-
802.1x
A wireless security standard method for authenticating users.
-
Account lockout policies
Policies controlling account lockout configuration parameters.
-
Active Directory Users and Computers
A Windows Active Directory utility used to manage organizational units, users, groups, computers, and other domain objects.
-
Administrator
A user name often associated with a maintenance account that has unlimited access to a computer or network. See also supervisor, root, and superuser.
-
AES
Advanced Encryption Standard (AES) A symmetric-key encryption standard adopted by the U.S. government using three block ciphers, each of which consists of a 128-bit block size.
-
Adware
Software that makes a computer more easily locatable by and more susceptible to pop-up and other online ads.
-
Asymmetric keys
The public and private keys used in public key encryption.
-
Audit policies
Windows policies used to control auditing.
-
Auditing
The process of watching key activities and recording specific successful and failed activities.
-
Auditing tools
Utilities designed to automatically review and test network security.
-
Authentication credentials
Information or a security device used to authenticate a user’s access to a network, most commonly based on user name and password.
-
Authenticator
A term that refers to a WAP during 802.1x authentication.
-
Availability
A term that refers to providing continuous operation of an organization’s hardware and software so that there is no interruption of service.
-
Biometric scan
A security scan based on a user’s identifiable physical characteristic.
-
Bit strength
A measure of encryption strength based on the number of bits in a key.
-
Black box system
A proprietary system in which you know what a system does but not the hardware or software it contains.
-
BSoD
Blue Screen of Death (BSoD) A visual indication of a stop error. You must reboot the computer to clear the error.
-
Business continuity planning
Ensuring availability and integrity; keeping the business running when disruptions occur.
-
Cascading failures
A situation in which one failure is the direct cause of other failures. Cascading failures are seen after a service fails, causing any dependent services to also fail.
-
Certificate authority
An organization or a software service that can grant certificates.
-
CERT
Computer Emergency Response Team (CERT) A group establish by the U.S. Department of Defense to respond to computer security problems.
-
Confidentiality
A term that refers to protection of organization data from unauthorized disclosure.
-
Crack
A term used for the process of guessing or compromising a password.
-
Crack program
A program designed to identify weak, easily compromised passwords.
-
DES
Data Encryption Standard (DES) A private key encryption system originally developed by IBM.
-
DDoS agent
Software placed on a computer that enables it to be used as a message source in a DDoS attack.
-
DDoS handler
Software used during a DDoS attack to control the agents.
-
DMZ
Demilitarized zone (DMZ) A protected area of a network between the internal network and the Internet that is bounded by one or two firewalls. Also known as a perimeter network.
-
DoS
Denial of service (DoS) An attack that attempts to disrupt a network or its servers by flooding them with packets.
-
Digital Certificate
A secure identifier issued to a company, computer, or person that proves they are who they say they are.
-
Directed attack
An attack that is under the direct control of a hacker.
-
Disruption
Interruptions of or reductions in network service.
-
DDoS
Distributed denial of service (DDoS) attack A DoS attack in which the attacker controls multiple attacking systems.
-
Domain account
A Windows Active Directory user account used for domain authentication and resource access authorization.
-
Due diligence
The care exercised by a reasonable person to avoid harm or loss.
-
Dynamic packet filtering
A firewall filtering method that passes packets that match sessions initiated on the internal network.
-
Dynamic state list
A list of communication sessions between stations inside and outside the firewall that is maintained on the firewall. Also known as a state table.
-
Encryption algorithm
Values used for data encryption. Also known as an encryption formula.
-
Encryption key
The table or formula that defines which character in the data translates to which encoded character.
-
Enforce password history
The number of passwords a system will remember and prevent a user from reusing.
-
Event logs
One of several logs that the Windows family operating systems keep to give you a way of reviewing what has been happening on a system.
-
FIPS 46-2
Federal Information Processing Standards Publication 46-2 (FIPS 46-2) A U.S. government publication that defines DES as a government standard.
-
Firewall
A network security device that filters traffic into and out of a network or subnet.
-
Hacker
An expert in problem solving with a computer who sometimes gains illegal access to and sometimes tampers with information in a computer system.
-
Hardening
The process of making a network or computer more secure.
-
HIPAA
Health Insurance Portability and Accountability Act A law passed in the United States that defines requirements for protecting patient data.
-
Integrity
The assurance that data has not been altered or destroyed.
-
ICMP
Internet Control Message Protocol (ICMP) A management and troubleshooting protocol that provides support through error and control messages.
-
IPSec
Internet Protocol Security (IPSec) A security protocol used for VPN security.
-
IP spoofing
The process of sending packets with a fake source address.
-
L2TP
Layer 2 Tunneling Protocol (L2TP) A security protocol used for VPN security.
-
Local account
A user account used by a local computer for authorization and resource access authentication.
-
Macro viruses
Viruses that are contained in documents or spreadsheet files.
-
Maintenance account
A user account created for the explicit purpose of performing maintenance tasks.
-
Malware
Malicious or annoying unwanted software.
-
Maximum password age
The maximum time between password changes.
-
Minimum password age
The minimum time that must pass between password changes.
-
Minimum password length
The minimum length of a password.
-
Mission-critical application
An information system that is vital to an organization.
-
Network asset
Any hardware or software of value on a network.
-
Packet filtering
The ability of a router or firewall to discard packets that don’t meet certain criteria. This is a key feature of firewalls.
-
Password must meet complexity requirements
A Windows password policy that forces users to use stronger passwords.
-
Perimeter network
See demilitarized zone (DMZ).
-
Ping of Death
A type of DoS attack that sends oversized ping packets to the target computer.
-
Polymorphic virus
A type of encrypted virus that includes a scrambled virus body, a decryption routine that first gains control of the computer, and a mutation engine randomizing decryption routines that change each time a virus infects a new program.
-
Port filtering
Involves passing or blocking packets based on the port address.
-
Private key
An encryption key known to the receiver only in public key encryption.
-
Public key
An encryption key used by the sender to encrypt data and based on the receiver’s private key.
-
Public key encryption
Encryption based on separate sender and receiver keys.
-
Push
The process of transferring data from a source to a destination, where the transfer is initiated by the sender, without receiving a request from the receiver.
-
RSA
Rivest, Shamir, and Adleman (RSA) A public key encryption algorithm.
-
Root
In the context of user accounts, a name that may be given by the network operating system to a special user account known as a maintenance account that has unlimited access to a computer or network
-
Rootkit
A program that can hide itself, along with other programs, files, and processes, from the operating system, antivirus software, and other security software.
-
Screened subnet
A subnet that is isolated from the rest of the network by a firewall.
-
Security breach
A computer incident that includes somehow bypassing or avoiding security measures.
-
Shared key encryption
Encryption based on a single key used for both encryption and decryption.
-
Signature
A code within a virus by which it can be identified.
-
Smart card
Sometimes called an integrated circuit card (ICC), it is any pocket-sized plastic card with embedded integrated circuits, usually containing security information such as encryption keys to facilitate access control mechanisms.
-
Spyware
Software that monitors, records, and sometimes sends out computer activity, usually without the user’s knowledge.
-
State table
See dynamic state list.
-
Stop error
The Microsoft term for a terminal failure or crash resulting in a “Blue Screen.”
-
Store passwords using reversible encryption
- A Windows password policy that should be left disabled unless required (e.g., when using CHAP for authentication).
- Strong password
- A password that is designed to be difficult to guess or crack.
-
Superuser
A UNIX or Linux user account that has unlimited access to a computer or network.
-
Supplicant
An 802.1x term that refers to a client that needs authentication.
-
Symmetric key encryption
Encryption based on a single key used for both encryption and decryption.
-
SYN flag
Bits internal to a SYN packet carrying status and other information.
-
SYN flood
A DoS attack that uses a flood of SYN packets.
-
SYN packet
A packet used when initializing a TCP/IP communication session.
-
TKIP
Temporal Key Integrity Protocol (TKIP) An encryption algorithm that is used to encrypt keys used with WPA.
-
Trojan horse (Trojan)
A program that is expected to do one thing but actually does something else. The name is a reference to classical Greek literature.
-
Unauthorized access
Access by unauthorized personnel that violates confidentiality and/or integrity.
-
User account
A user identified to a computer or network.
-
Weak password
An easily guessed password.
-
WPA
Wi-Fi Protected Access (WPA) A wireless security standard that uses TKIP and user authentication.
-
WinNuke
An early hacker program that sent TCP/IP packets with invalid header information.
-
WEP
Wired Equivalent Privacy (WEP) A security scheme that can provide basic security for 802.11b and 802.11g networks.
-
Worm
A self-propagating form of malicious software.
|
|