Glossary: A Flashcards
Access control list (ACL)
A method of defining what rights and permissions an entity has to a given resource. In networking, access control lists are commonly associated with firewall and router traffic-filtering rules.
Acceptable Use Policy (AUP)
Policy stating what users of a system can and cannot do with the organization’s assets
access creep
Occurs when authorized users accumulate excess privileges on a system because of moving from one position to another; allowances accidentally remain with the account from position to position.
access point (AP)
A wireless LAN device that acts as a central point for all wireless traffic. The AP is connected to both the wireless LAN and the wired LAN, providing wireless clients access to network resources.
accountability
The ability to trace actions performed on a system to a specific user or system entity.
acknowledgement (ACK)
A TCP flag notifying an originating station that the preceding packet (or packets) has been received.
active attack
An attack that is direct in nature- usually where the attacker injects something into, or otherwise alters, the network or system target.
Active Directory (AD)
The directory service created by Microsoft for use on its networks. It provides a variety of network services using Lightweight Directory Access Protocol (LDAP), Kerberos-based authentication, and single sign-on for user access to network-based resources.
active fingerprinting
Injecting traffic into the network to identify the operating system of a device.
ad hoc mode
A mode of operation in a wireless LAN in which clients send data directly to one another without utilizing a wireless access point (WAP), much like a point-to-point wired connection.
Address Resolution Protocol (ARP)
A protocol used to map a known IP address to a physical (MAC) address. It is defined in RFC 826. The ARP table is a list of IP addresses and corresponding MAC addresses stored on a local computer.
adware
Software that has advertisements embedded within it, IT generally displays ads in the form of pop-ups.
algorithm
A step-by-step method of solving a problem. In computing security, an algorithm is a set of mathematical rules (logic) for the process of encryption and decryption.
annualized loss expectancy (ALE)
A measurement of the cost of an asset’s value to the organization and the monetary loss that can be expected for an asset due to risk over a one-year period. ALE is the product of the annualized rate of occurrence (ARO) and the single loss expectancy (SLE). It is mathematically expressed as ALE = ARO x SLE.
annualized rate of occurrence (ARO)
An estimate of the number of times during a year a particular asset would be lost or experience downtime.
anonymizer
A device or service designed to obfuscate traffic between a client and the internet. It is generally used to make activity on the Internet as untraceable as possible.
anti-malware
An application that monitors a computer or network to identify, and prevent, malware. AV (antivirus) applications are usually signature-based and can take multiple actions on defined malware files/ activity.
Application layer
Layer 7 of the OSI reference model. The Application layer provides services to applications to allow them access to the network. Protocols such as FTP and SMTP reside here.
application-level attack
Attack on the actual programming code of an application.
archive
A collection of historical records or the place where they are kept. In computing, an archive generally refers to backup copies of logs and/or data.
assessment
Activities to determine the extent to which a security control is implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements of the system.
asset
Any item of value or worth to an organization, whether physical or virtual.
asymmetric
Literally, “not balanced or the same”. In networking, asymmetric refers to a difference in networking speeds upstream and downstream. In cryptography, it’s the use of more than one key for encryption/ authentication purposes.
asymmetric algorithm
In computer security, an algorithm that uses separate keys for encryption and decryption.
asynchronous
- The lack of clocking (imposed time ordering) on a bit stream. 2. An industry term referring to an implant or malware that does not require active interaction from the attacker. 3. An implant or malware where command/ task execution and the return of results or data are set to predefined intervals or timelines versus real-time execution.
asynchronous transmission
The transmission of digital signals without precise clocking or synchronization.
audit
Independent review and examination of records and activities to assess the adequacy of system controls, to ensure compliance with established policies and operational procedures, and to recommend necessary changes.
audit data
Chronological record of system activities to enable the reconstruction and examination of the sequence of events and changes in an event.
audit trail
A record showing which user has accessed a given resource and what operations the user performed during a given period.
auditing
The process of recording activity on a system for monitoring and later review.
authentication
The process of determining whether a network entity (user or service) is legitimate– usually accomplished through a user ID and password. Authentication measures are categorized by something you know (user ID and password), something you have (smart card or token), or something you are (biometrics).
authentication, authorization, and accounting (AAA)
Authentication confirms the identity of the user or device. Authorization determines the privileges (rights) of the user or device. Accounting records the access attempts, both successful and unsuccessful.
Authentication Header (AH)
An Internet Protocol Security (IPSec) header used to verify that the contents of a packet have not been modified while the packet was in transit.
authenticity
Sometimes included as a fundamental security element, refers to the characteristic of data that ensures it is genuine.
authorization
The conveying of official access or legal power to a person or entity.
availability
The condition of a resource being ready for use and accessible by authorized users.
