Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key


Play button


Play button




Click to flip

529 Cards in this Set

  • Front
  • Back

(Triple DES) A symmetric encryption algorithm that encrypts data by processing each block of data three times, using a different DES key each time.


A family of specifications developed by the IEEE for wireless LAN technology.


A fast, secure, but relatively expensive protocol for wireless communication. The 802.11a protocol supports speeds up to 54 Mbps in the 5 GHz frequency.


A wireless communication protocol that improves upon 802.11n by adding wider channels to increase bandwidth.


The first specification to be called Wi-Fi, 802.11b is the least expensive wireless network protocol used to transfer data among computers with wireless network cards, or between a wireless computer or device and a wired LAN. The 802.11b protocol provides for an 11 Mbps transfer rate in the 2.4 GHz frequency.


A specification for wireless data throughput at the rate of up to 54 Mbps in the 2.4 GHz band that is a potential replacement for 802.11b.


A wireless standard for home and business implementations that adds QoS features and multimedia support to 802.11a and 802.11b.


An IEEE standard used to provide a port-based authentication mechanism over a LAN or wireless LAN.

access control

In security terms, the process of determining and assigning privileges to various resources, objects, and data.

account federation

The practice of linking a single account across many different management systems.

account management

A common term used to refer to the processes, functions, and policies used to effectively manage user accounts within an organization.

account phishing

In social networking, an attack where an attacker creates an account and gets on the friends list of an individual just to try to obtain information about the individual and their circle of friends or colleagues.

account policy

A document that includes an organization's user account management guidelines.

account privileges

Permissions granted to users that allow them to perform various actions such as creating, deleting, and editing files, and also accessing systems and services on the network.


In security terms, the process of determining who to hold responsible for a particular activity or event.


In security terms, the process of tracking and recording system activities and resource access.


(Access Control List) In a DAC access control scheme, this is the list that is associated with each object, specifying the subjects that can access the object and their levels of access.

Active Directory

The standards-based directory service from Microsoft that runs on Microsoft Windows servers.


Software that automatically displays or downloads advertisements when it is used.


(Advanced Encryption Standard) A symmetric 128-, 192-, or 256-bit block cipher based on the Rijndael algorithm developed by Belgian cryptographers Joan Daemen and Vincent Rijmen and adopted by the U.S. government as its encryption standard to replace DES.


(annual loss expectancy) The total cost of a risk to an organization on an annual basis.

all-in-one security appliance

A single network device that is used to perform a number of security functions to secure a network.

anomaly-based monitoring

A monitoring system that uses a database of unacceptable traffic patterns identified by analyzing traffic flows.

anti-malware software

A category of software programs that scan a computer or network for known viruses, Trojans, worms, and other malicious software.


A program that will detect specific words that are commonly used in spam messages.


Software that is specifically designed to protect systems against spyware attacks.

antivirus software

An application that scans files for executable code that matches specific patterns that are known to be common to viruses.


(application programming interface) A mechanism that defines how software elements interact with each other.

application attacks

Attacks that are targeted at web-based and other client-server applications.

application aware device

A network device that manages information about any application that connects to it.

application blacklisting

aka blacklisting. The practice of preventing undesirable programs from running on a computer, computer network, or mobile device.

application whitelisting

aka whitelisting. The practice of allowing approved programs to run on a computer, computer network, or mobile device.

arbitrary code execution

aka remote code execution. An attack that exploits an application vulnerability into allowing the attacker to execute commands on a user's computer.

archive bit

A file property that essentially indicates whether the file has been modified since the last back up.

armored virus

A virus that is able to conceal its location or otherwise render itself harder to detect by anti-malware programs.


(annual rate of occurrence) How many times per year a particular loss is expected to occur.


(Address Resolution Protocol) The mechanism by which individual hardware MAC addresses are matched to an IP address on a network.

ARP poisoning

A method in which an attacker with access to the target network redirects an IP address to the MAC address of a computer that is not the intended recipient.

asymmetric encryption

A two-way encryption scheme that uses paired private and public keys.

attachment attack

An attack where the attacker can merge malicious software or code into a downloadable file or attachment on an application server so that users download and execute it on client systems.


Any technique that is used to exploit a vulnerability in any application on a computer system without the authorization to do so.

attack surface

The portion of a system or application that is exposed and available to attackers.


A term for users who gain unauthorized access to computers and networks for malicious purposes.


The final phase of a hack in which the attacker steals data, disrupts traffic, or damages systems.


The practice of examining logs of what was recorded in the accounting process.


In security terms, the process of validating a particular individual or entity's unique credentials.


In security terms, the process of determining what rights and privileges a particular entity has.


The fundamental security goal of ensuring that systems operate continuously and that authorized persons can access data that they need.


A mechanism for gaining access to a computer that bypasses or subverts the normal method of authentication.

backdoor attack

A type of attack where the attacker creates a software mechanism to gain access to a system and its resources. This can involve software or a bogus user account.

backout contingency plan

A documented plan that includes specific procedures and processes that are applied in the event that a change or modification made to a system must be undone.

baseline report

A collection of security and configuration settings that are to be applied to a particular system or network in the organization.


(business continuity plan) A policy that defines how normal day-to-day business will be maintained in the event of a business disruption or crisis.


A key-derivation function based on the Blowfish cipher algorithm.

behavior-based monitoring

A monitoring system that detects changes in normal operating data sequences and identifies abnormal sequences.


(business impact analysis) A BCP preparatory step that identifies present organizational risks and determines the impact to ongoing, business-critical operations if such risks actualize.

big data

Collections of data that are so large and complex that they cannot be managed using traditional database management tools.


Authentication schemes based on individuals' physical characteristics.

birthday attack

A type of password attack that exploits weaknesses in the mathematical algorithms used to encrypt passwords, in order to take advantage of the probability of different password inputs producing the same encrypted output.

black box test

A test in which the tester is given no information about the system being tested.

black hat

A hacker who exposes vulnerabilities for financial gain or for some malicious purpose.

block cipher

A type of symmetric encryption that encrypts data one block at a time, often in 64-bit blocks. It is usually more secure, but is also slower, than stream ciphers.


A freely available 64-bit block cipher algorithm that uses a variable key length.


A method used by attackers to send out unwanted Bluetooth signals from smartphones, mobile phones, tablets, and laptops to other Bluetooth-enabled devices.


A process in which attackers gain access to unauthorized information on a wireless device using a Bluetooth connection.


A short-range wireless radio network transmission medium usually used between two personal devices, such as between a mobile phone and wireless headset.


A set of computers that has been infected by a control program called a bot that enables attackers to exploit the computers to mount attacks.


(business partner agreement) An agreement that defines how a business partnership will be conducted.

brute force attack

A type of password attack where an attacker uses an application to exhaustively try every possible alphanumeric combination to try cracking encrypted passwords.

buffer overflow

A type of DoS attack that exploits fixed data buffer sizes in a target piece of software by sending data that is too large for the buffer.

business partner

A commercial entity that has a relationship with another, separate commercial entity.


(bring your own device) The practice in which employees bring their own personal devices (usually mobile) into the office and use them for work-related purposes.


(Certificate Authority) A server that can issue digital certificates and the associated public/private key pairs.

CA hierarchy

A single CA or group of CAs that work together to issue digital certificates.

captive portal

A web page that a client is automatically directed to when connecting to a network, usually through public Wi-Fi.

CBC encryption

(Cipher Block Chaining encryption) A block encryption model where before a block is encrypted, information from the preceding block is added to the block. In this way, you can be sure that repeated data is encrypted differently each time it is encountered.


(Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) An AES cipher-based encryption protocol used in WPA2.


(closed-circuit television) Surveillance cameras that do not openly broadcast signals.

certificate management system

A system that provides the software tools to perform the day-to-day functions of a PKI.

certificate repository database

A database containing digital certificates.

CFB encryption

(Cipher Feedback mode encryption) A block encryption model that allows encryption of partial blocks rather than requiring full blocks for encryption.

chain of custody

The record of evidence history from collection, to presentation in court, to disposal.

change management

A systematic way of approving and executing change in order to ensure maximum security, stability, and availability of information technology services.


(Challenge Handshake Authentication Protocol) An encrypted remote access authentication method that enables connections from any authentication method requested by the server, except for PAP and SPAP unencrypted authentication.

CIA triad

(confidentiality, integrity, availability) aka information security triad. The three principles of security control and management: confidentiality, integrity, and availability. Also known as the information security triad or triple.


aka encryption algorithm. The rule, system, or mechanism used to encrypt or decrypt data.

cipher suite

A collection of symmetric and asymmetric encryption algorithms commonly used in SSL/TLS connections.


Data that has been encoded with a cipher and is unreadable.


The unencrypted form of data. Also known as plaintext.


An attack that forces a user to unintentionally click a link. An attacker uses opaque layers or multiple transparent layers to trick a user.

client-side attacks

Attacks that exploit the trust relationship between a client and the server it connects to.

cloud computing

A method of computing that relies on the Internet to provide the resources, software, data, and media needs of a user, business, or organization.

code reviews

An evaluation used in identifying potential weaknesses in an application.

cold site

A predetermined alternate location where a network can be rebuilt after a disaster.


The practice of ensuring that the requirements of legislation, regulations, industry codes and standards, and organizational standards are met.

computer crime

A criminal act that involves the use of a computer as a source or target, instead of an individual.

computer forensics

A skill that deals with collecting and analyzing data from storage devices, computer systems, networks, and wireless communications and presenting this information as a form of evidence in the court of law.


The fundamental security goal of keeping information and communications private and protecting them from unauthorized access.

continuity of operations plan

A plan that includes best practices to mitigate risks and attacks and the best measures to recover from an incident.


The countermeasures that you need to put in place to avoid, mitigate, or counteract security risks due to threats or attacks.


A small piece of text saved on a computer by a web browser that consists of one or more name-value pairs holding bits of information useful in remembering user preferences.

cookie manipulation

An attack where an attacker injects a meta tag in an HTTP header making it possible to modify a cookie stored in a browser.

correction controls

Controls that help to mitigate a consequence of a threat or attack from hazardously affecting the computer system.


A user who breaks encryption codes, defeats software copy protections, or specializes in breaking into systems.

credential manager

An application that stores passwords in an encrypted database for easy retrieval by the appropriate user.


(Certificate Revocation List) A list of certificates that are no longer valid.


The science of hiding information.


Microprocessors that provide cryptographic functions.


(certificate signing request) A message sent to a certificate authority in which a resource applies for a certificate.


(computer telephony integration) Telephony technology that incorporates telephone, email, web, and computing infrastructures.

CTR encryption

(counter mode encryption) A block encryption model that is similar to OFB and uses a counter as input.


A hacker that disrupts computer systems in order to spread fear and panic.


(Discretionary Access Control) In DAC, access is controlled based on a user's identity. Objects are configured with a list of users who are allowed access to them. An administrator has the discretion to place the user on the list or not. If a user is on the list, the user is granted access : if the user is not on the list, access is denied.


A general term for the information assets of a person or organization. In a computer system, data is generally stored in files.

data exfiltration

The malicious transfer of data from one system to another.

data leakage

Gaining access to data through unintentional methods that could lead to data loss or theft.

data sanitization

The method used to repeatedly delete and overwrite any traces or bits of sensitive data that may remain on a device after data wiping has been done.

data security

The security controls and measures taken in order to keep an organization's data safe and accessible and to prevent unauthorized access.

data wiping

A method used to remove any sensitive data from a mobile device and permanently delete it.

DDoS attack

(Distributed Denial of Service attack) A network attack in which an attacker hijacks or manipulates multiple computers (through the use of zombies or drones) on disparate networks to carry out a DoS attack.


The process of reversing a cipher.


A cryptographic technique that converts ciphertext back to cleartext.

defense in depth

A comprehensive approach to layered security that is intended to slow an attack.


(Data Encryption Standard) A symmetric encryption algorithm that encrypts data in 64-bit blocks using a 56-bit key, with 8 bits used for parity.


The act of determining if a user has tried to access unauthorized data, or scanning the data and networks for any traces left by an intruder in any attack against the system.

detection controls

Controls that are implemented to monitor a situation or activity, and react to any irregular activities by bringing the issue to the attention of administrators.


A piece of hardware such as a computer, server, printer, or smartphone.


(Diffie-Hellman) A cryptographic protocol that provides for secure key exchange.


(Dynamic Host Configuration Protocol) A protocol used to automatically assign IP addressing information to IP network computers.


(Diffie-Hellman Ephemeral) A cryptographic protocol that is based on Diffie-Hellman and that provides for secure key exchange by using ephemeral keys.


An authentication protocol that allows for a variety of connection types, such as wireless.

dictionary attack

A type of password attack that automates password guessing by comparing encrypted passwords against a predetermined list of possible password values.

differential backup

A backup that backs up all files in a selected storage location that have changed since the last full backup.

digital certificate

An electronic document that associates credentials with a public key.

digital signature

An encrypted hash value that is appended to a message to identify the sender and the message.

directory service

A network service that stores identity information about all the objects in a particular network, including users, groups, servers, client computers, and printers.

directory traversal

An attack that allows access to commands, files, and directories that may or may not be connected to the web document root directory.


(data loss/leak prevention) Software that stops data in a system from being stolen.


(demilitarized zone) A small section of a private network that is located between two firewalls and made available for public access.


(Domain Name System) The service that maps names to IP addresses on most TCP/IP networks, including the Internet.

DNS hijacking

An attack in which an attacker sets up a rogue DNS server. This rogue DNS server responds to legitimate requests with IP addresses for malicious or non-existent websites.

DNS poisoning

An attack in which an attacker exploits the traditionally open nature of the DNS system to redirect a domain name to an IP address of the attacker's choosing.

DoS attack

(Denial of Service attack) A network attack in which an attacker disables systems that provide network services by consuming a network link's available bandwidth, consuming a single system's available resources, or exploiting programming flaws in an application or operating system.

drive-by download

A program that is automatically installed on a computer when you access a malicious site, even without clicking a link or giving consent.


(disaster recovery plan) A plan that prepares the organization to react appropriately in a natural or a man-made disaster and provides the means to recover from a disaster.

dumpster diving

A human-based attack where the goal is to reclaim important information by inspecting the contents of trash containers.


(Extensible Authentication Protocol) An authentication protocol that enables systems to use hardware-based identifiers, such as fingerprint scanners or smart card readers, for authentication.

eavesdropping attack

A network attack that uses special monitoring software to gain access to private communications on the network wire or across a wireless network. Also known as a sniffing attack.

ECB encryption

(Electronic Code Book encryption) A block encryption model where each block is encrypted by itself. Each occurrence of a particular word is encrypted exactly the same.


(elliptic curve cryptography) An asymmetric encryption technique that leverages the algebraic structures of elliptic curves over finite fields.


(Elliptic Curve Diffie-Hellman Ephemeral) A cryptographic protocol that is based on Diffie-Hellman and that provides for secure key exchange by using ephemeral keys and elliptic curve cryptography.


(Encrypting File System) Microsoft Windows NTFS-based public key encryption.


(electromagnetic interference) A disruption of electrical current that occurs when a magnetic field around one electrical circuit interferes with the signal being carried on an adjacent circuit.


The process of applying a cipher.


A security technique that converts data from plain, or cleartext form, into coded, or ciphertext form so that only authorized parties with the necessary decryption information can decode and read the data.


The stage of the hacking process in which the attacker will try to gain access to users and groups, network resources, shares, applications, or valid user names and passwords.

environmental controls

A system or device that is implemented to prevent or control environmental exposures or threats.

ethical hacking

Planned attempts to penetrate the security defenses of a system in order to identify vulnerabilities.

evil twin attack

In social networking, an attack where an attacker creates a social network account to impersonate a genuine user, becoming friends with others and joining groups, and thus getting access to various types of personal and professional information. In wireless networking, a type of rogue access point at a public site that is configured to look like a legitimate access point in order to tempt a user to choose to connect to it.


A control that provides open access when a system fails.


A control that provides user safety when a system fails.


A control that provides security when a system fails.

fault tolerance

The ability of a network or system to withstand a foreseeable component failure and continue to provide an acceptable level of service.


(Fibre Channel over Ethernet) Fibre Channel implementations that use high-speed Ethernet networks to transmit and store data.

Fibre Channel

A protocol that implements links between data storage networks using special-purpose cabling to increase performance and reliability.


A software or hardware device that protects a system or network by blocking unwanted network traffic.

first responder

The first person or team to respond to an accident, damage site, or natural disaster in an IT company.

flood guard

A tool used by network administrators and security professionals to protect resources from flooding attacks, such as DDoS attacks.


aka profiling. The stage of the hacking process in which the attacker chooses a target organization or network and begins to gather information that is publicly available. Also called profiling.


(File Transfer Protocol) A communications protocol that enables the transfer of files between a user's workstation and a remote host.

FTP over SSH

aka Secure FTP. A secure version of FTP that uses an SSH tunnel to encrypt files in transit.


(File Transfer Protocol Secure) aka FTP-SSL. A protocol that combines the use of FTP with additional support for TLS and SSL.

full backup

A backup that backs up all selected files regardless of the state of the archived bit.


A testing method used to identify vulnerabilities and weaknesses in applications, by sending the application a range of random or unusual input data and noting failures and crashes.


The reliable connection range and power of a wireless signal, measured in decibels.


The process of identifying the real-world geographic location of an object, often by associating a location such as a street address with an IP address, hardware address, Wi-Fi positioning system, GPS coordinates, or some other form of information.


(GNU Privacy Guard) A free open-source version of PGP that provides the equivalent encryption and authentication services.

grey box test

A test in which the tester may have knowledge of internal architectures and systems, or other preliminary information about the system being tested.

grey hat

A hacker who exposes security flaws in applications and operating systems without consent, and does so for the greater good instead of maliciously.

group based privileges

Privileges that are assigned to an entire group of users within an organization.

group policy

A centralized configuration management feature available for Active Directory on Windows Server systems.


A human-based attack where the goal is to guess a password or PIN through brute force means or by using deduction.


Suggestions for meeting a policy standard or best practices.


Users who excel at programming or managing and configuring computer systems, and have the skills to gain access to computer systems through unauthorized or unapproved means.


A hacker motivated by the desire for social change.


A security technique in which the default configuration of a system is altered to protect the system against attacks.

hardware attack

An attack that targets a computer's physical components and peripherals, including its hard disk, motherboard, keyboard, network cabling, or smart card reader.

hardware-based encryption devices

A device or mechanism that provides encryption, decryption, and access control.


aka hash value. aka message digest. The value that results from hashing encryption. Also known as hash value or message digest.

hashing encryption

One-way encryption that transforms cleartext into a coded form that is never decrypted.

header manipulation

An attack where the attacker manipulates the header information that is passed between web servers and clients in HTTP requests.

heuristic monitoring

A monitoring system that uses known best practices and characteristics in order to identify and fix issues within the network.

high availability

A rating that expresses how closely systems approach the goal of providing data availability 100 percent of the time while maintaining a high level of system performance.


(Hash-based Message Authentication Code) A method used to verify both the integrity and authenticity of a message by combining cryptographic hash functions, such as MD5 or SHA-1, with a secret key.


An email-based or web-based attack that tricks the user into performing undesired actions, such as deleting important system files in an attempt to remove a virus, or sending money or important information via email or online forms.


An entire dummy network used to lure attackers.


A security tool used to lure attackers away from the actual network components. Also called a decoy or sacrificial lamb.

host availability

aka host elasticity. The ability of a host to remain accessible despite any system changes it needs to adapt to.

host-based firewall

Software that is installed on a single system to specifically guard against networking attacks.

host/personal firewalls

Firewalls installed on a single or home computer.

hot and cold aisle

A method used within data centers and server rooms as a temperature and humidity control method.

hot site

A fully configured alternate network that can be online quickly after a disaster.


A patch that is often issued on an emergency basis to address a specific security flaw.


(HMAC-based one-time password) An algorithm that generates a one-time password using a hash-based authentication code to verify the authenticity of the message.


(Hardware Security Module) A cryptographic module that can generate cryptographic keys.


(Hypertext Transfer Protocol) A protocol that defines the interaction between a web server and a browser.


(Hypertext Transfer Protocol Secure) A secure version of HTTP that supports e-commerce by providing a secure connection between a web browser and a server.

HVAC system

(heating, ventilation, and air conditioning) A system that controls the air quality and flow inside a building.

hybrid password attack

An attack that utilizes multiple attack methods, including dictionary, rainbow table, and brute force attacks when trying to crack a password.


(Infrastructure as a Service) A method that uses the cloud to provide any or all infrastructure needs.


(Internet Control Message Protocol) An IP network service that reports on connections between two hosts.

ICMP flood

A type of DoS attack that exploits weaknesses in ICMP. Specific attacks include Smurf attacks and ping floods.


In security terms, the process of attaching a human element to an authentication.

identity management

An area of information security that is used to identify individuals within a computer system or network.

identity theft

A crime that occurs when an individual's personal information or data is stolen and used by someone other than the authorized user.


(intrusion detection system) A software and/or hardware system that scans, audits, and monitors the security infrastructure for signs of attacks in progress.


(instant messaging) A type of communication service which involves a private dialogue between two persons via instant text-based messages over the Internet.


A type of spoofing in which an attacker pretends to be someone they are not, typically an average user in distress, or a help desk representative.

implicit deny

The principle that establishes that everything that is not explicitly allowed is denied.

incident management

Practices and procedures that govern how an organization will respond to an incident in progress.

incident report

A description of the events that occurred during a security incident.

incremental backup

A back up that backs up all files in a selected storage location that have changed since the last full or differential backup.

information security

The protection of available information or information resources from unauthorized access, attacks, thefts, or data damage.

input validation

Any technique used to ensure that the data entered into a field or variable in an application is within acceptable bounds for the object that will receive the data.

integer overflow

An attack in which a computed result is too large to fit in its assigned storage space, leading to crashing, corruption, or triggering a buffer overflow.


The fundamental security goal of ensuring that electronic data is not altered or tampered with.


aka jamming. Within wireless networking, the phenomenon by which radio waves from other devices interfere with the 802.11 wireless signals.


An instance of an attacker accessing your computer system without the authorization to do so.


(intrusion prevention system) An inline security device that monitors suspicious network and/or system traffic and reacts in real time to block it.


(Internet Protocol Security) A set of open, non-proprietary standards that you can use to secure data through authentication and encryption as the data travels across the network or the Internet.


(IP version 4) An Internet standard that uses a 32-bit number assigned to a computer on a TCP/IP network.


(IP version 6) An Internet standard that increases the available pool of IP addresses by implementing a 128-bit binary address space.


(Incident Response Policy) The security policy that determines the actions that an organization will take following a confirmed or potential security breach.


(interconnection security agreement) A agreement that focuses on securing technology in a business relationship.


(Internet Small Computer System Interface) A protocol that implements links between data storage networks using IP.

IT contingency plan

An alternate plan that you can switch over to when faced with an attack or disruption of service.


(initialization vector) A technique used in cryptography to generate random numbers to be used along with a secret key to provide data encryption.

IV attack

An attack where the attacker is able to predict or control the IV of an encryption process, thus giving the attacker access to view the encrypted data that is supposed to be hidden from everyone else except the user or network.

job rotation

The principle that establishes that no one person stays in a vital job role for too long a time period.


An authentication system in which authentication is based on a time-sensitive ticket-granting system. It uses an SSO method where the user enters access credentials that are then passed to the authentication server, which contains the allowed access credentials.


In cryptography, a specific piece of information that is used in conjunction with an algorithm to perform encryption and decryption.

key escrow

A method for backing up private keys to protect them while allowing trusted third parties to access the keys under certain conditions.

key escrow agent

A third party that maintains a backup copy of private keys.

key exchange

Any method by which cryptographic keys are transferred among users, thus enabling the use of a cryptographic algorithm.

key generation

An asymmetric encryption process of generating a public and private key pair using a specific application.

key stretching

A technique that strengthens potentially weak cryptographic keys, such as passwords or passphrases created by people, against brute force attacks.

keystroke authentication

A type of authentication that relies on detailed information that describes exactly when a keyboard key is pressed and released as someone types information into a computer or other electronic device.


(Layer Two Tunneling Protocol) The de facto standard VPN protocol for tunneling PPP sessions across a variety of network protocols such as IP, Frame Relay, or ATM.

layered security

An approach to securing systems that incorporates many different avenues of defense.


(Lightweight Directory Access Protocol) A simple network protocol used to access network directory databases, which store information about authorized users and their privileges as well as other organizational information.

LDAP injection

An attack that targets web-based applications by fabricating LDAP statements that typically are created by user input.


(Lightweight Directory Access Protocol Secure) aka Secure LDAP. A method of implementing LDAP using SSL/TLS encryption.


(Lightweight Extensible Authentication Protocol) Cisco Systems' proprietary EAP implementation.

least privilege

The principle that establishes that users and software should only have the minimal level of access that is necessary for them to perform the duties required of them.

load balancer

A network device that performs load balancing as its primary function.

load balancing

The practice of spreading out the work among the devices in a network.


A method of restricting access to data on a device without deleting that data.


A record of significant events. In computing, it is using an operating system or application to record data about activity on a computer.


The act of creating a log.

logic bomb

A piece of code that sits dormant on a target computer until it is triggered by the occurrence of specific conditions, such as a specific date and time. Once the code is triggered, the logic bomb “detonates,” performing whatever action it was programmed to do.

loss controls

aka damage controls. Security measures implemented to prevent key assets from being damaged.


(locally shared object) aka flash cookies. Data stored on a user's computer after visiting a website that uses Adobe Flash Player. These can be used to track a user's activity.

M of N scheme

A mathematical control that takes into account the total number of key recovery agents (N) along with the number of agents required to perform a key recovery (M).


(Mandatory Access Control) A system in which objects (files and other resources) are assigned security labels of varying levels, depending on the object's sensitivity. Users are assigned a security level or clearance, and when they try to access an object, their clearance is compared to the object's security label. If there is a match, the user can access the object : if there is no match, the user is denied access.

MAC address

(Media Access Control address) A unique physical address assigned to each network adapter board at the time of manufacture.

MAC filtering

The security technique of allowing or denying specific MAC addresses from connecting to a network device.

MAC limiting

The security technique of defining exactly how many different MAC addresses are allowed access to a network device.

malicious add-on

An add-on that is meant to look like a normal add-on, except that when a user installs it, malicious content will be injected to target the security loopholes that are present in a web browser.

malicious code attack

A type of software attack where an attacker inserts malicious software into a user's system.

malicious insider threat

A threat originating from an employee in an organization who performs malicious acts, such as deleting critical information or sharing this critical information with outsiders, which may result in a certain amount of losses to the organization.


Malicious code, such as viruses, Trojans, or worms, which is designed to gain unauthorized access to, make unauthorized use of, or damage computer systems and networks.

man-in-the-middle attack

A form of eavesdropping where the attacker makes an independent connection between two victims and steals information to use fraudulently.

management controls

Procedures implemented to monitor the adherence to organizational security policies.

mandatory vacations

Periods of time in which an employee must take time off from work so that their activities may be subject to a security review.


(mobile ad-hoc network) A continuously self-configuring network of mobile devices such as smartphones, tablets, and laptops.


A physical security control system that has a door at each end of a secure chamber.


(Message Digest 4) This hash algorithm, based on RFC 1320, produces a 128-bit hash value and is used in message integrity checks for data authentication.


(Message Digest 5) This hash algorithm, based on RFC 1321, produces a 128-bit hash value and is used in IPSec policies for data authentication.


A method that connects devices to the network and carries data between devices.


(memorandum of understanding) An informal business agreement that is not legally binding and does not involve the exchange of money.


(mean time between failures) The rating on a device or devices that predicts the expected time between failures.


(maximum tolerable downtime) The longest period of time a business can be inoperable without causing the business to fail irrecoverably.


(mean time to failure) The length of time a device or component is expected to remain operational.


(mean time to recovery) The average time taken for a business to recover from an incident or failure.

multi-factor authentication

Any authentication scheme that requires validation of at least two of the possible authentication factors.

multifunction network device

Any piece of network hardware that is meant to perform more than one networking task without having to be reconfigured.

mutual authentication

A security mechanism that requires that each party in a communication verifies its identity.


(Network Access Control) The collection of protocols, policies, and hardware that govern access on devices to and from a network.


(Network Access Server) A RADIUS server configuration that uses a centralized server and clients.


(Network Address Translation) A simple form of Internet security that conceals internal addressing schemes from the public Internet by translating between a single public address on the external side of a router and private, non-routable addresses internally.


(Network Basic Input Output System) A simple, broadcast-based naming service.

network adapter

Hardware that translates the data between the network and a device.

network operating system

Software that controls network traffic and access to network resources.

network-based firewalls

A hardware/software combination that protects all the computers on a network behind the firewall.


(Near Field Communication) A mobile device communication standard that operates at very short range, often through physical contact.


(network intrusion detection system) A system that uses passive hardware sensors to monitor traffic on a specific segment of the network.


(network intrusion prevention system) An active, inline security device that monitors suspicious network and/or system traffic and reacts in real time to block it.


The security goal of ensuring that the party that sent a transmission or created data remains associated with that data and cannot deny sending or creating that data.

NoSQL database

A database that provides data storage and retrieval in a non-relational manner.


(NT LAN Manager) An authentication protocol created by Microsoft for use in its products.


(Online Certificate Status Protocol) An HTTP-based alternative to a certificate revocation list that checks the status of certificates.

OFB encryption

(Output Feedback mode encryption) A block encryption model that converts a block cipher into a stream cipher, which is fed back as input of a block cipher.


Ensuring that employees or partners leaving an organization or business relationship do not pose a security risk.


Bringing new employees or business partners up to speed on security protocols.

Open Directory

The directory service that ships as part of Mac OS X Server.

operational controls

Security measures implemented to safeguard all aspects of day-to-day operations, functions, and activities.

order of volatility

The order in which volatile data should be recovered from various storage locations and devices following a security incident.

orphaned accounts

User accounts that remain active even after the employees have left the organization.

OSI model

(Open Systems Interconnection model) A method of abstracting how different layers of a network structure interact with one another.


(one-time password) A password that is generated for use in one specific session and becomes invalid after the session ends.


(peer-to-peer) A network that has a broadcast application architecture that distributes tasks between peer systems who have equal privileges, and in which resource sharing, processing, and communications controls are decentralized.

P2P attacks

Attacks that are launched by malware propagating within a P2P architecture to launch DoS attacks.


(Platform as a Service) A method that uses the cloud to provide any platform-type services.

packet sniffing

An attack on wireless networks where an attacker captures data and registers data flows in order to analyze what data is contained in a packet.


(Password Authentication Protocol) A remote access authentication service that sends user IDs and passwords as cleartext.

password attack

Any type of attack in which the attacker attempts to obtain and make use of passwords illegitimately.

password stealer

A type of software that can capture all passwords and user names entered into the IM application or social networking site that it was designed for.


A small unit of supplemental code meant to address either a security problem or a functionality flaw in a software package or operating system.

patch management

The practice of monitoring for, evaluating, testing, and installing software patches and updates.


(Password-Based Key Derivation Function 2) A key derivation function used in key stretching to make potentially weak cryptographic keys such as passwords less susceptible to brute force attacks.

PCBC encryption

(Propagating or Plaintext Cipher Block Chaining encryption) A block encryption model that causes minimal changes in the ciphertext while encrypting or decrypting.


(Protected Extensible Authentication Protocol) Similar to EAP-TLS, PEAP is an open standard developed by a coalition made up of Cisco Systems, Microsoft, and RSA Security.

penetration test

A method of evaluating security by simulating an attack on a system.

perfect forward secrecy

A property of public key cryptographic systems that ensures that any session key derived from a set of long-term keys cannot be compromised if one of the keys is compromised at a future date.

permanent DoS attack

aka phlashing. A type of DoS attack that targets the hardware of a system in order to make recovery more difficult.

personal identification verification card

Any physical token like a smart card that is used in identification and authentication.


(Pretty Good Privacy) A method of securing emails created to prevent attackers from intercepting and manipulating email and attachments by encrypting and digitally signing the contents of the email using public key cryptography.


An attack in which a request for a website, typically an e-commerce site, is redirected to a similar-looking, but fake, website.


A type of email-based social engineering attack, in which the attacker sends email from a spoofed source, such as a bank, to try to elicit private information from the victim.

physical security

The implementation and practice of various control mechanisms that are intended to restrict physical access to facilities.

physical security controls

Implemented security measures that restrict, detect, and monitor access to specific physical areas or assets.


(personally identifiable information) The pieces of information that a company uses or prefers to use to identify or contact an employee.

ping floods

A common name for ICMP flood attack. It is a type of DoS attack in which the attacker attempts to overwhelm the target system with ICMP Echo Request (ping) packets.

ping sweep

A scan of a range of IP addresses to locate active hosts within the range.


(Public Key Cryptography Standards) A set of protocol standards developed by a consortium of vendors to send information over the Internet in a secure manner using a PKI.

PKCS #10—Certification Request Syntax Standard

A PKCS that describes the syntax used to request certification of a public key and other information.

PKCS #7—Cryptographic Message Syntax Standard

A PKCS that describes the general syntax used for cryptographic data such as digital signatures.


(Public Key Infrastructure) A system that is composed of a CA, certificates, software, services, and other cryptographic components, for the purpose of enabling authenticity and validation of data and/or entities.


Un-encoded data. Also known as cleartext.


(Privilege Management Infrastructure) An implementation of a particular set of privilege management technologies.

policy statement

An outline of the plan for an individual security component.

polymorphic malware

A virus that is able to alter its decryption module each time it infects a new file.


A window or frame that loads and appears automatically when a user connects to a particular web page.

pop-up blockers

Software that prevents pop-ups from sites that are unknown or untrusted and prevents the transfer of unwanted code to the local system.

port scanning attack

An attack where an attacker scans your systems to see which ports are listening in an attempt to find a way to gain unauthorized access.


The endpoints of a logical connection that client computers use to connect to specific server programs.


(Point-to-Point Protocol) The VPN protocol that is an Internet standard for sending IP datagram packets over serial point-to-point links.


(Point-to-Point Tunneling Protocol) A VPN protocol that is an extension of the PPP remote access protocol.


The security approach of blocking unauthorized access or attacks before they occur.

prevention controls

Controls that can react to anomalies by blocking access completely, thereby preventing damage to a system, building, or network.

private key

The component of asymmetric encryption that is kept secret by one party during two-way encryption.

private root CA

A root CA that is created by a company for use primarily within the company itself.

privilege bracketing

The task of giving privileges to a user only when needed and revoking them as soon as the task is done.

privilege management

The use of authentication and authorization mechanisms to provide an administrator with centralized or decentralized control of user and group role-based privilege management.


Instructions that detail specifically how to implement a policy.

protected distribution

A method of securing the physical cabling of a communications infrastructure.


Software that controls network communications using a set of rules.

protocol analyzer

aka network analyzer. This type of diagnostic software can examine and display data packets that are being transmitted over a network.

proxy server

A system that isolates internal networks from the Internet by downloading and storing Internet files on behalf of internal clients.

public key

The component of asymmetric encryption that can be accessed by anyone.

public root CA

A root CA that is created by a vendor for general access by the public.

quantum cryptography

A type of encryption based on quantum communication and quantum computation.


In quantum cryptography, a unit of data that is encrypted by entangling data with a sub-atomic particle such as a photon or electron that has a particular spin cycle. A qubit is the equivalent of a bit in computing technology.


(Registration Authority) An authority in a PKI that processes requests for digital certificates from users.


(Remote Authentication Dial-In User Service) A standard protocol for providing centralized authentication and authorization services for remote users.


(Redundant Array of Independent Disks) A set of vendor-independent specifications for fault tolerant configurations on multiple-disk systems.

rainbow tables

Sets of related plaintext passwords and their hashes.


An attack in which an attacker takes control of a user's system or data and demands a payment for return of that control.


(Role-Based Access Control) A system in which access is controlled based on a user's role. Users are assigned to roles, and network objects are configured to allow access only to specific roles. Roles are created independently of user accounts.


(Rivest Cipher) A series of variable key-length symmetric encryption algorithms developed by Ronald Rivest.


The act of recovering vital data present in files or folders from a crashed system or data storage devices when data has been compromised or damaged.

recovery agent

An individual with the necessary credentials to decrypt files that were encrypted by another user.

recovery team

A group of designated individuals who implement recovery procedures and control the recovery operations in the event of an internal or external disruption to critical business processes.

reflected attack

An attack where the attacker poses as a legitimate user and sends information to a web server in the form of a page request or form submission.

reflected DoS attack

A type of DoS attack that uses a forged source IP address when sending requests to a large number of computers. This causes those systems to send a reply to the target system, causing a DoS condition.

remote access

The ability to connect to systems and services from an offsite or remote location using a remote access method.

replay attack

A type of network attack where an attacker captures network traffic and stores it for retransmission at a later time to gain unauthorized access to a network.


The public's opinion of a particular company based on certain standards.


Any virtual or physical components of a system that have limited availability. A physical resource can be any device connected directly to a computer system. A virtual resource refers to any type of file, memory location, or network connection.


(RACE Integrity Primitives Evaluation Message Digest) A message digest algorithm that is based on the design principles used in MD4.


An information security concept that indicates exposure to the chance of damage or loss, and signifies the likelihood of a hazard or dangerous threat.

risk analysis

The security management process for addressing any risk or economic damages that affect an organization.

risk awareness

The process of being consistently informed about the risks in one's organization or specific department.

risk management

The practice of managing risks from the initial identification to mitigation of those risks.

rogue access point

An unauthorized wireless access point on a corporate or private network, which allows unauthorized individuals to connect to the network.

rogue machine

An unknown or unrecognized device that is connected to a network, often for nefarious purposes.


A collection of previously issued patches and hotfixes, usually meant to be applied to one component of a system, such as the web browser or a particular service.

root CA

The top-most CA in the hierarchy and consequently, the most trusted authority in the hierarchy.


Software that is intended to take full or partial control of a system at the lowest levels.


A device that connects multiple networks that use the same protocol.

router redundancy

A technique for employing multiple routers in teams to limit the risk of routing failure should a router malfunction.


(recovery point objective) The point in time, relative to a disaster, where the data recovery process begins.


The first successful algorithm to be designed for public key encryption. It is named for its designers, Rivest, Shamir, and Adelman.


(recovery time objective) The length of time within which normal business operations and activities must be restored following a disturbance.

Rule-Based Access Control

A non-discretionary access control technique that is based on a set of operational rules or restrictions.

rule-based management

The use of operational rules or restrictions to govern the security of an organization's infrastructure.


A relatively complex key algorithm that when given the key, provides a substitution key in its place.


(Software as a Service) A method that uses the cloud to provide application services to users.

safety controls

Security measures implemented to protect personnel and property from physical harm.


(Security Assertion Markup Language) An XML-based data format used to exchange authentication information between a client and a service.


The practice of isolating an environment from a larger system in order to conduct security tests safely.

SCADA system

(supervisory control and data acquisition) A type of industrial control system that monitors and controls industrial processes such as manufacturing and fabrication, infrastructure processes such as power transmission and distribution, and facility processes such as energy consumption and HVAC systems.


aka banner grabbing The phase of the hacking process in which the attacker uses specific tools to determine an organization's infrastructure and discover vulnerabilities.


A set of rules in a directory service for how objects are created and what their characteristics can be.


(Secure Copy Protocol) A protocol that is used to securely transfer computer files between a local and a remote host, or between two remote hosts, using SSH.

script kiddie

An inexperienced hacker with limited technical knowledge who relies on automated tools to hack.

security architecture review

An evaluation of an organization's current security infrastructure model and security measures.

security auditing

Performing an organized technical assessment of the security strengths and weaknesses of a system.

security baseline

A collection of security configuration settings that are to be applied to a particular host in the enterprise.

security incident

A specific instance of a risk event occurring, whether or not it causes damage.

security policy

A formalized statement that defines how security will be implemented within a particular organization.

security posture

The position an organization takes on securing all aspects of its business.

separation of duties

The principle that establishes that no one person should have too much power or responsibility.

service pack

A collection of system updates that can include functionality enhancements, new features, and typically all patches, updates, and hotfixes issued up to the point of the release of the service pack.

session hijacking attack

An attack where the attacker exploits a legitimate computer session to obtain unauthorized access to an organization's network or services.

session key

A single-use symmetric key used in encrypting messages that are in a series of related communications.


(Simple File Transfer Protocol) An early unsecured file transfer protocol that has since been declared obsolete.


(Secure Hash Algorithm) A hash algorithm modeled after MD5 and considered the stronger of the two because it produces a 160-bit hash value.

shoulder surfing

A human-based attack where the goal is to look over the shoulder of an individual as he or she enters password information or a PIN.

signature-based monitoring

A monitoring system that uses a predefined set of rules provided by a software vendor to identify traffic that is unacceptable.

sinkhole attack

An attack in which all traffic on a wireless network is funneled through a single node.

site survey

The collection of information on a location for the purposes of building the most ideal infrastructure.


(service-level agreement) A business agreement that outlines what services and support will be provided to a client.


(single loss expectancy) The financial loss expected from a single adverse event.

smart cards

aka CAC (common access card) Devices similar to credit cards that can store authentication information, such as a user's private key, on an embedded microchip.

Smurf attacks

A common name for ICMP flood attacks. These are a type of DoS attack in which a ping message is broadcast to an entire network on behalf of a victim computer, flooding the victim computer with responses.


The state of a virtual system at a specific point in time.


A device or program that monitors network communications on the network wire or across a wireless network and captures data.

sniffing attack

A network attack that uses special monitoring software to gain access to private communications on the network wire or across a wireless network. Also known as an eavesdropping attack.


(Simple Network Management Protocol) An application-layer service used to exchange information between network devices.

social engineering attack

A type of attack where the goal is to obtain sensitive data, including user names and passwords, from network users through deception and trickery.

software attack

Any attack that targets software resources, including operating systems, applications, protocols, and files.

source code

Software code that is generated by programming languages, which is then compiled into machine code to be executed by a computer. Access to source code enables a programmer to change how a piece of software functions.


An email-based threat that floods the user's inbox with emails that typically carry unsolicited advertising material for products or other spurious content, and which sometimes deliver viruses. It can also be utilized within social networking sites such as Facebook and Twitter.

spam filters

Programs used to read and reject incoming messages that contain target words and phrases used in known spam messages.

spear phishing

aka whaling. An email-based or web-based form of phishing which targets particularly wealthy individuals. Also known as whaling.


An IM-based attack just like spam but which is propagated through instant messaging instead of through email.


A human-based or software-based attack where the goal is to pretend to be someone else for the purpose of identity concealment. Spoofing can occur in IP addresses, MAC addresses, and email.


Surreptitiously installed malicious software that is intended to track and report the usage of a target system or collect other data the author wishes to obtain.


(Structured Query Language) A programming and query language common to many large-scale database systems.

SQL injection

An attack that injects an SQL query into the input data directed at a server by accessing the client side of the application.


(Secure Shell) A protocol for secure remote logon and secure transfer of data.


(Secure Sockets Layer) A security protocol that uses certificates for authentication and encryption to protect web communication.


(single sign-on) An aspect of privilege management that provides users with one-time authentication to multiple resources, servers, or sites.


(Secure Socket Tunneling Protocol) A protocol that uses the HTTP over SSL protocol and encapsulates an IP packet with a PPP header and then with an SSTP header.


Definitions of how adherence to a policy will be measured.

static environment

An operating system or other environment that is not updated or changed.


The practice of attempting to obscure the fact that information is present.

storage segmentation

The process of dividing data storage along certain predefined lines.

stored attack

An attack where an attacker injects malicious code or links into a website's forums, databases, or other data.

stream cipher

A relatively fast type of encryption that encrypts data one bit at a time.

strong password

A password that meets the complexity requirements that are set by a system administrator and documented in a password policy.


The division of a large network into smaller logical networks.

subordinate CAs

Any CAs below the root in the hierarchy.

succession plan

A plan that ensures that all key business personnel have one or more designated backups who can perform critical functions when needed.


A device that has multiple network ports and combines multiple physical network segments into a single logical network.

symmetric encryption

A two-way encryption scheme in which encryption and decryption are both performed by the same key. Also known as shared-key encryption.

SYN flood

A type of DoS attack in which the attacker sends multiple SYN messages initializing TCP connections with a target host.

tabletop exercise

An emergency planning exercise that enables disaster recovery team members to meet and discuss their roles in emergency situations, as well as their responses in particular situations.


(Terminal Access Controller Access Control System) Provides centralized authentication and authorization services for remote users.


Cisco's extension to the TACACS protocol that provides multi-factor authentication.


A human-based attack where the attacker will slip in through a secure area following a legitimate employee.

takeover attack

A type of software attack where an attacker gains access to a remote host and takes control of the system.


(Trusted Computing Base) The hardware, firmware, and software components of a computer system that implement the security policy of a system.


(Transmission Control Protocol/Internet Protocol) A non-proprietary, routable network protocol suite that enables computers to communicate over all types of networks.

technical controls

Hardware or software installations that are implemented to monitor and prevent threats and attacks to computer systems and services.


Technology that provides voice communications through devices over a distance.

testing controls

Security measures that verify whether or not certain security techniques meet the standards set for them.


(Trivial File Transfer Protocol) An insecure, limited version of FTP used primarily to automate the process of configuring boot files between computers.


Any potential damage to an asset.

threat vector

The path or means by which an attacker compromises security.

time of day restrictions

Security controls that restrict the periods of time when users are allowed to access systems, which can be set using a group policy.


(Temporal Key Integrity Protocol ) A security protocol created by the IEEE 802.11i task group to replace WEP.


(Transport Layer Security) A security protocol that uses certificates and public key cryptography for mutual authentication and data encryption over a TCP/IP connection.


Physical or virtual objects that store authentication information.


(Trusted Operating System) The operating system component of the TCB that protects the resources from applications.


(timed HMAC-based one-time password) An improvement on HOTP that forces one-time passwords to expire after a short period of time.


(Trusted Platform Module) A specification that includes the use of cryptoprocessors to create a secure computing environment.

transitive access

Access given to certain members in an organization to use data on a system without the need for authenticating themselves.

transitive access attack

An attack that takes advantage of the transitive access given in order to steal or destroy data on a system.

transitive trust

When a trust relationship between entities extends beyond its original form.

transport encryption

The technique of encrypting data that is in transit, usually over a network like the Internet.

Trojan horse

An insidious type of malware that hides itself on an infected system and can pave the way for a number of other types of attacks.

trust model

A CA hierarchy.


A data-transport technique in which a data packet is encrypted and encapsulated in another data packet in order to conceal the information of the packet inside.


A symmetric key block cipher, similar to Blowfish, consisting of a block size of 128 bits and key sizes up to 256 bits.

UDP flood

A type of DoS attack in which the attacker attempts to overwhelm the target system with UDP ping requests. Often the source IP address is spoofed, creating a DoS condition for the spoofed IP.

URL filtering

The inspection of files and packets to block restricted websites or content.

URL hijacking

aka typo squatting. An attack in which an attacker registers a domain name with a common misspelling of an existing domain, so that a user who misspells a URL they enter into a browser is taken to the attacker's website.

URL shortening service

An Internet service that makes it easier to share links on social networking sites by abbreviating URLs.

user assigned privileges

Privileges that are assigned to a system user and can be configured to meet the needs of a specific job function or task.


(unified threat management) The process of centralizing various security techniques into a single device.


A class of technology that separates computing software from the hardware it runs on via an additional software layer, allowing multiple operating systems to run on one computer simultaneously.


A self-replicating piece of code that spreads from computer to computer by attaching itself to different files.


Voice phishing, a human-based attack where the attacker extracts information while speaking over the phone or leveraging IP-based voice messaging services (VoIP).


(virtual local area network) A point-to-point physical network that is created by grouping selected hosts together, regardless of their physical location.


(Voice over IP) A term used for a technology that enables you to deliver telephony communications over a network by using the IP protocol.


(virtual private network) A private network that is configured within a public network, such as the Internet.

VPN concentrator

A single device that incorporates advanced encryption and authentication methods in order to handle a large number of VPN tunnels.

VPN protocols

Protocols that provide VPN functionality.


Any condition that leaves a system open to harm.

vulnerability scan

An assessment that identifies and quantifies weaknesses within a system, but does not test the security features of that system.


(Wireless Application Protocol) A protocol designed to transmit data such as web pages, email, and newsgroup postings to and from wireless devices such as mobile phones, smartphones, and tablets over very long distances, and display the data on small screens in a web-like interface.

war chalking

Using symbols to mark up a sidewalk or wall to indicate the presence and status of a nearby wireless network.

war driving

The act of searching for instances of wireless LAN networks while in motion, using wireless tracking devices like mobile phones, smartphones, tablets, or laptops.

warm site

A location that is dormant or performs non-critical functions under normal conditions, but which can be rapidly converted to a key operations site if needed.

watering hole attack

An attack in which an attacker targets a specific group, discovers which websites that group frequents, then injects those sites with malware. At least one member of the group will be infected, possibly compromising the group itself.

web application-based firewalls

A firewall that is deployed to secure an organization's web-based applications and transactions from attackers.

web security gateway

A software program used primarily to block Internet access to a predefined list of websites or category of websites within an organization or business.


(Wired Equivalent Privacy) A deprecated protocol that provides 64-bit, 128-bit, and 256-bit encryption using the RC4 algorithm for wireless communication that uses the 802.11a and 802.11b protocols.

white box test

A test in which the tester knows about all aspects of the systems and understands the function and design of the system before the test is conducted.

white hat

A hacker who exposes security flaws in applications and operating systems with an organization's consent so that they can fix them before the problems become widespread.


(wireless intrusion detection system) A system that uses passive hardware sensors to monitor traffic on a specific segment of a wireless network.

Windows security policies

Configuration settings within the Windows operating systems that control the overall security behavior of the system.


(wireless intrusion prevention system) An active, inline security device that monitors suspicious network and/or system traffic on a wireless network and reacts in real time to block it.

wireless security

Any method of securing your wireless LAN network to prevent unauthorized access and data theft while ensuring that authorized users can connect to the network.


A self-replicating piece of code that spreads from computer to computer without attaching to different files.


also WPA2 (Wi-Fi Protected Access) A wireless encryption protocol that generates a 128-bit key for each packet sent. Superseded by WPA2.


(Wi-Fi Protected Setup) An insecure feature of WPA and WPA2 that allows enrollment in a wireless network based on an 8-digit PIN.


(wireless sensor network) A collection of autonomous sensor-equipped devices that monitor and log physical and environmental conditions such as temperature, humidity levels, lighting controls, etc.


(Wireless Transport Layer Security) The security layer of a wireless AP and the wireless equivalent of TLS in wired networks.


(eXtensible Markup Language) A widely adopted markup language used in many documents, websites, and web applications.

XML injection

An attack that injects corrupted XML query data so that an attacker can gain access to the XML data structure and input malicious code or read private data.


(cross-site request forgery) A type of application attack where an attacker takes advantage of the trust established between an authorized user of a website and the website itself.


(cross-site scripting) A type of application attack where the attacker takes advantage of scripting and input validation vulnerabilities in an interactive website to attack legitimate users.


An extension to the original TACACS protocol.

zero day exploit

A hacking attack that occurs immediately after a vulnerability is identified, when the security level is at its lowest.


aka drone. A computer that has been infected with a bot and is being used by an attacker to mount a DDoS attack. Also called a drone.


aka drone. A computer that has been infected with a bot and is being used by an attacker to mount a DDoS attack. Also called a drone.