them, and mitigating their future impact
Term
risk register
Definition
The record of risk information as represented in tables or graphs
Term
rogue access point
Definition
An unauthorized wireless access point on a corporate or private network that allows unauthorized individuals to connect to the network
Term
rogue system
Definition
An unknown or unrecognized device that is connected to a network, often with malicious intent
Term
rollup
Definition
A collection of previously issued patches and hot fixes, usually meant to be applied to one component of a system, such as the web browser or a particular service
Term
root CA
Definition
The top-most CA in the hierarchy and consequently, the most trusted authority in the hierarchy
Term
root of trust
Definition
Technology that enforces a hardware platform's trusted computing architecture through encryption mechanisms designed to keep data confidential and to prevent tampering
Term
rooting
Definition
The process of enabling root privileges on an Android device
Term
rootkit p
Definition
Software that is intended to take full or partial control of a system at the lowest levels
Term
ROT13
Definition
A simple substitution cipher that replaces a letter with the letter that is 13 letters after it in the alphabet
Term
round robin
Definition
A scheduling approach used by load balancers to route traffic to devices one by one according to a list
Term
router
Definition
A device that connects multiple networks that use the same protocol
Term
RPO
Definition
The longest period of time that an organization can tolerate lost data being unrecoverable
Term
RSA
Definition
The first successful algorithm to be designed for public key encryption. It is named for its designers, Rivest, Shamir, and Adelman
Term
RSS
Definition
A subscription technology that enables users to subscribe to a "feed" of each website that interests them
Term
RTO
Definition
The length of time it takes after an event to resume normal business operations and activities
Term
RTOS
Definition
A specialized operating system that uses a more consistent processor scheduler than a standard operating system
Term
RTP
Definition
A protocol that provides audio and video streaming media over a TCP /IP network
Term
rule-based access control
Definition
A non-discretionary access control technique that is based on a set of operational rules or restrictions
Term
runtime code
Definition
Source code that is interpreted by an intermediary run time environment that runs the code, rather than the system executing the code directly
Term
S-box
Definition
A relatively complex key algorithm that when given the key, provides a substitution key in its place
Term
S/MIME
Definition
An email encryption standard that adds digital signatures and public key cryptography to traditional MIME communications
Term
SaaS
Definition
A computing method that uses the cloud to provide application services to users
Term
SAML
Definition
An XML-based data format used to exchange authentication information between a client and a service
Term
SAN
Definition
An extension to the X.509 certificate standard that enables organizations to configure a certificate's scope to encompass multiple domains
Term
sanitization
Definition
A data disposal method that completely removes all data from a storage medium at the virtual level
Term
SATCOM
Definition
A form of wireless transmission that transfers radio signals to and from orbiting satellites to reach long distances
Term
SCADA
Definition
A type of industrial control system that monitors and controls industrial processes such as manufacturing and fabrication, infrastructure processes such as power transmission and distribution, and facility processes such as energy consumption and HVAC systems
Term
scalability
Definition
the property by which a computing environment is able to gracefully fulfill its ever- increasing resource needs
Term
scale out
Definition
The process of adding more resources in parallel with existing resources to achieve scale ability
Term
scale up
Definition
The process of increasing the power of existing resources to achieve scale ability
Term
Scanning
Definition
The phase of the hacking process in which the attacker uses specific tools to determine organization's infrastructure and discover vulnerabilities
Term
scheduling
Definition
A method used by load balancers to determine which devices should have traffic muted to them
Term
schema
Definition
A set of rules in a directory service for how objects are created and what the.r characteristics can be
Term
SCP
Definition
A protocol that is used to securely transfer computer files between a local and a remote host, or between two remote hosts, using SSH
Term
screen filter
Definition
An object attached to a screen that conceals the contents of the screen from certain viewing angles
Term
script kiddie
Definition
An inexperienced hacker with limited technical knowledge who relies on automated tools to hack
Term
SDLC
Definition
The process of designing and deploying software from the initial planning stages before the app is deployed, all the way to its obsolescence
Term
SON
Definition
A networking implementation that simplifies the process of administrating a network by separating systems that control where traffic is sent from systems that actually forward this traffic to its destination
Term
SECaaS
Definition
A computing method that enables clients to take advantage of information, software, infrastructure, and processes provided by a cloud vendor in the specific area of computer security
Term
scanning
Definition
The phase of the hacking process in which the attacker uses specific tools to determine an Organizations infrastructure & Discover vulnerabilities
Term
secure boot
Definition
A UEFI feature that prevents unwanted processes from executing during the boot operation
Term
SEO
Definition
A storage device that is encrypted at the hardware level in order to avoid relying on software solutions
Term
Secure FTP
Definition
A secure version of the File Transfer Protocol that uses a Secure Shell tunnel as an encryption method to transfer, access, and manage files
Term
Secure IMAP
Definition
A version of the Internet Message Access Protocol that uses SSL or TLS to provide secure communications between a mail client and the mail server
Term
Secure LDAP
Definition
A method of implementing LDAP using SSL/TLS encryption
Term
Secure POP
Definition
A version of the Post Office Protocol that uses SSL or TLS to provide secure communications between a mail client and the mail server
Term
security architecture review
Definition
An evaluation of an organization's current security infrastructure model and security measures
Term
security assessment
Definition
The process of testing security controls through a comprehensive set of techniques aimed at exposing any weaknesses or gaps in your tools, technologies, services, and operations
Term
security auditing
Definition
The act of performing an organized technical assessment of the security strengths and weaknesses of a computer system to ensure that the system is in compliance
Term
security framework
Definition
A conceptual structure for security operations within the organization
Term
security policy
Definition
A formalized statement that defines how security will be implemented within a particular organization
Term
security through obscurity
Definition
The practice of attempting to hide the existence of vulnerabilities from others
Term
self-signed certificate
Definition
A type of digital certificate that is owned by the entity that signs it
Term
separation of duties
Definition
A concept that states that duties and responsibilities should be divided among individuals to prevent ethical conflicts or abuse of powers
Term
service pack
Definition
A collection of system updates that can include functionality enhancements, new features, and typically all patches, updates, and hot fixes issued up to the point of the release of the service pack
Term
session hijacking
Definition
A type of hijacking attack where the attacker exploits a legitimate computer session to obtain unauthorized access to an organization's network or services
Term
session key
Definition
A single-use symmetric key used for encrypting all messages in a series of related communications
Term
SFTP
Definition
An early unsecured file transfer protocol that has since been declared obsolete
Term
SHA
Definition
A hash algorithm modeled after MD5 and considered the stronger of the two. It has multiple versions that produce different sized hash values
Term
Shibboleth
Definition
An identity federation method that provides single sign-on capabilities and enables websites to make informed authorization decisions for access to protected online resources
Term
shimming
Definition
The process of developing and implementing additional code between an application and the operating system to enable functionality that would otherwise be unavailable
Term
shoulder surfing
Definition
A human-based attack where the goal is to look over the shoulder of an individual as he or she enters password information or a PIN
Term
side-channel attack
Definition
An attack in which an attacker gleans information from the physical implementation of a cryptographic technique and uses that information to analyze and potentially break the implementation
Term
sideloading
Definition
The practice of directly installing an app package on a mobile device instead of downloading it through an app store
Term
SIEM
Definition
A solution that provides real-time or near real time analysis of security alerts generated by network hardware and applications
Term
signature-based monitoring
Definition
A network monitoring system that uses a predefined set of rules provided by a software vendor or security personnel to identify events that are unacceptable
Term
site survey
Definition
The collection of information on a location for the purposes of building the most ideal infrastructure
Term
SLA
Definition
A business agreement that defines what services and support are provided to a client
Term
Slashdot effect
Definition
A sudden, temporary surge in traffic to a website that occurs when another website or other source posts a story that refers visitors to the victim website
Term
SLE
Definition
The financial loss expected from a single adverse event
Term
smart card
Definition
A device similar to a credit card that can store authentication information, such as a user's private key, on an embedded microchip
Term
smart device
Definition
An electronic device, other than a typical computer, that is connected to a network and has some computing properties
Term
smishing
Definition
A human-based attack where the attacker extracts personal information by using SMS text messages
Term
snapshot
Definition
The state of a virtual machine at a specific point in time
Term
sniffer
Definition
A device or program that monitors network communications on the network wire or across a wireless network and captures data
Term
sniffing attack
Definition
A network attack that uses a protocol analyzer to gain access to private communications on the network wire or across a wireless network
Term
SNMP
Definition
An application-layer service used to exchange information between network devices
Term
soc
Definition
An embedded systems component that consolidates the functionality of a CPU, memory module, and peripherals. Also known as system on chip (SoC)
Term
social engineering
Definition
Any activity where the goal is to use deception and trickery to convince unsuspecting users to provide sensitive data or to violate security guidelines
Term
software attack
Definition
Any attack that targets software resources, including operating systems, applications, services, protocols, and files
Term
SORN
Definition
A federally mandated publication of any system of record in the Federal Register
Term
source code
Definition
Software instructions, written in a Human readable programming language, that are to be executed by a computer. Access to source code enables a programmer to change how a piece of software functions
Term
spam
Definition
An email-based threat that floods the user's inbox with emails that typically carry unsolicited advertising material for products or other spurious content, and which sometimes deliver viruses. It can also be utilized within social networking sites such as Facebook and Twitter
Term
spam filter
Definition
A program that will detect specific words that are commonly used in spam messages
Term
spatial database
Definition
A collection of information that is optimized for data that represents objects contained in a geometric space
Term
spear phishing
Definition
An email-based or web-based form of phishing that targets a specific individual or organization
Term
spim
Definition
An IM-based attack just like spam but which is propagated through instant messaging instead of through email
Term
spoofing
Definition
A network-based attack where the goal is to pretend to be someone else for the purpose of identity concealment
Term
spyware
Definition
Surreptitiously installed malware that is intended to track and report the usage of a target system or collect other data the attacker wishes to obtain
Term
SQL
Definition
A programming and query language common to many large scale database systems.
Term
SQL injection
Definition
An attack that injects a database query into the input data directed at a server by accessing the client side of the application
Term
SRTP
Definition
A protocol that provides audio and video streaming media over a TCP /IP network and uses encryption services to uphold the authenticity and integrity of streaming media, as well as to protect against replay attacks
Term
SSH
Definition
A protocol for secure remote logon and secure transfer of data
Term
SSID broadcast
Definition
A continuous announcement by a WAP that transmits its name so that wireless devices can discover it
Term
SSL
Definition
A security protocol that uses certificates for authentication and encryption to protect web communication
Term
SSL/TLS accelerator
Definition
A hardware interface that helps offload the resource-intensive encryption calculations in SSL/TLS to reduce overhead for a server
Term
sso
Definition
An aspect of privilege management that provides users with one-time authentication to multiple resources, servers, or sites
Term
SSTP
Definition
A protocol that uses the HTTP over SSL protocol and encapsulates an IP packet with a PPP header and then with an SSTP header
Term
staging
Definition
The process of setting up an environment through which an asset can be quickly and easily deployed for testing purposes
Term
standard
Definition
A document that defines how to measure the level of adherence to a policy.
Term
standard operating procedure
Definition
A collection of procedures that dictate how policy components are implemented
Term
stateful firewall
Definition
A firewall that tracks the active state of a connection, and can make decisions based on the contents of a network packet as it relates to the state of the connection
Term
stateless firewalI
Definition
A firewall that does not track the active state of a connection as it reaches the firewall
Term
static code analysis
Definition
The process of reviewing source code while it is in a static state, i.e., it is not executing
Term
stealth scan
Definition
A type of port scan that identifies open ports without completing the three-way handshake
Term
steganography
Definition
An alternative encryption technique that hides a secret message by enclosing it in an ordinary file
Term
storage segmentation
Definition
The practice of compartmentalizing different types of data on one or more storage media, such as isolating a mobile device's OS and base apps from the apps and data added by the user
Term
stored procedure
Definition
One of a set of pre-compiled database statements that can be used to validate input to a database
Term
STP
Definition
A switching protocol that prevents network loops by dynamically disabling links as needed
Term
stream cipher
Definition
A relatively fast type of encryption that encrypts data one bit at a time
Term
stress testing
Definition
A software testing method that evaluates how software performs under e.xtreme load
Term
subdomain
Definition
In DNS, a logical division of an organizational domain, such as sales.develetech.com
Term
subnetting
Definition
The division of a large network into smaller logical networks
Term
subordinate CA
Definition
Any CA below the root CA in the hierarchy
Term
substitution cipher
Definition
An obfuscation technique where each unit of plaintext is kept in the same sequence when converted to ciphertext, but the actual value of the unit changes
Term
succession plan
Definition
A documented plan that ensures that all key business personnel have one or more designated backups who can perform critical functions when needed
Term
supply chain
Definition
The end-to-end process of supplying, manufacturing, distributing, and finally releasing goods and services to a customer
Term
switch
Definition
A device that has multiple network ports and combines multiple physical network segments into a single logical network
Term
symmetric encryption
Definition
A two-way encryption scheme in which encryption and decryption are both pet-formed by the same key. Also known as shared-key encryption
Term
system of records
Definition
A collection of information that uses an individual's name or an identifying number, symbol, or other identification Scheme
Term
tabletop exercise
Definition
A discussion-based session where disaster recovery team members discuss their roles in emergency situations, as well as their responses to particular situations
Term
TACACS
Definition
A remote access protocol that provides centralized authentication and authorization services for remote users
Term
TACACS+
Definition
Cisco's extension to the TACACS protocol that provides multi-factor authentication
Term
tailgating
Definition
A human-based attack where an attacker enters a secure area by following a legitimate employee without the employee's knowledge or permission
Term
takeover attack
Definition
A type of software attack where an attacker gains access to a remote host and takes control of the system
Term
TCB
Definition
The hardware, firmware, and software components of a computer system that implement the security policy of a system
Term
TCP/IP
Definition
A non-proprietary, mutable network protocol suite that enables computers to communicate over all types of networks
Term
technical controls
Definition
Hardware or software installations that are implemented to monitor and prevent threats and attacks to computer systems and services
Term
telephony
Definition
Technology that provides voice and video communications through devices over a distance
Term
Telnet
Definition
A network protocol that enables a client to initiate remote command access to a host over TCP/ IP
Term
tethering
Definition
The process of sharing a wireless Internet connection with multiple devices
Term
TFTP
Definition
An insecure, limited version of FTP used primarily to automate the process of configuring boot files between computers
Term
threat
Definition
Any event or action that could potentially cause damage to an asset
Term
threat actor
Definition
An entity that is partially or wholly responsible for an incident that affects or has the potential to affec organization's security
Term
three-way handshake
Definition
The process by which a TCP connection is completed between two hosts, where a host sends a SYN packet to the host it needs to communicate with, that host sends a SYN­ ACK packet back, and the originating host sends an ACK packet to complete the connection
Term
TKIP
Definition
A security protocol created by the IEEE 802.1 li task group to replace WEP
Term
TLS
Definition
(Transport Layer Security) A security protocol that uses certificates and public key cryptography for mutual authentication and data encryption over a TCP /IP connection
Term
token
Definition
A physical or virtual object that stores authentication information
Term
TOS
Definition
The operating system component of the TCB that protects the resources from applications
Term
TOTP
Definition
(timed HMAC-based one-time password) An improvement on HOTP that forces one-time passwords to expire after a short period of time
Term
TPM
Definition
A specification that includes the use of cryptoprocessors to create a secure computing environment
Term
transitive trust
Definition
A principle in which one entity implicitly trusts another entity because both of them trust the same third party
Term
Trojan horse
Definition
A type of malware that hides itself on an infected system and can cause damage to a system or give an attacker a platform for monitoring and/or controlling a system
Term
trust model
Definition
A single CA or group of CAs that work together to issue digital certificates
Term
tunneling
Definition
A data-transport technique in which a data packet is encrypted and encapsulated in another data packet in order to conceal the info1mation of the packet inside
Term
Twofish
Definition
A symmetric key block cipher, similar to Blowfish, consisting of a block size of 128 bits and key sizes up to 256 bits
Term
typo squatting
Definition
An attack in which an attacker registers a domain name with a common misspelling of an existing domain, so that a user who misspells a URL they enter into a browser is taken to the attacker's website
Term
UEFI
Definition
A firmware interface that initializes hardware for an operating system boot.
Term
URL hijacking
Definition
An attack in which an attacker registers a domain name with a common misspelling of an existing domain, so that a user who misspells a URL they enter into a browser is taken to the attacker's website
Term
USBOTG
Definition
An external media solution where two devices connect over USB in a master/slave configuration
Term
UTM
Definition
The practice of centralizing various security techniques into a single appliance
Term
VDE
Definition
A VM that runs a desktop operating system
Term
VDI
Definition
A virtualization implementation that separates the personal computing environment from a user's physical computer
Term
version control
Definition
The practice of ensuring that the assets that make up a project are closely managed when it comes time to make changes
Term
versioning
Definition
The practice of ensuring that the assets that make up a project are closely managed when it comes time to make changes
Term
virtualization
Definition
The process of creating a simulation of a computing environment, where ilie virtualized system can simulate the hardware, operating system, and applications of a typical computer wiiliout being a separate physical computer
Term
virus
Definition
A self-replicating piece of malicious code that spreads from computer to computer by attaching itself to different files
Term
vishing
Definition
A human-based attack where the attacker extracts information while speaking over the phone or leveraging IP­ based voice messaging services (VoIP).
Term
VLAN
Definition
A logical method of segmenting a network at the Data Link layer layer 2) of the OSI model
Term
VM
Definition
A virtualized computer that consists of an operating system and applications that run in a virtual environment that simulates dedicated physical hardware
Term
VM escape
Definition
An exploit where an attacker executes code in a VM that allows an application mnning on the VM to "escape" the virtual environment and interact directly with the hypervisor
Term
VM sprawl
Definition
A situation where the number of virtual machines exceeds the organization's ability to control or manage all of those virtual machines
Term
VMI
Definition
A mobile deployment model that allows employees' devices to connect to VMs that run mobile operating systems so that they can perform work tasks in a controlled environment
Term
VMLM
Definition
A collection of processes designed to help administrators oversee the implementation, delivery, operation, and maintenance of VMs over the course of their existence
Term
VoIP
Definition
A term used for a technology that enables telephony communications over a network by using the IP protocol
Term
VPN
Definition
A method of extending a private network by tunneling though a public network, such as the Internet
Term
VPN concentrator
Definition
A single device that incorporates advanced encryption and authentication methods in order to handle a large number of VPN tunnels
Term
vulnerability
Definition
Any condition that leaves an information system open to harm
Term
vulnerability assessment
Definition
A security assessment that evaluates a system's security and its ability to meet compliance requirements based on the configuration state of the system
Term
WAF
Definition
A firewall that is deployed to secure an organization's web applications and other application-based infrastructure from attackers
Term
war chalking
Definition
A wireless threat where the attacker uses symbols to mark up a sidewalk or wall to indicate the presence and status of a nearby wireless network
Term
war driving
Definition
A wireless threat where the attacker searches for instances of wireless LAN networks while in motion in a motor vehicle, by using wireless tracking devices like mobile phones, smartphones, tablets, or laptops
Term
war walking
Definition
A wireless threat where the attacker searches for instances of wireless LAN networks while on foot, by using wireless tracking devices like mobile phones, smartphones, tablets, or laptops. Typically used in high-density areas such as malls, hotels, and city centers
Term
warm site
Definition
A location that is dormant or performs non­ critical functions under normal conditions, but which can be rapidly converted to a key operations site if needed
Term
waterfall model
Definition
A software development model where the phases of the SDLC cascade so that each phase will start only when all tasks identified in the previous phase are complete
Term
watering hole attack
Definition
An attack in which an attacker targets a specific group, discovers which websites that group frequents, then injects those sites with malware so that visitors to the sites will become infected
Term
web application attack
Definition
An application attack that focuses on those applications that run in web browsers
Term
WEP
Definition
A deprecated protocol that provides 64-bit, 128-bit, and 256- bit encryption using the RC4 algorithm for wireless communication that uses the 802.11a and 802.11b protocols
Term
whaling
Definition
A form of spear phishing that targets particularly wealthy individuals or organizations
Term
whitelisting
Definition
The practice of allowing approved progran1s to run on a computer, computer network, or mobile device
Term
Wi-Fi Direct
Definition
Technology that enables two mobile devices to connect to each other without a wireless access point
Term
WIDS
Definition
A type of NIDS that scans the radio frequency spectrum for possible threats to the wireless network, primarily rogue access points
Term
wildcard certificate
Definition
A type of digital certificate that enables organizations to configure a certificate's scope to encompass multiple subdomains
Term
WIPS
Definition
An active, inline security device that monitors suspicious network and/or system traffic on a wireless network and reacts in real time to block it
Term
wireless disassociation attack
Definition
A type of wireless attack where an attacker spoofs the MAC address of a wireless access point to force a target device to try and re­ associate with the WAP.
Term
worm
Definition
A self-replicating piece of malicious code that spreads from computer to computer without attaching to different files
Term
WORM storage
Definition
A storage medium used in SIEM to maintain the integrity of the security data being compiled
Term
WPA
Definition
A wireless encryption protocol that generates a 128-bit key for each packet sent. Superseded by WPA2
Term
WPA2
Definition
An improvement to the WPA protocol that implements all mandatory components of the 802.1li standard, including Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) encryption for increased security, and a 128- bit encryption key
Term
WPS
Definition
An insecure feature of WPA and WPA2 that allows enrollment in a wireless network based on an 8-digit PIN
Term
X.509
Definition
A standard for formatting digital certificates that defines the structure of a certificate with the information that was provided in a CSR
Term
XML
Definition
A widely adopted markup language used in many documents, websites, and web applications
Term
XML injection
Definition
An application attack that injects corrupted XML query data so that an attacker can gain access to the XML data structure and input malicious code or read private data
Term
XOR
Definition
An operation that outputs to true only if one input is true and the other input is false
Term
xss
Definition
(cross-site scripting) A web application attack where the attacker takes advantage of scripting and input validation vulnerabilities in an interactive website to attack legitimate users
Term
XTACACS
Definition
An extension to the original TACACS protocol
Term
zero day exploit
Definition
An application attack that occurs immediately after a vulnerability is identified, when the security level is at its lowest
Term
zero day vulnerability
Definition
A software vulnerability that a malicious user is able to exploit before the vulnerability is publicly known or known to the developers, and before those developers have a chance to issue a fix
Term
zombie
Definition
A computer that has been infected with a bot and is being used by an attacker to mount an attack. Also called a drone
Term
software development lifecycle
Definition
The process of designing and deploying software from the initial planning stages before the app is deployed, all the way to its obsolescence
Term
wireless intrusion detection system
Definition
A type of NIDS that scans the radio frequency spectrum for possible threats to the wireless network, primarily rogue access points
Term
acceptable use policy
Definition
A policy that defines the rules for user behavior with regard to using organizational resources.
Term
access control list
Definition
On a router, a list that is used to filter network traffic and implement anti-spoofing measures. In a DAC access control scheme, a list that is associated with each object, specifying the subjects that can access the object and their levels of access.
Term
address resolution protocol
Definition
The mechanism by which individual hardware MAC addresses are matched to an IP address on a network.
Term
advance persistent threat
Definition
A threat that uses multiple attack vectors to gain unauthorized access to sensitive resources and then maintain that access for a long period of time.
Term
advanced encryption standarf
Definition
A symmetric 128-, 192-, or 256-bit block cipher based on the Rijndael algorithm developed by Belgian cryptographers Joan Daemen and Vincent Rijmen and adopted by the U.S. government as its encryption standard to replace DES.
Term
after action report
Definition
An analysis of events that can provide insight into how to improve response processes in the future.
Term
annual rate of occurrence
Definition
How many times per year a particular loss is expected to occur.
Term
annula loss exepctancy
Definition
The total cost of a risk to an organization on an annual basis.
Term
attribute based access control
Definition
An access control technique that evaluates a set of attributes that each subject possesses to determine if access should be granted.
Term
authentication authroization and accounting
Definition
A security concept where a centralized platform verifies object identification, ensures the object is assigned relevant permissions, and then logs these actions to create an audit trail.
Term
authentication header
Definition
An IPSec protocol that provides authentication for the origin of transmitted data as well as integrity and protection against replay attacks.
Term
bring your own device
Definition
A mobile deployment model that describes how employees can use their own personal mobile devices to get work done, if they so choose.
Term
business continuity plan
Definition
A policy that describes and ratifies the organization's overall business continuity strategy.
Term
business impact analysis
Definition
A systematic activity that identifies organizational risks and determines their effect on ongoing, mission­ critical operations.
Term
business partnership agreement
Definition
A business agreement that defines how a partnership between organizations will be conducted, and what is expected of each organization.
Term
certificate authority
Definition
A server that can issue digital certificates and the associated public/ private key pairs.
Term
certificate revocation list
Definition
A list of certificates that were revoked before their expiration dat
Term
certificate signing request
Definition
A message sent to a certificate authority in which a resource applies for a certificate
Term
challange handshake authentication protocol
Definition
An encrypted remote access authentication method that enables connections from any authentication method requested by the server, except for PAP and SPAP unencrypted authentication.
Term
choose your own device
Definition
A mobile deployment model that allows employees to select a mobile device from a list of accepted devices to use for work purposes.
Term
cipher block chaining
Definition
An encryption mode of operation where an exclusive or (XOR) is applied to the first plaintext block.
Term
cipher feed back
Definition
An encryption mode of operation where an initialization vector (IV) is encrypted before its result is XORed with the previous plaintext block.
Term
close circuit television
Definition
The use of surveillance cameras that do not openly broadcast signals.
Term
clous access security broker
Definition
A service offered by some SECaaS vendors to establish security gateways sitting between the organization's on­ premises network and the cloud network, ensuring that traffic both ways complies with policy.
Term
common access card
Definition
A smart card that provides certificate-based authentication and supports two-factor authentication
Term
Common Criteria
Definition
A set of standards developed by a group of governments worlcing together to create a baseline of security assurance for a trusted operating system (TOS).
Term
confidentiality, intergrity and availability triad
Definition
The three basic principles of security control and management: confidentiality, integrity, & availability. Also known as the information security triad or triple.
Term
control objectives for information and related technology version 5
Definition
A framework for IT management and governance created by ISACA
Term
COOP
Definition
continuity of operations
Term
Corporate owner personally enabled
Definition
A mobile deployment model that allows the organization to choose which devices they want employees to work with, while still allowing the employee some freedom to use the device for personal activities
Term
counter mode with cipher block chaining message authentication code protocol
Definition
An AES cipher-based encryption protocol used in WPA2.
Term
counter mode
Definition
An encryption mode of operation where a numerical counter value is used to create a constantly changing IV
Term
counter
Definition
An encryption mode of operation where a numerical counter value is used to create a constantly changing IV
Term
cross over error rate
Definition
A metric for biometric devices that describes the threshold values of the FAR and FRR. A low CER signifies a highly accurate biometric system.
Term
cross scripting
Definition
A web application attack where the attacker takes advantage of scripting and input validation vulnerabilities in an interactive website to attack legitimate users
Term
cross site request forgery
Definition
A web application attack that takes advantage of the trust established between an authorized user of a website & the website itself
Term
cryptographic service provider
Definition
A cryptographic module that implements Microsoft's CryptoAPI
Term
data encryption standard
Definition
A symmetric encryption algorithm that encrypts data in 64- bit blocks using a 56-bit key, with 8 bits used for parity
Term
data execution prevention
Definition
A Windows feature that prevents malicious code in memory from executing
Term
data loss/leak prevention
Definition
A software solution that detects and prevents sensitive information in a system or network &om being stolen or otherwise falling into the wrong hands
Term
demilitarized zone
Definition
A small section of a private network that is located behind one firewall or between two firewalls and made available for public access
Term
denial of service attack
Definition
A network-based attack where the attacker disables systems that provide network services by consuming a network link's available bandwidth, consuming a single system's available resources, or exploiting programming flaws in an application or operating system
Term
diffie hellman
Definition
A cryptographic protocol that provides for secure key exchange
Term
diffie-hellman ephemeral
Definition
A cryptographic protocol that is based on Diffie-Hellman and that provides for secure key exchange by using ephemeral keys.
Term
digital signature algorithm
Definition
A public key encryption standard used for digital signatures that provides authentication and integrity verification for messages
Term
disaster recovery plan
Definition
A policy that describes and ratifies the organization's disaster recovery strategy
Term
discretionary access control
Definition
In this, access is controlled based on a user's identity. Objects are configured with a list of users who are allowed access to them. An administrator has the discretion to place the user on the list or not. If a user i-s on the list, the user is granted access; if the user is not on the list, access is denied
Term
domain name security extension
Definition
A security protocol that provides authentication of DNS data and upholds DNS data integrity
Term
domain name system
Definition
The service that maps names to IP addresses on most TCP/IP networks, including the Internet
Term
domain validation
Definition
A type of digital certificate that proves that some entity has control over a particular domain name. Considered to be weaker than EV
Term
dynamic host configuration protocol
Definition
A protocol used to automatically assign IP addressing information to IP network computers.
Term
EAP-flexible authentication via secure tunneling
Definition
An EAP method that is expected to address the shortcomings of LEAP.
Term
EAP-transport layer security
Definition
An EAP method that requires a client-side certificate for authentication using SSL/TLS.
Term
electro magnetic interference
Definition
A disruption of electrical current that occw:s when a magnetic field around one electrical circuit interferes with the signal being carried on an adjacent circuit
Term
electro magnetic pulse
Definition
A short burst of electrical interference caused by an abrupt and rapid acceleration of charged particles, which can short-circuit and damage electronic components
Term
electronic code book
Definition
An encryption mode of operation where each plaintext block is encrypted with the san1e key
Term
elliptic curve cryptography
Definition
An asymmetric encryption technique that leverages the algebraic structures of elliptic curves over finite fields
Term
elliptic curve diffie - hellman ephemeral
Definition
(Elliptic Curve Diffie-Hellman Ephemeral) A cryptographic protocol that is based on Diffie­ Hellman and that provides for secure key exchange by using ephemeral keys and elliptic curve cryptography
Term
encapsulation security yaload
Definition
An IPSec protocol that provides authentication for the origin of transmitted data, integrity and protection against replay attacks, and encryption to support the confidentiality of transmitted data
Term
encrypting file system
Definition
Micrnsoft Windows NTFS-based public key encryption
Term
enhanced interior gateway routing protocol
Definition
An improvement over IGRP that indudes features that support VLSM and classful and classless subnet masks
Term
equal error rate
Definition
see CER (crossover error rate) A metric for biometric devices that describes the threshold values of the FAR and FRR. A low CER signifies a highly accurate biometric system
Term
evaluation assurance level
Definition
A rating from 1 to 7 that states the level of secure features offered by an operating system as defined by the Common Criteria (CC)
Term
exclusive or
Definition
An operation that outputs to true onif one input is true and the other input is false
Term
Extended validation
Definition
Considered to be stronger than DV
Term
extensible authentication protocol
Definition
A wireless authentication protocol that enables systems to use hardware-based identifiers, such as fingerprint scanners or smart card readers, for authentication
Term
Extensible Markup language
Definition
A widely adopted markup language used in many documents, websites, and web applications
Term
false rejection rate
Definition
A metric for biometric devices that describes the percentage of authorized users who were incorrectly rejected by a biometric system
Term
FAR
Definition
A metric for biometric devices that describes the percentage of unauthorized users who were incorrectly authenticated by a biometric system
Term
file transfer protocol
Definition
A communications protocol that enables the transfer of files between a user's workstation and a remote host
Term
file transfer protocol secure
Definition
A protocol that combines the use of FTP with additional support for TLS and SSL
Term
file transport protocol / secure socket layer
Definition
A protocol that combines the use of FTP with additional support for TLS and SSL
Term
file transport protocol over secure shell
Definition
A secure version of the File Transfer Protocol that uses a Secure Shell tunnel as an encryption method to transfer, access, and manage files
Term
full disk encryption
Definition
A storage technology that encrypts an entire storage drive at the hardware level
Term
galois/counter mode
Definition
An encryption mode of operation that adds authentication to the standard encryption services of a cipher mode
Term
gnu privacy guard
Definition
A free open-soucce version of PG P that provides the equivalent ennyption and authentication services
Term
hardware security model
Definition
A physical device that provides root of trust capabilities
Term
hash-based message authentication code
Definition
A method used to verify both the integrity and authenticity of a message by combining nyptographic hash functions, such as MDS or SHA -1, with a secret key
Term
heating ventilation and air conditioning
Definition
A system that controls the air quality and flow inside a building
Term
HMAC-base one time password
Definition
An algorithm that generates a one-time password using a hash-based authentication code to verify the authenticity of the message
Term
host -based instrusion detection system
Definition
A type of IDS that monitors a computer system for unexpected behavior or drastic changes to the system's state
Term
host-based intrusion prevention system
Definition
A type of IPS that monitors a computer system for unexpected behavior or drastic changes to ilie system's state and reacts in real time to block it
Term
hyper text transfer protocol secure
Definition
A secure version of HTTP that provides a secure connection between a web browser and a server
Term
hyper text transfer protocol
Definition
A protocol that defines the interaction between a web server and a browser
Term
identity and access management
Definition
A security process that provides identification, authentication, and authorization mechanisms for users, computers, and other entities to work with organizational assets like networks, operating systems, and applications
Term
incident response plan
Definition
A document or series of documents that describe procedures for detecting, responding to, and minimizing the effects of security incidents
Term
industrial control system
Definition
A networked system that controls critical infrastructure such as water, electrical, transportation, and telecommunication services
Term
information technology infrastructure library
Definition
A comprehensive IT management structure derived from recommendations originally developed by the United Kingdom Government's Central Computer and Telecommunications Agency (CCTA)
Term
infrastructure as a service
Definition
A computing method that uses the cloud to provide any or all infrastructure needs
Term
initialization vector
Definition
A technique used in cryptography to generate random numbers to be used along with a secret key to provide data encryption
Term
Instant messaging
Definition
A type of communication service which involves a private dialogue between two persons via instant text-based messages over the Internet
Term
institute of electrical and electronicsengineers
Definition
A professional association of electrical and electronics engineers that develops industry standards for a variety of technologies
Term
interconnection security agreement
Definition
A business agreement that focuses on ensuring security between organizations in a partnership
Term
Interior gateway routing protocol
Definition
A distance-vector routing protocol developed by Cisco as an improvement over RIP and RIP v2.
Term
Internet message access protocol over secure socket layert/tls
Definition
a version of the internet Message Access Protocol that uses SSL or TLS to provide secure communication between mail client and the mail server
Term
internet message access protocol secure
Definition
) a version of the internet Message Access Protocol that uses SSL or TLS to provide secure communication between mail client and the mail server
Term
internet message access protocol
Definition
A protocol used to retrieve email messages and folders from a mail server
Term
internet message control protocol
Definition
An IP network service that reports on connections between two hosts
Term
internet of things
Definition
A group of objects (electronic or not) that are connected to the wider Internet by using embedded electronic components
Term
internet protocol security
Definition
A set of open, non-proprietary standards that are used to secure data through authentication and encryption as the data travels across the network or the Internet
Term
intrusion detection system
Definition
A software and/or hardware system that scans, audits, and monitors the security infrastructure for signs of attacks in progress
Term
Intrusion prevention system
Definition
An inline security device that monitors suspicious network and/or system traffic and reacts in real time to block it
Term
known plaintext attack
Definition
A cryptographic attack where the attacker has access to plaintext and the corresponding ciphertext, and tries to derive the correlation between them
Term
layering 2 tunneling oprotocol
Definition
The de facto standard VPN protocol for tunneling PPP sessions across a variety of network protocols such as IP, Frame Relay, or ATM
Term
lessons learned report
Definition
An analysis of events that can provide insight into how to improve response processes in the future
Term
lightweight directory access protocol secure
Definition
A method of implementing LDAP using SSL/TLS encryption
Term
lightweight directory access protocol
Definition
A simple network protocol used to access network directory databases, which store information about authorized users and their privileges, as well as other organizational information
Term
lightweight extensible authentication protocol
Definition
Cisco Systems' proprietary EAP implementation
Term
locally shared object
Definition
Data stored on a user's computer after visiting a website that uses Adobe Flash Player. These can be used to track a user's activity.
Term
M of N scheme
Definition
A mathematical control that takes into account the total number of key recovery agents (N) along with the number of agents required to perform a key recovery
Term
mandatory access control
Definition
A system in which objects (files and other resources) are assigned security labels of varying levels, depending on the object's sensitivity. Users are assigned a security level or clearance, and when they try to access an object, their clearance is compared to the object's security label. If there is a matcl1, the user can access the object; if there is no match, the user is denied access.
Term
maximum tolerable down time
Definition
The longest period of time a business can be inoperable without causing irrevocable business failure
Term
mean time between failure
Definition
The rating on a device or component that predicts the expected time between failures
Term
mean time to failure
Definition
The average time a device or component is expected to be in operation
Term
mean time to repair/replace/recover
Definition
(mean time to repair/replace/recover) The average time taken for a device or component to be repaired, replaced, or otherwise recover from a failure
Term
media access control address spoofing
Definition
An attack in which an attacker falsifies the factory-assigned MAC address of a device's network interface
Term
media access control address
Definition
A unique physical address assigned to each network adapter board at the time of its manufacture
Term
media access control filtering
Definition
The security technique of allowing or denying specific mac addresses from connecting to a network device.
Term
memorandum of understanding
Definition
A non-legally binding business agreement that defines a common goal that cooperating entities work toward without direct monetary compensation
Term
message digest 4
Definition
A hash algorithm, based on RFC 1320, that produces a 128-bit hash value and is used in message integrity checks for data authentication
Term
message digest 5
Definition
A hash algorithm, based on RFC 1321, that produces a 128-bit hash value and is used in IPSec policies for data authentication
Term
miscorsoft chanllege handshake authentication protocol
Definition
A protocol that strengthens the password authentication provided by Protected Extensible Authentication Protocol (PEAP)
Term
mobile device management
Definition
The process of tracking, controlling, and securing an organization's mobile infrastructure
Term
multipurpose internet management extensiion
Definition
An extension of SMTP that enables the exchange of audio, video, images, applications, and other data formats through email
Term
near field communication
Definition
A mobile device communication standard that operates at very short range, often through physical contact
Term
netowrk intrusion detection systems
Definition
) A system that uses passive hardware sensors to monitor traffic on a specific segment of the network
Term
netowrk intrusion preventive system
Definition
An active, inline security device that monitors suspicious network and/or system traffic and reacts in real time to block it
Term
network access control
Definition
(Network Access Control) The collection of protocols, policies, and hardware that govern access of devices connecting to a network
Term
network access server
Definition
A RADIUS server configUiation that uses a centralized server and clients
Term
network addrss translation
Definition
A simple form of Internet security that conceals internal addressing schemes from the public Internet by translating between a single public address on the external side of a router and private, non-mutable addresses internally
Term
network basic input output system
Definition
A service that enables applications to properly communicate over different computers in a network
Term
network lan manager
Definition
A challenge-response authentication protocol created by Microsoft for use in its products
Term
network time protocol
Definition
An Internet protocol that enables synchronization of device clock times in a network of devices by exchanging time signals
Term
non disclosure agreement
Definition
A contract that states that an individual will not share certain sensitive infonnation to outside parties under penalty of law
Term
nternational organization for standardization/international electrotechnical comminssion 27001
Definition
A standard model for information systems management practices created by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC)
Term
object indentifier
Definition
A series of numbers, separated by periods, that describe the identity of the owner of a digital certificate
Term
one time password
Definition
A password that is generated for use in one specific session and becomes invalid after the session ends
Term
online certificate status protocol
Definition
An HTTP­ based alternative to a certificate revocation list that checks the status of certificates
Term
open authorization
Definition
A token-based authorization protocol that is often used in conjunction with OpenID
Term
open source intelligence
Definition
Information that is legally collected from publicly available origins
Term
output feed back
Definition
An encryption mode of operation where the result of the encrypted IV is fed back to the subsequent operation
Term
password authentication protocol
Definition
A -remote access authentication service that sends user IDs and passwords as cleartext
Term
password-based key derivation function 2
Definition
A key derivation function used in key stretclung to make potentially weak cryptographic keys such as passwords less susceptible to brute force attacks
Term
pen systems interconnection model
Definition
A method of abstracting how different layers of a network structure interact with one another
Term
perfect forward secrecy
Definition
A characteristic of session encryption that ensures if a key used during a certain session is compromised, it should not affect data previously encrypted by that key
Term
personal indentity verification
Definition
A smart card that meets the standards for FIPS 201, in that it is resistant to tampering and provides quick electronic authentication of the card's owner
Term
personally indentifiable information
Definition
The pieces of information that a company uses or prefers to use to identify or contact an employee or other individual
Term
platform as a service
Definition
A computing method that uses the cloud to provide any platform­ type services.
Term
point to point protocol
Definition
The VPN protocol that is an Internet standard for sending IP datagram packets over serial point-to-point links
Term
point to point tunneling protocol
Definition
A VPN protocol that is an extension of the PPP remote access protocol
Term
post office protocol 3 secure
Definition
a versionof the Post Office Protocol that uses SSL ot TLS to provide secure communications
Term
post office protocol
Definition
A protocol used to retrieve email from a mailbox on the mail server
Term
pre shared key
Definition
A string of text that a VPN or other network service expects to receive prior to any other credentials. In the context of WPA/2-Personal, the key is generated from the wireless password
Term
pretty good privacy
Definition
A method of securing emails created to prevent attackers from intercepting and manipulating email and attachments by encrypting and digitally signing the contents of the email using public key cryptography
Term
privacy impact assessment
Definition
A tool for identifying and analyzing risks to privacy during the development life cycle of a program or system
Term
privacy threshold analysis/ assessment
Definition
A document used to determine when a PIA is required
Term
propagating/plaintext chipher block chaining
Definition
A encryption mode of operation in which each plaintext block is XORed with the previous plaintext and ciphertext blocks
Term
protected exstensible authentication protocol
Definition
Similar to EAP-TLS, PEAP is an open standard developed by a coalition made up of Cisco Systems, Microsoft, and RSA Security
Term
psuedo-randon number generator
Definition
The process by which an algorithm produces numbers that approximate randomness without being truly random
Term
public key infrastructure
Definition
A system that is composed of a CA, certificates, software, services, and other ci-yptographic components, for the purpose of enabling authenticity and validation of data and/or entities
Term
RACE integrity primitives evaluation message digest
Definition
A message digest algorithm that is based on the design principles used in MD4
Term
radio frequency indentification
Definition
A technology that uses electromagnetic fields to automatically identify and track tags or chips that are affixed to selected objects and that store information about the objects
Term
real time operating system
Definition
A specialized operating system that uses a more consistent processor scheduler than a standard operating system
Term
real time transfer protocol
Definition
A protocol that provides audio and video streaming media over a TCP /IP network
Term
recovery point objective
Definition
The longest period of time that an organization can tolerate lost data being unrecoverable
Term
redundant araary of disks
Definition
A set of vendor-independent specifications that support redundancy and fault tolerance for configurations on multiple-device storage systems
Term
registration authroity
Definition
An authority in a PKI that processes requests for digital certificates from users
Term
remote access trojan
Definition
A specialized Trojan horse that specifically aims to provide an attacker with unauthorized access to or control of a target computer
Term
remote authetication dial-in service
Definition
A standard protocol for providing centralized authentication and authorization services for remote users
Term
return time objective
Definition
The length of time it takes after an event to resume normal business operations and activities
Term
rich site summary
Definition
A subscription technology that enables users to subscribe to a "feed" of each website that interests them
Term
rivest cipher
Definition
A series of variable key-length symmetric encryption algorithms developed by Ronald Rivest
Term
role-based access control
Definition
A system in which access is controlled based on a user's role. Users are assigned to roles, and network objects are configured to allow access only to specific roles. Roles are created independently of user accounts
Term
rotate by 13
Definition
A simple substitution cipher that replaces a letter with the letter that is 13 letters after it in the alphabet
Term
routing information protocol
Definition
A routing protocol that configures routers to periodically broadcast their entire routing tables. RIP routers broadcast their tables regardless of whether or not any changes have occurred on the network
Term
sattelite communications
Definition
A form of wireless transmission that transfers radio signals to and from orbiting satellites to reach long distances
Term
secure copy protocol
Definition
A protocol that is used to securely transfer computer files between a local and a remote host, or between two remote hosts, using SSH
Term
secure hash algorithm
Definition
A hash algorithm modeled after MD5 and considered the stronger of the two. It has multiple versions that prnduce different sized hash values
Term
secure multipurpose internet mail extension
Definition
An email encryption standard that adds digital signatures and public key cryptography to traditional MIME communications
Term
secure real time protocol
Definition
A protocol that provides audio and video streaming media over a TCP /IP network and uses encryption services to uphold the authenticity and integrity of streaming media, as well as to protect against replay attacks
Term
secure shell
Definition
A protocol for secure remote logon and secure transfer of data
Term
secure socket layers
Definition
A security protocol that uses certificates for authentication and encryption to protect web communication
Term
secure socket tunneling protocol
Definition
A protocol that uses the HTTP over SSL protocol and encapsulates an IP packet with a PPP header and then with an SSTP header
Term
security as a service
Definition
A computing method that enables clients to take advantage of information, software, infrastructure, and processes provided by a cloud vendor in the specific area of computer security
Term
security assertion markup language
Definition
An XML-based data format used to exchange authentication information between a client and a service
Term
security information and event management
Definition
A solution that provides real-time or near real­ time analysis of security alerts generated by network hardware and applications
Term
self encrypting disk
Definition
A storage device that is encrypted at the hardware level in order to avoid relying on software solutions
Term
service level agreement
Definition
A business agreement that defines what services and support are provided to a client
Term
service set identifier broadcast
Definition
A continuous announcement by a WAP that transmits its name so that wireless devices can discover it
Term
simple file transfer protocol
Definition
An early unsecured file transfer protocol that has since been declared obsolete
Term
simple network management protocol
Definition
An application-layer service used to exchange information between network devices
Term
single loss expectancy
Definition
The financial loss expected from a single adverse event
Term
single sign on
Definition
An aspect of privilege management that provides users with one-time authentication to multiple resources, servers, or sites
Term
software as a service
Definition
(Software as a Service) A computing method that uses the cloud to provide application services to users
Term
software defined netowrking
Definition
A networking implementation that simplifies the process of administrating a network by separating systems that control where traffic is sent from systems that actually forward this traffic to its destination
Term
Spanning Tree Protocol
Definition
A switching protocol that prevents network loops by dynamically disabling links as needed
Term
structured query language
Definition
A programming and query language common to many large­ scale database systems.
Term
subject alternative name
Definition
An extension to the X.509 certificate standard that enables organizations to configure a certificate's scope to encompass multiple domains
Term
supervisory control and data acquisitions
Definition
A type of industrial control system that monitors and controls industrial prncesses such as manufacturing and fabrication, infrastructure processes such as power transmission and distribution, and facility processes such as energy consumption and HVAC systems
Term
system of records notice
Definition
A federally mandated publication of any system of record in the Federal Register
Term
system on chip
Definition
An embedded systems component that consolidates the functionality of a CPU, memory module, and peripherals. Also known as system on chip (SoC)
Term
temporal key integrity protocol
Definition
A security protocol created by the IEEE 802.1 li task group to replace WEP
Term
terminal access controller access control system
Definition
A remote access protocol that provides centralized authentication and authorization services for remote users
Term
terminal access controller access control system extension
Definition
Cisco's extension to the TACACS protocol that provides multi-factor authentication
Term
timed HMAC (based) on-time password
Definition
An improvement on HOTP that forces one-time passwords to expire after a short period of time
Term
transmission control protocol/internet protocol
Definition
A non-proprietarry, mutable network protocol suite that enables computers to communicate over all types of networks
Term
transport layer security
Definition
A security protocol that uses certificates and public key cryptography for mutual authentication and data encryption over a TCP /IP connection
Term
trivial file transfer protocol
Definition
An insecure, limited version of FTP used primarily to automate the process of configuring boot files between computers
Term
trusted computing base
Definition
The hardware, firmware, and software components of a computer system that implement the security policy of a system
Term
trusted operating system
Definition
The operating system component of the TCB that protects the resources from applications
Term
trusted platform module
Definition
A specification that includes the use of cryptoprocessors to create a secure computing environment
Term
unified extensible firmware interface
Definition
A firmware interface that initializes hardware for an operating system boot.
Term
unified threat management
Definition
The practice of centralizing various security techniques into a single appliance
Term
USB on the go
Definition
An external media solution where two devices connect over USB in a master/slave configuration
Term
virtual desktop environment
Definition
A VM that runs a desktop operating system
Term
virtual desktop infrastructure
Definition
A virtualization implementation that separates ilie personal computing environment from a user's physical computer
Term
virtual local area network
Definition
A logical method of segmenting a network at ilie Data Link layer layer 2 of the OSI model
Term
virtual machine lifecycle management
Definition
A collection of processes designed to help administrators oversee the implementation, delivery, operation, and maintenance of VMs over the course of their existence
Term
virtual machine
Definition
A virtualized computer that consists of an operating system and applications that run in a virtual environment that simulates dedicated physical hardware
Term
virtual mobile infrastructure
Definition
A mobile deployment model that allows employees' devices to connect to VMs that run mobile operating systems so that they can perform work tasks in a controlled environment
Term
virtual private network
Definition
A method of extending a private network by tunneling thmugh a public network, such as the Internet
Term
voice over IP
Definition
A term used for a technology that enables telephony communications over a network by using the IP protocol
Term
web application firewal
Definition
A firewall that is deployed to secure an organization's web applications and other application-based infrastructure from attackers
Term
Wi-Fi Protected Access 2
Definition
An improvement to the WPA protocol that implements all mandatory components of the 802.1li standard, including Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) encryption for increased security, and a 128- bit encryption key
Term
Wi-Fi Protected Access
Definition
A wireless encryption protocol that generates a 128-bit key for each packet sent. Superseded by WPA2
Term
Wi-Fi Protected Setup
Definition
An insecure feature of WPA and WPA2 that allows enrollment in a wireless network based on an 8-digit PIN
Term
Wired Equivalent Privacy
Definition
A depreciated protocol that provides 64-bit, 128-bit, and 256- bit encryption using the RC4 algorithm for wireless communication that uses the 802.11a and 802.11b protocols
Term
wireless intrusion prevention system
Definition
An active, inline security device that monitors suspicious network and/or system traffic on a wireless network and reacts in real time to block it
Term
write once read many storage
Definition
A storage medium used in SIEM to maintain the integrity of the security data being compiled
Term
3DES
Definition
A symmetric encryption algorithm that encrypts data by processing each block of data 3 times
Term
802.11 N
Definition
wireless standard for home & business that adds QoS features & Multimedia support to 802.11a & 802.11b Throughput up to 600 Mbps in the 2.4 and 5 GHz range
Term
802.11
Definition
A family of wireless protocols developed by IEEE Wireless LAN Communications
Term
802.11 ac
Definition
Wireless Communication protocol that improves upon 802.11 n by adding wider channels to increase throughput
Term
802.11a
Definition
fast, secure but relatively expensive protocol for wireless communication.supports speeds up to 54 Mbps and 5 GHz
Term
802.11b
Definition
first specification to be called wifi. the least expensive wireless. supports speeds up to 11 Mbps and 2.4 GHz
Term
802.11g
Definition
Wireless Communication protocol that supports speeds up to 54 Mbps and 2.4 GHz that is potential replacement for 802.11b
Term
802.1X
Definition
Standard for encapsulating EAP Communications over LAN or Wireless LAN that provides port-based authentication
Term
AAA
Definition
Authentication, Authorization & Accounting-security concept where a centralized platform verifies object ID, Assigned Permissions and Logs to create an audit trail
Term
AAR
Definition
After Action Report-Analysis of events that can provide insight into how to improve response processes in the future
Term
ABAC
Definition
Attribute Based Access Control-Access control technique that evaluates a set of attributes that each subjects possesses-Determines if access should be granted
Supporting users have an ad free experience!