Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
272 Cards in this Set
- Front
- Back
802.1x
|
A port-based authentication protocol. Wireless can use 802.1X. For example, WPA2-Enterprise mode uses an 802.1X server (implemented as a RADIUS server) to add authentication.
|
|
3DES
|
Triple Digital Encryption Standard. A symmetric algorithm used to encrypt data and provide confidentiality. It was originally designed as a replacement for DES. It uses multiple keys and multiple passes and is not as efficient as AES, but is still used in some applications, such as when hardware doesn’t support AES.
|
|
AAA
|
Authentication, Authorization, and Accounting. AAA protocols are used in remote access systems. For example, TACACS+ is an AAA protocol that uses multiple challenges and responses during a session. Authentication verifies a user’s identification. Authorization determines if a user should have access. Accounting tracks a user’s access with logs.
|
|
ACE
|
Access Control Entry. Identifies a user or group that is granted permission to a resource. ACEs are contained within a DACL in NTFS.
|
|
ACL
|
Access control list. A list of rules used to grant access to a resource. In NTFS, a list of ACEs makes up the ACL for a resource. In a firewall, an ACL identifies traffic that is allowed or blocked based on IP addresses, networks, ports, and some protocols (using the protocol ID).
|
|
AES
|
Advanced Encryption Standard. A symmetric algorithm used to encrypt data and provide confidentiality. AES is quick, highly secure, and used in a wide assortment of cryptography schemes. It includes key sizes of 128 bits, 192 bits, or 256 bits.
|
|
AES256
|
Advanced Encryption Standard 256 bit. AES sometimes includes the number of bits used in the encryption keys and AES256 uses 256-bit encryption keys.
|
|
AH
|
Authentication Header. IPsec includes both AH and ESP. AH provides authentication and integrity, and ESP provides confidentiality, integrity, and authentication. AH is identified with protocol ID number 51.
|
|
ALE
|
Annualized loss expectancy. Used to measure risk with annualized rate of occurrence (ARO) and single loss expectancy (SLE). The ALE identifies the total amount of loss expected for a given risk. The calculation is SLE x ARO = ALE.
|
|
AP
|
Access point, short for wireless access point (WAP). APs provide access to a wired network to wireless clients. Many APs support isolation mode to segment wireless uses from other wireless users.
|
|
ARO
|
Annualized rate of occurrence. Used to measure risk with annualized loss expectancy (ALE) and single loss expectancy (SLE). The ARO identifies how many times a loss is expected to occur in a year. The calculation is SLE x ARO = ALE.
|
|
ARP
|
Address Resolution Protocol. Resolves IP addresses to MAC addresses. ARP poisoning attacks can redirect traffic through an attacker’s system by sending false MAC address updates. VLAN segregation helps prevent the scope of ARP poisoning attacks within a network.
|
|
AUP
|
Acceptable use policy. An AUP defines proper system usage. It will often describe the purpose of computer systems and networks, how users can access them, and the responsibilities of users when accessing the systems.
|
|
BCP
|
Business continuity plan. A plan that helps an organization predict and plan for potential outages of critical services or functions. It includes disaster recovery elements that provide the steps used to return critical functions to operation after an outage. A BIA is a part of a BCP and the BIA drives decisions to create redundancies such as failover clusters or alternate sites.
|
|
BIA
|
Business impact analysis. The BIA identifies critical business or mission requirements and includes elements such as Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs), but it doesn’t identify solutions.
|
|
BIOS
|
Basic Input/Output System. A computer’s firmware used to manipulate different settings such as the date and time, boot drive, and access password.
|
|
BOTS
|
Network Robots. An automated program or system used to perform one or more tasks. A malicious botnet is group of computers called zombies and controlled through a command-and-control server. Attackers use malware to join computers to botnets. Zombies regularly check in with the command-and-control server and can launch DDoS attacks against other victims. Botnet activity often includes hundreds of outbound connections, and some botnets use Internet Relay Chat (IRC) channels.
|
|
CA
|
Certificate Authority. An organization that manages, issues, and signs certificates and is part of a PKI. Certificates are an important part of asymmetric encryption. Certificates include public keys along with details on the owner of the certificate and on the CA that issued the certificate. Certificate owners share their public key by sharing a copy of their certificate.
|
|
CAC
|
Common Access Card. A specialized type of smart card used by United States Department of Defense. It includes photo identification and provides confidentiality, integrity, authentication, and non-repudiation for the users. It is similar to a PIV.
|
|
CAN
|
Controller Area Network. A standard that allows microcontrollers and devices to communicate with each other without a host computer.
|
|
CCMP
|
Counter Mode with Cipher Block Chaining Message Authentication Code Protocol. An encryption protocol based on AES used with WPA2 for wireless security. It is more secure then TKIP, used with the original release of WPA.
|
|
CCTV
|
Closed-circuit television. This is a detective control that provides video surveillance. Video surveillance provides reliable proof of a person’s location and activity. It can be used by an organization to verify if any equipment or data is being removed.
|
|
CERT
|
Computer Emergency Response Team. A group of experts that respond to security incidents. Also known as CIRT, SIRT, or IRT.
|
|
CHAP
|
Challenge Handshake Authentication Protocol. Authentication mechanism where a server challenges a client. MS-CHAPv2 is an improvement over CHAP and uses mutual authentication.
|
|
CIA
|
Confidentiality, integrity, and availability. These three form the security triad. Confidentiality helps prevent the unauthorized disclosure of data. Integrity provides assurances that data has not been modified, tampered with, or corrupted. Availability indicates that data and services are available when needed.
|
|
CIRT
|
Computer Incident Response Team. A group of experts that respond to security incidents. Also known as CERT, SIRT, or IRT.
|
|
COOP
|
Continuity of Operations Plan. A COOP site provides an alternate location for operations after a critical outage. A hot site includes personnel, equipment, software, and communications capabilities of the primary site with all the data up to date. A hot site can take over for a failed primary site within an hour. A cold site will have power and connectivity needed for COOP activation, but little else. A warm site is a compromise between a hot site and a cold site.
|
|
CRC
|
Cyclical Redundancy Check. An error detection code used to detect accidental changes that can affect the integrity of data.
|
|
CRL
|
Certification Revocation List. A list of certificates that have been revoked. Certificates are commonly revoked if they are compromised. The certificate authority (CA) that issued the certificate publishes a CRL, and a CRL is public.
|
|
DAC
|
Discretionary Access Control. An access control model where all objects have owners and owners can modify permissions for the objects (files and folders). Microsoft’s NTFS uses the DAC model. Other access control models are MAC and RBAC.
|
|
DACL
|
Discretionary Access Control List. List of Access Control Entries (ACEs) in Microsoft’s NTFS. Each ACE includes a security identifier (SID) and a permission.
|
|
DDoS
|
Distributed denial-of-service. An attack on a system launched from multiple sources intended to make a computer’s resources or services unavailable to users. DDoS attacks are often launched from zombies in botnets. DDoS attacks typically include sustained, abnormally high network traffic. A performance baseline helps administrators detect a DDoS. Compare to DoS.
|
|
DEP
|
Data Execution Prevention. A security feature in some operating systems. It helps prevent an application or service from executing code from a nonexecutable memory region
|
|
DES
|
Digital Encryption Standard. An older symmetric encryption standard used to provide confidentiality. DES uses 56 bits and is considered cracked.
|
|
DHCP
|
Dynamic Host Configuration Protocol. A service used to dynamically assign TCP/IP configuration information to clients. DHCP is often used to assign IP addresses, subnet masks, default gateways, DNS server addresses, and much more.
|
|
DLL
|
Dynamic Link Library. A compiled set of code that can be called from other programs.
|
|
DLP
|
Data Loss Protection. A network-based DLP system can examine and analyze network traffic. It can detect if confidential company data or any PII data is included in e-mail and reduce the risk of internal users e-mailing sensitive data outside the organization.
|
|
DMZ
|
Demilitarized zone. Area between two firewalls separating the Internet and an internal network. A DMZ provides a layer of protection for Internet-facing servers. It allows access to a server or service for Internet users while segmenting and protecting access to the internal network.
|
|
DNS
|
Domain Name System. Used to resolve host names to IP addresses. DNS is the primary name resolution service used on the Internet and is also used on internal networks. DNS uses port 53. DNS poisoning attempts to modify or corrupt cached DNS results. A pharming attack is a specific type of DNS poisoning attack that redirects a website’s traffic to another website.
|
|
DoS
|
Denial-of-service. An attack from a single source that attempts to disrupt the services provided by another system. Examples include SYN flood, smurf, and some buffer overflow attacks. Compare to DDoS.
|
|
DRP
|
Disaster recovery plan. A document designed to help a company respond to disasters, such as hurricanes, floods, and fires. It includes a hierarchical list of critical systems and often prioritizes services to restore after an outage. Testing validates the plan. Recovered systems are tested before returning them to operation, and this can include a comparison to baselines. The final phase of disaster recovery includes a review to identify any lessons learned and may include an update of the plan.
|
|
DSA
|
Digital Signature Algorithm. A digital signature is an encrypted hash of a message. The sender’s private key encrypts the hash of the message to create the digital signature. The recipient decrypts the hash with the sender’s public key, and, if successful, it provides authentication, non-repudiation, and integrity. Authentication identifies the sender. Integrity verifies the message has not been modified. Non-repudiation is used with online transactions and prevents the sender from later denying they sent the e-mail.
|
|
EAP
|
Extensible Authentication Protocol. An authentication framework that provides general guidance for authentication methods. Variations include LEAP and PEAP
|
|
ECC
|
Elliptic curve cryptography. An asymmetric encryption algorithm commonly used with smaller wireless devices. It uses smaller key sizes and requires less processing power than many other encryption methods
|
|
EFS
|
Encrypting File System. A feature within NTFS on Windows systems that supports encrypting individual files or folders for confidentiality.
|
|
EMI
|
Electromagnetic interference. Interference caused by motors, power lines, and fluorescent lights. Cables can be shielded to protect signals from EMI. Additionally, EMI shielding prevents signal emanation, so it can prevent someone from capturing network traffic.
|
|
ESP
|
Encapsulating Security Protocol. IPsec includes both AH and ESP. AH provides authentication and integrity, and ESP provides confidentiality, integrity, and authentication. ESP is identified with protocol ID number 50.
|
|
FTP
|
File Transfer Protocol. Used to upload and download files to an FTP server. FTP uses ports 20 and 21. Secure FTP (SFTP) uses SSH for encryption on port 22. FTP Secure (FTPS) uses SSL or TLS for encryption.
|
|
FTPS
|
File Transfer Protocol Secure. An extension of FTP that uses SSL or TLS to encrypt FTP traffic. Some implementations of FTPS use ports 989 and 990.
|
|
GPG
|
GNU Privacy Guard (GPG). Free software that is based on the OpenPGP standard. It is similar to PGP but avoids any conflict with existing licensing by using open standards.
|
|
GPO
|
Group Policy object. Group Policy is used within Microsoft Windows to manage users and computers. It is implemented on a domain controller within a domain. Administrators use it to create password policies, lock down the GUI, configure host-based firewalls, and much more.
|
|
GPS
|
Global Positioning System. GPS tracking can help locate lost mobile devices. Remote wipe, or remote sanitize, erases all data on lost devices. Full disk encryption protects the data on the device if it is lost.
|
|
GRE
|
Generic Routing Encapsulation. A tunneling protocol developed by Cisco Systems.
|
|
GUI
|
Graphical user interface. Users interact with the graphical elements instead of typing in commands from a text interface. Windows is an example of a GUI.
|
|
HDD
|
Hard disk drive. A disk drive that has one or more platters and a spindle. In contrast, USB flash drives use flash memory.
|
|
HIDS
|
Host-based intrusion detection system. An IDS used to monitor an individual server or workstation. It protects local resources on the host such as the operating system files.
|
|
HIPS
|
Host-based intrusion prevention system. An extension of a host-based IDS. Designed to react in real time to catch an attack in action.
|
|
HMAC
|
Hash-based Message Authentication Code. An HMAC is a fixed length string of bits similar to other hashing algorithms such as MD5 and SHA-1, but it also uses a secret key to add some randomness to the result.
|
|
HSM
|
Hardware security module. A removable or external device that can generate, store, and manage RSA keys used in asymmetric encryption. High-volume ecommerce sites use HSMs to increase the performance of SSL sessions. High-availability clusters needing encryption services can use clustered HSMs.
|
|
HTML
|
Hypertext Markup Language. Language used to create web pages served on the Internet. HTML documents are displayed by web browsers and delivered over the Internet using HTTP or HTTPS. It uses less than and greater than characters (
|
|
HTTP
|
Hypertext Transfer Protocol. Used for web traffic on the Internet and in intranets. HTTP uses port 80.
|
|
HTTPS
|
Hypertext Transfer Protocol Secure. Encrypts HTTP traffic with SSL or TLS using port 443.
|
|
HVAC
|
Heating, ventilation, and air conditioning. HVAC systems increase availability by regulating airflow within datacenters and server rooms. They use hot and cold to regulate the cooling, thermostats to ensure a relatively constant temperature, and humidity controls to reduce the potential for static discharges, and damage from condensation. They are often integrated with fire alarm systems and either have dampers or the ability to be turned off in the event of a fire.
|
|
IaaS
|
Infrastructure as a Service. A cloud computing technology useful for heavily utilized systems and networks. Organizations can limit their hardware footprint and personnel costs by renting access to hardware such as servers. Compare to PaaS and SaaS.
|
|
ICMP
|
Internet Control Message Protocol. Used for diagnostics such as ping. Many DoS attacks use ICMP. It is common to block ICMP at firewalls and routers. If ping fails, but other connectivity to a server succeeds, it indicates that ICMP is blocked.
|
|
ID
|
Identification. For example, a protocol ID identifies a protocol based on a number. AH is identified with protocol ID number 51 and ESP is identified with protocol ID number 50.
|
|
IDS
|
Intrusion detection system. A detective control used to detect attacks after they occur. A signature-based IDS (also called definition-based) uses a database of predefined traffic patterns. An anomaly-based IDS (also called behavior-based) starts with a performance baseline of normal behavior and compares network traffic against this baseline. An IDS can be either host-based (HIDS) or network-based (NIDS). In contrast, a firewall is a preventative control that attempts to prevent the attacks before they occur. An IPS is a preventative control that will stop an attack in progress.
|
|
IEEE
|
Institute of Electrical and Electronic Engineers. International organization with a focus on electrical, electronics, and information technology topics. IEEE standards are well respected and followed by vendors around the world.
|
|
IGMP
|
Internet Group Management Protocol. Used for multicasting. Computers belonging to a multicasting group have a multicasting IP address in addition to a standard unicast IP address.
|
|
IIS
|
Internet Information Services. A Microsoft Windows web server. IIS comes free with Microsoft Windows Server products.
|
|
IKE
|
Internet Key Exchange. Used with IPsec to create a secure channel over port 500 in a VPN tunnel.
|
|
IM
|
Instant Messaging. Real-time direct text-based communication between two or more people, often referred to as chat.
|
|
IMAP4
|
Internet Message Access Protocol v4. Used to store e-mail on servers and allow clients to manage their e-mail on the server. IMAP4 uses port 143.
|
|
IPS
|
Intrusion prevention system. A preventative control that will stop an attack in progress. It is similar to an active IDS except that it’s placed in line with traffic. An IPS can actively monitor data streams, detect malicious content, and stop attacks in progress.
|
|
IPsec
|
Internet Protocol Security. Used to encrypt traffic on the wire and can operate in both tunnel mode and transport mode. It uses tunnel mode for VPN traffic. IPsec is built into IPv6, but can also work with IPv4 and it includes both AH and ESP. AH provides authentication and integrity, and ESP provides confidentiality, integrity, and authentication. IPsec uses port 500 for IKE with VPN connections.
|
|
IPv4
|
Internet Protocol version 4. Identifies hosts using a 32-bit IP address. IPv4 is expressed in dotted decimal format with decimal numbers separated by dots or periods like this: 192.168.1.1.
|
|
IPv6
|
Internet Protocol version 6. Identifies hosts using a 128-bit address. IPv6 is expressed as eight groups of four hexadecimal characters (numbers and letters), such as this: FE80: 0000:0000:0000: 20D4:3FF7:003F:DE62.
|
|
IRC
|
Internet Relay Chat. A form of real-time Internet text messaging often used with chat sessions. Some botnets have used IRC channels to control zombie computers through a command and control server.
|
|
IRT
|
Incident Response Team. A group of experts that respond to security incidents. Also known as CERT, CIRT, or SIRT.
|
|
ISP
|
Internet Service Provider. Company that provides Internet access to customers.
|
|
IV
|
Initialization vector. An provides randomization of encryption keys to help ensure that keys are not reused. WEP was susceptible to IV attacks because it used relatively small IVs. In an IV attack, the attacker uses packet injection, increasing the number of packets to analyze, and discovers the encryption key.
|
|
KDC
|
Key Distribution Center. Part of the Kerberos protocol used for network authentication. The KDC issues time-stamped tickets that expire.
|
|
L2TP
|
Layer 2 Tunneling Protocol. Tunneling protocol used with VPNs. L2TP is commonly used with IPsec (L2TP/IPsec). L2TP uses port 1701.
|
|
LAN
|
Local area network. Group of hosts connected within a network.
|
|
LANMAN
|
Local area network manager. Older authentication protocol used to provide backward compatibility to Windows 9x clients. LANMAN passwords are easily cracked due to how they are stored.
|
|
LDAP
|
Lightweight Directory Access Protocol. Language used to communicate with directories such as Microsoft’s Active Directory. It provides a central location to manage user accounts and other directory objects. LDAP uses port 389 when unencrypted and port 636 when encrypted.
|
|
LEAP
|
Lightweight Extensible Authentication Protocol. A modified version of the Challenge Handshake Authentication Protocol (CHAP) created by Cisco.
|
|
MAC
|
Mandatory Access Control. Access control model that uses sensitivity labels assigned to objects (files and folders) and subjects (users). SELinux (deployed in both Linux and UNIX platforms) is a trusted operating system platform using the MAC model. Other access control models are DAC and RBAC.
|
|
MAC
|
Media access control. A 48-bit address used to uniquely identify network interface cards. It also called a hardware address or a physical address, and is commonly displayed as six pairs of hexadecimal characters. Port security on a switch can limit access using MAC filtering. Wireless access points can use MAC filtering to restrict access to only certain clients, though an attacker can easily beat this.
|
|
MAC
|
Message authentication code. Method used to provide integrity for messages. A MAC uses a secret key to encrypt the hash. Some versions called HMAC.
|
|
MAN
|
Metropolitan area network. A computer network that spans a metropolitan area such as a city or a large campus
|
|
MBR
|
Master Boot Record. An area on a hard disk in its first sector. When the BIOS boots a system, it looks at the MBR for instructions and information on how to boot the disk and load the operating system. Some malware tries to hide here.
|
|
MD5
|
Message Digest 5. A hashing function used to provide integrity. MD5 uses 128 bits. A hash is simply a number created by applying the algorithm to a file or message at different times. The hashes are compared to each other to verify that integrity has been maintained.
|
|
MITM
|
Man in the middle. A MITM attack is a form of active interception allowing an attacker to intercept traffic and insert malicious code sent to other clients. Kerberos provides mutual authentication and helps prevent MITM attacks.
|
|
MS-CHAP
|
Microsoft Challenge Handshake Authentication Protocol. Microsoft’s implementation of CHAP. MS-CHAPv2 provides mutual authentication.
|
|
MTU
|
Maximum Transmission Unit. The MTU identifies the size of data that can be transferred.
|
|
NAC
|
Network access control. Inspects clients for health and can restrict network access to unhealthy clients to a remediation network. Clients run agents and these agents report status to a NAC server. NAC is used for VPN and internal clients. MAC filtering is a form of NAC.
|
|
NAT
|
Network Address Translation. A service that translates public IP addresses to private and private IP addresses to public. It hides addresses on an internal network.
|
|
NIDS
|
Network-based intrusion detection system. IDS used to monitor a network. It can detect network-based attacks, such as smurf attacks. A NIDS cannot monitor encrypted traffic, and cannot monitor traffic on individual hosts.
|
|
NIPS
|
Network-based intrusion prevention system. An IPS that monitors the network. An IPS can actively monitor data streams, detect malicious content, and stop attacks in progress.
|
|
NIST
|
National Institute of Standards and Technology. NIST is a part of the U.S. Department of Commerce, and it includes an Information Technology Laboratory (ITL). The ITL publishes special publications related to security that are freely available for download here: http://csrc.nist.gov/publications/PubsSPs.html.
|
|
NOOP
|
No operation, sometimes listed as NOP. NOOP instructions are often used in a buffer overflow attack. An attacker often writes a large number of NOOP instructions as a NOOP sled into memory, followed with malicious code.
|
|
NOS
|
Network Operating System. Software that runs on a server and enables the server to manage resources on a network.
|
|
NTFS
|
New Technology File System. A file system used in Microsoft operating systems that provides security. NTFS uses the DAC model.
|
|
NTLM
|
New Technology LANMAN. Authentication protocol intended to improve LANMAN. The LANMAN protocol stores passwords using a hash of the password by first dividing the password into two seven-character blocks, and then converting all lowercase letters to uppercase. This makes LANMAN easy to crack. NTLM stores passwords in LANMAN format for backward compatibility, unless the passwords are greater than fifteen characters. NTLMv1 is older and has known vulnerabilities. NTLMv2 is newer and secure.
|
|
NTP
|
Network Time Protocol. Protocol used to synchronize computer times.
|
|
P2P
|
Peer-to-peer. P2P applications allow users to share files such as music, video, and data over the Internet. Data leakage occurs when users install P2P software and unintentionally share files. Organizations often block P2P software at the firewall and detect running software with port scans.
|
|
PaaS
|
Platform as a Service. Provides cloud customers with an easy-to-configure operating system and on-demand computing capabilities. Compare to IaaS and SaaS.
|
|
PAP
|
Password Authentication Protocol. An older authentication protocol where passwords are sent across the network in clear text. Rarely used today.
|
|
PAT
|
Port Address Translation. A form of network address translation.
|
|
PBX
|
Private Branch Exchange. A telephone switch used to telephone calls.
|
|
PEAP
|
Protected Extensible Authentication Protocol. PEAP provides an extra layer of protection for EAP. PEAP-TLS uses TLS to encrypt the authentication process by encapsulating and encrypting the EAP conversation in a Transport Layer Security (TLS) tunnel. Since TLS requires a certificate, PEAP-TLS requires a certification authority (CA) to issue certificates.
|
|
PED
|
Personal Electronic Device. Small devices such as cell telephones, radios, CD players, DVD players, video cameras, and MP3 players.
|
|
PGP
|
Pretty Good Privacy. Commonly used to secure e-mail communications between two private individuals but is also used in companies. It provides confidentiality, integrity, authentication, and non-repudiation. It can digitally sign and encrypt e-mail. It uses both asymmetric and symmetric encryption.
|
|
PII
|
Personally Identifiable Information. Information about individuals that can be used to trace a person’s identity, such as a full name, birthdate, biometric data, and identifying numbers such as a Social Security number (SSN). Organizations have an obligation to protect PII and often identify procedures for handling and retaining PII in data policies.
|
|
PIN
|
Personal identification number. A number known by a user and entered for authentication. PINs are often combined with smart cards to provide two-factor authentication.
|
|
PIV
|
Personal identity verification card. A specialized type of smart card used by United States federal agencies. It includes photo identification and provides confidentiality, integrity, authentication, and non-repudiation for the users. It is similar to a CAC.
|
|
PKI
|
Public Key Infrastructure. Group of technologies used to request, create, manage, store, distribute, and revoke digital certificates. Certificates are an important part of asymmetric encryption. Certificates include public keys along with details on the owner of the certificate and on the CA that issued the certificate. Certificate owners share their public key by sharing a copy of their certificate.
|
|
POP3
|
Post Office Protocol v3. Used to transfer e-mail from mail servers to clients. POP3 uses port 110.
|
|
POTS
|
Plain old telephone service. Voice grade telephone service available.
|
|
PPP
|
Point-to-Point Protocol. Used to create remote access connections.
|
|
PPTP
|
Point-to-Point Tunneling Protocol. Tunneling protocol used with VPNs. PPTP uses TCP port 1723.
|
|
PSK
|
Pre-shared key. A secret shared among different systems. Wireless networks support Personal Mode, where each device uses the same PSK. In contrast, Enterprise Mode uses an 802.1x or RADIUS server for authentication.
|
|
PTZ
|
Pan tilt zoom. Refers to cameras that can pan (move left and right), tilt (move up and down), and zoom to get a closer or a wider view.
|
|
RA
|
Recovery agent. A designated individual who can recover or restore cryptographic keys. In the context of a PKI, a recovery agent can recover private keys to access encrypted data.
|
|
RADIUS
|
Remote Authentication Dial-In User Service. Provides central authentication for remote access clients. RADIUS encrypts the password packets and uses UDP. In contrast, TACACS+ encrypts the entire authentication process and uses TCP.
|
|
RAID
|
Redundant Array of Inexpensive (or Independent) Disks. Multiple disks added together to increase performance or provide protection against faults.
|
|
RAID-0
|
Disk striping. RAID-0 improves performance but does not provide fault tolerance.
|
|
RAID-1
|
Disk mirroring. RAID-1 uses two disks and provides fault tolerance.
|
|
RAID-5
|
Disk striping with parity. RAID-5 uses three or more disks and provides fault tolerance.
|
|
RAM
|
Random Access Memory. Volatile memory within a computer that holds active processes, data, and applications. Data in RAM is lost when the computer is turned off. Inspection of RAM can discover hooked processes from rootkits. Memory forensics analyzes data in RAM.
|
|
RAS
|
Remote Access Service. A server used to provide access to an internal network from an outside location. RAS is also known as Remote Access Server and sometimes referred to as Network Access Service (NAS).
|
|
RBAC
|
Role-based access control. An access control model that uses roles to define access and it is often implemented with groups. A user account is placed into a role, inheriting the rights and permissions of the role. Other access control models are MAC and DAC.
|
|
RBAC
|
Rule-based access control. An access control model that uses rules to define access. Rule-based access control is based on a set of approved instructions, such as an access control list. Other access control models are MAC and DAC.
|
|
RC
|
Ron’s Code or Rivest’s Cipher. Symmetric encryption algorithm that includes versions RC2, RC4, RC5, and RC6. RC4 is a secure stream cipher, and RC5 and RC6 are block ciphers.
|
|
RFI
|
Radio frequency interference. Interference from RF sources such as AM or FM transmitters. RFI can be filtered to prevent data interference, and cables can be shielded to protect signals from RFI.
|
|
RIPEMD
|
RACE Integrity Primitives Evaluation Message Digest. A hash function used for integrity. It creates fixed length hashes of 128, 160, 256, or 320 bits.
|
|
RPO
|
Recovery Point Objective. A Recovery Point Objective identifies a point in time where data loss is acceptable. It is related to the RTO and the BIA often includes both RTOs and RPOs.
|
|
RSA
|
An asymmetric algorithm used to encrypt data and digitally sign transmissions. It is named after its creators, Rivest, Shamir, and Adleman, and RSA is also the name of the company they founded together. RSA relies on the mathematical properties of prime numbers when creating public and private keys.
|
|
RSTP
|
Rapid Spanning Tree Protocol. An improvement over STP. STP and RSTP protocols are enabled on most switches and protect against switching loops, such as those caused when two ports of a switch are connected together.
|
|
RTO
|
Recovery Time Objective. An RTO identifies the maximum amount of time it can take to restore a system after an outage. It is related to the RPO and the BIA often includes both RTOs and RPOs.
|
|
RTP
|
Real-time Transport Protocol. A standard used for delivering audio and video over an IP network.
|
|
S/MIME
|
Secure/Multipurpose Internet Mail Extensions. Used to secure e-mail. S/MIME provides confidentiality, integrity, authentication, and non-repudiation. It can digitally sign and encrypt e-mail, including the encryption of e-mail at rest (stored on a drive) and in transit (data sent over the network). It uses RSA, with public and private keys for encryption and decryption, and depends on a PKI for certificates.
|
|
SaaS
|
Software as a Service. Applications provided over the Internet. Webmail is an example of a cloud-based technology. Compare to IaaS and PaaS.
|
|
SCAP
|
Security Content Automation Protocol. A method with automated vulnerability management, measurement, and policy compliance evaluation tools
|
|
SCP
|
Secure copy. Based on SSH, SCP allows users to copy encrypted files over a network. SCP uses port 22.
|
|
SCSI
|
Small Computer System Interface. Set of standards used to connect peripherals to computers. Commonly used for SCSI hard disks and/or tape drives.
|
|
SDLC
|
Software Development Life Cycle. A software development process. Many different models are available.
|
|
SDLM
|
Software Development Life Cycle Methodology. The practice of using a SDLC when developing applications.
|
|
SELinux
|
Security-Enhanced Linux. A trusted operating system platform that prevents malicious or suspicious code from executing on both Linux and UNIX systems. It is one of the few operating systems that use the MAC model.
|
|
SFTP
|
Secure FTP. An extension of Secure Shell (SSH) using SSH to transmit the files in an encrypted format. SFTP transmits data using port 22.
|
|
SHA
|
Secure Hash Algorithm. A hashing function used to provide integrity. SHA1 uses 160 bits, and SHA-256 uses 256 bits. Hashing algorithms always provide a fixed-size bit-string regardless of the size of the hashed data. By comparing the hashes at two different times, you can verify integrity of the data.
|
|
SHTTP
|
Secure Hypertext Transfer Protocol. An alternative to HTTPS. Infrequently used.
|
|
SID
|
Security identifier. Unique set of numbers and letters used to identify each user and each group in Microsoft environments.
|
|
SIM
|
Subscriber Identity Module. A small smart card that contains programming and information for small devices such as cell phones.
|
|
SIRT
|
Security Incident Response Team. A group of experts that respond to security incidents. Also known as CERT, CERT, or IRT.
|
|
SLA
|
Service level agreement. An agreement between a company and a vendor that stipulates performance expectations, such as minimum uptime and maximum downtime levels.
|
|
SLE
|
Single loss expectancy. Used to measure risk with annualized loss expectancy (ALE) and annualized rate of occurrence (ARO). The SLE identifies the expected dollar amount for a single event resulting in a loss. The calculation is SLE x ARO = ALE.
|
|
SMTP
|
Simple Mail Transfer Protocol. Used to transfer e-mail between clients and servers and between e-mail servers and other e-mail servers. SMTP uses port 25.
|
|
SNMP
|
Simple Network Management Protocol. Used to manage network devices such as routers or switches. SNMP agents report information via notifications known as SNMP traps, or SNMP device traps.
|
|
SONET
|
Synchronous Optical Network Technologies. A multiplexing protocol used to transfer data over optical fiber.
|
|
SPIM
|
Spam over Internet Messaging. A form of spam using instant messaging that targets instant messaging users
|
|
SPOF
|
Single point of failure. An SPOF is any component whose failure results in the failure of an entire system. Elements such as RAID, failover clustering, UPS, and generators remove many single points of failure.
|
|
SQL
|
Structured query language. Used by SQL-based databases, such as Microsoft’s SQL Server. Websites integrated with a SQL database are subject to SQL injection attacks. Input validation with forms and stored procedures help prevent SQL injection attacks. Microsoft’s SQL Server uses port 1433 by default.
|
|
SSH
|
Secure Shell. SSH encrypts a wide variety of traffic such as Secure File Transfer Protocol (SFTP), Telnet, and Secure Copy (SCP). SSH uses port 22.
|
|
SSID
|
Service Set Identifier. Identifies the name of a wireless network. Disabling SSID broadcast can hide the network from casual users but an attacker can easily discover it with a wireless sniffer. It’s recommended to change the SSID from the default name.
|
|
SSL
|
Secure Sockets Layer. Used to encrypt traffic on the wire. SSL is used with HTTPS to encrypt HTTP traffic on the Internet using both symmetric and asymmetric encryption algorithms. SSL uses port 443 when encrypting HTTPS traffic.
|
|
SSO
|
Single sign-on. Authentication method where users can access multiple resources on a network using a single account. SSO can provide central authentication against a federated database for different operating systems.
|
|
SSTP
|
Secure Socket Tunneling Protocol. A tunneling protocol that encrypts VPN traffic using SSL over port 443.
|
|
STP
|
Spanning Tree Protocol. Protocol enabled on most switches that protects against switching loops. A switching loop can be caused if two ports of a switch are connected together, such as those caused when two ports of a switch are connected together.
|
|
STP
|
Shielded twisted pair. Cable type used in networks that includes shielding to prevent interference from EMI and RFI. It can also prevent data from emanating outside the cable.
|
|
SYN
|
Synchronize. The first packet in a TCP handshake. In a SYN flood attack, attackers send this packet, but don’t complete the handshake after receiving the SYN/ACK packet. A flood guard is a logical control that protects against SYN flood attacks.
|
|
TACACS
|
Terminal Access Controller Access-Control System. An older remote authentication protocol that was commonly used in UNIX networks. TACACS+ is more commonly used.
|
|
TACACS+
|
Terminal Access Controller Access-Control System+. Provides central authentication for remote access clients and used as an alternative to RADIUS. TACACS+ uses TCP port 49, compared with TACACS, which uses UDP port 49. It encrypts the entire authentication process, compared with RADIUS, which only encrypts the password. It uses multiple challenges and responses.
|
|
TCO
|
Total cost of ownership. A factor considered when purchasing new products and services. TCO attempts to identify the cost of a product or service over its lifetime.
|
|
TCP
|
Transmission Control Protocol. Provides guaranteed delivery of IP traffic using a three-way handshake.
|
|
TCP/IP
|
Transmission Control Protocol/Internet Protocol. Represents the full suite of protocols.
|
|
TFTP
|
Trivial File Transfer Protocol. Used to transfer small amounts of data with UDP port 69. In contrast, FTP is used to transfer larger files using TCP ports 20 and 21.
|
|
TKIP
|
Temporal Key Integrity Protocol. Wireless security protocol introduced to address the problems with WEP. TKIP was used with WPA but many implementations of WPA now support CCMP.
|
|
TLS
|
Transport Layer Security. Used to encrypt traffic on the wire. TLS is the replacement for SSL and like SSL, it uses certificates issued by CAs. PEAP-TLS uses TLS to encrypt the authentication process and PEAP-TLS requires a CA to issue certificates.
|
|
TPM
|
Trusted Platform Module. This is a hardware chip on the motherboard included on many newer laptops. A TPM includes a unique RSA asymmetric key, and it can generate and store other keys used for encryption, decryption, and authentication. TPM provides full disk encryption.
|
|
UAT
|
User Acceptance Testing. One of the last phases of testing an application before its release.
|
|
UDP
|
User Datagram Protocol. Used instead of TCP when guaranteed delivery of each packet is not necessary. UDP uses a best-effort delivery mechanism.
|
|
UPS
|
Uninterruptible power supply. A battery backup system that provides fault tolerance for power and can protect against power fluctuations. UPS provide short-term power giving the system enough time to shut down smoothly, or to transfer to generator power. Generators provide long-term power in extended outages.
|
|
URL
|
Universal Resource Locator. Address used to access web resources, such as http://GetCertifiedGetAhead.com. Pop-up blockers can include URLs of sites where pop-ups are allowed.
|
|
USB
|
Universal Serial Bus. A serial connection used to connect peripherals such as printers, flash drives, and external hard disk drives. Data on USB drives can be protected against loss of confidentiality with encryption. They combine high volume and transfer speeds with ease of concealment and often result in data leakage.
|
|
UTP
|
Unshielded twisted pair. Cable type used in networks that do not have any concerns over EMI, RFI, or cross talk. If these are a concern, STP is used.
|
|
VLAN
|
Virtual local area network. A VLAN can logically group several different computers together, or logically separate computers, without regard to their physical location. It is possible to create multiple VLANs with a single switch.
|
|
VM
|
Virtual machine. A virtual system hosted on a physical system. A physical server can host multiple VMs as servers. Virtualization can reduce the footprint of an organization’s server room or datacenter, and helps eliminate wasted resources. It also helps reduce the amount of physical equipment, reducing overall physical security requirements. A VM escape is an attack that allows an attacker to access the host system from within the virtual system.
|
|
VoIP
|
Voice over IP. A group of technologies used to transmit voice over IP networks. Vishing is a form of phishing that sometimes uses VoIP.
|
|
VPN
|
Virtual private network. Provides access to a private network over a public network such as the Internet. VPN concentrators provide VPN access to large groups of users.
|
|
VTC
|
Video teleconferencing. A group of interactive telecommunication technologies that allow people in two or more locations to interact with two-way video and audio transmissions.
|
|
WAF
|
Web application firewall. A firewall specifically designed to protect a web application, such as a web server. A WAF inspects the contents of traffic to a web server, can detect malicious content, and block it.
|
|
WAP
|
Wireless access point, sometimes just called an access point (AP). Increasing the power level of a WAP increases the wireless coverage of the WAP. Decreasing the power levels, decreases the coverage. Coverage can also be manipulated by moving or positioning the wireless antenna.
|
|
WEP
|
Wired Equivalent Privacy. Original wireless security protocol. Had significant security flaws and was replaced with WPA, and ultimately WPA2. WEP used RC4 incorrectly making it susceptible to IV attacks.
|
|
WIDS
|
Wireless intrusion detection system. An IDS used for wireless networks.
|
|
WIPS
|
Wireless intrusion prevention system. An IPS used for wireless networks.
|
|
WLAN
|
Wireless local area network. Network connected wirelessly.
|
|
WPA
|
Wi-Fi Protected Access. Replaced WEP as a wireless security protocol without replacing hardware. Superseded by WPA2.
|
|
WPA2
|
Wi-Fi Protected Access version 2. Newer security protocol used to protect wireless transmissions. It supports CCMP for encryption, which is based on AES and stronger than TKIP which was originally released with WPA. In Enterprise Mode, it can use RADIUS to support 802.1x authentication. In personal mode, it uses a preshared key (PSK).
|
|
WTLS
|
Wireless Transport Layer Security. Used to encrypt traffic for smaller wireless devices.
|
|
XML
|
Extensible markup language. Used by many databases for inputting or exporting data. XML uses formatting rules to describe the data.
|
|
XTACACS
|
Extended Terminal Access Controller Access-Control System. An improvement over TACACS developed by Cisco Systems and proprietary to Cisco systems. TACACS+ is more commonly used.
|
|
XSRF
|
Cross-site request forgery. An attack that causes users to perform actions on websites without their knowledge. In some cases, attackers use header manipulation to steal cookies and harvest passwords.
|
|
XSS
|
Cross-site scripting. It scripting allows an attacker to redirect users to malicious websites and steal cookies. E-mail can include an embedded HTML image object or a JavaScript image tag as part of a malicious cross-site scripting attack. Websites prevent cross-site scripting attacks with input validation to detect and block input that include HTML and JavaScript tags.Many sites prevent the use of < and > characters to block cross-site scripting.
|
|
API
|
Application Programming Interface. A set of routines, protocols, and tools for building software applications. An API specifies how software components should interact.
|
|
ASP
|
Application Service Provider. Is a business providing computer-based services to customers over a network; such as access to a particular software application (such as customer relationship management) using a standard protocol (such as HTTP).
|
|
BPA
|
A BPA is a written agreement that details the relationship between business partners, including their obligations toward the partnership. It typically identifies the shares of profits or losses each partner will take, their responsibilities to each other, and what to do if a partner chooses to leave the partnership. One of the primary benefits of a BPA is that it can help settle conflicts when they arise.
|
|
BYOD
|
Bring Your Own Device.
|
|
CAPTCHA
|
Completely Automated Public Turing Test to Tell Computers and Humans Apart. Is a type of challenge-response test used in computing to determine whether or not the user is human.
|
|
CAR
|
Corrective Action Report. Is a procedure used to originate a corrective action. It is used as response to a defect. In simple words, it means an action/actions adopted to eliminate the problem from occurring again. Correction relates to containment whereas corrective action relates to the root cause.
|
|
CIO
|
Chief Information Officer or chief digital information officer (CDIO) or information technology (IT) director, is a job title commonly given to the most senior executive in an enterprise responsible for the information technology and computer systems that support enterprise goals.
|
|
CP
|
Contingency Planning. Is a plan devised for an outcome other than in the usual (expected) plan. It is often used for risk management when an exceptional risk that, though unlikely, would have catastrophic consequences. Contingency plans are often devised by governments or businesses.
|
|
CSR
|
Control Status Register. Is a register in many central processing units that are used as storage devices for information about instructions received from machines. The device is generally placed in the register address 0 or 1 in CPUs and works on the concept of using a comparison of flags (carry, overflow and zero, usually) to decide on various If-then instructions related to electronic decision flows.
|
|
CSU/DSU
|
(Channel Service Unit/Data Service Unit) is a hardware device about the size of an external modem that converts a digital data frame from the communications technology used on a local area network (LAN) into a frame appropriate to a wide-area network (WAN) and vice versa.
|
|
CTO
|
A Chief Technology Officer (CTO) is the individual within an organization who oversees current technology and creates relevant policy. A CTO should have the business knowledge necessary to align technology-related decisions with the organization's goals.
|
|
DBA
|
Database administrators use specialized software to store and organize data, such as financial information and customer shipping records. They make sure that data are available to users and are secure from unauthorized access.
|
|
DNAT
|
Destination Network Address Transaction. Destination NAT is performed on incoming packets, when the firewall translates a public destination address to a private address. Destination NAT does not use address pools or ranges. It is a 1-to-1, static translation with the option to perform port forwarding or port translation.
|
|
DSL
|
Digital Subscriber line. Is a technology for bringing high- bandwidth information to homes and small businesses over ordinary copper telephone lines. xDSL refers to different variations of DSL, such as ADSL, HDSL, and RADSL.
|
|
DSU
|
Data Service Unit. Sometimes called a digital service unit, is a piece of telecommunications circuit terminating equipment that transforms digital data between telephone company lines and local equipment.
|
|
ECDHE
|
Elliptic Curve Diffie-Hellman Ephemeral. Is an anonymous key agreement protocol that allows two parties, each having an elliptic curve public–private key pair, to establish a shared secret over an insecure channel. This shared secret may be directly used as a key, or to derive another key. The key, or the derived key, can then be used to encrypt subsequent communications using a symmetric key cipher. It is a variant of the Diffie–Hellman protocol using elliptic curve cryptography.
|
|
ESN
|
Electronic Serial Number is a unique identification number embedded by manufacturers on a microchip in wireless phones. The ESN is automatically transmitted to a base station when a call is made. The carrier's mobile switching office then detects the ESN and checks the validity of the call to prevent fraud.
|
|
FACL
|
File System Access Control List. With respect to a computer file system, is a list of permissions attached to an object. An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. Each entry in a typical ACL specifies a subject and an operation.
|
|
FDE
|
Full Disk Encryption is encryption at the hardware level. FDE works by automatically converting data on a hard drive into a form that cannot be understood by anyone who doesn’t have the key to “undo” the conversion. Without the proper authentication key, even if the hard drive is removed and placed in another machine, the data remains inaccessible. FDE can be installed on a computing device at the time of manufacturing or it can be added later on by installing a special software driver.
|
|
GPU
|
Graphic Processing Unit A programmable logic chip (processor) specialized for display functions. The GPU renders images, animations and video for the computer's screen. GPUs are located on plug-in cards, in a chipset on the motherboard or in the same chip as the CPU (see diagram below).
|
|
HOTP
|
HMAC-based One-time Password Algorithm. HOTP is an HMAC-based one-time password (OTP) algorithm. It is a cornerstone of Initiative For Open Authentication (OATH).
|
|
OTP
|
A one-time password is a password that is valid for only one login session or transaction, on a computer system or other digital device.
|
|
IR
|
Incident Response is an organized approach to addressing and managing the aftermath of a security breach or attack (also known as an incident). The goal is to handle the situation in a way that limits damage and reduces recovery time and costs.
|
|
IRP
|
Incident response plans provide instructions for responding to a number of potential scenarios, including data breaches, denial of service/distributed denial of service attacks, firewall breaches, virus or malware outbreaks or insider threats. Without an incident response plan in place, organizations may either not detect the attack in the first place, or not follow proper protocol to contain the threat and recover from it when a breach is detected. According to the SANS Institute, there are six key phases of an incident response plan: 1. Preparation: Preparing users and IT staff to handle potential incidents should they should arise 2. Identification: Determining whether an event is indeed a security incident 3. Containment: Limiting the damage of the incident and isolating affected systems to prevent further damage 4. Eradication: Finding the root cause of the incident, removing affected systems from the production environment 5. Recovery: Permitting affected systems back into the production environment, ensuring no threat remains 6. Lessons learned: Completing incident documentation, performing analysis to ultimately learn from incident and potentially improve future response efforts
|
|
ISA
|
Interconnection Security Agreement. Specifies technical and security requirements for planning, establishing, maintaining, and disconnecting a secure connection between two or more entities. For example, it may stipulate certain types of encryption for all data in transit.
|
|
ISSO
|
Information systems security officers research, develop, implement, test and review an organization's information security in order to protect information and prevent unauthorized access.
|
|
ITCP
|
IT Contingency Plan is a plan devised for an outcome other than in the usual (expected) plan. It is often used for risk management when an exceptional risk that, though unlikely, would have catastrophic consequences. Contingency plans are often devised by governments or businesses.
|
|
JBOD
|
Just a Bunch of Disks. JBOD architecture lets you take a group of motley hard drives of various sizes and makes and configure them into either a single logical volume or into a group of individual hard drives.
|
|
Maas
|
The monitoring as a service (MaaS) offering provides a monitoring solution based on a monitoring infrastructure in the cloud. ... The customer just needs to pay for the service he wants to use – on a subscription model similar to any SaaS product offering.
|
|
MOU
|
Memorandum of Understanding. An MOU expresses an understanding between two or more parties indicating their intention to work together toward a common goal. It is similar to an SLA in that it defines the responsibilities of each of the parties. However, it is less formal than an SLA and does not include monetary penalties. Additionally, it doesn’t have strict guidelines in place to protect sensitive data. Many times, MOUs are used in conjunction with ISAs. National Institute of Standards and Technology (NIST) Special Publication (SP) 800-47, “Security Guide for Interconnecting Information Technology Systems,” includes more in-depth information on MOUs and ISAs.
|
|
MPLS
|
Multi-Protocol Label Switching. MPLS is best summarized as a“Layer 2.5 networking protocol”.In the traditional OSI model: Layer 2 covers protocols like Ethernet andSONET, which can carry IP packets, but onlyover simple LANs or point-to-point WANs.Layer 3 covers Internet-wide addressing androuting using IP protocols.MPLS sits between these traditional layers,providing additional features for the transportof data across the network.
|
|
*MTBF
|
*Mean Time Between Failures is a measure of how reliable a hardware product or component is. For most components, the measure is typically in thousands or even tens of thousands of hours between failures. For example, a hard disk drive may have a mean time between failures of 300,000 hours.
|
|
*MTTR
|
*Mean Time to Recovery is the average time that a device will take to recover from any failure. Examples of such devices range from self-resetting fuses (where the MTTR would be very short, probably seconds), up to whole systems which have to be repaired or replaced.
|
|
*MTTF
|
*Mean Time to Failure is the length of time a device or other product is expected to last in operation. MTTF is one of many ways to evaluate the reliability of pieces of hardware or other technology.
|
|
NDA
|
Non–Disclosure Agreement is a legal contract between at least two parties that outlines confidential material, knowledge, or information that the parties wish to share with one another for certain purposes, but wish to restrict access to or by third parties. It is a contract through which the parties agree not to disclose information covered by the agreement. An NDA creates a confidential relationship between the parties to protect any type of confidential and proprietary information or trade secrets.
|
|
NFC
|
Near Field Communication is a short-range wireless connectivity standard (Ecma-340, ISO/IEC 18092) that uses magnetic field induction to enable communication between devices when they're touched together, or brought within a few centimeters of each other.
|
|
OCSP
|
Online Certificate Status Protocol is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate. It is described in RFC 6960 and is on the Internet standards track.
|
|
OS
|
Operating System is system software that manages computer hardware and software resources and provides common services for computer programs. All computer programs, excluding firmware, require an operating system to function.
|
|
OVAL
|
Open Vulnerability Assessment Language is an international, information security, community standard to promote open and publicly available security content, and to standardize the transfer of this information across the entire spectrum of security tools and services.
|
|
PAC
|
Proxy Auto Configuration file defines how web browsers and other user agents can automatically choose the appropriate proxy server (access method) for fetching a given URL. A PAC file contains a JavaScript function “FindProxyForURL(url, host)”. This function returns a string with one or more access method specifications. These specifications cause the user agent to use a particular proxy server or to connect directly.Multiple specifications provide a fall-back when a proxy fails to respond. The browser fetches this PAC file before requesting other URLs. The URL of the PAC file is either configured manually or determined automatically by the Web Proxy Autodiscovery Protocol.
|
|
PAM
|
Pluggable Authentication Modules is a mechanism to integrate multiple low-level authentication schemes into a high-level application programming interface (API). It allows programs that rely on authentication to be written independently of the underlying authentication scheme.
|
|
PBKDF2
|
Password Based Key Derivation Function 2 : In cryptography, PBKDF1 and PBKDF2 (Password-Based Key Derivation Function 2) are key derivation functions with a sliding computational cost, aimed to reduce the vulnerability of encrypted keys to brute force attacks.
|
|
PCAP
|
Packet Capture consists of an application programming interface (API) for capturing network traffic. Unix-like systems implement pcap in the libpcap library; Windows uses a port of libpcap known as WinPcap.
|
|
RAD
|
Rapid application development is a software development methodology that uses minimal planning in favor of rapid prototyping. A prototype is a working model that is functionally equivalent to a component of the product.
|
|
RC4
|
(Rivest Cipher 4 also known as ARC4 or ARCFOUR meaning Alleged RC4, see below) is a stream cipher. While remarkable for its simplicity and speed in software, multiple vulnerabilities have been discovered in RC4, rendering it insecure.[3][4] It is especially vulnerable when the beginning of the output keystream is not discarded, or when nonrandom or related keys are used. Particularly problematic uses of RC4 have led to very insecure protocols such as WEP.[5]
|
|
SAML
|
Security Assertions Markup Language is an XML-based, open-standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is a product of the OASIS Security Services Technical Committee.
|
|
SAN
|
Storage Area Network is a dedicated network that connects all the servers and clients to a shared pool of storage. The pool consists of servers, external storage devices, hubs and switches, and network and storage management tools.
|
|
SCADA
|
System Control and Data Acquisition is a category of software application program for process control, the gathering of data in real time from remote locations in order to control equipment and conditions.
|
|
SCEP
|
Simple Certificate Enrollment Protocol is an Internet Draft in the Internet Engineering Task Force (IETF). This protocol is used by numerous manufacturers of network equipment and software who are developing simplified means of handling certificates for large-scale implementation to everyday users, as well as being referenced in other industry standards.
|
|
SFTP
|
Secured File Transfer Protocol is a network protocol that provides file access, file transfer, and file management over any reliable data stream. It was designed by the Internet Engineering Task Force (IETF) as an extension of the Secure Shell protocol (SSH) version 2.0 to provide secure file transfer capabilities. The IETF Internet Draft states that, even though this protocol is described in the context of the SSH-2 protocol, it could be used in a number of different applications, such as secure file transfer over Transport Layer Security (TLS) and transfer of management information in VPN applications.This protocol assumes that it is run over a secure channel, such as SSH, that the server has already authenticated the client, and that the identity of the client user is available to the protocol.
|
|
SIEM
|
Security Information and Event Management are software products and services combine security information management (SIM) and security event management (SEM). They provide real-time analysis of security alerts generated by network hardware and applications.
|
|
SMS
|
Short Message Service is a text messaging service component of most telephone, World Wide Web, and mobile telephony systems.[1][1] It uses standardized communication protocols to enable mobile phone devices to exchange short text messages. An intermediary service can facilitate a text-to-voice conversion to be sent to landlines.
|
|
SOAP
|
Simple Object Access Protocol is a protocol specification for exchanging structured information in the implementation of web services in computer networks. Its purpose is to induce extensibility, neutrality and independence. It uses XML Information Set for its message format, and relies on application layer protocols, most often Hypertext Transfer Protocol (HTTP) or Simple Mail Transfer Protocol (SMTP), for message negotiation and transmission.SOAP allows processes running on disparate operating systems (such as Windows and Linux) to communicate using Extensible Markup Language (XML). Since Web protocols like HTTP are installed and running on all operating systems, SOAP allows clients to invoke web services and receive responses independent of language and platforms.
|
|
TGT
|
Ticket Granting Ticket is a small, encrypted identification file with a limited validity period. After authentication, this file is granted to a user for data traffic protection by the key distribution center (KDC) subsystem of authentication services such as Kerberos. The TGT file contains the session key, its expiration date, and the user's IP address, which protects the user from man-in-the-middle attacks. The TGT is used to obtain a service ticket from Ticket Granting Service (TGS). User is granted access to network services only after this service ticket is provided.
|
|
TOTP
|
Time–Based One–Time Password is an algorithm that computes a one-time password from a shared secret key and the current time. It has been adopted as Internet Engineering Task Force standard RFC 6238, is the cornerstone of Initiative For Open Authentication (OATH), and is used in a number of two-factor authentication systems. TOTP is an example of a hash-based message authentication code (HMAC). It combines a secret key with the current timestamp using a cryptographic hash function to generate a one-time password. Because network latency and out-of-sync clocks can result in the password recipient having to try a range of possible times to authenticate against, the timestamp typically increases in 30-second intervals, which thus cuts the potential search space
|
|
TSIG
|
Transaction Signature is a computer-networking protocol defined in RFC 2845. Primarily it enables the Domain Name System (DNS) to authenticate updates to a DNS database. It was most commonly used to update Dynamic DNS or a secondary/slave DNS server. TSIG uses shared secret keys and one-way hashing to provide a cryptographically secure means of authenticating each endpoint of a connection as being allowed to make or respond to a DNS update.
|
|
UEFI
|
Unified Extensible Firmware Interface is a specification for a software program that connects a computer's firmware to its operating system (OS). UEFI is expected to eventually replace BIOS. Like BIOS, UEFI is installed at the time of manufacturing and is the first program that runs when a computer is turned on.
|
|
URI
|
Uniform Resource Identifier is a string of characters used to identify a resource. Such identification enables interaction with representations of the resource over a network, typically the World Wide Web, using specific protocols.
|
|
UTM
|
Unified Threat Management is the evolution of the traditional firewall into an all-inclusive security product able to perform multiple security functions within one single system: network firewalling, network intrusion detection/prevention (IDS/IPS), gateway antivirus (AV), gateway anti-spam, VPN, content filtering, load balancing, data loss prevention, and on-appliance reporting.
|
|
VDI
|
Virtualization Desktop Infrastructure is software technology that separates the desktop environment and associated application software from the physical client device that is used to access it.
|
|
WPS
|
WiFi Protected Setup is a feature that lets you easily connect WPS-supported client devices, such as wireless printers, to your router wirelessly.
|
|
WPS - PBC
|
Push-button configuration (PBC): in some Wi-Fi Protected Setup networks, the user may connect multiple devices to the network and enable data encryption by pushing a button. The access point/wireless router will have a physical button, and other devices may have a physical or software-based button. Users should be aware that during the two-minute setup period which follows the push of the button, unintended devices could join the network if they are in range.
|
|
WPS - PIN
|
PIN entry: in all Wi-Fi Protected Setup networks, a unique PIN (Personal Identification Number) will be required for each device to join the network. A fixed PIN label or sticker may be placed on a device, or a dynamic PIN can be generated and shown on the device's display (e.g., a TV screen or monitor). PIN is used to make sure the intended device is added to the network being set up and will help to avoid accidental or malicious attempts to add unintended devices to the network. A registrar device (which could be an Access Point/wireless router, PC television, or other device) will detect when a new Wi-Fi device is in range, and prompt the user to enter the PIN, if he or she wishes to add the new device to the network. In this mode, Wi-Fi Protected Setup network encrypts data and authenticates each device on the network. The PIN entry method is supported in all devices.
|
|
WPS -NFC
|
Near Field Communication (NFC): A Near Field Communication interface can be used to transfer network settings to a new device without requiring manual entry of its PIN. The NFC method provides strong protection against adding an unintended device to the network. This is an optional method for Wi-Fi Protected Setup Access Points and devices.
|
|
Hot Site
|
Hot sites are essentially mirrors of your datacenter infrastructure. The backup site is populated with servers, cooling, power, and office space (if applicable). The most important feature offered from a hot site is that the production environment(s) are running concurrently with your main datacenter. This syncing allows for minimal impact and downtime to business operations. In the event of a significant outage event to your main datacenter, the hot site can take the place of the impacted site immediately. However, this level of redundancy does not come cheap, and businesses will have to weigh the cost-benefit-analysis (CBA) of hot site utilization.
|
|
Cold Site
|
A cold site is essentially office or datacenter space without any server-related equipment installed. The cold site provides power, cooling, and/or office space which waits in the event of a significant outage to the main work site or datacenter. The cold site will require extensive support from engineering and IT personnel to get all necessary servers and equipment migrated and functional. Cold sites are the cheapest cost-recovery option for businesses to utilize.
|
|
Warm Site
|
A warm site is the middle ground of the two disaster recovery options. Warm sites offer office space/datacenter space and will have some pre-installed server hardware. The difference between a hot site and a warm site is that while the hot site provides a mirror of the production data-center and its environment(s), a warm site will contain only servers ready for the installation of production environments. Warm sites make sense for aspect of the business which is not critical, but requires a level of redundancy (ex. Administrative roles). A CBA conducted on whether to use a warm site versus a hot site should include the downtime associated with the software-loading/configuration requirements for engineering.
|