Acronym w. Definition . Flashcards
3DES
Triple Digital Encryption Standard
A symmetric algorithm used to encrypt data & provide confidentiality.
AAA
A group of technologies used in remote access systems.
- Authentication verifies a user’s identification.
- Authorization determines if a user should have access.
- Accounting tracks a user’s access with logs.
ABAC
Attribute-Based Access Control
An access control model that grants access to resources based on attributes assigned to subjects and objects.
AUP
Acceptable Use Policy
A policy defining proper system usage and the rules of behavior for employees.
It often describes the purpose of computer systems and networks, how users can access them, and the responsibilities of users when accessing the systems.
AP
Access Point
A device that connects wireless clients to wireless networks. Sometimes called wireless access point (WAP).
Accounting
The process of tracking the activity of users and recording this activity in logs. One method of accounting is audit logs that create an audit trail.
ACLs
Access control lists. Lists of rules used by routers and stateless firewalls. These devices use the ACL to control traffic based on networks, subnets, IP addresses, ports, and some protocols.
Active Reconnaissance
A penetration testing method used to collect information. It sends data to systems and analyzes responses to gain information on the target.
Ad Hoc
A connection mode used by wireless devices without an AP.
Administrative controls
Security controls implemented via administrative or management methods.
Advanced Encryption Standard (AES)
A strong symmetric block cipher that encrypts data in 128-bit blocks.
Affinity
A scheduling method used with load balancers. It used the client’s IP address to ensure the client is redirected to the same server during session.
Aggregation switch
A switch used to connect multiple switches together into a network. Switches connect to the aggregation switch and it connects to a router.
Agile
A software development life cycle model that focuses on interaction and integrity.
Authentication Header (AH)
Only used in Tunneling mode, to encrypt the message headers.
- An option within IPSec to provide authentication and integrity.
Airgap
A physical security control that provides physical isolation. Systems separated by an airgap don’t typically have any physical connections to other systems.
Annual Loss Expectancy (ALE)
The expected loss for a year.
Used to measure risk with ARO and SLE in a quantitative risk assessment.
SLE x ARO = ALE
Amplification attack
An attack that increased the amount of bandwidth sent to a victim.
Anomaly
A type of monitoring on intrusion detection and intrusion prevention systems.
Detects attacks by comparing operations against a baseline.
Aka Heuristic detection
ANT
A proprietary wireless protocol used by some mobile devices.
Not an acronym
Antispoofing
A method used on some routers to protect against spoofing attacks.
Antivirus
Software that protects systems from malware.
Application blacklist
A list of applications that a system blocks.
Users are unable to install or run any applications on the list.
Application cell
A virtualization technology that runs services or applications within isolated application cells (containers).
Aka application containers
Application whitelist
A list of applications that a system allows.
Advanced Persistent Threat (APT)
A group that has both the capability and intent to launch sophisticated and targeted attacks.
Annual Rate of Occurrence (ARO)
The number of times a loss is expected to occur in a year.
arp
A command-line tool used to show and manipulate the Address Resolution Protocol cache.
ARP Poisoning
An attack that misleads systems about the actual MAC address of a system.
Asset Value
An element of a risk assessment. It identifies the value of an asset and can include any product, system, resource, or process.
Asymmetric encryption
A type of encryption using two keys to encrypt & decrypt data.
- uses public key & private key.
Attestation
A process that checks and validated system files during the boot process.
Audit trail
A record of events recorded in one or more logs, the can re-create the events that occurred leading up to a security incident.
Authorization
The process of granting access to resources for users who prove their identity, based on their proven identity.
- username & passwords.
Authentication
The process that occurs when a user provided an identity, such as a password.
Availability
Ensures that systems and data are up & operational when needed.
- one of the three melon goals of information security known as the CIA.
Backdoor
An alternate method of accessing a system.
Background check
A check into a person’s history, typically to determine eligibility for a job.
Banner grabbing
A method used to gain information about a remote system.
Bcrypt
A key stretching algorithm.
- used to protect passwords
- salts passwords with additional bits before encrypting them with Blowfish.
- this thwarts rainbow table attacks.
Basic Input/Output System (BIOS)
A computer’s firmware used to manipulate different settings such as the date & time, boot drive, and access password.
*UEFI is the designated replacement for BIOS
Birthday
A password attack named after the birthday paradox in probability theory.
- paradox states that for any random group of 23 people, there is a 50% chance that 2 of them have the same birthday.
Black box text
A type of penetration test. Testers have zero knowledge of the environment prior to starting the test.
Block cipher
An encryption method that encrypts data in fixed-sized blocks.
Blowfish
A strong symmetric block cipher. It encrypts data in 64-bit blocks and supports key sizes between 32 & 448 bits.
Bluejacking
An attack against Bluetooth devices.
- sending unsolicited messages to nearby Bluetooth devices.
Bluesnarfing
An attack against Bluetooth devices. Attackers gain unauthorized access to Bluetooth devices and can access all the data on the device.
Bollards
Short vertical posts that act as a barricade. Bollards block vehicles, not people.
Bots
Software robots that function automatically.
Business Partners Agreement (BPA)
A written agreement that details the relationship between business partners, including their obligations towards the partnership.
Bridge
A network device used to connect multiple networks together.
- can be used instead of a router.
Brute force
A password attack that attempts to guess a password.
Buffer overflow
An error that occurs when an application receives more input, or different input, than it expects.
- it exposes system memory that is normally inaccessible.
Business Impact Analysis (BIA)
A process that helps an organization identify critical systems and components that are essential to the organization’s success.
Bring Your Own Device (BYOD)
A mobile device deployment model. Employees can connect their personally owned device to the network.
Certificate Authority (CA)
An organization that manages, issues, and signs certificates.
- a main element of PKI
Common Access Card (CAC)
Specialized type of smart card used by the U.S Department of Defense.
Captive portal
A technical solution that forces wireless clients using web browsers to complete a process before accessing a network.
Carrier unlocking
The process of unlocking a mobile phone from a specific cellular provider.
Cipher Blocking Chaining (CBC)
A mode of operation used for encryption that effectively converts a block cipher into a stream cipher.
Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)
Encryption protocol based on AES and used with WPA2 for wireless security. It is more secure than TKIP.
Canonical Encoding Rules (CER)
A base format for PKI certificates. They are binary encoded files.
Certificate
A digital file used for encryption, authentication, digital signatures, and more.
Certificate Chaining
A process that combines all certificates within a trust model.
Chain of custody
A process that provides assurances that evidence has been controlled and handled properly after collection.
Change Management
The process used to prevent unauthorized changes.
Challenge Handshake Authentication Protocol (CHAP)
An authentication mechanism where a server challenges a client.
Chroot
A Linux command us d to change the root directory.
- often used for sandboxing.
Ciphertext
The result of encrypting plaintext.
Clean desk policy
A security policy requiring employees that o keep their areas organized and free of papers.
Clickjacking
An attack that tricks users into clicking something other than what they think they’re clicking.
Cloud Access Security Broker (CASB)
Software tool or service that enforced cloud-based security requirements.
Cloud Deployment Models
Cloud model types that identify who has an access to cloud resources.
- Public Clouds: for any organization
- Private Clouds: for single organization
- Community Clouds: shared among community
- Hybrid Clouds: Combination of two or more clouds
Code signing
The process of assigning a certificate to code.
- certificate includes a digital signature & validates the code.
Cold Site
An alternate location for operations.
Collision
A hash vulnerability that can be used to discover passwords.
- occurs when two different passwords create the same hash.
Compensating controls
Security controls that are alternative controls used when a primary security controls is not feasible.
Complied code
Code that had been optimized by an application and converted into an executable file.
Confidential data
Data meant to be kept secret among a certain group of people. As an example,salary data is meant to be kept secret and not shared with everyone within a company.
Confidentiality
One of the three main goals of information security knows as the CIA security triad.
Ensures that unauthorized entities cannot access data.
Encryption & access controls help protect against the lost of confidentiality.
Configuration compliance scanner
A type of vulnerability scanner that verify systems are configured correctly. Can use a file that identifies the proper configuration for systems.
Confusion
The cryptography concept that indicates ciphertext is significantly different than plain text.
Containerization
A method used to isolate applications and mobile devices. That isolates and protects the application, including any data used by the application.
Context-aware authentication
And authentication method using multiple elements to authenticate a user and a mobile device. It can include identity, Geolocation, the device type, and more.
Continuity of operations planning
The planning process that identifies an alternate location for operations after a critical outage. It can include a hot sight, cold side, or warm sight.
Control diversity
The use of different security control times, such as technical controls, administrative controls, and physical controls.
Controller-based AP
An AP that is managed by a controller. Also called a thin AP.
COPE
Corporate-owned, personally enabled.
A mobile device deployment model. The organization purchases and issues devices to employees.
Corrective controls
Security controls their attempt to reverse the impact of a security incident.
CRL
Certificate revocation list.
A list of certificates that a CA has revoked. Certificates are commonly revoked if they are compromised, or issued to an employee who has left the organization.
Crossover error rate
The points were the false acceptance rate (FAR) crosses over with the false rejection rate (FRR). A lower C ER indicates a more accurate biometrics system.
XSRF
Cross-site request forgery
A Web application attack. XSRF attacks trick users into performing actions on websites, such as making purchases, without their knowledge.
XSS
Cross-site scripting
A web application vulnerability. Attackers in bed malicious HTML or JavaScript code into a web site’s code, which executes when a user visits the site
Crypto-malware
It’s a type of ransom where that encrypts the user’s data.
Crypto module
A set of hardware, software, and/or firmware that implements cryptographic functions.
Crypto service provider
A software library of cryptographic standards and algorithms. These library‘s are typically distributed within crypto modules.
CSR
Certificate signing request.
A method of requesting a certificate from a CA. It starts by creating an RSA-based private/public key pair and then including the public key in the CSR.
CTM
Counter mode
A mode of operation use for encryption that combines an IV with a counter. The combined result is used to encrypt blocks.
Custom firmware
Mobile device firmware other than the firmware provided with the device. People sometimes use custom firmware to root android devices.
CIRT
Cyber-incident response team
A group of experts who respond to security incidents.
CYOD
Choose your own device
A mobile device deployment model. Employees can connect there personally on device to the network as long as the device is on a pre-approved list.
DAC
Discretionary access control
An access control model where all objects have owners and owners can modify permissions for the objects files and folders Microsoft NTFS uses the DAC model.
Data-at-rest
Any data stored on media. It’s common to encrypt sensitive data-at-rest.
DEP
Data execution prevention
A security feature that prevents code from executing in memory regions marked as nonexecutable. It helps block malware.
Data exfiltration
The unauthorized transfer of data outside an organization.
Data-in-transit
Any data sent over a network. It’s common to encrypt sensitive data-in-transit.
Data-in-use
Any data currently being used by a computer. Because the computer needs to process the data, it is not encrypted while in use.
Data retention policy
A security policy specifying how long data should be kept (retained).
Data sovereignty
A term that refers to the legal implications of data stored in different countries. It is primarily concern related to back up stored an alternate locations via the cloud.
DDos
Distributed denial-service
An attack on a system launched from multiple sources intended to make a computers resources or services unavailable to users. Do you DOS attacks typically include sustained, abnormally high network traffic.
Dead code
Code that is never executed or used. It is often caused by logic errors.
Defense in depth
Do use of multiple layers of security to protect resources. Control diversity and vendor diversity or two methods organizations implement to provide defense in depth.
Degaussing
The process of removing data for magnetic media using a very powerful electronica magnet. Degaussing is sometimes used to remove data from back up tapes or to destroy hard disks.
DER
Distinguished encoding rules
A base format for PKI certificates. They are BASE64 ASCII encoded files.
DES
Data encryption standard
A legacy symmetric encryption standard used to provide confidentiality it has been compromised and AES or 3DES should be used instead.
It is the weakest encryption standard.
Detective controls
Security controls that attempt to discourage individuals from causing a security incident.
Dictionary
A password attack that uses a file of words and character combinations. The attack tries every entry within the file when trying to get a password.
Differential backup
A type of back up that backs up all the data that has changed or is different since the last full backup.
DH
Diffie-Hellman
And asymmetric algorithm used to privately share symmetric keys. DH ephemeral (DHE) uses ephemeral keys, Which are re-created for each session. Elliptic curve DHE (ECDHE) uses elliptic her cryptography to generate encryption keys.
Diffusion
A cryptography concept that ensures that small changes in plain text result in significant changes in ciphertext.
Dig
A command-line tool used to test DNS on Linux systems.
Digital signature
And encrypted hash of a message, encrypted with the senders private key. It provides authentication, non-repudiation, and integrity.
Disablement policy
A policy that identifies when administrators should disable user accounts.
Disassociation attack
An attack that removes wireless clients from a wireless network.
Dissolvable agent
A NAC agent that runs on a client, but deletes itself later. It checks the client for health.
DLL injection
An attack that injects a dynamic link library (DLL) into memory and runs it. Attackers rewrite the DLL, inserting malicious code.
DLP
Data loss prevention
A group of technologies used to prevent data loss. They can block the use of USB devices, monitor outgoing email to detect and block unauthorized data transfers, and monitor data stored in the cloud.
DMZ
Demilitarized zone
A buffer zone between the Internet and an internal network. Internet clients can access the service is hosted on servers in the DMZ, but the DMZ provides a layer of protection for the internal network
DNSSEC
Domain name system security extensions
A suite of extensions toDNS used to protect the integrity of DNS records and prevent some DNS attacks.
DNS poisoning
An attack that modifies or karups DNS results. Do you NSSAC helps prevent DNS poisoning.
Domain hijacking
An attack that changes the registration of a domain name without permission from the owner.
DOS
Denial-of-service
An attack from a single source that attempts to disrupt the services provided by the attached system.
Downgrade attack
A type of attack that forces a system to downgrade its security the attacker then exports the lesser security control.
DSA
Digital signature algorithm
And encrypted hash of a message used for authentication, non-repudiation, and integrity. The senders private key increase the hash of the message.
Dumpster diving
The practice of searching through trash looking to gain information from discarded documents. Shredding or burning papers helps prevent the success of dumpster diving.
EAP
Extensible authentication protocol
And authentication framework that provides general guidance for authentication methods.
Variations include:
- PEAP
- EAP-TTLS
- EAP-FAST
EAP-FAST
EAP-flexible authentication via secure tunneling (EAP-FAST)
A Cisco-designed replacement for lightweight EAP (LEAP). EAP-FAST supports certificates, but they are optional.
EAP-TLS
Extensible authentication protocol-transport layer security
An extension of EAP sometimes used with 802.1x. This is one of the most secure EAP standards and is widely implemented. It requires certificates on the 802.1x server and on the clients.
EAP-TTLS
Extensible authentication protocol-tunneled transport layer security
An extension of EAP sometimes used with 802.1x. It allows systems to use some older authentication method such as PAP within a TLS tunnel. It requires a certificate on the 802.1x server but not on the clients.
ECB
Electronic Codebook
A legacy mode of operation used for encryption. It is weak and should not be used.
Embedded system
Any device that has a dedicated function and uses a computer system to perform that function. It includes a CPU, and operating system, and one or more applications.
EMI
Electromagnetic interference
Interference caused by motors, power lines, and fluorescent lights. The MI shielding prevents outside interference sources from corrupting data and prevents data from emanating outside the cable.
EMP
Electromagnetic pulse
A short burst of energy that can potentially damage electronica equipment. They can result from electrostatic discharge (ESD) lightning, and military weapons.
Encryption
A process that scrambles, or ciphers, data to make it unreadable. Encryption normally includes a public algorithm and a private key.
Two Types:
- asymmetric
- symmetric
Enterprise
A wireless mode that uses in 802.1x server for security. It forces users to authenticate with a username and password.
Ephemeral Key
The type of key used in cryptography. Ephemeral keys have very short lifetimes and are re-created for each session.
Error handling
A programming process that handles errors gracefully.
ESP
Encapsulating security payload
Is used to encrypt the data being transmitted.
- An option with an IPsec to provide confidentiality, integrity, and authentication.
Evil twin
A type of rogue AP. An evil twin has the same SSID as a legitimate AP.
Exit interview
An interview conducted with departing employees just before they leave an organization.
Exploitation frameworks
Tools used to store information about security vulnerabilities. They are often used by penetration testers (and attackers) to detect an exploit software.
Extranet
The part of an internal network shared with outside entities. Extra notes are often used to provide access to an authorized business partners, customers, vendors, or others.
Facial recognition
A biometric method that identifies people based on facial features.
False negative
A security incident that isn’t detected or reported. As an example, a NIDS false negative occurs if an attack is active on the network but the NIDS does not raise an alert.
False positive
An alert on an event that isn’t a security incident. As an example, a NIDS false positive occurs if the NIDS raises an alert with activity on the network is normal.
FAR
False acceptance rate
Also called the false match rate. A rate that identifies the percentage of times a biometric authentication system incorrectly indicates a match.
Faraday cage
A room or enclosure that prevents signals from emanating beyond the room or enclosure.
Fat AP
An AP that includes everything needed to connect wireless clients to a wireless network. Fat APs Must be configured independently. Sometimes called a stand-alone AP.
Fault tolerance
The capability of a system to suffer a fault, but continue to operate. Said another way, the system can tolerate the fault as if it never occurred.
FDE
Full desk encryption
A method to encrypt an entire disk.
Federation
Two or more members of a federated identity management system. Used for single sign-on.
Fingerprint scanners
Biometric systems that scan fingerprints for authentication.
Firewall
Is software or a network device used to filter traffic. Firewalls can be application-based (running on a host), or a network-based device.
Stateful firewalls filter traffic using rules within an ACL.
Stateless firewalls filter traffic based on its state within a session.
Firmware OTA updates
Over-the-Air updates for mobile device firmware that keep them up to date. These are typically downloaded to the device from the Internet and applied to update the device.
Flood guard
A method of thwarting flood attacks. On switches, a flood guard thwarts MAC flood attacks. On routers, a flood guard prevents SYN flood attacks.
Framework
A structure used to provide a foundation. Cyber security frameworks typically use a structure of basic concepts and provide guidance to professionals on how to implement security.
FRR
False rejection rate
Also called the false non-match rate. A rate that identifies the percentage of times a biometric authentication system incorrectly rejects a valid match.
FTPS
File transfer protocol secure
An extension of FTP that uses TLS to encrypt FTP traffic. Some implementations of FTPS use TCP ports 989 and 990.
Full backup
A type of back up that backs up all the selected data. A full backup could be considered a normal backup.
Full tunnel
An encrypted Connection used with VPNs. When a user is connected to a VPN, all traffic from the user is encrypted.
GCM
Galois/Counter Mode
A mode of operation used for encryption. It combines the counter mode (CTM) with hashing techniques for data authenticity and confidentiality.
Geofencing
A virtual fence or a geographic boundary. It uses GPS to create a boundary. Apps can then respond when a mobile device is within the virtual fence.
Geolocation
The location of a device identified by GPS. It can help locate a lost or stolen mobile device.
GPO
Group Policy Object
A technology used within Microsoft windows to manage users and computers. It is implemented on a domain controller within a domain.
GPS
Global Positioning System
A satellite-based navigation system that identifies the location of a device or vehicle. Mobile devices often incorporate GPS capabilities.
GPS tagging
The process of adding geographical data to file such as pictures. It typically includes latitude and longitude coordinates with the location where the picture was taken or the file was created.
Gray box test
A type of penetration test
Testers have some knowledge of the environment prior to starting the test.
Group-based access control
A role-based access control method that uses groups as roles.
Guest account
A pre-created account and Windows systems. It is disabled by default.
Hacktivist
An attacker who launches attacks as part of an activist movement or to further a cause.
Hardware route of trust
A known secure starting points. TPMs have a private key burned into the hardware that provides a hardware route of trust.
Hash
A number created by executing a hashing algorithm against data, such as a file or message. Hashing is commonly used for integrity. Common hashing algorithms are MD5, SHA-one, and HMAC.
Heuristic/behavioral
A type of monitoring on intrusion detection and intrusion prevention systems. It detects attacks by comparing traffic against a baseline it is also known as anomaly detection.
HIDS
Host-based intrusion detection system
Software installed on a system to detect attacks. It protects local resources on the host. They host-based intrusion prevention system HIPS is an extension of a HIDS. It is software installed on a system to detect and block attacks.
High availability
A term that indicates a system or a component remains available close to 100% of the time.
HMAC
Hash-based Message Authentication Code
Rehashing algorithm used to verify integrity and authenticity of a message with the use of a shared secret. It is typically combined with another hashing algorithm such as SHA.
Hoax
A message, often circulated through email, that tells of impending doom from a virus or other security threat that simply doesn’t exist.
Home automation
Smart devices used within the home that have IP address is. These are typically accessible via the Internet and are part of the Internet of things (IoT).
Honeypot
A server designed to attract an attacker. It’s typically has weakened security encouraging attackers to investigate it.
Honeynet
A group of honeypots in a network. Honeynets are configured in virtual networks.
Hot and cold aisles
A method commonly used in data centers to keep equipment cool. Cool air flows from the front of the cabinets to the back, making the front aisle cooler and the back aisle warmer.
HOTP
HMAC-based One-Time Password
An open standard used for creating one-time passwords. It combines a secret key and a counter, and then uses HMAC to create a hash of the result.
Hot site
An alternate location for operations. A hot site typically includes everything needed to be operational within 60 minutes.
HSM
Hardware security module
A removable or external device that can generate, store and manage RSA keys used in asymmetric encryption.
HTTPS
Hypertext transfer protocol secure
A protocol used to encrypt HTTP traffic. Which TTPS in crêpes traffic with TLS using TCP port 443.
HVAC
Heating, ventilation, and air conditioning
A physical security control that increases availability by regulating airflow within data centers and server rooms.
IaaS
Infrastructure as a Service
A cloud computing model that allows an organization to rent access to hardware in a self-managed platform.
Compare with Paas and Saas.
ICS
Industrial Control System
A system that controls large systems such as power plants or water treatment facilities.
A SCADA system controls the ICS.
Identification
The process that occurs when a user claims an identify, such as with a username.
IEEE 802.1x
An authentication protocol used in VPNs and wired and wireless networks. VPNs often implement it as a RADIUS server. Wired networks use it for port-based authentication. Wireless networks use it in Enterprise mode. It can be used with certificate-based authentication.
ifconfig
A command-line tool used on Linux systems to show and manipulate settings on a network interface card (NIC). Similar to ipconfig on Windows systems.
IMAP4
Internet Message Access Protocol version 4
A protocol used to store and manage email on servers. IMAP4 uses TCP port 143. Secure IMAP4 uses TLS to encrypt IMAP4 traffic.
Impact
The magnitude of harm related to a risk. It is the negative result of an event, such as the loss of confidentiality, integrity, or availability of a system or data.
Compare with likelihood of occurrence.