Vocabulary2 Flashcards
SPI
SPI Security Parameter Index?Used to identify simplex IPsec security associations.
SSL
SSL Secure Sockets Layer?Authenticates and provides confidentiality to network traffic such as Web traffic.
WPA
WPA Wi-Fi Protected Access?A partial implementation of 802.11i.
multitasking
Multitasking Allows multiple tasks (heavy weight processes) to run simultaneously on one CPU.
POTS
POTS Plain Old Telephone Service?Analog phone service.
virtual memory
Virtual memory Provides virtual address mapping between applications and hardware memory.
phishing
Phishing Malicious attack that poses as a legitimate site such as a bank, attempting to steal account credentials.
PVC
PVC Permanent Virtual Circuit?A circuit that is always connected.
SLE
SLE Single Loss Expectancy?The cost of a single loss.
striping
Striping Spreading data writes across multiple disks to achieve performance gains, used by some levels of RAID.
thin client applications
Thin client applications Uses a Web browser as a universal client, providing access to robust applications that are downloaded from the thin client server and run in the client?s browser.
reference monitor
Reference monitor Mediates all access between subjects and objects.
SOAP
SOAP Originally stood for Simple Object Access Protocol, now simply ?SOAP??Used to implement Web services.
T3
T3 28 Bundled T1s.
RFC 1918
RFC 1918 addresses Private IPv4 addresses that may be used for internal traffic.
social engineering
Social engineering Uses the human mind to bypass security controls.
star
Star Physical network topology that connects each node to a central device such as a hub or a switch.
Optimizing
Optimizing Phase 5 of CMM.
strong tranquility propery
Strong tranquility property Bell?LaPadula property that states that security labels will not change while the system is operating.
type 2 authentication
Type 2 authentication Something you have.
permutation
Permutation Provides confusion by rearranging the characters of the plaintext, anagram-style; also called transposition.
quantitative risk analysis
Quantitative risk analysis RA method that uses hard metrics such as dollars.
remote wipe
Remote wipe The ability to remotely erase a mobile device.
polymorphic virus
Polymorphic virus Virus that changes its signature upon infection of a new system, attempting to evade signature-based antivirus software.
server-side attack
Server-side attack Attack launched directly from an attacker to a listening service; also called service-side attack.
slack space
Slack space Space on a disk between the end-of-file marker and the end of the cluster.
thread
Thread A lightweight process (LWP).
savepoint
Savepoint A clean snapshot of the database tables.
USA PATRIOT Act
USA PATRIOT Act Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001.
VPN
VPN Virtual Private Network?A method to send private data over an insecure network, such as the Internet.
SHA-1
SHA-1 Secure Hash Algorithm 1?A hash function that creates a 160-bit message digest.
Ping of Death
Ping of death DoS that sends a malformed ICMP echo request (ping) that is larger than the maximum size of an IP packet.
scrum master
Scrum master Senior member of the organization who acts as a coach for the Scrum team.
security domain
Security domain The list of objects a subject is allowed to access.
total cost of ownership
Total Cost of Ownership The cost of a safeguard.
ticket
Ticket Data that authenticates the identity of a Kerberos principal.
throughput
Throughput The process of authenticating to a system (such as a biometric authentication system).
NIC
NIC Network Interface Card?A card that connects a system to a network.
RSN
RSN Robust Security Network?Part of 802.11i that allows changes to cryptographic ciphers as new vulnerabilities are discovered.
smart card
Smart card A physical access control device containing an integrated circuit; also known as an integrated circuit card (ICC).
PEAP
PEAP Protected EAP?Similar to EAP-TTLS, including not requiring client-side certificates.
S/MIME
S/MIME Secure/Multipurpose Internet Mail Extensions?Leverages PKI to encrypt and authenticate MIME-encoded email.
simplex
Simplex One-way communication, like a car radio tuned to a music station.
NAT
NAT Network Address Translation?Translates IP addresses.
passive RFID
Passive RFID Unpowered RFID tags.
object
Object A data file.
VoIP
VoIP Voice over Internet Protocol?Carries voice via data networks.
open system
Open system System using open hardware and standards, using standard components from a variety of vendors.
NDA
NDA Non-Disclosure Agreement?A contractual agreement that ensures that an individual or organization appreciates their legal responsibility to maintain the confidentiality of sensitive information.
Passphrase
Passphrase A long static password, comprised of words in a phrase or sentence.
unallocated space
Unallocated space Portions of a disk partition that do not contain active data.
Outsourcing
Outsourcing Use of a third party to provide information technology support services that were previously performed in-house.
TAP
TAP Test Access Port?Provides a way to tap into network traffic and see all unicast streams on a network.
OECD
OECD Privacy Guidelines Organization for Economic Cooperation and Development privacy guidelines, containing eight principles.
referential integrity
Referential integrity Requires that every foreign key in a secondary table matches a primary key in the parent table.
SIGABA
SIGABA Rotor machine used by the United States through World War II into the 1950s.
Standards
Standard Describes the specific use of technology, often applied to hardware and software; an administrative control.
religious law
Religious law Legal system that uses religious doctrine or interpretation as a source of legal understanding and statutes.
RST
RST Reset (tear down) a connection?TCP flag.
weak tranquility property
Weak tranquility property Bell-LaPadula property that states that security labels will not change in a way that violates security policy.
patent
Patent Intellectual property protection that grants a monopoly on the right to use, make, or sell an invention for a period of time.
registers
Registers Small storage locations used by the CPU to store instructions and data.
semantic integrity
Semantic integrity Requires that each value is consistent with the attribute data type.
SSO
SSO Single Sign-On?Allows a subject to authenticate once and then access multiple systems.
system unit
System unit Computer case, containing all of the internal electronic computer components, including motherboard, internal disk drives, power supply, etc.
return on investment
Return on Investment Money saved by deploying a safeguard.
spoofing
Spoofing Masquerading as another endpoint.
simple security property
Simple security property Bell?LaPadula property that states ?no read up? (NRU).
query language
Query language Language that searches and updates a database.
network model (databases)
Network model (databases) Type of hierarchical database that allows branches to have two parents.
SVC
SVC Switched Virtual Circuit?A circuit that is established on demand.
wassenaar arrangement
Wassenaar Arrangement Munitions law that followed COCOM, beginning in 1996.
non-repudiation
Non-repudiation Assurance that a specific user performed a specific transaction and assurance that the transaction did not change.
teardrop attack
Teardrop attack A malformed packet DoS attack that targets issues with system fragmentation reassembly.
warded lock
Warded lock Preventive device that requires a key to be turned through channels (called wards) to unlock.
SP
XP Extreme Programming?An Agile development method that uses pairs of programmers who work off a detailed specification.
RAID 2
RAID 2 RAID hamming code.
Real evidence
Real evidence Evidence consisting of tangible or physical objects.
pseudo guard
Pseudo guard An unarmed security guard.
security assessments
Security assessments A holistic approach to assessing the effectiveness of access control; may use other tests as a subset, including penetration tests and vulnerability scans.
smurf attack
Smurf attack Attack that uses an ICMP flood and directed broadcast addresses.
SaaS
SaaS Software as a Service?Completely configured cloud-based application, from the operating system on up.
promiscuous access
Promiscuous access The ability to sniff all traffic on a network.
RAID 6
RAID 6 RAID striped set with dual distributed parity.
vulnerability scanning
Vulnerability scanning A process to discover poor configurations and missing patches in an environment.
vulnerability
Vulnerability A weakness in a system.
SDSL
SDSL Symmetric Digital Subscriber Line?DSL with matching upload and download speeds.
SMDS
SMDS Switched Multimegabit Data Service?An older WAN technology that is similar to ATM.
OFB
OFB Output Feedback?A stream mode of DES that uses portions of the key for feedback.
product owner
Product owner Scrum role that serves as the voice of the business unit.
twofish
Twofish Encrypts 128-bit blocks using 128 through 256 bit keys; AES finalist.
tuple
Tuple A row in a relational database table.
RPO
RPO Recovery Point Objective?The amount of data loss or system inaccessibility (measured in time) that an organization can withstand.
WPA2
WPA2 Wi-Fi Protected Access 2?The full implementation of 802.11i.
SMTP
SMTP Simple Mail Transfer Protocol?A store-and-forward protocol used to exchange email between servers.
RIP
RIP Routing Information Protocol?A distance vector routing protocol that uses hop count as its metric.
parity
Parity A means to achieve data redundancy without incurring the same degree of cost as that of mirroring in terms of disk usage and write performance.
SLA
SLA Service Level Agreement?Contractual agreement that helps ensure availability.
SYN
SYN Synchronize a connection?TCP flag.
* security property
* Security property Bell?LaPadula property that states ?no write down.?
NIDS
NIDS Network-based Intrusion Detection System?A detective technical control.
prudent man rule
Prudent man rule Organizations should engage in business practices that a prudent, right-thinking person would consider to be appropriate.
problem domain
Problem domain A specific challenge that needs to be addressed.
POP
POP Post Office Protocol?An email client protocol.
wiping
Wiping Writes new data over each bit or block of file data; also called shredding.
PSH
PSH Push data to application layer?TCP flag.
subject
Subject An active entity on an information system that accesses or changes data.
multiprocessing
Multiprocessing Runs multiple processes on multiple CPUs.
panic bar
Panic bar Egress device that opens externally facing doors from the inside.
non-discretionary access control
Non-discretionary access control Access control based on subjects? roles or tasks.
packet
Packet Layer 3 PDU.
plaintext
Plaintext An unencrypted message.
RC6
RC6 Rivest Cipher 6; symmetric block cipher by RSA Laboratories and an AES finalist.
use limitation principle
Use limitation principle OECD privacy guideline principle that states that personal data should never be disclosed without either the consent of the individual or a legal requirement.
SSID
SSID Service Set Identifier?Acts as a wireless network name.
UDP
UDP User Datagram Protocol?A simpler and faster cousin to TCP.
simulation test
Simulation test Recovery from a pretend disaster; goes beyond talking about the process and actually has teams carry out the recovery process.
well-formed transactions
Well-formed transactions Clark?Wilson control to enforce control over applications.
TGS
TGS Ticket Granting Service?A Kerberos service that grants access to services.
OEP
OEP Occupant Emergency Plan?A facility-based plan focused on safety and evacuation.
spiral model
Spiral model Software development model designed to control risk.
T1
T1 A dedicated 1.544-megabit circuit that carries 24 64-bit DS0 channels.
rule-based access control
Rule-based access control Uses a series of defined rules, restrictions, and filters for accessing objects within a system.
TCSEC
TCSEC Trusted Computer System Evaluation Criteria (Orange Book)?Evaluation model developed by the U.S. Department of Defense.
procedural languages
Procedural languages Programming languages that use subroutines, procedures, and functions.
Salt
Salt Allows one password to hash multiple ways.
typosquatting
Typosquatting Registering Internet domain names comprised of likely misspellings or mistyping of legitimate domain trademarks.
regression testing
Regression Testing Testing software after updates, modifications, or patches.
Ping
Ping Sends an ICMP echo request to a node and listens for an ICMP echo reply.
relational database
Relational database Contains two-dimensional tables of related data.
provide diligent and competent service to principals
Provide diligent and competent service to principals. Third canon of the (ISC)2 Code of Ethics.
Plan maintenance
Plan maintenance Seventh step of the NIST SP 800?34 contingency planning process.
warm site
Warm site A backup site with all necessary hardware, connectivity, and configured computers without live data.
process isolation
Process isolation Logical control that attempts to prevent one process from interfering with another.
static password
Static password Reusable passwords that and may or may not expire.
PDA
PDA Personal Digital Assistant?A small networked computer that can fit in the palm of your hand.
password guessing
Password guessing An online technique that involves attempting to authenticate as a particular user to the system.
vigenere cipher
Vigenre cipher Polyalphabetic cipher that uses a Vigenre square, named after Blaise de Vigenre.
RC4
RC4 Rivest Cipher 4; used to provide confidentiality by WPA.
remanence
Remanence Data that might persist after removal attempts.
passive infrared sensor
Passive infrared sensor Passive motion detector that detects infrared energy created by body heat.
southbridge
Southbridge Connects input/output (I/O) devices, such as disk, keyboard, mouse, CD drive, USB ports, etc.
truth table
Truth table Table used to map all results of a mathematical operation, such as XOR.
rootkit
Rootkit Malware that replaces portions of the kernel and/or operating system.
packet filter
Packet filter A simple and fast firewall that has no concept of state.
SYN flood
SYN flood Resource exhaustion DoS attack that fills a system?s half-open connection table.
token ring
Token ring Legacy LAN technology that uses tokens.
RAM
RAM Random Access Memory?Memory that allows any address to be directly accessed.
photoelectric motion sensor
Photoelectric motion sensor Active motion detector that sends a beam of light across a monitored space to a photoelectric sensor.
retina scan
Retina scan Biometric laser scan of the capillaries that feed the retina.
TNI
TNI Trusted Network Interpretation (Red Book).
XSS
XSS Cross-Site Scripting?Third-party execution of Web scripting languages such as JavaScript within the security context of a trusted site.
RAID 3
RAID 3 RAID striped set with dedicated parity (byte level).
responsible disclosure
Responsible disclosure The practice of privately sharing vulnerability information with a vendor and withholding public release until a patch is available.
threat agents
Threat agents The actors causing the threats that might exploit a vulnerability.
SNMP
SNMP Simple Network Management Protocol?Used to monitor network devices.
take-Grant protection model
Take?Grant Protection Model Determines the safety of a given computer system that follows specific rules.
storage channel
Storage channel Covert channel that uses shared storage, such as a temporary directory, to allow two subjects to signal each other.
PDU
PDU Protocol Data Unit?A header and data at one layer of a network stack.
TCP/IP
TCP/IP model A network model with four layers: network access, Internet, transport, and application.
NIPS
NIPS Network Intrusion Prevention System?A preventive device designed to prevent malicious network traffic.
primary key
Primary key Unique attribute in a relational database table, used to join tables.
steganography
Steganography The science of hidden communication.
TCP
TCP Transmission Control Protocol?Uses a three-way handshake to create reliable connections across a network.