Security+ SYO-501 - Acronyms Flashcards
3DES
Triple Digital Encryption Standard
About the name: AES applies the DES cipher algorithm three times to each data block. Type: Symmetric-key block cipher Key sizes: 168, 112 or 56 bits (keying option 1, 2, 3 respectively) Block sizes: 64 bits Rounds: 48 DES-equivalent rounds Structure: Feistel network First published: 1998 (ANS X9.52) Retired: 2018 (replaced by AES)
AAA
Authentication, Authorization, and Accounting
ABAC
Attribute-Based Access Control
- Defined by NIST 800-162
- A logical access control methodology where authorization to perform a set of operations is determined by evaluating attributes associated with the subject, object, requested operations, and, in some cases, environment conditions against policy, rules, or relationships that describe the allowable operations for a given set of attributes.
ACL
Access Control List
AES
Advanced Encryption Standard
Original name: Rijndael Type: Symmetric-key block cipher Key sizes: 128, 192 or 256 bits Block sizes: 128 bits Rounds: 10, 12 or 14 (depending on key size) Designers: Vincent Rijmen, Joan Daemen Structure: Substitution–permutation network First published: 1998 (NIST)
AES256
Advanced Encryption Standard 256-bit
AH
Authentication Header
IPsec is composed of two separate (mutually exclusive) protocols:Authentication Header (AH)andEncapsulating Security Payload (ESP). AH provides the authentication and integrity checking for data packets, and ESP provides encryption services.
ALE
Annualized Loss Expectancy
$$$ how much loss you could expect in a year.
ALE = SLE x ARO
AP
Access Point
An AP works at Layer 2 (the data link layer) of the OSI model, and it can operate as a bridge connecting a standard wired network to wireless devices or as a router passing data transmissions from one access point to another.
API
Application Programming Interface
APT
Advanced Persistent Threat
Often nation-states (e.g. China). Hackers with skill , resources and TIME
ARO
Annualized Rate of Occurrence
### the number of times an event is expected to occur each year ALE = SLE x ARO
ARP
Address Resolution Protocol
Protocol used to map known IP addresses to unknown physical addresses.
ASLR
Address Space Layout Randomization
- Randomizes the location where system executables are loaded into memory.
- Therefore, it is a memory-protection process for operating systems (OSes) that guards against BUFFER-OVERLOW attacks
ASP
Application Service Provider
AUP
Acceptable Use Policy
defines what is and what is not acceptable activity, practice, or use for company equipment an resources
AV
Antivirus OR Asset Value (in $$)
BAC
Business Availability Center
BCP
Business Continuity Planning
Assess organizational risks and create policies, plans, and procedures to minimize impact.
BIA
Business Impact Analysis
The process of performing risk assessment on business tasks and processes rather than on assets. The purpose of BIA is to determine the risks to business processes and design protective and recovery solutions. The goal is to maintain business continuity, prevent and/or minimize downtime, and prepare for fast recovery and restoration in the event of a disaster.
BIOS
Basic Input/Output System
BPA
Business Partners Agreement
An agreement between partners in a business that outlines their responsibilities, obligations, and sharing of profits and losses.
BPDU
Bridge Protocol Data Unit
Frames that contain information about the Spanning tree protocol. A switch sends BPDUs using a unique MAC address from its origin port and a multicast address as destination MAC.
BYOD
Bring Your Own Device
RIP
BGP
OSPF
Routers usually communicate routing and other information using one of three standard protocols:
- RIP - Routing Information Protocol
- BGP - Border Gateway Protocol
- OSPF - Open Shortest Path First
CA
Certificate Authority
CAC
Common Access Card
CAN
Controller Area Network
CAPTCHA
Completely Automated Public Turing Test to Tell Computers and Humans Apart
CAR
Corrective Action Report
CASB
Cloud Access Security Broker
Security policy enforcement solution. Ensures proper security measures and ensures that they are implemented between a cloud solution and a customer organization. CASBsare on-premise or cloud-based security policy enforcement points. They exist between the cloud service users and the cloud service providers for the purpose of combining (and adding) enterprise security policies as resources are accessed.
The brokers can consolidate lots of different types of security policy enforcement (single sign-on, authorization, credential mapping, encryption, and so forth) while acting like a gatekeeper. They essentially allow the organization to extend the reach of their own security policies beyond the confines of their own infrastructure.
CBC
Cipher Block Chaining
CCMP
Counter-Mode/CBC-Mac Protocol
CCTV
Closed-circuit TV
CER
Certificate
OR
Cross-over Error Rate
Cross-over Error Rate. See Biometrics, FAR, and FRR. The point at which FRR and FAR are equal. Aim for a LOW CER
CERT
Computer Emergency Response Team
Carnegie Mellon University standards for secure coding. CERT standards cover many of the same issues as OWASP, but they also have complete language-specific standards for Java, Perl, C, and C++ and exception handling.
CFB
Cipher Feedback
CHAP
Challenge Handshake Authentication Protocol
Authentication method supported by PPP (can be used by PPTP).
(1) user authenticates to the server;
(2) server directs the client to generate a random number (often a cryptographic hash) and send it to the server;
(3) server periodically challenges the client to reproduce the number/hash;
(4) if the client can’t, the server terminates the session.
CIO
Chief Information Officer
CIRT
Computer Incident Response Team
CMS
Content Management System
COOP
Continuity of Operations Plan
COPE
Corporate Owned, Personally Enabled
CP
Contingency Planning
CRC
Cyclical Redundancy Check
CRL
Certificate Revocation List
CSIRT
Computer Security Incident Response Team
CSO
Chief Security Officer
CSP
Cloud Service Provider
CSR
Certificate Signing Request
CSRF
Cross-site Request Forgery
CSU
Channel Service Unit
See also DSU. Routers, in conjunction with achannel service unit/data service unit (CSU/DSU), are also used to translate from LAN framing to WAN framing (for example, a router that connects a 100BaseT network to a T1 network).
CTM
Counter-Mode
CTO
Chief Technology Officer
CTR
Counter
CYOD
Choose Your Own Device
DAC
Discretionary Access Control
DBA
Database Administrator
DDoS
Distributed Denial of Service
DEP
Data Execution Prevention
When an application tries to launch, the user must approve the execution before it can proceed or, at the least, the system logs when an application tries to launch
DER
Distinguished Encoding Rules
DES
Digital Encryption Standard
DFIR
Digital Forensics and Investigation Response
DHCP
Dynamic Host Configuration Protocol
DHE
Data-Handling Electronics
OR
Diffie-Hellman Ephemeral
DLL
Dynamic Link Library
DLP
Data Loss Prevention
DMZ
Demilitarized Zone
DNAT
Destination Network Address Transaction
DNS
Domain Name Service (Server)
DoS
Denial of Service
DRP
Disaster Recovery Plan
Disaster recovery is an expansion of BCP. Basically, when business continuity is interrupted, a disaster has occurred.
DSA
Digital Signature Algorithm
DSL
Digital Subscriber Line
DSU
Data Service Unit
See also CSU.
Routers, in conjunction with achannel service unit/data service unit (CSU/DSU), are also used to translate from LAN framing to WAN framing (for example, a router that connects a 100BaseT network to a T1 network).
Extensible Authentication Protocol
ECB
EAP
Extensible Authentication Protocol
Authentication method supported by PPP (can be used by PPTP)
ECB
Electronic Code Book
ECC
Elliptic Curve Cryptography
Asymmetric system designed to work with smaller processors (like hand-held devices)
ECDHE
Elliptic Curve Diffie-Hellman Ephemeral
ECDSA
Elliptic Curve Digital Signature Algorithm
EF
Exposure Factor
%%% the percentage of the asset value that is threatened with each threat occurrence
EFS
Encrypted File System
EMI
Electromagnetic Interference
EMP
Electro Magnetic Pulse
EOL
End of Life
ERP
Enterprise Resource Planning
ESN
Electronic Serial Number
ESP
Encapsulated Security Payload
IPsec is composed of two separate (mutually exclusive) protocols:Authentication Header (AH)andEncapsulating Security Payload (ESP). AH provides the authentication and integrity checking for data packets, and ESP provides encryption services.
EULA
End User License Agreement
FACL
File System Access Control List
FAR
False Acceptance Rate
See Biometircs, FRR, and CER
FDE
Full Disk Encryption
FRR
False Rejection Rate
See Biometrics, FAR and CER
FTP
File Transfer Protocol
FTPS
Secured File Transfer Protocol
GCM
Galois Counter Mode
GPG
Gnu Privacy Guard
GPO
Group Policy Object
GPS
Global Positioning System
GPU
Graphic Processing Unit
GRE
Generic Routing Encapsulation
HA
High Availability
Refers to measures such as redundancy, failover, and mirroring, used to keep services and systems operational during an outage.
HDD
Hard Disk Drive
HIDS
Host-based Intrusion Detection System
IDS runs as software on a host system. Examines machine logs, system events and application interactions, but normally doesn’t monitor incoming network traffic. Popular on servers that use encrypted channels. See also HIPS
HIPS
Host-based Intrusion Prevention System
See HIDS
HMAC
Hashed Message Authentication Code
HOTP
HMAC-based One-Time Password
HSM
Hardware security module
Devices that handle digital keys. Performs a similar function as TPM. Aka PCSM, SAM, Hardware cryptographic device, or cryptographic module. Often a plug in device.
- Provides encryption, digital signatures, hashing, and message authentication codes.
- Manages cryptographic keys
HTML
Hypertext Markup Language
HTTP
Hypertext Transfer Protocol
HTTPS
Hypertext Transfer Protocol over SSL/TLS
HVAC
Heating, Ventilation and Air Conditioning
IaaS
Infrastructure as a Service
ICMP
Internet Control Message Protocol
ICS
Industrial Control Systems
ID
Identification OR Intrusion Detection
IDEA
International Data Encryption Algorithm
IDF
Intermediate Distribution Frame
IdP
Identity Provider
IDS
Intrusion Detection System
IEEE
Institute of Electrical and Electronic Engineers
IIS
Internet Information System
IKE
Internet Key Exchange
IMPA4
Internet Message Access Protocol v4
IoT
Internet of Things
IPS
Internet Protocol Security
IRC
Internet Relay Chat
IRP
Incident Response Plan
ISA
Interconnection Security Agreement
ISP
Internet Service Provider
ISSO
Information Systems Security Officer
ITCP
IT Contingency Plan
IV
Initialization Vector
KDC
Key Distribution Center
KEK
Key Encryption Key
L2TP
Layer 2 Tunneling Protocol
LAN
Local Area Network
See also: CAN, MAN, SAN, WAN
LDAP
Lightweight Directory Access Protocol
LEAP
Lightweight Extensible Authentication Protocol
MaaS
Monitoring as a Service
MAC
Mandatory Access Control OR Media Access Control OR Message Authentication Code
MAN
Metropolitan Area Network
MBR
Master Boot Record
MD5
Message Digest 5
MDF
Master Distribution Frame
MDM
Mobile Device Management
MFA
Multifactor Authentication
MFD
Multi-function Device
MIME
Multipurpose Internet Mail Exchange
MITM
Man-in-the-Middle
MMS
Multimedia Message Service
MOA
Memorandum of Agreement
MOTD
Message of the Day
MOU
Memorandum of Understanding
MPLS
Multi-Protocol Label Switching
MSCHAP
Microsoft Challenge Handshake Authentication Protocol
MSP
Managed Service Provider
MTBF
Mean Time Between Failures
MTTF
Mean Time To Failure
MTTR
Mean Time to Repair or Restore
MTU
Maximum Transmission Unit
NAC
Network Access Control
NAT
Network Address Translation
NDA
Nondisclosure Agreement
NFC
Near Field Communication
NGAC
Next Generation Access Control
NIDS
Network-based Intrusion Detection System
NIPS
Network-based Intrusion Prevention System
NIST
National Institute of Standards & Technology
NTFS
New Technology File System
NTLM
New Technology LAN Manager
NTP
Network Time Protocol
OAUTH
Open Authorization
OCSP
Online Certificate Status Protocol
OID
Object Identifier
OS
Operating System
OTA
Over The Air
OVAL
Open Vulnerability Assessment Language
P12
PKCS #12
P2P
Peer to Peer
PaaS
Platform as a Service.
PAC
Proxy Auto Configuration
PAP
Password Authentication Protocol
PAT
Port Address Translation
PBKDF2
Password-based Key Derivation Function 2
Key Stretching Algorithm. Key stretching makes a possibly weak key, typically a password or passphrase, more secure against a brute-force attack by increasing the time it takes to test each possible key. PBKDF2 applies some function (like a hash or HMAC) to the password or passphrase along with Salt to produce a derived key. Bcrypt is another method of key stretching.
PBX
Private Branch Exchange
PCAP
Packet Capture
PEAP
Protected Extensible Authentication Protocol
PED
Personal Electronic Device
PEM
Privacy-enhanced Electronic Mail
PFS
Perfect Forward Secrecy
PFX
Personal Exchange Format
PGP
Pretty Good Privacy
PHI
Personal Health Information
PII
Personally Identifiable Information
PKI
Public Key Infrastructure
POODLE
Padding Oracle on Downgrade Legacy Encryption
POP
Post Office Protocol
POTS
Plain Old Telephone Service
PPP
Point-to-Point Protocol
PPTP
Point-to-Point Tunneling Protocol
PSK
Pre-shared Key
PTZ
Pan-Tilt-Zoom
PVI
Personal Identity Verification
RA
Recovery Agent OR Registration Authority
RAD
Rapid Application Development
RADIUS
Remote Authentication Dial-in User Server
RAID
Rudundant Array of Independent/Inexpensive Disks
RAS
Remote Access Server
RAT
Remote Access Trojan
RBAC
Role-based Access Control OR Rule-based Access Control
RC4
Rivest Cipher version 4
RDP
Remote Desktop Protocol
REST
Representational State Transfer
RFID
Radio Frequency Identifier
RIPEMD
RACE Integrity Primitives Evaluation Message Digest
RMF
Risk Management Framework
ROI
Return on Investment
RPO
Recovery Point Objective
RSA
Rivest, Shamir, and Adleman
RTBH
Remotely Triggered Black Hole
RTO
Recovery Time Objective
RTOS
Real-time Operating System
RTP
Real-time Transport Protocol
S/MIME
Secure/Multipurpose Internet Mail Extensions
SaaS
Software as a Service
SAML
Security Assertions Markup Language
SAN
Storage Area Network
SCADA
System/Supervisory Control and Data Acquisition
SCAP
Security Content Automation Protocol
SCEP
Simple Certificate Enrollment Protocol
SCP
Secure Copy
SCSI
Small Computer System Interface
SDK
Software Development Kit
SDLC
Software Development Life Cycle
SDLM
Software Development Life Cycle Methodology
SDN
Software-Defined Networking
SDN
Software-Defined Networking
SED
Self-encrypting drive
SFTP
Secured File Transfer Protocol
SHA
Secure Hashing Algorithm
SHE
Structured Exception Handler
SHTTP
Secure Hypertext Transfer Protocol
SIEM
Security Information and Event Management
SIM
Subscriber Identity Module
SIPS
Session Initiation Protocol
SIPS
Session Initiation Protocol Secure
SLA
Service Level Agreement
SLE
Single Loss Expectancy
SMB
Server Message Block
SMS
Short Message Service
SMTP
Simple Mail Transfer Protocol
SMTPS
Simple Mail Transfer Protocol Secure
SNMP
Simple Network Management Protocol
SOAP
Simple Object Access Protocol
SoC
System on Chip
SPF
Sender Policy Framework
SPIM
Spam over Internet Messaging
SPOF
Single Point of Failure
SQL
Structured Query Language
SRTP
Secure Real-Time Protocol
SSD
Solid State Drive
SSH
Secure Shell
SSID
Service Set Identifier
SSL
Secure Sockets Layer
SSO
Single Sign-on
SSP
System Security Plan
STP
Shielded Twisted Pair OR Spanning Tree Protocol
STP
Spanning Tree Protocol
TACACS+
Terminal Access Controller Access Control System Plus
TCO
Total Cost of Ownership
TCP/IP
Transmission Control Protocol/Internet Protocol
TGT
Ticket Granting Ticket
TKIP
Temporal Key Integrity Protocol
TLS
Transport Layer Security
TOTP
Time-based One-time Password
TPM
Trusted platform modules
TSIG
Transaction Signature
UAT
User Acceptance Testing
UAV
Unmanned Aerial Vehicle
UDP
User Datagram Protocol
UEFI
Unified Extensible Firmware Interface
UPS
Uninterruptible Power Supply
URI
Uniform Resource Identifier
URL
Universal Resource Locator
USB
Universal Serial Bus
USB OTG
USB On The Go
UTM
Unified Threat Management
UTP
Unshielded Twisted Pair
VDE
Virtual Desktop Environment
VDI
Virtual Desktop Infrastructure
VLAN
Virtual Local Area Network
VLSM
Variable Length Subnet Masking
VM
Virtual Machine
VoIP
Voice over IP
VPN
Virtual Private Network
VTC
Video Teleconferencing
WAF
Web Application Firewall
WAP
Wireless Access Point
WEP
Wired Equivalent Privacy
WIDS
Wireless Intrusion Detection System
WIPS
Wireless Intrusion Prevention System
WORM
Write Once Read Many
WPA2
WiFi Protected Access 2
WPS
WiFi Protected Setup
WTLS
Wireless TLS
XML
Extensible Markup Language
XOR
Exclusive Or
XSRF
Cross-site Request Forgery
XSS
Cross-site Scripting
