Busy. Please wait.
or

show password
Forgot Password?

Don't have an account?  Sign up 
or

Username is available taken
show password

why


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account.
We do not share your email address with others. It is only used to allow you to reset your password. For details read our Privacy Policy and Terms of Service.


Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.

Remove Ads
Don't know
Know
remaining cards
Save
0:01
To flip the current card, click it or press the Spacebar key.  To move the current card to one of the three colored boxes, click on the box.  You may also press the UP ARROW key to move the card to the "Know" box, the DOWN ARROW key to move the card to the "Don't know" box, or the RIGHT ARROW key to move the card to the Remaining box.  You may also click on the card displayed in any of the three boxes to bring that card back to the center.

Pass complete!

"Know" box contains:
Time elapsed:
Retries:
restart all cards




share
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

Security + Guide

Security+ Guide to Network Security Fundementals Ciampa 4th edition

TermDefinition
acceptable use policy (AUP) a policy that defines the actions users may perform while accessing systems and networking equipment
access control the mechanism used in an information system to allow or restrict access to data or devices
access control list a set of permissions that are attached to an object
access control model a standard that provides a predefined framework for hardware and software developers who need to implement access control in their devices or applications
access list a record or list of individuals who have permission to enter a secure area, the time that they entered, and the time they left the area
access log a log that can provide details regarding requests for specific files on a system
accounting the ability that provides tracking of events
add-ons programs that provide additional functionality to Web browsers
Address Resolution Protocol (ARP) part of the TCP/IP protocol suite, determines the MAC address based on the IP address
Advanced Encryption Standard (AES) a symmetric cipher that was approved by the NIST in late 2000 as a replacement for DES
adware a software program that delivers advertising content is a manner that is unexpected and unwanted by the user
AES-CCMP the encryption protocol standard for WAP2
algorithm procedures based on a mathematical formula; used to encrypt data
all-in-one network security appliances network hardware that provides multiple security functions
Annualized Loss Expectancy (ALE) the expected monetary loss that can be anticipated for an asset due to a risk over a one-year period
Annualized Rate of Occurrence (ARO) the probability that a risk will occur in a particular year
anomaly-based monitoring a monitoring technique used by an IDS that creates a baseline of normal activities and compares actions against the baseline
anti-spyware software that helps prevent computers from becoming infected by different types of spyware
anti-virus (AV) software that can examine a computer for any infections as well as monitor computer activity and scan new documents that might contain a virus
architectural design the process of defining a collection of hardware and software components along with their interfaces in order to create the framework for software development
ARP poisoning an attack that corrupts the ARP cache
asset an item that has value
asymmetric cryptographic algorithm encryption that uses two mathematically related keys
asymmetric server cluster a technology in which a standby server exists only to take over for another in the event of its failure
attachments files that are coupled to e-mail messages
attack surface the code that can be executed by unauthorized users in a software program
audit log a lg that can track user authentication attempts
audit records logs that are the second most common type of security-related operating system logs
authentication the steps that ensure that the individual is who they claim to be
authorization the act of providing permission or authority to conduct a task
availability security actions that ensure that data is accessible to authorized users
backdoor software code that gives access to a program or a service that circumvents normal security protections
backout/contingency option rolling back a disaster recovery implementation to the starting point so that a different approach can be taken
baseline reporting a comparison of the present state of a system compared to its baseline
Bayesian filtering spam filtering software that analyzes the contents of every word in an e-mail and determines how frequently a word occurs in order to determine if it is spam
behavioral biometrics authenticating a user by the normal actions that the user performs
behavior-based monitoring a monitoring technique used by an IDS that uses the normal processes and actions as the standard and compares actions against it
black box a test in which the tester has no prior knowledge of the network infrastructure that is being tested
block cipher a cipher that manipulates an entire block of plaintext at one time
Blowfish a block cipher that operates on 64-bit blocks and can have a key length from 32 to 448 bits
bluejacking an attack that sends unsolicited messages to Bluetooth-enabled devices
bluesnarfing an attack that accesses unauthorized information from a wireless device through a Bluetooth connection, often between cell phones and laptop computers
Bluetooth a wireless technology that uses short-range radio frequency (RF) transmissions and provides for rapid ad hoc pairings
botnet a logical computer network of zombies under the control of an attacker
bridge trust model a trust model with one CA that acts as a facilitator to interconnect all other CA's
brute force attack a password attach in which every possible combination of letters, numbers, and characters is used to create encrypted passwords that are matched with those in a stolen password file
buffer overflow an attack that occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer
business continuity the ability of an organization to maintain its operations and services in the face of a disruptive event
business continuity plan and testing the process of identifying exposure to threats, creating preventative and recovery procedures, and then testing them to determine if they are sufficient
business impact analysis (BIA) an analysis of the most important mission-critical business functions, which identifies and quantifies the impact such a loss of the functions may have on the organization in terms of its operational and financial position
cable lock a device that can be inserted into the security slot of a portable device and rotated so that the cable lock is secured to the device to prevent it from being stolen
California's Database Security Breach Notification Act the first state law that covers any state agency, person, or company that does business in California
Certificate Authority (CA) a trusted third-party agency that is responsible for issuing digital certificates
Certificate Repository (CR) a publicly accessible centralized directory that contains digital certificates that can be used to view the status of a digital certificate
chain of custody a process of documentation that shows that evidence was under strict control at all times and no unauthorized individuals were given the opportunity to corrupt the evidence
change management a methodology for making modifications to a system and keeping track of those changes
ciphertext data that has been encrypted
cleartext unencrypted data
client-side attack an attack that targets vulnerabilities in client applications that interact with a compromised server or processes malicious data
closed-circuit television (CCTV) using video cameras to transmit a signal to a specific and limited set of receivers used for surveillance in areas that require security monitoring
cloud computing a pay-per-use computing model in which customers pay only for the computing resources that they need, and the resources can be easily scaled
code review presenting the code to multiple reviewers in order to reach agreement about its security
cognitive biometrics authenticating a user through the perception, thought process, and understanding of the user
cold site a remote site that provides office space; the customer must provide and install all the equipment needed to continue operations
common access card (CAC) a Department of Defense (DoD)smart card used for identification for active-duty and reserve military personnel along with civilian employees and special contractors
command injection injecting and executing commands to execute on a server
computer virus (virus) a malicious computer code that reproduces itself on the same computer
confidentiality security actions that ensure only authorized parties can view information
cookie a file on a local computer in which a server stores user-specific information
cross-site request frequency (XSRF) an attack that uses the user's Web browser settings to impersonate the user
cross-site scripting (XSS) an attack that injects scripts into a Web application server to direct attacks at clients
cryptography the science of transforming information into a secure form while it is being transmitted or stored so that unauthorized persons can not access it
cybercrime targeted attacks against financial networks, unauthorized access to information, and the theft of personal information
cybercriminals a network of attackers, identity thieves, spammers, and financial fraudsters
cyberterrorism a premeditated, politically motivated attack against information, computer systems, computer programs, and data that results in violence
cyberterrorists attackers whose motivation may be defined as ideology, or attacking for the sake of their principles or beliefs
data backups the process of copying information to a different medium and storing it (preferably at an off-site location) so that it can be used in the event of a disaster
Data Encryption Standard (DES) a symmetric block cipher that uses a 56-bit key and encrypts data in 64-bit blocks
data loss prevention (DLP) a system that can identify critical data, monitor how it is being accessed, and protect it from unauthorized users
deadbolt lock a door lock that extends a solid metal bar into the door frame for extra security
demilitarized zone (DMZ) a separate network that rests outside the secure network perimeter; untrusted outside users can access the DMZ but cannot enter the secure network
denial of service (DoS) an attack that attempts to prevent a system from performing its normal functions
design review an analysis of the design of a software program by key personnel from different levels of the project
dictionary attack a password attack that creates encrypted versions of common dictionary words and compares them against those in a stolen password file
digital certificate a technology used to associate a user's identity to a public key, in which the user's public key is "digitally signed" by a trusted third party
direct trust a type of trust model in which a relationship exists between two individuals because one person knows the other person
directory traversal an attack that takes advantage of a vulnerability in the Web application program or the Web server software so that a user can move from the root directory to other restricted directories
disabling unused ports a security technique to turn off ports on a network device that are not required
disaster recovery the procedures and processes for restoring an organization's IT operations following a disaster
disaster recovery plan (DRP) a written document that details the process for restoring IT resources following an event that causes a significant disruption in service
Discretionary Access Control (DAC) the least restrictive access control model in which the owner of the object has total control over it
distributed denial of service (DDoS) an attack that uses multiple zombie computers (even hundreds or thousands) in a botnet to flood device with requests
distributed trust model a trust model that has multiple CAs that sign digital ceritfiactes
DNS poisoning an attack that substitutes DNS addresses so that the computer is automatically redirected to another device
Domain Name System (DNS) a hierarchical name system for matching computer names and numbers
dumpster diving the act of digging through trash receptacles to find information that can be useful in an attack
elliptic curve cryptography (ECC) an algorithm that uses elliptic curves instead of prime numbers to compute keys
encryption the process of changing plaintext into ciphertext
errors (exceptions) faults in a program that occur while the application is running
event logs logs that can document any unsuccessful events and the most significant successful events
evil twin an AP set up by an attacker to mimic an authorized AP and capture transmissions, so a user's device will unknowingly connect to this evil twin instead
exploiting the act of taking advantage of a vulnerability
Exposure Factor (EF) the proportion of an asset's value that is likely to be destroyed by a particular risk (expressed as a percentage)
Extended TACACS the second version of the Terminal Access Control Access Control System (TACACS) authentication service
Extensible Authentication Protocol (EAP) a framework for transporting authentication protocols that defines the format of the messages
fail-open a control that errs on the side of permissiveness in the event of a failure
fail-safe (fail-secure) a control that errs on the side of security in the event of a failure
Faraday cage a metallic enclosure that prevents the entry or escape of an electromagnetic field
fencing securing a restricted area by erecting a barrier
File Transfer Protocol (FTP) an unsecure TCP/IP protocol that is commonly used for transferring files
firewall (packet filter) hardware or software that is designed to prevent malicious packets from entering or leaving computers or networks
first-party cookie a cookie that is created from the Web site that currently is being viewed
Flash cookie a cookie named after the Adobe Flash player
flood guard a feature that control's a device's tolerance for unanswered service requests and helps to prevent a DoS attack
forensics (forensic science) the application of science to questions that are of interest to the legal profession
FTP using Source Sockets Layer (FTPS) a TCP/IP protocol that uses Secure Sockets Layer/Transport Layer Security (SSL/TLS) to encrypt commands sent over the control port (Port 21) in an FTP session
fuzz testing (fuzzing) a software testing technique that deliberately provides invalid, unexpected, or random data as inputs to a computer program
GNU Privacy Guard (GPG) an open-source software package that is commonly used to encrypt and decrypt e-mail messages
GPS tracking using the Global Positioning System (GPS) to detect the location of a portable device
Gramm-Leach-Bliley Act (GBLA) a U.S. law that requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information
gray box a test where some limited information has been provided to the tester
hacker a term used to refer to a person who uses advanced computer skills to attack computers
hardening the process of eliminating as many security risks as possible and making the system more secure
Hardware Security Module (HSM) a secure cryptographic processor
hash the unique digital fingerprint created by a hashing algorithm
Hashed Message Authentication Code (HMAC) a variation of a hash that encrypts the hash with a shared secret key before transmitting it
hashing the process for creating a unique digital fingerprint signature for a set of data
Health Insurance Portability and Accountability Act (HIPAA) a U.S. law designed to protect health information and implement policies and procedures to safeguard it
heating, venting and air conditioning (HVAC) systems that provide and regulate heating and cooling
heuristic detection creating a virtualized environment to simulate the central processing unit (CPU) and memory of the computer to check for the presence of a virus
host intrusion detection system (HIDS) a software-based application that runs on a local host computer that can detect an attack as it occurs
hierarchial trust model a trust model that has a single hierarchy with one master CA
high availability a system that can function for an extended period of time with little downtime
hoax a false warning
honeynet a network setup with intentional vulnerabilities
honeypot a computer typically located in an area with limited security and loaded with software and data files that appear to be authentic, yet they are actually imitations of real data files, to trick attackers into revealing their attack techniques
host-based software firewall a firewall that runs as a program on a local system to protect it against attacks
host table a list of the mappings of names to computer numbers
hot aisle/cold aisle a layout in a data center that can be used to reduce heat by managing that air flow
hotfix software that addresses a specific customer situation and often may not be distributed outside that customer's organiztion
hot site a duplicate of the production site that has all the equipment needed for an organization to continue running, including office space and furniture, telephone jacks, computer equipment, and a live telecommunications link
HTTP header part of HTTP that is composed of fields that contain the different characteristics of the data that is being transmitted
HTTP header manipulation modifying HTTP headers to create an attack
hybrid attack a password attack that slightly alters dictionary words by adding numbers to the end of the password, spelling words backward, slightly misspelling words, or including special characters
Hypertext Transport Protocol over Secure Sockets Layer (HTTPS) a secure version of HTTP sent over SSL/TLS
identity theft stealing another person's personal information, such as Social Security number, and then using the information to impersonate the victim, generally for financial gain
IEEE 802.1x a standard that blocks all traffic on a port-by-port basis until the client is authenticated using credentials stored on an authorization server
impersonation an attack that creates a fictitious character and then plays out the role of that person on a victim
implicit deny rejecting access unless a consition is explicitly met
incident management the framework and functions required to enable incident response and incident handling within an organization
information security the tasks of secruing information that is is a digital format
initialization vector (IV) a 24-bit value used in WEP that changes each time a packet is encrypted
input validation verifying a user's input to an application
integrity security actions that ensure that the information is correct and no unauthorized person or malicious software have altered the data
Internet Control Message Protocol (ICMP) a TCP/IP protocol that is used by devices to communicate updates or error information to other devices
Internet Protocol version 6 (IPv6) the next generation of the IP protocol that addresses weaknesses of IPv4 and provides several significant improvements
intrusion detection system (IDS) a device designed to detect an attack as it occurs
IP telephony using a data-based IP network to add digital voice clients and new voice applications onto the IP network
IP security (IPsec) a set of protocols developed to support the secure exchange of packets
Kerberos an authentication system developed by the Massachusetts Institute of Technology (MIT) and used to verify the identity of networked users
key a mathematical value entered into the algorithm to produce ciphertext
key escrow a process in which keys are managed by a third-party, such as a trusted CA called the root
keylogger hardware or software that captures and stores each keystroke that a user types on the computer's keyboard
key recovery agent (KRA) a highly trusted person responsible for recovering lost or damaged digital certificates
keystream attack (IV attack) a method of determining the keystream by analyzing two packets that were created from the same initialization vector (IV)
LDAP injection attack an attack that constructs LDAP statements based on user input statements, allowing the attacker to retrieve information from the LDAP database or modify its content
least privilege providing only the minimum amount of privileges necessary to perform a job or function
Lightweight Directory Access Protocol (LDAP) a protocol for a client application to access an X.500 directory
Lightweight EAP (LEAP) a proprietary EAP method developed by Cisco Systems requiring mutual authentication used for WLAN encryption using Cisco client software
load balancer a device that can direct requests to different servers based on a variety of factors, such as the number connections, the server's processor utilization, and overall performance of the server
locking cabinet a secure storage unit that can be used for storing portable devices
log a record of events that occur
logic bomb computer code that lies dormant until it its triggered by a specific logical event
loop protection preventing broadcast storms by using the IEEE 802.1d standard spanning-tree algorithm (STA)
MAC limiting and filtering a security technique to limit the number of media access control (MAC) addresses allowed on a single port
malware software that enters a computer system without the user's knowledge or consent and then performs an unwanted and harmful action
Mandatory Access Control (MAC) the most restrictive access control model, typically found in military settings in which security is of supreme importance
mandatory vacations requiring that all employees take vacations
man-in-the-middle an attack that intercepts legitimate communications and forges a fictitious response to the sender
mantrap a device that monitors and controls two interlocking doors to a small room (a vestibule), designed to separate secure and nonsecure areas
mean time between failures (MTBF) a statistical value that is the average time until a component fails, cannot be repaired, and must be replaced
mean time to restore (MTTR) the average time needed to reestablish services to their former state
Media Access Control (MAC) address filtering a method for controlling access to a WLAN based on the device's MAC address
Message Digest (MD) a common hash algorithm of several different variations
Message Digest 5 (MD5) a revision of MD4 that is designed to address its weaknesses
M-of-N control a technique to recover a private key by distributing parts to different individuals
multifactor authentication using more than one type of authentication credential
network access control (NAC) a technique that examines the current state of a system or network device before its allowed to connect to the network
network address translation (NAT) a technique that allows private IP addresses to be used on the public Internet
network intrusion detection system (NIDS) a technology that watches for attacks on the network and reports to a central device
network intrusion prevention system (NIPS) a technology that monitors network traffic to immediately react to block a malicious attack
nonrepudiation the process of proving that a user performed an action
NTML (New Technology LAN Manager) hash a password hash for Microsoft Windows systems that is no longer recommended for use
NTLMv2 (New Technology LAN Manager2) an updated version of NTLM that uses HMAC with MD5
one-time pad (OTP) using a unique truly random key to create ciphertext
order of volatility the sequence of volatile data that must be preserved in a computer forensics investigations
password a secret combination of letters, numbers, and/or characters that only the user should know
patch a general software security update intended to cover vulnerabilities that have been discovered
peer-to-peer (P2P) network a network that does not have servers, so each device simultaneously functions as both a client and a server to all other devices connected to the network
Personal Identity Verification (PIV) a government standard for smart cards that covers all government employees
penetration testing a test by an outsider to actually exploit any weaknesses in systems that are vulnerable
persistent cookie (tracking cookie) a cookie that is recorded on the hard drive of the computer and does not expire when the browser closes
pharming a phishing attack that automatically redirects the user to a fake site
phishing sending an e-mail or displaying a Web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information
ping a utility that sends an Internet Control Message Protocol (ICMP) to flood a victim with packers
ping flood an attack that uses the Internet Control Message Protocol (ICMP) to flood a victim with packets
plaintext data input into an encryption algorithm
pop-up blocker either a program or a feature incorporated within a browser that stops pop-up advertisements from appearing
port scanner software to search a system for any port vulnerabilities
preshared key (PSK) a key value that must be created and entered into both the access point and all wireless devices ("shared") prior ("pre") the devices communicating with the AP
Pretty Good Privacy (PGP) a commercial product that is commonly used to encrypt e-mail messages
privacy policy a policy that outlines how the organization uses personal information it collects
private key an asymmetric encryption key that does have to be protected
private key cryptography cryptographic algorithms that use a single key to encrypt and decrypt a message
privilege escalation an attack that exploits a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining
Protected EAP (PEAP) an EAP method designed to simplify the deployment of 802.1x by using Microsoft Windows login and passwords
protocol analyzer (sniffer) hardware or software that captures packets to decode and analyze the contents
proximity reader a device that detects an emitted signal in order to identify the owner
proxy server a computer or an application program that intercepts a user request from the internal secure network and then processes that request on behalf of the user
public key an asymmetric encryption key that does not have to be protected
public key cryptography encryption that uses two mathematically related keys
public key infrastructure (PKI) a framework for all of the entities involved in digital certificate management
quantum cryptography an asymmetric cryptography that attempts to use the unusual and unique behavior of microscopic objects to enable users to securely develop and share keys
RACE Integrity Primitives Evaluation Message Digest (RIPEMD) a hash algorithm that uses two different and independent parallel chains of computation and then combines the result at the end of the process
RAID (Redundant Array of Independent Drives) a technology that uses multiple hard disks for increased reliability and performance
rainbow tables large pregenerated data sets of encrypted passwords used in password attacks
RC4 an RC stream cipher that will acept keys up to 128 bits in length
recovery point objective (RPO) the maximum length of time that an organization can tolerate between backups
recovery time objective (RTO) the length of time it will take to recover data that has been backed up
Registration Authority (RA) a subordinate entity designed to handle specific CA tasks such as processing certificate requests and authenticating users
remote access any combination of hardware and software that enables remote users to access a local internal network
Remote Authorization Dial In User Service (RADIUS) an industry standard authentication service with widespread support across nearly all vendors of networking equipment
remote wipe/sanitation a technology that can remotely erase data from a portable device and reset it to its default factory settings
replay an attack that makes a copy of the transmission before sending it tot the recipient
reverse proxy a computer or an application program that routes incoming requests to the correct server
risk the likelihood that a threat agent will exploit the vulnerability
Rivest Cipher (RC) a family of cipher algorithms designed by Ron Rivest
rogue access point an unauthorized AP that allows an attacker to bypass many of the network security configurations and opens the network and its users to attacks
Role Based Access Control (RBAC) a "real-world" access control model in which access is based on a user's job function within the organization
rootkit a set of software tools used by an attacker to hide the actions or presence of other types of malicious software
router a device that can forward packets across computer networks
RSA an asymmetric algorithm published in 1977 and patented by MIT in 1983
Rule Based Access Control (RBAC) an access control model that can dynamically assign roles to subjects based on a set of rules defined by a custodian
rule-based management the process of administration that relies on following procedural and technical rules
safe a ruggedized steel box with a lock
Sarbanes-Oxley Act (Sarbox) a U.S. law designed to fight corporate corruption
script kiddies individuals who want to break into computer to create damage, yet lack the advanced knowledge of computers and networks needed to do so
secure cookie a cookie that is only used when a browser is visiting a server using a secure connection
Secure Copy Protocol (SCP) a TCP/IP protocol used mainly on UNIX and Linux devices that securely transports files by encrypting files and commands
Secure FTP (SFTP) a secure TCP/IP protocol that is used for transporting files by encrypting and compressing all data and commands
Secure Hash Algorithm (SHA) a secure hash algorithm that creates hash values of longer lengths than Message Digest algorithms
Secure Shell (SSH) a UNIX-based command interface and protocol for securely accessing a remote computer
Secure Sockets Layer (SSL) a protocol developed by Netscape for securely transmitting documents over the Internet that uses a public key to encrypt data
security logs logs that are considered the primary source of log data
security policy a document or series of documents that clearly defines the defense mechanisms an organization will employ to keep information secure
separation of duties the practice of requiring that processes should be divided between two or more individuals
server cluster a combination of two or more servers that are interconnected to appear as one
single point of failure a component or entity in a system which, if it no longer functions, would adversely affect the entire system
service pack software that is a cumulative package of all security updates plus additional features
Service Set Identifier (SSID) the user-supplied network name of a WLAN; it can generally be alphanumeric from 2 to 32 characters
session cookie a cookie that is stored in random access memory (RAM), instead of on the hard drive, and only lasts for the duration of visiting a Web site
session hijacking an attack in which an attacker attempts to impersonate the user by using his session token
session token a form of verification used when accessing a secure Web application
shoulder surfing watching an authorized user enter a security code on a keypad
signature-based monitoring a monitoring technique used by an IDS that examines network traffic to look for well-known patterns and compares the activities against a predefined signature
signature file a sequence of bytes (a string) found in the virus as a virus signature
Simple Network Management Protocol (SNMP) a TCP/IP protocol that exchanges management information between networked devices and allows network administrators to remotely monitor, manage, and configure devices on the network
single-factor authentication using one type of authentication credentials
Single Loss Expectancy (SLE) the expected monetary loss every time a risk occurs
single sign-on (SSO) using one authentication credential to access multiple accounts or applications
smart card a card that contains an integrated circuit chip that can hold information used as part of the authentication process
smurf attack an attack that broadcasts a ping request to all computers on the network yet changes the address from which the request came to that of the target
social engineering a means of gathering information for an attack by relying on the weaknesses of individuals
social networking grouping individuals and organizations into clusters or groups based on a like affiliation
social networking site web sites that facilitate linking individuals with common interests like hobbies, religion, politics, or school or work contacts
spam unsolicited e-mail
spear fishing a phishing attack that targets only specific users
spim a variation of spam, which targets instant messaging users instead of e-mail users
spoofing impersonating another computer or device
spy a person who has been hired to break into a computer and steal information
spyware a general term used to describe software that spies on users by gathering information without consent, thus violating their privacy
SQL injection an attack that SQL servers by injecting commands to be manipulated by the database
SSID broadcast the transmission of the SSID from the access point to wireless devices
standard biometrics using fingerprints or other unique physical characteristics of a person's face, hands, or eyes for autnetication
stegnography hiding the existence of data within a text, audio, image, or video file
stream cipher an algorithm that takes one character and replaces it with one character
subnetting (subnet addressing) a technique that uses IP addresses to divide a network into network, subnet, and host
succession planning determining in advance who will be authorized to take over in the event of the incapacitation or death of key employees
switch a device that connects network segments and forwards only frames intended for that specific device or frames sent to all devices
symmetric cryptographic algorithm encryption that uses a single key to encrypt and decrypt a message
symmetric server cluster a technology in which every server in the cluster performs useful work, and if one server fails, the remaining servers continue to perform their normal work as well as that of the failed server
SYN flood attack an attack that takes advantage of the procedures for initiating a TCP session
system image a snapshot of the current state of the computer that contains all settings and data
tailgating the act of unauthorized individuals entering a restricted-access building by following an authorized user
Temporal Key Integrity Protocol (TKIP) a WPA encryption technology
Terminal Access Control Access Control System (TACACS) an authentication service commonly used on UNIX devices that communicates by forwarding user authentication information to a centralized server. the current version is TACACS+
third-party cookie a cookie that was created by a third party that is different from the primary Web site
third-party trust a trust model in which two individuals trust each other because each individually trusts a third party
threat a type of action that has the potential to cause harm
threat agent a person or element that has the power to carry out a threat
time of day restrictions limitations imposed as to when a user can log on to a system
token a small device that can be affixed to a keychain with a window display that shows a code to be used for authentication
transitive access an attack involving using a third party to gain access rights
Transmission Control Protocol/Internet Protocol (TCP/IP) the most common protocol suite used today for local area networks (LANs) and the internet
Transport Layer Security (TLS) a protocol that is an extension of SSL and guarantees privacy and data integrity between applications
Triple Data Encryption Standard (3DES) a symmetric cipher that was designed to replace DES
Trojan horse (Trojan) an executable program advertised as performing one activity, but actually does something else (or it may perform both the advertised and malicious activities)
trust model the type of trusting relationship that can exist between individuals or entities
trusted operating system (trusted OS) a hardened operating system that can keep attackers from accessing and controlling critical parts of a computer system
Trusted Platform Module (TPM) a chip on the motherboard of the computer that provides cryptpgraphic services
Twofish a later derivation of the Blowfish algorithm that is considered to be strong
virtual LAN (VLAN) a technology that allows scattered users to be logically grouped together even though they may be attached to different switches
virtual private network (VPN) a technology to use an unsecured public network, such as the Internet,like a sercure private network
virtualization a means of managing and presenting computer resources by function without regard to their physical layout or location
vishing a phishing attack that uses a telephone call instead of e-mail
voice encryption using encryption to mask the content of voice communications
VPN concentrator a device that aggregates hundreds of thousands of VPN connections
vulnerability a flaw or weakness that allows a threat agent to bypass security
vulnerability assessment a systematic and methodical evaluation of the exposure of assets to attackers, forces of nature, or any other entity that is a potential harm
vulnerability scan an automated software search through a system for any known security weaknesses that then creates a report of those potential exposures
vulnerability scanner generic term for a range of products that look for vulnerabilities in networks or systems
war chalking the process of documenting and then advertising the location of wireless LANs for other to use
war driving searching for wireless signals from an automobile or on foot using a portable computing device
warm site a remote site that contains computer equipment but does not have active Internet or telecommunication facilities, and does not have backups of data
Web application firewall a special type of firewall that looks more deeply into packets that carry HTTP traffic
Web security gateway a device that can block malicious content in "real time" as it appears (without forst knowing the URL of a dangerous site)
whaling a phishing attack that targets only wealthy individuals
white box a test where the tester has an in-depth knowledge of the network and systems being tested, including network diagrams, IP addresses, and even the source code of the custom applications
whole disk encryption cryptography that can be applied to entire disks
Wi-Fi Protected Access (WPA) the original set of protections from the Wi-Fi Alliance in 2003 designed to protect both the present and future wireless devices
Wi-Fi Protected Access 2 (WPA2) the second generation of WPA security from the Wi-Fi Alliance in 2004 to address authentication and encryption on WLANs
Wired Equivalent Privacy (WEP) an IEEE 802.11 security protocol designed to ensure the only authorized parties can view transmitted wireless information. WEP has significant vulnerabilities is not considered secure
word splitting horizontally separating words so that they can still be read by the human eye
worm a malicious program designed to take advantage of a vulnerability in an application or an operating system in order to enter a computer and then self-replicate to other computers
X.509 the most widely acepted format for digital certificates as defined by the International Telecommunication Union (ITU)
Xmas Tree port scan sending a packet with every option set on for whatever protocol is in use to observe how a hosts responds
XML (Extensible Markup Language) a markup language that is designed to carry data instead of indicating how to display it
XML injection an attack that injects XML tags and data into a database
zero day attacks attacks that exploit previously unknown vulnerabilities, so victims have no time (zero days) to prepare or defend against the attacks