Glossary E-F Flashcards
EAP (Extensible Authentication Protocol)
Framework for negotiating authentication methods that enables systems to use hardware-based identifiers, such as fingerprint scanners or smart card readers, for authentication.
EAP-FAST (EAP Flexible Authentication via Secure Tunneling)
An EAP method that is expected to address the shortcomings of LEAP.
EAPoL (Extensible Authentication Protocol over LAN)
A port-based network access control (PNAC) mechanism that allows the use of EAP authentication when a host connects to an Ethernet switch.
EAPoL (Extensible Authentication Protocol over LAN)
A port-based network access control (PNAC) mechanism that allows the use of EAP authentication when a host connects to an Ethernet switch.
EAP-TLS (EAP Transport Layer Security)
An EAP method that requires server-side and client-side certificates for authentication using SSL/ TLS.
EAP-TTLS (EAP Tunneled Transport Layer Security)
An EAP method that enables a client and server to establish a secure connection without mandating a client-side certificate.
east-west traffic
Design paradigm accounting for the fact that data center traffic between servers is greater than that passing in and out (north-south).
ECC (elliptic curve cryptography)
An asymmetric encryption algorithm that leverages the algebraic structures of elliptic curves over finite fields to derive public/private key pairs.
edge computing
Provisioning processing resource close to the network edge of IoT devices to reduce latency.
e-discovery
Procedures and tools to collect, preserve, and analyze digital evidence.
EDR (endpoint detection and response)
A software agent that collects system data and logs for analysis by a monitoring system to provide early detection of threats.
EF (exposure factor)
In risk calculation, the percentage of an asset’s value that would be lost during a security incident or disaster scenario.
elasticity
The property by which a computing environment can instantly react to both increasing and decreasing demands in workload.
entropy
A measure of disorder. Cryptographic systems should exhibit high entropy to better resist brute force attacks.
EOL (end of life)
Product life cycle phase where sales are discontinued and support options reduced over time.
EOSL (end of service life)
Product life cycle phase where support is no longer available from the vendor.
EPP (endpoint protection platform)
A software agent and monitoring system that performs multiple security tasks.
ERM (enterprise risk management)
The comprehensive process of evaluating, measuring, and mitigating the many risks that pervade an organization.
error handling
Coding methods to anticipate and deal with exceptions thrown during execution of a process.
escrow
In key management, the storage of a backup key with a third party.
ESP (Encapsulating Security Protocol)
IPSec sub-protocol that enables encryption and authentication of the header and payload of a data packet.
evil twin
A wireless access point that deceives users into believing that it is a legitimate network access point.
execution control
The process of determining what additional software may be installed on a client or server beyond its baseline to prevent the use of unauthorized software.
exploitation framework
Suite of tools designed to automate delivery of exploits against common software and firmware vulnerabilities.
extranet
A private network that provides some access to outside parties, particularly vendors, partners, and select customers.
failover
A technique that ensures a redundant component, device, or application can quickly and efficiently take over the functionality of an asset that has failed.
fake telemetry
Deception strategy that returns spoofed data in response to network probes.
false negative
In security scanning, a case that is not reported when it should be.
false positive
In security scanning, a case that is reported when it should not be.
FAR (false acceptance rate)
Biometric assessment metric that measures the number of unauthorized users who are mistakenly allowed access.
Faraday cage
A wire mesh container that blocks external electromagnetic fields from entering into the container.
FC (Fibre Channel)
High speed network communications protocol used to implement SANs.
FDE (full disk encryption)
Encryption of all data on a disk (including system files, temporary files, and the pagefile) can be accomplished via a supported OS, third-party software, or at the controller level by the disk device itself.
federation
A process that provides a shared login capability across multiple systems and enterprises. It essentially connects the identity management services of multiple systems.
FIM (file integrity monitoring)
A type of software that reviews system files to ensure that they have not been tampered with.
fingerprint scanner
Biometric authentication device that can produce a template signature of a user’s fingerprint then subsequently compare the template to the digit submitted for authentication.
first responder
The first experienced person or team to arrive at the scene of an incident.
fog computing
Provisioning processing resource between the network edge of IoT devices and the data center to reduce latency.
FPGA (field programmable gate array)
A processor that can be programmed to perform a specific function by a customer rather than at the time of manufacture.
FRR (false rejection rate)
Biometric assessment metric that measures the number of valid subjects who are denied access.
FTK (Forensic Toolkit)
A commercial digital forensics investigation management and utilities suite, published by AccessData.
FTPS
A type of FTP using TLS for confidentiality.
full backup
A backup type in which all selected files, regardless of prior state, are backed up. full tunnel VPN configuration where all traffic is routed via the VPN gateway.
