Ch 11- Key Terms Flashcards
Network assessment
Objective review of an organization’s network infrastructure in terms of functionality and security capabilities, used to establish a baseline for future audits
Network audit
Objective periodic review of an organization’s network infrastructure against an established baseline
Hardening
Ensuring that a system or network is configured in such a way that reduces the risk of attack from either internal or external resources
Penetration testing
Process of evaluating network security with a simulated attack on the network from both external and internal attackers
Vulnerability assessment
Process used to identify and quantify any vulnerabilities in a network environment
Data classification
Practice of sorting data into discrete categories that help define the access levels and type of protection required for that set of data
Data encryption
Algorithmic scheme that secures data by scrambling into a code that is not readable by unauthorized resources
Public key infrastructure (PKI)
Hierarchy of trusted security certificates issued to users or computing devices
Certificate of authority (CA)
Entity that issues digital certificates and makes its public keys available to the intended audience to provide proof of its authenticity
Plaintext
Unencrypted data
Cipher text
Data that has been encrypted using a mathematical algorithm
Symmetric encryption
Encryption mechanism that uses a single key to both encrypt and decrypt data
Asymmetric encryption
Encryption mechanism that uses 2 different keys to encrypt and decrypt data
Public key
One-half of the keys used for asymmetric encryption, a public key is available to anyone and is used only for data encryption
Private key
One-half of the keys used for asymmetric encryption, a private key is available only to the intended data user and is used only for data encryption
Digital signature
Mathematical hash of a dataset that is encrypted by the private key and used to validate that dataset
Block cipher
A method of converting plaintext to cipher text in bulk as opposed to one data bit at a time, either using a fixed secret key or by generating keys from each encrypted block
Stream cipher
A method of converting plaintext to cipher text 1 bit at a time
Role-based access control (RBAC)
Security mechanism in which all access is granted through predefined collections of permissions, called roles, instead of implicitly assigning access to users or resources individually
Mandatory access control (MAC)
Security mechanism in which access is mandated by the operating system or application and not by data owners
Discretionary access control (DAC)
Security mechanism in which the power to grant or deny permissions to resources lies with the data owner
Multifactor authentication
Authentication of resources using proof from more than 1 of the 3 authentication categories: something you know, something you have, and something you are
Single sign-on (SSO)
Authentication process in which the resource requesting access can enter 1 set of credentials and use those credentials to access multiple applications or datasets, even if they have separate authentication mechanisms
Federation
Use of SSO to authenticate users or devices to many different protected network resources, such as file servers, websites, and database applications