1. 802.1x ?
    • A port based authentication protocol. Wireless can use 802.1X for example WPA2?
    • Enterprise mode uses an 802.1X (RADIUS) to add authentication.
  2. 3DES ?
    Triple Digital Encryption Standard. A symmetric algorithm used to encrypt data and provide confidentiality. It was orginally designd as a replacement for DES. It uses multiple keys and multiple passes and is not as effecient as AES, but is still used in some applications, such as when hardware doesn't support AES.
  3. AAA ?
    Authentication, Authorization and Accounting. AAA protocols are used in remote access systems. For example, TACACS+ is an AAA protocol that uses multiple challenges and responses during a session. Authentication verifies a user's identification. Authorizations determins if a user should have access. Accounting tracks a users's access log.
  4. ACE ?
    Access control Entry. Identifies a user or group that is granted permission to a resource. ACE's are contained within a DACL in NTFS
  5. ACL ?
    Access control list. A list of rules used to grant access to a resource. In NTFS, a list of ACE's makes upmakes up the ACL for a resource. In a firewall, an ACL identifies traffix that is allowed or blocked based on IP addess. networks, ports, and some protocols (using protocol ID)
  6. AES ?
    Advanced Encryption Standard. A symmetric algorithm used to encrypt data and provide confidentiality. AES is quick, highly secure, and used in a wide assortment of cryptgraphy schemes. It includes key sizes of 128bits, 192 bits, 256 bits.
  7. AES256 ?
    • Advanced Encryption Standard 256bit. AES sometimes includes the number of bits used in encryption keys and AES256 uses 256?
    • bit encryption keys.
  8. AH ?
    Authentication Header. IPsec includes both AH and ESP. AH provides authentication and integrity , and ESP provides confidentiality, integrity and authentication. AH is identified with protocol ID number 51
  9. ALE ?
    Annualized Loss Expectancy. Used to measure risk with annualized rate of occurance (ARO) and single loss expectancy (SLE). The ALE identifies the total amount of loss expected for a given risk. The calculation is SLE x ARO = ALE.
  10. AP ?
    Access Point. short for wirless access point WAP. AP's provide access to a wired network to wireless clients. Many AP's support isolation mode to segment wireless users from other wireless users.
  11. ARO ?
    Annualized Rate of Occurance. Used to measure risk with annualized rate of occurance (ARO) and single loss expectancy (SLE). The ALE identifies the total amount of loss expected for a given risk. The calculation is SLE x ARO = ALE.
  12. ARP ?
    Address Resolution Protocol. Resolves IP addresses to MAC addresses. ARP poisoning attacks can redirect traffic through an attacker's system by sending false MAC address updates. VLAN segregation helps prevent the scop of ARP poisoning attacks within a network.
  13. AUP ?
    Acceptable Use policy. An AUP defines proper system usage. It will often describe the purpose of computer systems and networks, how users can access them, and the responsibilities of users when accessing systems.
  14. BCP ?
    Business Continuity plan. A plan that helps an organization predict and plan for potential outages of critical services or functions. It includes disaster recovery elements that provide the steps used to return critical functions to operation after an outage. A BIA is part of BCP and the BIA drives decisions to create redundacies such as failover clusters or alternate sites.
  15. BIA ?
    Business Impact Analysis. The BIA identifies critical business or mission requirements and includes elements such as Recovery Time Obectives RTO's and Recovery Point Objectives RPO's, but it doesn't identify solutions.
  16. BIOS ?
    Basic Input/Output System. A computer's firmware used to manipulate differen settings such as date and time, boot drive, and access password.
  17. BOTS ?
    • Network Robots. An automated program or system used to perform one or more tasks. A malicious botnet is a group of computers called zombies an controlled through a command?
    • and?
    • control server. Attackers use malware to join computers to botnets. Zombies regularly check in with the command?
    • and?
    • control server and can launch DDoS attacks against other victims. Botnet activity often includes hundreds of outbound connections, and some botnets use Internet Relay Chat (IRC) channels.
  18. CA ?
    Certificate Authority. An organization that manages, issues, and signs certificates and is port of a PKI. Certificates are an important part of asymmetric encryption. Certificates include public keys along with details on the owner of the certificate and on the CA that issued the certificate. Certificate owners share their public key by sharing a copy of their certificate.
  19. CAC ?
    • Common Access Card. A specialized. A specialized type of smart card used by United States Department of Defense. It includes photo identification and provides confidetiality, integrity, authentication, and non?
    • repudiation for the users. It is similar to a PIV.
  20. CAN ?
    Controller Area Network. A standard that allows microcontrollers and devices to communicate with each other without a host computer.
  21. CCMP ?
    Counter mode with CIpher Block Chaining message Authentication Code protocol. An encryption protocol based on AES used with WPA2 for wireless security. It is more secure then TKIP, used with original release of WPA.
  22. CCTV ?
    Closed circuit television. this is a detective control that provides video surveillance. Video surveillance provides reliable proof of a person's location and activity. It can be used by an organization to verify if any equiptment or data is being removed.
  23. CERT ?
    Computer Emergency Response Team. A group of experts that respond to security incidents. Also known as CIRT, SIRT, IRT.
  24. CHAP ?
    • Challenge Handshake Authentication Protocol. Authentication mechanism where a server challenges a client. MS?
    • CHAPv2 is an improvement over CHAP and uses mutual authentication.
  25. CIA ?
    Confidetiality, Integrity, and Availability. these three form the security triad. Confidentiality helps prevent the unauthorized disclosure of data. Integrity provides assurances that data has not been modified. tampered with, or corrupted. Availability indicates that data and services are available when needed.
  26. CIRT ?
    Computer Incident Response Team. A group of experts that respond to security incidents. Also known as CERT, SIRT, or IRT
  27. COOP ?
    Continuity of operations Plan. A COOP site provides an alternate location for operations after a critical outage. A hot site includes personnel. equiptment, software, and communications capabilities of the primary site with all the data up to date. A hot site can take over for a failed primary site within an hour. A cold site will have power and connectivity needed for COOP activation, but little else. A warm site is a compromise between a hot site and a cold site.
  28. CRC ?
    Cyclic Redunacy Check. An error detection code used to detect accidental changes to that effect the integrity of the data.
  29. CRL ?
    Certification Revocation List. A list of certificates that have nee revoked. Certificates are commonly revoked if they are compromised. The certificate authority CA that issed the certificat publishes CRL and a CRL is public.
  30. DAC ?
    Discresionary Access control. An access control model where all objects have owners and owners can modify permission for the object (files and folders). Microsofts 's NTFS uses the DAC model. Other access control models are MAC and RBAC.
  31. DACL ?
    Discretionary Access Control List. List of Access Control Entries (ACE's) in Microsoft's NTFS. Each ACE includes a security identifier SID and a permission.
  32. DDoS ?
    Distributed Denial of Service. An Attack on a system launched from multiple sources intended to make a computer;s resources or services unavailable to users. DDoS attacks are often launched from zombies in botnets. DDos attacks typically include sustained abnormallly high traffic. A performance baseline helps administrators detect a DDoS. Compare to DOS
  33. DEP ?
    Data Execution Prevention. A security feature in some operating systems. it helps prevent an application or service from executing code from a nonexecutable memory region.
  34. DES ?
    Digital encryption Standard. An older symmetric encryption standard used to proide confidentiality. DES uses 56 bits and is considered cracked.
  35. DHCP ?
    Dynamic Host Configuration protocol. A service used to dynamically assign TCP/IP configuration information to clients. DHCP is often used to assign IP addresses, subnet masks, default gateways, DNS server addresses, and much more.
  36. DLL ?
    Dynamic Link Library. A compiled set of code that can be called from other programs.
  37. DLP ?
    • Data loss protection. A network based DLP system can examine and analyze network traffic. It can detect if confidential company data or any PII data is included in e?
    • mail and reduce the risk of internal users e?
    • mailing sesnsitive data outside the organization.
  38. DMZ ?
    • Demilitarized zone. Area between two firewalls separating the Internet and internal network. A DMZ provides a layer of protection for Internet?
    • facing servers. It allows access to a server or service for Internet users while segmenting and protecting access to the internal network.
  39. DNS ?
    Domain Name System. Used to resolve host names to IP addresses. DNS is the primary name resolution service used on the internet and is also used on internal netowrks. DNS uses port 53. DNS poisoning attemps to modify or corrupt cached DNS results. A pharming attack is a specific type of DNS poisoning attack that redirects a website's traffic to another website.
  40. DoS ?
    Denial of Service. An attack from a single source that attemps to disrupt the services provides by another system. Examples include SYN flood, smurf, and some buffer overfow attcks. Compare to DDoS.
  41. DRP ?
    Disaster Recovery Plan. A document designed to help a company respond to disasters, such as floods and fires. It includes a hierarchal list of critical systems and often prioritizes services to restore after an outage. Testing validates the plan. Recovered systems are tested before returning then to operation, and this can include comparison baselines. The final phase of disaster recovery includes review to identify any lessons learned an may incldue an update of the plan.
  42. DSA ?
    • Digital Signature Algorithm. A digital signature is an encrypted hash of a message. The sender's private key encrypts the hash of the message to create the digital signature. The recipient decrypts the hash with the sender's public key and if sucessful, it provides authentication, non?
    • repudiation, and integrity. Authentication identifies the sender. integrity verifies the message has not bee modified. non?
    • repudiation is used with online transaltions and prevents the sender from later denying the email was sent.
  43. EAP ?
    Extensible Authentical protocol. Authentication framework the provides general guidance for authentication methods. Variations include LEAP, and PEAP.
  44. ECC ?
    Elliptic curve cryptography. An Asymmetric encryption algorithm commonly used with smaller wireless devices. It uses smaller key sizes and requires less processing pwer than many other encryption methods.
  45. EFS ?
    Encypting File System. A feature within NTFS on Windows systems that supports encrypting individual files or folders for confidentiality.
  46. EMI ?
    Electromagnetic interference. Interference caused by motors, power lines and fluorescent lights. Cables can be shielded to protect signals from EMI. Additionally, EMI shielding preovents signal emanation, so it can prevent someone from capturing network traffix.
  47. ESP ?
    Encapsulating Security Protocal. IPsec includes both AH and ESP. AH provides authentication and integrity. , and ESP provides confidetiality, integrity, and authentication. ESP is identified with protocol ID 50
  48. FTP ?
    File Transfer Protocol. Used to upload and download files to an FTP sever. FTP uses ports 20 and 21. Secure FTP (SFTP) uses SSH for encryption on port 22. FTP Secure FTPS uses SSl or TLS for encryption.
  49. FTPS ?
    File Transfer Protocol Secure. An extension of FTP that uses SSL or TLS to encrypt FTP traffic. Some Implementations of FTPS uses port 989 and 990.
  50. GPG ?
    GNU Privacy Guard. Free software that is based on the OpenPGP standard. it is similar to PGP but avoids any conflict with existing licenseing by using open standards.
  51. GPO ?
    • Group Policy object. Group Policy is used within Microsoft Windows to manage users and computers. It is implemented on a domain controller within a domain. Administrators use it to create password policies, lock down GUI, configure host?
    • based firewalls and much more.
  52. GPS ?
    Global Positioning System. GPS tracking can help locate mobile devices. Remote wipe, or remote sanitize, erases all data on lost devices. Full disk encryption protects the data on the device if lost.
  53. GRE ?
    Generic Routing Encapsulation. A tunneling protocol developed by Cisco.
  54. GUI ?
    Graphical user interface. Users interact with the graphical elements instead of typing in commands from a text interface. Windows is an example.
  55. HDD ?
    Hard Disk Drive. A disk Drive that has one or more platters and a spindle. In contrast flash drives use flash memory.
  56. HIDS ?
    Host Based Intrusion Detection System. An IDS is used to monito an individual server or work station. It protects local resources on the host such as the operating system files.
  57. HIPS ?
    Host based Intrusion prevention system. An extension of a host based IDS. Designed to react in real time to cheach an attack in action.
  58. HMAC ?
    • Hash Based Message Authentication HMAC is a fixed length string of bits similar to other hashing algorithms such as MD5 and ShA?
    • 1, but it also uses a secrect key to add some randomness to the result .
  59. HSM ?
    • Hardware Security Module. A removeable or external device that can generate, store, and manage RSA keys used in asymmetric encryption. High?
    • Volume ecommerce sites use HSMs to increase the performance of SSL sessions. High Availability clusters needing encryption services can use clustered HSM's.
  60. HTML ?
    • Hypertext Markup Language. Language used to create web pages sever on the internet. HTML documents are displayed by web browsers and delivered over the internet using HTTP or HTTPS. It uses less than and greater than char <> to create tages. many sites use input validation to block these tags and prevent cross?
    • site scripting attacks.
  61. HTTP ?
    Hypertext Transfer protocol. Used for web traffic on the Internet and intranets. HTTP used port 80
  62. HTTPS ?
    Hypertext Tranfser protocol Secure. Encrypts HTTP traffick with SSK or TLS using port 443
  63. HVAC ?
    Heating ventilation, and air conditioning. HVAC systems increase avaialability by regulating air flow wintin data centers and server rooms. the use hot and col to regulate the cooling, thermostats to ensure a relatively constant temperature, and humidity controls to reduce the potential for static discharges, and damage from condensation. They are often integrated with fire alarm systems and either have dampers or the ability to turned off in the event of a fire.
  64. Iaas ?
    Infrastructure as a Service. A cloud computing technology useful for heavily utilized stsems and networks. organizations can limit their hardware footprint and personnel costs by renting access to hardware such as servers. Comare to PaaS and SaaS.
  65. ICMP ?
    Internet Control message protocol. Used for diagnostics such as ping. Many DoS attacks use ICMP. It is common to block ICMP at firewalls and routers. If ping fails, but other connectivity to a server suceeds, it indicates the ICMP is blocked.
  66. ID ?
    Identification . for example a protocol ID identifies a protocol based on a number. AH is identified with protocol id 51 and ESP with 50.
  67. IDS ?
    Intrusion Detection System. A detective control used to detect attacks after they occur. A signature based IDS (also call definition based) used a database of predefined traffic patterns. An anomaly based IDS (also called behavior based) starts with a performance baseline of normal behavior and compared network traffic against the baseline. An IDS can be either hast based HIDS or network based NIDS. In contrast a firewall is a preventative control that attempts to prevent the attacks before they occur. An IPS is a preventative control that will stop an attack in progress.
  68. IEEE ?
    Institute of Electrical and Electronic Engineers. International organization with a focus on electrical, electronics and information technology topics. IEEE standards are well respected and followed by vendors around the world.
  69. IGMP ?
    Internal Group Management protocol. Used for multicasting. Computers belongin to a multicasting group have a multicasting IP address in addition to a standard unicast IP address.
  70. IIS ?
    Internet Information Services. A microsoft Windows web server. IIS comes from with Microsoft Windows Server products.
  71. IKE ?
    Internat Key Exchange. Used with IPsec to creat a secure channel over port 500 in a VPN tunnel.
  72. IM ?
    Instand messaging. Real time direct text based communication between two or more poeple, often refered to a chat.
  73. IMAP4 ?
    Internet message Access Protocol v4. used to store email on servers an allow clients to manage their email on the server. IMAP4 uses port 143.
  74. IPS ?
    Intrusion preventions system. A preventative control that will stop an attack in progress. It is similar to an active IDS except that it is place in line with traffic. An IPS can activly monitor data streams, detect malicious content, and stop attacks in progress.
  75. IPsec ?
    Internet Protocol Security. used to encrypt traffix on the wire an can operate in both tunnel mode and transport mode. it uses tunnel mode for VPN traffix. IPsec is built into IPv6, but can also work with IPv4 and it include both AH and ESP. AH provides authenticationand integrity, ESP provides confidentiality, integrity, and authentication. IPsec uses port 500 for IKE with VPN connections.
  76. IPv4 ?
    Internet Protocol Version 4, Indentifies hosts using 32 bit address. IPv4 is expressed in dotted decimal format with decimal numbers separated by dots or periods.
  77. IPv6 ?
    Internet Protocol Version 6, Indentifies hosts using a128 bit address. IPv6 is expressed as eight groups of fout hexadecimal char.
  78. IRC ?
    Internet Relay Chat. A form of real time Internet text messaging often used with chat sessions. Some botnets have used IRC channels to control zombie computers through a command and control server.
  79. IRT ?
    Incident Response team. A group of experts that respond to security incidents Also known as CERT, CIRT, SIRT.
  80. ISP ?
    Internet Service Provider. Company that provides Internet access to customers.
  81. IV ?
    Initialization Vector. An provides randomness of encryption keys to help ensure that keys are not reused. WEP was suseptible to IV attacks because it used relatively small IV's. In an IV attack, the attacker uses packet injection , increasing number of packets to analyse, and discovers the encryption key.
  82. KDC ?
    Key Distribution Center. Part of the Kerberos protocol used from network authentication. the KDC issues time stamped tickets that expire.
  83. L2TP ?
    layer 2 Tunneling protocol. tunneling protocol used with VPN's. L2TO is commingly used with IPsec and uses port 1701.
  84. LAN ?
    Local Area Network. Group of hosts connected within a network.
  85. LANMAN ?
    Local Area Network Manager. Older authentication protocol used to provide backward compatibility to Windows 9x clients. LANMAN passwords are easily cracked due to how they are stored.
  86. LDAP ?
    Lightwieght Directory Access Protocol. Language used to communicate with directorys such as Microsoft's Active Directory. It provides a central location to manage user accounts and other directory objects. LDAP uses port 389 when unencrypted and port 636 when encrypted.
  87. LEAP ?
    Lightwieght Extensible Authentication Protocol. A modified version of the Challenge Handshake Authentication Protocol. CHAP by Cisco.
  88. MAC ?
    Mandatory Access Control. Access control model that uses sensitivity labels assigned to objects (files and folders) and subjects (users). SE Linux (deplayed in both Linux and UNIX) is a trusted operating system platform using the MAC model. Other Access control models are DAC and RBAC.
  89. MAC ?
    Message authentication code. Method used to provide inegrity for messages. A MAC uses a secret key to encrypt the hash. Some versions called HMAC.
  90. MAN ?
    Metropolitan Area Network. A computer network that spans a metropolitan area such as a city or large campus.
  91. MBR ?
    Master Boot Record. An Area on a hard disk in it's first sector. When the BIOS boots a system, it looks at the MBR for instruction and information on how to boot the disk and load the operating system. Some Malware tries to hide here.
  92. MD5 ?
    Message Digest 5. A hashing function used to provide integrity. MD5 uses 128 bits. A hash is simply a number created by applying the algorithm toa file or message at different times. the hashes are compared to each other to verify the integrity has been maintained.
  93. MITM ?
    Man In the Middle. A MITM attack is a form of active interception allowing an attacker to intercept traffic an insert malicious code sent to other clients. Kerberos provides mutual authentication and helps prevent MITM attacks..
  94. MS?
    • CHAP Microsoft CHallenge Handshake Protocol. Microsofts implementation of CHAP. MS?
    • CHAPv2 provides mutual authentication.

    • MTU ?
    • Maximum Transmission Unit. MTU identifies the size of data that can be transferred.
  95. NAC ?
    Network access control. Inspects clients for health and can restrict network access to unhealthy client to a remediation network. Clients run agents and these agents report status to a NAC server. NAC is used for VPN and internal clients. MAC filtering is a form of NAC.
  96. NAT ?
    Network Address Translation. A service that transaltes public IP Addresses to private and private IP addresses to public. It hides addesses on an internal newtwork.
  97. NIDS ?
    Network Intrusion Detection System. IDS is used to monitor a network. It can detect network based attacks, such as smurf attacks. A NIDS cannot monitor encrypted traffix, and cannot monitor traffic on individual hosts.
  98. NIPS ?
    Network based intrusion prevention system. An IPS that monitors the network. an IPS can actively monitor data streams, detect malicious content, and stops attacks in progress.
  99. NIST ?
    National Institute of Standards and Technology. NIST is part of the US Department of Commerce, and includes an Information Technology Labratory ITL. the ITL publiches special publications related to security that are freely available for download.
  100. NOOP ?
    No Operation, sometimes NOP. NOOP instructions are often used in a buffer overflow attack. AN attacker often writes a large number of NOOP instructions as a NOOP sled into memory, followed with malicious code.
  101. NTFS ?
    New Technology File System. A file system used in Microsoft operating systems that provides security. NTFS uses the DAC model.
  102. NTLM ?
    New Technology LANMAN. Authentication protocol used to improve LANMAN. This protocol stores passwords using a hash of the passwrod by first dividing the password into two seven char blocks, and then converting all lower case to upper case. This make LANMAN easy to crack. NTLM stores passwords in LANMAN format for backward compatibility, unless the passwords are greater that 15 char. NTLMv1 is older and has known vulnerabilities. NTLMv2 is newer and secure.
  103. NTP ?
    Network Time Protocol. Protocol used to syncronize compter times.
  104. OS ?
    Operating System. FOr example SELinux is a trusted OS that can help prevent malicious code from executing.
  105. OVAL ?
    Open Vulnerability Assement Language. Internation standard proposed for vulnerability assesment scanners to follow.
  106. P2P Peer to Peer. P2P applications allow usres to share files such as music, video, and data over the internet. Data leakage occurs when users install P2P software and unintentally share files. Organizations often block P2P software at the firewall and detect running software with port scans.
  107. PaaP ?
    • Platform as a service. Provides cloud customers with an easy to configure operating system and on?
    • demand computing capabilities. Compare to Iaas and Saas
  108. PAP ?
    Password Authentication Protocol. An older authentication protocol where passwords are sent in clear text. Rarley used today.
  109. PAT ?
    Port Address Transaltion. A form of NAT
  110. PBX ?
    Private Branch Exchange.
  111. PEAP ?
    • Protected Extensible Authentication Protocol. PEAP provides and extra layer of protection from EAP. PEAP?
    • TLS uses TLS to encrypt the authentication process by encapsulating and encrypting the EAP conversation in a Transport Layer Security TLS tunnel. Since TLS requires a certificate, PAEAP?
    • TLS requires a certification authority CA to issue certificates.
  112. PED ?
    Personal Electronic Device. like call phone , radio, CD player, DVD player, camera and MP3 players.
  113. PGP ?
    • Pretty Good Privacy. Commonly used to secure email communications between two private individuals, but is also used in companies. It provides confidentiality, integrity, authentication, and non?
    • repudiation.
  114. PII ?
    Personally Identifiable Information. Information about individuals that can be used to trace a persons's identitiy, such as full name, birthdate, biometric data, and identifying numbers such as social security number SSN, Organizations have an obligation to protect PII and ofter identify proceedures for hanfdling and retaining PII in data policies.
  115. PIN Personal Identification number. A number known by a user and entered for authentication. Pins' are often combines with a smart card to provide two factor authentication.
  116. PIV ?
    • Personal Identity Verification card. A specialized type of smart card used by the United Staets federal agencys. It includes photo identification and provides confidentiality, integrity, and authentication, and non?
    • repudiation for the users. It is similar to a CAC.
  117. PKI ?
    Public Key Infrastructure. Group of technologies used to request, create, maage, store, distribute, and revoke digital certificates. Certificates are an important part of asymmetric encryption. Certificates include public keys along with details on the owner of the certificate and onthe CA that issued the certificate. Certificate owners share their public key by sharing a copy of their certificate.
  118. POP3 ?
    Post Office Protocol v3. Used to transfer email from mail servers to clients. POP3 uses port 110.
  119. POTS ?
    PLain Old Telephone Service. Voice grade telephone service. PPP Used to create remote access connections.
  120. PPTP ?
    Point to Point Tunneling Protocol. Tunneling protocol used with VPN's. PPTP uses TCP port 1723
  121. PSK ?
    Pre Shared Key. A secret shared amoung different systems. Wireless netowrk support Personal Monde where eeach device uses the same PSK. In contrast Enterprise Mode uses an 802.1x or RADIUS server for authentication.
  122. PTZ ?
    Pan Tilt Zoom. Refers to cameras that can pan (left to right ) tilt (move up and down) and zoom to get a closer or wider view.
  123. RA ?
    Recovery Agent. A designated individual who can recover or restore cryptographic keys. In the context of a PKI a recovery agent can recover private keys to access encrypted data.
  124. RADIUS ?
    • Remote Authentication Dial?
    • in User Service. Provides central authentication for remote access clients. RADIUS encrypts the password packets and uses UDP. In cantrast TACACS+ encrypts the entire process and uses TCP
  125. RAID ?
    Redundant Array of Inexpensive (or Independant) Disks. Multiple disks together to increase performance or provide protection against faults.
  126. RAID0 ?
    Disk Striping, improves performance but doe snot provide fault tolerance.
  127. RAID1 ?
    Disk Mirroring uses two disks and provides fault tolerance.
  128. RAID5 ?
    Disk Striping with parity. uses three or more disks and provides fault tolerance.
  129. RAM ?
    Random Access Memory. Voilitile memory within a computer that holds active processes, data, and applications. Data in RAM is lost when the computer is turned off. In spection of RAM can discover hooked processes from rootkits. Memory forensics analyzes data in RAM.
  130. RAS ?
    Remote Access Service. A server used to provide access to an internal network from an outside location. RAS is also known as Remote Access Server and sometimes refered to as Network Access Service NAS.
  131. RBAC ?
    Role Based Access Control. An access control model that uses roles to define access and it is often implemented with group. A user account is placed into a role, inheriting the right and permissions of the role. Other access control models are MAC and DAC .
  132. RBAC ?
    Rule Based Access Control. An access control model that uses rules to define access. Rule bsed access control is based on a set of approved instructions, such as an access control list. Other access control models are MAC and DAC .
  133. RC ?
    Ron's Code or Rivest's Cipher. Symmetric encryption algorithm tha includes versions RC2, RC4, RC5, and RC6. RC4 is a secure stream cipher and RC5, adn RC6 ar block ciphers.
  134. RFI ?
    Radio frequency interference. Interference from RF sources suuch as AM or FM transmitteres. RFI can be filtered to prevent data interference, and cables can be shielded to protect signals from RFI.
  135. RIPEMD ?
    RACE INtergrity Evaluation Message Digest. A hash functions used for integrity. It creates fixed length hashes or 128, 160, 256, or 320.
  136. RPO ?
    Recovery Point Objective. A recovery point objective identifies a point in time where data loss is acceptable. It is related to the RTO and the BIA often includes both RTO's and RPO's.
  137. RSA ?
    is an asymmetric algorithm used to encrypt data and digitally sign transmissions. It is named after it's creators Rivest and Shamir and Adleman.. RSA is also the name of the company they founded together. RSA relies on the mathematical properties of prime numbers when creating public and private keys.
  138. RSTP ?
    Rapid Spanning Tree Protocol. An improvement over STP, and are enabled on most switches and protect against switching loops. such as those caused when tro ports of a switch are connected toegther.
  139. RTO ?
    Recovery Time Objectice. An RTO identifies the maximum amount of time it can take to restore a system after an outage. It is related to the RPO and the BIA often includes both RTO's and RPO's.
  140. RTP ?
    Real Time Transport Protocol. A standard used for delivering audio and video over IP.
  141. S/MIME ?
    • Secure / Multipurpose Internet Mail Extensions. Used to secure email. S/MIMe provides confidentiality, integrity, authentication, and non?
    • repudiation. It can digitally sign and encrypt email, including the encryption of email at rest. (stored on a drive) and in transit (data sent over the network). It uses RSA, with public and private keys for encryption and decryption and depends on PKI for certificates.
  142. Saas ?
    Software as a Service. Application provided over the Internet. Webmail is an example of a cloud based technology. Compare to IaaS and Paas.
  143. SCAP ?
    Security Content Automation Protocol. A method with automated vulnerability management, measurement, and policy compliance evaluation tools.
  144. SCP ?
    Secure Copy. Based on SSH, SCP allows users to copy encrypted files over a network. SCP uses port 22.
  145. SCSI ?
    Small Computer System Interface. Set of standards used to connect peripherals to computers. commonly used for SCSI hard disks and or tape drives.
  146. SDLC ?
    Software Development Life Cycle. A softweare development process. Many different models are available.
  147. SDLM ?
    SOftware Development Life Cycle Methodology. The practice of using SDLC when developing applications.
  148. SELinux ?
    A trusted operating system platform that prevents malicious or suspicious code from executing on both Linux and UNIX systems. It is one of the few operating systems that use MAC model.
  149. SFTP ?
    Secure File Transfer Protocol. An extesnion of FTP using SSH to transmit the files in an encrypted format. SFTP transmitts using port 22.
  150. SHA ?
    • Secure Hash Algorithm. A hashing function used to provide integrity. SHA1 uses 160 bits and SHA?
    • 256 uses 256 bits. Hashing algorithms always provide a fixed size bit string regardless fot eh soze of the hashed data. By comparing the hases at two different times, you can verify the integrity of the data.
  151. SHTTP ?
    Sucure Hypertext Transfer Protocol. An alternative to HTTPS. Infrequently used.
  152. SID ?
    Security Identifier. Unique set of numbers and letters used to identify each user and each group in Microsoft environments.
  153. SIM ?
    Subscriber Identity Module. A small smart card that contains programming and information for small devices such as cell phones.
  154. SIRT Security Incident Response Team. A group of experts that respond to security incidents. Also known as CERT, or IRT.
  155. SLA ?
    Service Level Agreement. An agrement between a company and a venor that stipulates performance expectations, such as minimum uptime and maximum downtime levels.
  156. SLE ?
    Single Loss Expectancy. Used to measure risk with annualized loss expectance ALE, and Annualized rat of occurance ARO. SLE identifys expected dollar amount for a single event resulting in a loass. The calculation is SLE X ARO = ALE
  157. SMTP ?
    Simple mail Transfer Protocol. Used to transfer email between clients and servers and between othe email servers. SMTP uses port 25
  158. SNMP ?
    Simple Network Management Protocol. Used to manage network devices such as routers or switches. SNMP agents report information via notifications known as SNMP traps, or SNMP device traps.
  159. SONET ?
    Syncronous Optical Network Technologies. A multiplexing protocol used to transfer data over optical fiber.
  160. SPIM ?
    Spam over Internet messaging. A form of SPAM using instant messaging that targets instant messaging users.
  161. SPOF ?
    Single Point of Failure. An SPOF is any component whose failure results of an entire system. Elements such as RAID failover clustering, UPS and generators remove many single points of failure.
  162. SQL ?
    • Structured Query Language. Used by SQL?
    • based databases, such as Microsofts SQL Server. Websites integrated with SQL database are subject to SQL injection attacks. Input Validation with forms and stored procedures help prevent SQL injection attacks. Microsofts's SQL Server uses port 1433 by default.
  163. SSH ?
    Secure shell. SSH encrypts a wide variety of traffic such as Secure File Trasfer protocol, uses port 22
  164. SSID ?
    Service Set Identifier. Identifies the name of a wireless network. Disabling SSID braodcast can hide the network from casual users but an attacker can easily discover it with a wireless sniffer. It is reccomended to change the SSID from the default name .
  165. SSL ?
    Secure Sockets Layer. Used to encrypt traffic on the wire. SSL is used to wth HTTPS to encrypt HTTP traffix on the Internet using both symmetric and asmmetric encrytion algorithms. SSL uses port 443 when encrypting traffic.
  166. SSO ?
    Single Sign ON. Authentication method where users can access multiple resources on a network using a single account. SSO can provide central authentication against federated database for different operating systems.
  167. SSTP ?
    Secure Socket Tunneling Protocol. A tunneling protocol that encrypts VPN traffix using SSL over port 443.
  168. STP ?
    Spanning Tree Protocol. Protocol enabled on most switches that protects against switching loops. A switching loop can be caused if two ports of a switch are connected together.
  169. STP ?
    • Shielded Twisted Pair ?
    • Cable type used in netwokrs that include shielding to prevent interference from EMI and RFI. It can Precent data from emanating outside the cable.
  170. SYN ?
    Syncronze. The firs packet in a TCM handshake. In a SYN flood attack, attackers send this packet, but don't complete the handshake after recieving the SYN/ACK packet. A flood guard is a logical control that protectes against SYN flood attacks.
  171. TACACS ?
    Terminal Access Controller Access Control System. An older remote authentication protocol used in UNIX networks. TACACS_ is more commonly used.
  172. TACACS+ ?
    Terminal Access Controller Access Control System+. Provides central authentication for remote access clients and used as an alternative to RADIUS. TACACS+ uses TCP port 49 compared with TACACS which uses UDP port 49. It encrypts the entire authentication process, caompared with RADIUS, whcih only encrypts the password. It uses multiple challenges and responses.
  173. TCO ?
    • Total Cost of Ownership ?
    • A factor considered when purchasing new products and services. TCO attemps to identify the cost of a product or service over its lifetime.
  174. TCP ?
    Transmission Control Protocol. Provides guarnteed delivery of IP traffic using a three way handshake.
  175. TCP/IP ?
    Transmission Control Protocol/Internet Protcol. Represents the full suite of protocols.
  176. TFTP ?
    Trivial File Transfer Protocol. Used to transfer small amouts of data with UDP port 69. In contrast FTP is used to transfer larger file using TCP ports 20 and 21.
  177. TKIP ?
    Temporal Key Integrity Protocol. Wireless security protocol introduced to address the problems with WEP. TKIP was used with WPA but many implementations of WPA now support CCMP.
  178. TLD ?
    • Transport Layer Security. Used to encrypt traffic on the wire. TLS is the replacement for SSL, it uses certificates issued by CA's. PEAP?
    • TLS Uses TLS to encrypt the authentication process and PEAP?
    • TLS requires a CA to issue certificates.
  179. TPM ?
    Trusted Platform Module. This is a hardware chip include on a motherboard included on many newer laptopes. A TPM includes a unique RSA asymmetric key and it can generate and store other keys used for encryption, decryption, and authentication. TPS provides full disk encryption.
  180. UAT ?
    User Acceptance testing. One of the last phases of testing an application before its release .
  181. UDP ?
    User Datagram Protocol. Used instead of TCP when guaranteed delivery of each packet is not nessasary. UDP uses a best effort delivery mechanism.
  182. UPS ?
    Uninteruptable Power supply. A battery backup system that provides fault tolerance for pwer and can protect against power fluctuations. UPS provide short term power giving the system enough time to shut down smoothly, or to transfer to generator power. Generators provide long term power in extended outagages.
  183. URL ?
    Universal Resource Locator. Address used to access web resources. Popup blockers can unclude URLs of sites where popups are allowed.
  184. USB ?
    Universal Serial Bus. A serial Connection used to connect peripherals such as printers, flash drives, and external hard disk drives. Data on USB drives can be protected against loss of confidentiality with encryption. They combine high volume and transfer speeds with ease of concealment and often result in data leakage.
  185. UTP ?
    • Unshileded twisted pair. Cable type used in networks that do not have any concerns over EMI, RFI or cross?
    • talk. If these are a concern STP is used.
  186. VLAN ?
    Virtual Local Area network. A VLAN can logically group several different computers together, or logically separate computers without regard to their physical location. It is possible to create multiple VLANs within a single switch.
  187. VM ?
    Virtual Machine. A virtual system hosted on a physical server can host multiple VMs as servers. Virtualization can reduc the footprint of an organization's server room or datacenter, and helps eliminate wasted resources. It also helps reduce the amount of physical equipment, reducing overall physical security requirements. A VM escape is an attack that allows an attacker to access the host system from within the virtual system.
  188. VoIP ?
    Voice over IP. A group of technologies used to transmit voice over ip networks. Vishing is a form of phishing that sometimes uses VoIP.
  189. VPN ?
    Virtual Private Network. Provides access to a private network over a public network such as the Internet. VPN concentrators provide VPN access to a large group of users.
  190. VTC ?
    • Video Teleconferencing. A group of interactive telecommunication technologies that allow poeple in two or more locations to interact with two?
    • way video and audio transmssions.
  191. WAF ?
    Web Application Firewall. A firewall specifically designed to protect a web application such as a web server. A WAF inspects the contents of traffic to a web server, can detect malicious content, and block it.
  192. WAP ?
    Wireless Access Point. Sometimes just call an AP, Increasing power level of a WAP increases the wireless coverage of the WAP. Decreasing the power levels, decreases the coverage. Coverage can also be manipulated by moving pr positioning the wireless antenna.
  193. WEP ?
    Wired Equivelent Privacy. Original wireless security protocol. Had significant security flaws and was replaced bith WPA, and ultimately with CPA2. WEP ued RC4 incorrectly making it suseptable to IV attacks.
  194. WIDS ?
    Wireless Intrusion Detection System. An IDS used for wireless networks.
  195. WIPS ?
    Wireless Intrusion Prevention System. An IPS used for wireless networks.
  196. WLAN ?
    Wireless Local Area Network. Network connectivity wirelessly.
  197. WPA ?
    WiFi Protected Access. Replaced WEP as a wireless security protocol. without replacing hardware. Superceeded by WPA2
  198. WPA2 ?
    WiFi Protected Access V2. Newer security protocol used to protect wireless transmissions. It supports CCMP for encryption, which is based on AES and Stronger than TKIP wich was orginially relaesed with WPA. In Enterprise mode, it can use RADIUS to support 802.1x authentication. In personal mode it uses a preshared Key. PSK
  199. WTLS ?
    Wireless Transport Layer Security. Used to encrypt traffic for smaller wireless devices.
  200. XML ?
    Extnesible markup Language. Used by many databaseds for inputting or exporting data. XML uses formatting rules to describe the data.
  201. XTACACS ?
    Extended Terminal Access Controller Access Control System. An improvement over TACACS by Cisco, and proprietary, TACACS+ is more commonly used.
  202. XSRF ?
    • Cross?
    • site Request Forgery. An attack that causes users to perform actions on websites without their knowledge. In some cases, attackers use header manipulation to steal cookies and harvest passwords.
  203. XSS ?
    Cross Site Scripting. Scripting allows an attacker to redirect users to malicious websites and steal cookies. Email can include an embedded HTML image object or JavaScript tags. Many sites prevent the use of < and > char to block cross site scripting.
Card Set
acronyms for security +