Help

Options

focusNode

Didn't know it?
click below

Knew it?
click below

Don't Know

Remaining cards (0)

Know

retry

shuffle

restart

0:00

Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

Normal Size Small Size show me how

Security+ Terms

Term	Definition
10 Tape Rotation	A backup rotation scheme in which ten backup tapes are used over the course of two weeks.
3DES - Number of Rounds	48
3-Leg Perimeter	A type of DMZ where a firewall has three legs that connect to the LAN, Internet, and the DMZ.
802.1X	An authentication technology used to connect devices to a LAN or WLAN. It is an example of port-based NAC.
Acceptable Use	Acceptable usage policies define the rules that restrict how a computer, network, or other system may be used.
Acceptable Use Policy	A document stipulating constraints and practices that a user must agree to for access to a corporate network or the Internet
Access Control	The ability of a subject to interact with an object
Access Control List	A list stating who has specific types access to what
Access Control Model	Methodologies in which admission to physical areas, and more important computer systems, is managed and organized.
Access Point	A hardware device or a computer's software that acts as a communication hub for users of a wireless device to connect to a wired LAN
Account Expiration	The date when users’ accounts they use to log on to the network expires.
Accounting	Track the use of network resources by authenticated users
Active Directory	Microsoft's directory service, which is a central database of all network resources, is used to manage the network and provide users with access to resources.
Active Interception	Also known as active inception in the CompTIA 2008 Security+ objectives; normally includes a computer placed between the sender and the receiver in an effort to capture and possibly modify information.
Activex	A set of Microsoft technologies used to link desktop applications to Web sites.
Activex Controls	A specific way of implementing ActiveX; also called add–ons.
Ad Filtering	Ways of blocking and filtering out unwanted advertisement; popup blockers and content filters are considered to use these methods
Add–Ons	A specific way of implementing ActiveX; also called ActiveX controls.
Address Resolution Protocol	A protocol used by the Internet Protocol, specifically IPv4, to map IP network addresses to the hardware addresses used by a data link protocol.
Address Space Layout Randomization	A windows vista feature that randomly assigns executable operating system code to different possible locations in memory
Advanced Encryption Standard	One of the newest encryption methods, uses Rijndael algorythm 128bit 192 bit and 256 bit are typically used. The U.S. Government specifies AES 192 or 256 for highly sensitive data
Advanced Persistent Threat	A network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time
Adware	A software program that delivers advertising content in a manner that is unexpected and unwanted by the user
Algorithms	Well-defined instructions that describe computations from their initial state to their final state.
Annualized Loss Expectancy	The product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE)
Annualized Rate of Occurrence	The probability that a risk will occur in a particular year.
Anomaly-Based Monitoring	Also known as statistical anomaly based; establishes a performance baseline based on a set of normal network traffic evaluations.
Anomaly–Based Monitoring	A process for detecting attacks by observing statistical anomalies.
Antispyware	Software that helps prevent computers from becoming infected by different types of spyware
Antivirus	Software that can scan a computer for infections as well as monitor computer activity and scan all new documents, such as e–mail attachments, that might contain a virus.
AP Isolation	Each client connected to the AP will not be able to communicate with each other, but they can each still access the Internet.
Application Firewall	A firewall that can control the traffic associated with specific applications. Works all the way up to the Application Layer of the OSI model.
Application Level Gateway	Applies security mechanisms to specific applications, such as FTP and/or BitTorrent. It supports address and port translation and checks whether the type of application traffic is allowed.
Application Programming Interface	A system of tools and resources in an operating system, enabling developers to create software applications.
Application Service Provider	A business providing computer-based services to customers over a network; such as access to a particular software application (such as customer relationship management) using a standard protocol
ARP Poisoning	An attack that exploits Ethernet networks, and it may enable an attacker to sniff frames of information, modify that information, or stop it from getting to its intended destination.
Asset	An entity that has value.
Asymmetric Key Algorithm	This type of cipher uses a pair of different keys to encrypt and decrypt data.
Audit	A methodical examination and review that produces a detailed report of its findings.
Audit Records	Operating system logs that contain only security event information
Audit Trails	Records or logs that show the tracked actions of users, whether the user was successful in the attempt.
Authentication	Verifying the identity of a subject Note: Does NOT infer any test for any permissions, only the identity.
Authentication Header	Protects the non–changing elements in the Ipheader, enabling data–origin authentication
Authentication Methods (3)	1. Something you know (ie password) 2. Something you have (ie token) 3. Something you are (ie biometrics)
Authenticator	The device in between the supplicant and the authentication server, such as a wireless access point. Can be simple and dumb – all of the brains have to be in the supplicant and the authentication server.
Authorization	Grant specific types of privileges or permissions of an authenticated entity to specific resource
Automated Patch Update Service	A locally managed patch update service that is used to distribute patches instead of relying upon the vendor's online update service.
Availability	Ensures that data is accessible to authorized users.
Back to-Back Perimeter	A type of DMZ where the DMZ is located between the LAN and the Internet.
Backdoor	Typically a program, such as BackOrifice, that opens and holds a dynamic port number open while the intruder uses that port number to "respond" to the program
Backup Generator	Part of an emergency power system used when there is an outage of regular electric grid power.
Baiting	When a malicious individual leaves malware-infected removable media, such as a USB drive or optical disc, lying around in plain view.
Baseline	A reference set of data against which operational data is compared.
Baseline Reporting	Identification of the security posture of an application, system, or network.
Baselining	The process of measuring changes in networking, hardware, software, and so on.
Basic Input/Output System	A coded program embedded on a processor chip that recognizes and controls different devices on the computer system..
Bastion Host	System located in a DMZ or connected to the internet that has been hardened against hackers
Bayesian Filtering	An advanced method for detecting spam.
Behavior-Based Monitoring	A monitoring system that looks at the previous behavior of applications, executables, and/or the operating system and compares that to current activity on the system.
Biometrics	The science of recognizing humans based on one or more physical characteristics.
Birthday Attack	A brute force attack that takes advantage of the Birthday Paradox to simplify the attack.
Bittorrent	A type of p2p network that maximizes transfer speeds by gathering pieces of a file and downloading them separately.
Blacklist	A list of senders for which the user does not want to receive e–mail.
Blackout	When a total loss of power for a prolonged period occurs.
Block Cipher	A type of algorithm that encrypts a number of bits as individual units known as blocks.
Blowfish Key Length	up to 448 bits
Bluejacking	The sending of unsolicited messages to Bluetooth-enabled devices such as mobile phones and PDAs.
Bluesnarfing	The unauthorized access of information from a wireless device through a Bluetooth connection.
Bluetooth security modes	SM1(promiscous) < SM2 (establish security after pairing) < SM3 (establish security required first)
Boot Virus	A virus that infects the Master Boot Record (MBR) of a hard disk drive.
Border Gateway Protocol	Routing protocol used to transfer data and information between different host gateways, the Internet or autonomous systems. Is a Path Vector Protocol (PVP)
Bot Herder	An attacker who controls several botnets.
Botnet	A group of zombie computers that are under the control of an attacker.
Bridge Protocol Data Unit	Frame that contains information about the Spanning tree protocol (STP)
Bring Your Own Device	Increasing trend toward employee-owned devices within a business
Broadcast Storm	When there is an accumulation of broadcast and multicast packet traffic on the LAN coming from one or more network interfaces.
Brownout	When the voltage drops to such an extent that it typically causes the lights to dim and causes computers to shut off.
Brute Force Attack	A password attack where every possible password is attempted.
Buffer Overflow	A process that attempts to store data in random access memory beyond the boundaries of a fixed length storage buffer.
Buffer Overflow Exploit	An anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory
Business Continuity Planning	The creation of a strategy through the recognition of threats and risks facing a company, with an eye to ensure that personnel and assets are protected and able to function in the event of a disaster
Business Impact Analysis	The examination of critical versus noncritical functions, it is part of a business continuity plan (BCP).
Business Partners Agreement	Written agreement between two or more individuals who join as partners to form and carry on a for-profit business.
Butt Set	A device that looks similar to a phone but has alligator clips that can connect to the various terminals used by phone equipment, enabling a person to listen in to a conversation.
California Database Security Breach Act	A state act that requires disclosure to California residents if a breach of personal information has or is believed to have occurred.
Carrier Protocol	The protocol used by the network (IP on the Internet) that the information is traveling over
Cells	The coverage areas for cellular communications
Cellular Telphones	Portable communications devices that function in a manner unlike wired telephones.
Certificate Authority	The entity (usually a server) that issues digital certificates to users.
Certificate Multi–Factor Authentication	Uses more than one authentication mechanism at the same time (ie ATM card + PIN)
Certificate Revocation List	A list of certificates no longer valid or that have been revoked by the issuer.
Certificate Signing Request	A message sent from an applicant to a Certificate Authority in order to apply for a digital identity certificate
Certificates	Digitally signed electronic documents that bind a public key with a user identity.
Chain of Custody	Documents who had custody of evidence all the way up to litigation or a court trial (if necessary) and verifies that the evidence has not been modified.
Challenge Handshake Authentication Protocol	A vendor–neutral protocol in which the server and the client are able to complete a handshake and obtain authentication over a PPP network connection, without the client's password EVER crossing the network
Change Management Team	A group of personnel within an organization who oversee changes.
Channel Service Unit	a digital-interface device used to connect a data terminal equipment (DTE), such as a router, to a digital circuit, such as a Digital Signal 1 (T1) line
Channels	Internet Relay Chat discussion forums.
Chat	Instant messaging between several users simultaneously.
Chief Information Officer	An executive job title commonly given to the person at an enterprise in charge of information technology (IT) strategy and the computer systems required to support an enterprise's objectives and goals
Chief Security Officer	The company executive responsible for the security of personnel, physical assets and information in both physical and digital form
Chief Technology Officer	An executive-level position in a company or other entity whose occupation is focused on scientific and technological issues within an organization
Children'S Online Privacy Protection Act	A U.S. federal act that requires operators of online services or Wev sites directed at children under the age of 13 to obtain parental consent prior to the collection, use, disclosure, or display of a child's personal information
Chromatic Dispersion	The refraction of light as in a rainbow. If light is refracted in such a manner on fiber optic cables, the signal cannot be read by the receiver.
Cipher	An algorithm that can perform encryption or decryption.
Cipher Feedback	A mode of operation for a block cipher
Ciphertext Attack	A vulnerability of all crypto–systems, but mainly PGP and Open–PGP. The cryptoanalyst works from the cipher text alone, but is able to gather enough data to infer the rest. Especially weak, if the same cipher or key is used to sign and encrypt the email
Circuit-Level Gateway	Works at the Session Layer of the OSI model and applies security mechanisms when a TCP or UDP connection is established; they act as a go-between for the Transport and Application Layers in TCP/IP.
Closed-Circuit Television	A television system in which the video signals are transmitted from one or more cameras by cable to a restricted set of monitors.
Cloud Computing	A way of offering on-demand services that extend the capabilities of a person’s computer or an organization’s network.
Cloud Service Provider	A company that offers some component of cloud computing
Cluster	Two or more servers that work with each other.
Cold Site	This has tables, chairs, bathrooms, and possibly some technical setup, for example, basic phone, data, and electric lines, but will require days if not weeks to set up properly.
Common Access Card	A "smart" card about the size of a credit card, is the standard identification for active duty uniformed service personnel
Common Gateway Interface	Scripts that manipulate data and enable user interaction on Web servers.
Companion Virus	A virus that adds a program to the operating system that is a copycat "companion" to a legitimate program.
Completely Automated Public Turing test to tell Computers and Humans Apart	A type of challenge-response test used in computing to determine whether or not the user is human
Computer Emergency Response Team	Expert group that handles computer security incidents
Computer Incident Response Team	A group that handles events involving computer security breaches
Computer Security Audits	Technical assessments made of applications, systems, or networks.
Confidentiality	Ensures that only authorized parties can view the information.
Configuration Baseline	Operating system configurations settings that will be used for each computer in the organization.
Content Addressable Memory Table	A table that is in a switch’s memory that contains ports and their corresponding MAC addresses.
Content Filters	Individual computer programs that block external files that use JavaScript or images from loading into the browser.
Content Management System	A computer application that supports the creation and modification of digital content. It is often used to support multiple users working in a collaborative environment.
Content protection	Obfuscation of the data within a conversation "protected movie dvd"
Context protection	Obfuscation of the identity of the sender and receiver of data
Contingency Planning	Developing responses in advance for various situations that might impact business
Continuity Of Operation Planning	Planning that helps to ensure trouble-free operations through unanticipated events
Controller Area Network	A vehicle bus standard designed to allow microcontrollers and devices to communicate with each other in applications without a host computer.
Cookies	Text files placed on the client computer that store information about it, which could include your computer’s browsing habits and credentials
Corrective Action Report	Procedure used to originate a corrective action. It is used as response to a defect. In simple words, it means an action/actions adopted to eliminate the problem from occurring again
Counter-mode/CBC-MAC Protocol	An encryption protocol designed for Wireless LAN products that implements the standards of the IEEE 802.11i amendment to the original IEEE 802.11 standard
Cross-Site Request Forgery	An attack that exploits the trust a website has in a user’s browser in an attempt to transmit unauthorized commands to the website.
Cross-Site Scripting	Using client–side scripts typically written in JavaScript that are designed to extract information from the victim and then pass the information to the attacker.
Crosstalk	When a signal transmitted on one copper wire creates an undesired effect on another wire; the signal “bleeds” over, so to speak.
Cryptanalysis Attack	A password attack uses a considerable set of precalculated encrypted passwords located in a lookup table.
Cryptographic Hash Functions	Hash functions based on block ciphers.
Cryptography	The practice and study of hiding information.
Customer Relationship Management	An approach to managing a company's interactions with current and future customers. It often involves using technology to organize, automate, and synchronize sales, marketing, customer service, and technical support
Cybercrime	Targeted attacks against financial networks, unauthorized access to information, and the theft of personal information.
Cybercriminals	A loose–knit network of attackers, identity thieves, and financial fraudsters that are more highly motivated, less risk–averse, better funded, and more tenacous than hackers.
Cyberterrorism	Attacks launched by cyberterrorists that could cripple a nation's electronic and commercial infrastructure.
Cyberterrorist	An attacker motivated by ideology to attack computers or infrastructure networks.
Cyclical Redundancy Check	A method of checking for errors in data that has been transmitted on a communications link
Data Classification	The process of assigning a level of business importance, availability, sensitivity, security, and regualtion requirements to data.
Data Emanation	The electromagnetic field generated by a network cable or network device, which can be manipulated to eavesdrop on conversations or to steal data.
Data Encryption Standard	Symmetric-key algorithm for the encryption of electronic data. Although now considered insecure, it was highly influential in the advancement of modern cryptography.
Data Execution Prevention	A windows feature that uses a CPU's ability to mark sections of a computer's memory as exclusively for data and not for code.
Data Loss Prevention	Strategy for making sure that end users do not send sensitive or critical information outside the corporate network
Data Service Unit	Piece of telecommunications circuit terminating equipment that transforms digital data between telephone company lines and local equipment
Database Administrator	Performs activities to ensure that a database is always available as needed
Default Account	An account installed by default on a device or within an operating system with a default set of user credentials that are usually insecure.
Defense in Depth	The building up and layering of security measures that protect data from inception, on through storage and network transfer, and lastly to final disposal.
Definition Files	Antivirus update files; also known as signature files.
Demilitarized Zone	A special area of the network (sometimes referred to as a subnetwork) that houses servers that host information accessed by clients or other networks on the Internet.
Denial of Service	A broad term given to many different types of network attacks that attempt to make computer resources unavailable.
DES - Number of Rounds	16
DES Blocksize	64 bits
DES Key Length	56 bits
Destination Network Address Translation	Performed on incoming packets, when the firewall translates a public destination address to a private address
Dictionary attack	A method of finding a key by trying many commonly used or probable keys
Differential Backup	Type of backup that backs up only the contents of a folder that have changed since the last full backup.
Diffie–Hellman Key Exchange	A method where two strange computers can agree on a secure password, over a non–secure network, which can subsequently be used for IPSEC encryption. It is the first step of a secure conversation.
Digital Signature	A signature that authenticates a document through math, letting the recipient know that the document was created and sent by the actual sender and not someone else.
Digital Signature Algorithm	Standard for digital signatures
Digital Subscriber Line	Communications medium used to transfer digital signals over standard telephone lines
Directory Traversal	Also known as the ../ (dot dot slash) attack is a method of accessing unauthorized parent directories.
Disaster Recovery Plan	A plan that details the policies and procedures concerning the recovery and/or continuation of an organization’s technology infrastructure.
Discover	Part of the pretrial phase of a lawsuit in which each party through the law of civil procedure can request documents and evidence.
Discretionary Access Control	Access control based on identity of subjects or groups to which they belong *Certain subjects (eg ""Owner"") may pass permissions on to any other subject
Disk Duplexing	When each disk is connected to a separate controller.
Distributed Denial of Service	The intentional paralyzing of a computer network by flooding it with data sent simultaneously from many individual computers
Diversion Theft	When a thief attempts to take responsibility for a shipment by diverting the delivery to a nearby location.
Diversity of Defense	Layers of security should be implemented using dissimilar methods and vendors. Layers should be so dissimilar that if one layer is penetrated, the next layer cannot be penetrated using the same method
DNS Poisoning	The modification of name resolution information that should be in a DNS server’s cache.
DNS Zone Transfer	One of the many mechanisms available for administrators to replicate DNS databases across a set of DNS servers
Domain Name Kiting	The process of deleting a domain name during the five-day grace period (known as the add grace period or AGP) and immediately reregistering it for another five-day period to keep a domain name indefinitely and for free.
Domain Name Service (Server)	An Internet service that translates domain names into IP addresses
Dumpster Diving	When a person literally scavenges for private information in garbage and recycling containers.
Dynamic Host Configuration Protocol	Client/server protocol that automatically provides an Internet Protocol (IP) host with its IP address and other related configuration information such as the subnet mask and default gateway
Dynamic Link Library	Collection of small programs, any of which can be called when needed by a larger program that is running in the computer
Easter Egg	A platonic extra added to an OS or application as a sort of joke; the harmless cousin of the logic bomb.
Eavesdropping	When a person uses direct observation to “listen” in to a conversation.
Electrically Erasavle Programmable Read–Only Memory	Nonvolatile computer memory that can be electrically erased and rewritten repeatedly.
Electromagnetic Interference	A disturbance that can affect electrical circuits, devices, and cables due to electromagnetic conduction or radiation.
Electronic Serial Number	Unique identification number embedded by manufacturers on a microchip in wireless phones
Elliptic Curve Diffie-Hellman Exchange	Anonymous key agreement protocol that allows two parties, each having an elliptic curve public–private key pair, to establish a shared secret over an insecure channel
Elliptic Curve Digital Signature Algorithm	Cryptographic algorithm used by Bitcoin to ensure that funds can only be spent by their rightful owners
Elliptic Key Cryptography	A type of public key cryptography based on the structure of an elliptic curve.
E–Mail Hoaxes	E–mail messages containing false information for the sole purpose of having readers forward the message to others.
Encapsulating Protocol	This term includes both the tunneling protocol (PPTP,L2TP) and the encrypting protocol (IPSec,Secure Shell [SSH]) that is wrapped around the original data
Encapsulating Security Payload	Ensures the integrity of the data and also the authenticity of the data’s origin
Encrypted File System	Enables transparent encryption and decryption of files by using advanced, standard cryptographic algorithms
Encryption	The process of changing information using an algorithm (or cipher) into another form that is unreadable by others—unless they possess the key to that data.
Enterprise Resource Planning	Process by which a company (often a manufacturer) manages and integrates the important parts of its business
Ethical Hacker	An expert at breaking into systems and can attack systems on behalf of the system’s owner and with the owner’s consent.
Event	An occurrence within a software system that is communicated to users or other programs outside the operating system.
Explicit Allow	When an administrator sets a rule that allows a specific type of traffic through a firewall, often within an ACL.
Explicit Deny	When an administrator sets a rule that denies a specific type of traffic access through a firewall, often within an ACL.
Exploit	To take advantage of a vulnerability.
Extensible Authentication Protocol	Not an authentication mechanism in itself but instead defines message formats. 802.1X would be the authentication mechanism and defines how this is encapsulated within messages.
Extensible Authentication Protocol over IP	Makes initial authentication over IP less complicated, but it must be strongly protected by an outside mechanism such as IPSEC AH and ESP.
Extensible Markup Language	Markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable
Extranet	Networking zone walled off from the general public, but open to certain authenticated hosts. Access to an extranet does not give access to the intranet.
Failopen Mode	When a switch broadcasts data on all ports the way a hub does.
Failover Clusters	Also known as high-availability clusters, these are designed so that a secondary server can take over in the case that the primary one fails, with limited or no downtime.
False Negative	When a system denies a user who actually should be allowed access to the system. For example, when an IDS/IPS fails to block an attack, thinking it is legitimate traffic.
False Positive	When a system authenticates a user who should not be allowed access to the system. For example, when an IDS/IPS blocks legitimate traffic from passing on to the network.
False Positives	Alarms that are raised when there is no actual abnormal behavior.
False Rejection	When a biometric system fails to recognize an authorized person and doesn’t allow that person access.
False Rejection Rate	Measure of the likelihood that the biometric security system will incorrectly reject an access attempt by an authorized user
Faraday Cage	An enclosure formed by conducting material or by a mesh of such material; it blocks out external static electric fields and can stop emanations from cell phones and other devices within the cage from leaking out.
File Infector Virus	A virus that infects program executable files with an .EXE or .COM file extension.
File system Access Control List	List of user permissions for a file, folder, or other object
File Transfer Protocol	Standard Internet protocol for transmitting files between computers on the Internet over TCP/IP connections.
Fire Suppression	The process of controlling and/or extinguishing fires to protect people and an organization’s data and equipment.
Firewall	hardware or software designed to prevent malicous packets from entering or leaving the computers; sometimes called a packet filter.
First Responders	People who perform preliminary analysis of the incident data and determine whether the incident is an incident or just an event, and the criticality of the incident.
First–Party Cookie	A cookie that is created from the web site that a user is currently viewing.
Flash Memory	A type of nonvolatile computer memory that can be electrically erased and rewritten repeatedly.
Flashing	The process for rewriting the contents of the BIOS.
Fork Bomb	An attack that works by creating a large number of processes quickly to saturate the available processing space in the computer’s operating system. It is a type of wabbit.
Forward Confirmed reverse DNS	Verifies that an email's originating IP address matches the fqdn used in the email's "from address" by doing a reverse DNS lookup on the IP, a nslookup on the fqdn, and then comparing.
Fraggle	A type of DoS similar to the Smurf attack, but the traffic sent is UDP echo traffic as opposed to ICMP echo traffic.
Full Backup	Type of backup where all the contents of a folder are backed up.
Full Disk Encryption	Encryption of all data on a disk drive, including the program that encrypts the bootable OS partition
Fully Qualified Domain Name	Complete domain name for a specific computer, or host, on the Internet. Consists of two parts: the hostname and the domain name
Fuzz Testing	When random data is inputted into a computer program in an attempt to find vulnerabilities
Galois Counter Mode	Mode of operation for symmetric key cryptographic block ciphers that has been widely adopted because of its efficiency and performance
Generic Routing Encapsulation	An IP Prototcol, which can encapsulate, encapsulate IPSEC tunnels, or be encrypted by IPSEC
Geometric Variance	Spam that uses "speckling" and different colors so that no two spam e–mails appear to be the same.
Gif Layering	Spam that is divided into multiple images but still creates a legible message.
Global Positioning System	System of satellites, computers, and receivers that is able to determine the latitude and longitude of a receiver on Earth by calculating the time difference for signals from different satellites to reach the receiver
GNU Privacy Guard	Free software replacement for Symantec's PGP cryptographic software suite
Gramm–Leach–Bliley Act	A US federal act that requires private data to be protected by banks and other financial institutions.
Grandfather-Father-Son	A backup rotation scheme in which three sets of backup tapes must be defined—usually they are daily, weekly, and monthly, which correspond to son, father, and grandfather.
Graphic Processing Unit	Programmable logic chip (processor) specialized for display functions. Renders images, animations and video for the computer's screen
Grayware	A general term used to describe applications that are behaving improperly but without serious consequences; often describes types of spyware.
Group Policies	A microsoft windows feature that provides centralized management and configuration of computers.
Group Policy Object	Collection of settings that define what a system will look like and how it will behave for a defined group of users
Guest System	A forgein virtual operating system.
Hacker	Anyone who illegally breaks into or attempts to break into a computer system; A person who uses advanced computer skills to attack computers but not with malicous intent.
Hard Disk Drive	Data storage device that uses magnetic storage to store and retrieve digital information using one or more rigid rapidly rotating disks (platters) coated with magnetic material
Hardening	Hardening of the operating system is the act of configuring an OS securely, updating it, creating rules and policies to help govern the system in a secure manner, and removing unnecessary applications and services.
Hardware Security Module	A physical device that deals with the encryption of authentication processes, digital signings, and payment processes.
Hash	A summary of a file or message. It is generated to verify the integrity of the file or message.
Hash Function	A mathematical procedure that converts a variable-sized amount of data into a smaller block of data.
Hashed Message Authentication Code	Specific type of message authentication code (MAC) involving a cryptographic hash function and a secret cryptographic key
Health Insurance Portability And Accountability Act	A US federal act that requires health care nenterprises to guard protected health information.
Heating, Ventilation and Air Conditioning	System used to provide heating and cooling services to buildings
High Availability	Systems that are durable and likely to operate continuously without failure for a long time
HMAC-based One Time Password	Algorithm relying on two basic things: a shared secret and a moving factor (a.k.a counter)
Hoax	The attempt at deceiving people into believing something that is false.
Honeynet	One or more computers, servers, or an area of a network, used to attract and trap potential attackers to counteract any attempts at unauthorized access of the network.
Honeypot	Generally is a single computer but could also be a file, group of files, or an area of unused IP address space used to attract and trap potential attackers to counteract any attempts at unauthorized access of the network.
Host Intrusion Detection Systems	Software that attempts to monitor and possibly prevent attempts to intrude into a system and network resources.
Host System	The native operating system to the hardware
Host-based Intrusion Prevention System	System or a program employed to protect critical computer systems containing crucial data against viruses and other Internet malware
Hot and Cold Aisles	The aisles in a server room or data center that circulate cold air into the systems and hot air out of them. Usually, the systems and cabinets are supported by a raised floor.
Hot Site	A near duplicate of the original site of the organization, complete with phones, computers, networking devices, and full backups.
Hot Standby Router Protocol	Cisco proprietary redundancy protocol for establishing a fault-tolerant default gateway
Hotfix	A software update that addresses a specific customer situation and often may not be distributed outside that customer's organization.
HTTP Proxy	Caches web pages from servers on the Internet for a set amount of time.
Hypertext Markup Language	Set of markup symbols or codes inserted in a file intended for display on a World Wide Web browser page
Hypertext Transfer Protocol	Application protocol for distributed, collaborative, and hypermedia information systems. Foundation of data communication for the World Wide Web
Hypertext Transfer Protocol over SSL	Communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security, or its predecessor, Secure Sockets Layer
Hypervisor	Software that runs on a physical computer and manages one or more virtual machine operating systems.
Identification	When a person is in a state of being identified. It can also be described as something that identifies a person such as an ID card.
Identity Proofing	An initial validation of an identity.
Identity Provider	Provides identifiers for users looking to interact with a system and asserts to such a system that such an identifier presented by a user is known to the provider
Identity Theft	Using someone's personal information, such as a SSN to establish bank or credit card accounts that are then left unpaid, leaving the victim with the debts and ruining their credit rating.
Image Spam	Spam that uses graphical images of text to circumvent text–based spam filters.
Implicit Deny	Denies all traffic to a resource unless the users generating that traffic are specifically granted access to the resource
Incident Management	The monitoring and detection of security events on a computer network and the execution of proper responses to those security events.
Incident Response	A set of procedures that an investigator goes by when examining a computer security incident.
Incident Response Procedure	Set of written instructions for detecting, responding to and limiting the effects of an information security event
Incremental Backup	Type of backup that backs up only the contents of a folder that have changed since the last full backup or the last incremental backup.
Indirect attack	A method of breaking a cryptographic or other system by attacking the implementation of the system/algorithm rather than the system itself
Industrial Control Systems	General term that encompasses several types of control systems and associated instrumentation used in industrial production
Information Assurance	The practice of managing information–related risks by ensuring CONFIDENTIALITY, INTEGRITY, AUTHENTICITY, AVAILABILITY, AND NON–REPUDIATION. IA is the process of insuring that AUTHORIZED USERS have access to AUTHORIZED INFORMATION at the AUTHORIZED TIME.
Information Lifecycle Management	A set of strategies for administering, maintaining, and managing computer storage systems to retain data.
Information Security	Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, and destruction. Protection = Prevention + Detection + Response
Information Systems Security Officer	Senior-level executive responsible for developing and implementing an information security program, which includes procedures and policies designed to protect enterprise communications, systems and assets from both internal and external threats
Infrastructure as a Service	A cloud computing service that offers computer networking, storage, load balancing, routing, and VM hosting.
Inheritance	The process by which permissions given to a higher–level "parent" are passed down to a lower–level "child"
Initialization Vector	Random number used in combination with a secret key as a means to encrypt data. This number is sometimes referred to as a nonce, or “number occuring once,” as an encryption program uses it only once per session
Input Validation	Verifying user input.
Instant Messaging	A method of online communication like e–mail except that it is conducted instantaneously in real time.
Integrity	Assurance that data is authentic, complete, un–altered, correct, and can be relied upon
Integrity Primitives Evaluation Message Digest	Family of cryptographic hash functions developed in Leuven, Belgium, by Hans Dobbertin, Antoon Bosselaers and Bart Preneel at the COSIC research group at the Katholieke Universiteit Leuven, and first published in 1996
Interconnection Security Agreement	Agreement established between the organizations that own and operate connected IT systems to document the technical requirements of the interconnection
Intermediate Distribution Frame	Distribution frame in a central office or customer premises, which cross-connects the user cable media to individual user line circuits
International Data Encryption Algorithm	Originally called Improved Proposed Encryption Standard (IPES), a symmetric-key block cipher. An optional algorithm in the OpenPGP standard.
Internet Content Filter	Applied as software at the Application Layer and can filter out various types of Internet activities such as websites accessed, e-mail, instant messaging, and more. It is used most often to disallow access to inappropriate web material.
Internet Control Message Protocol	Supporting protocol in the Internet protocol suite used by network devices, like routers, to send error messages and operational information indicating, for example, that a requested service is not available or that a host or router could not be reached
Internet key Exchange	Used to authenticate the two ends of a secure tunnel by providing a secure exchange of a shared key before IPSec transmissions begin.
Internet Message Access Protocol v4	The current version of internet mail access protocol (IMAP).
Internet of Things	Interconnection via the Internet of computing devices embedded in everyday objects, enabling them to send and receive data.
Internet Protocol	Set of rules governing the format of data sent over the Internet or other network.
Internet Protocol Security	A TCP/IP protocol that authenticates and encrypts IP packets, effectively securing communications between computers and devices using the protocol.
Internet Relay Chat	Protocol that allows users that connect to servers to have converstaions with others in real time
Internet Service Provider	A company that provides subscribers with access to the Internet
Intranet	Every part of a network that lies on the inside of the last firewall from the Internet inside of the last firewall from the Internet
Intrusion Detection System	Device or software application that monitors a network or systems for malicious activity or policy violations
IP Proxy	Secures a network by keeping machines behind it anonymous; it does this through the use of NAT.
Irc Internet Relay Chat	An open communication protocol that is used for real–time "chatting" with other IRC users over the Internet. Also used to control zombies.
IT Contingency Plan	Plan devised for an outcome other than in the usual (expected) plan. It is often used for risk management when an exceptional risk that, though unlikely, would have catastrophic consequences
IV Attack	A type of related-key attack, which is when an attacker observes the operation of a cipher using several different keys, and finding a mathematical relationship between them, allowing the attacker to ultimately decipher data.
Java	A complete object–oriented programming language created by sun microsystems that can be used to create standalone applications.
Java Applet	A type of smaller java program
Javascript	A scripting language that enables developers to create interactive Web sites.
Job Rotation	When users are cycled through various assignments.
Just a Bunch Of Disks	Type of multilevel configuration for disks that have not been designed for a RAID array. Combines all underlying disks in a computer system or array as a logical unit
Kerberos	An authentication protocol that enables computers to prove their identity to each other in a secure manner.
Kerberos Time–based	5 minutes skew in Windows, 10 minutes in other applications. If the client's time is not within the permissible skew, authentication is denied
Kernel	Part of the operating system that is responsible for managing the system resources.
Key	The essential piece of information that determines the output of a cipher.
Key Distribution Center	Performs as a Authentication Server (AS) and a Ticket Granting Server (TGS)
Key Encryption Key	Used to encrypt what they call the Master Key, which will be used to encrypt any data that is put in the user's protected storage
Key Escrow	When certificate keys are held in case third parties, such as government or other organizations, need access to encrypted communications.
Key Hashing for Message Authentication Code	Used to digitally sign packets on IPSec connections
Keylogger	A small hardware device or a program that monitors each keystroke a user types on the computer's keyboard.
L Universal Resource Locator	Commonly informally termed a web address (a term which is not defined identically). Reference to a web resource that specifies its location on a computer network and a mechanism for retrieving it
LANMAN Hash	The original hash used to store Windows passwords, known as LM hash, based off the DES algorithm.
Layer 2 Tunneling Protocol	A tunneling protocol used to connect virtual private networks. It does not include confidentiality or encryption on its own. It uses port 1701 and can be more secure than PPTP ifused in conjunction with IPsec.
Layers of Security	Multiple barriers working in conjunction help eliminate single points of failure
Least Privilege	Give only the absolute minimum rights and privileges needed
Lightweight Directory Access Protocol	An Application Layer protocol used for accessing and modifying directory services data.
Lightweight Extensible Authentication Protocol	Proprietary wireless LAN authentication method developed by Cisco Systems. Important features are dynamic WEP keys and mutual authentication (between a wireless client and a RADIUS server).
Live Migration	Technology that enables a virtual machine to be moved to a different physical computer with no impact to the users.
Load Balancing Clusters	When multiple computers are connected in an attempt to share resources such as CPU, RAM, and hard disks.
Local Area Network	Computer network that links devices within a building or group of adjacent buildings.
Log	A record of events that occur.
Log Entries	Information in a log that contains information related to a specific event that has occured
Log File Monitor	An IDS that reads log files to determine if the network is under attack
Log Management	The process for generating, transmitting, storing, analyzing, and disposing of computer security log data.
Logic Bomb	Malicious software installed by an authorized user that is designed to drop it's payload at a designated time or after a set of conditions ha been met
MAC Filtering	A method used to filter out which computers can access the wireless network; the WAP does this by consulting a list of MAC addresses that have been previously entered.
MAC Flooding	An attack that sends numerous packets to a switch, each of which has a different source MAC address, in an attempt to use up the memory on the switch. If this is successful, the switch will change state to failopen mode.
Macro	A series of commands and instructions that can be grouped as a single command.
Macros Virus	A virus written in a scripting language.
Mail Exchange Record	An entry in the domain name system that identifies the mail server responsible for handling that domain name.
Main Distribution Frame	Signal distribution frame for connecting equipment (inside plant) to cables and subscriber carrier equipment (outside plant)
Malware	Malicious software that enters a computer system without the owner's knowledge or consent.
Mandatory Access Control	Access control based on levels of sensitivity assigned to objects (Labels) and formal levels of authorization (ie clearance) of subjects.
Man-in-the-Middle Attack	An attack in which the attacker will intercept communications between two parties and, sometimes, modify the messages between them
Mantrap	An area between two doorways, meant to hold people until they are identified and authenticated.
Many-to-One Mapping	When multiple certificates are mapped to a single recipient.
Master Boot Record	An area on a hard disk drive that contains the program necessary for the computer to start up and a description of how the hard drive is organized.
Maximum Transmission Unit	Largest size packet or frame, specified in octets (eight-bit bytes), that can be sent in a packet- or frame-based network such as the Internet
MD5 Hash Size	128 bits
Mean Time Between Failures	Predicted elapsed time between inherent failures of a system during operation
Mean Time To Failure	Length of time a device or other product is expected to last in operation
Mean Time To Recover	Average time that a device will take to recover from any failure
Memorandum Of Understanding	Formal agreement between two or more parties
Message Authentication Code	Short piece of information used to authenticate a message—in other words, to confirm that the message came from the stated sender (its authenticity) and has not been changed in transit (its integrity)
Message-Digest Algorithm 5	A 128-bit key hash used to provide integrity of files and messages.
Metamorphic Virus	A virus that alters how it appears to avoid detection
Metropolitan Area Network	Network that interconnects users with computer resources in a geographic area or region larger than that covered by even a large local area network (LAN) but smaller than the area covered by a wide area network (WAN)
Microsoft Challenge Handshake Authentication Protocol	Microsoft version of the Challenge-Handshake Authentication Protocol, CHAP
Mobile Telecommunications Switching Office	The link between the cellular network and the wired telephone world that controls all of the transmitters and base stations in the cellular network.
Monitoring as a Service	Provides the option to offload a large majority of those costs by having it run as a service as opposed to a fully invested in house tool
Multifactor Authentication	Uses more than one authentication mechanism at the same time (eg ATM card + PIN)
Multi-Protocol Layer Switch	Allows most packets to be forwarded at Layer 2 (the switching level) rather than having to be passed up to Layer 3 (the routing level). Each packet gets labeled on entry into the service provider's network by the ingress router.
Mutual Authentication	Authentication of both sides of a communication. Helps prevent man–in–the–middle attacks
National Institute of Standards and Technology	Measurement standards laboratory, also known as a National Metrological Institute (NMI), which is a non-regulatory agency of the United States Department of Commerce
Near Field Communication	Short-range wireless connectivity standard (Ecma-340, ISO/IEC 18092) that uses magnetic field induction to enable communication between devices when they're touched together, or brought within a few centimeters of each other
nessus	Tenable Network Security Vulnerability Scanner. Checks for remote cracker; open mail relays; missing patches; default, blank, dictionaly or weak passwords; DoS against the TCP/IP stack and by using mangled packets; etc.
Network Access Control	Approach to computer security that attempts to unify endpoint security technology (such as antivirus, host intrusion prevention, and vulnerability assessment), user or system authentication and network security enforcement
Network Address Control	Sets the rules by which connections to a network are governed.
Network Address Translation	The process of changing an IP address while it is in transit across a router. This is usually so one larger address space (private) can be remapped to another address space, or single IP address (public).
Network Attached Storage	A single dedicated hard disk–based file storage device that provides centralized and consolidated disk storae that is available to LAN users through a standard network connection.
Network Intrusion Detection System	A type of IDS that attempts to detect malicious network activities—for example, port scans and DoS attacks—by constantly monitoring network traffic.
Network Intrusion Prevention System	Designed to inspect traffic, and based on its configuration or security policy, the system can remove, detain, or redirect malicious traffic.
Network Management System	The software run on one or more servers that controls the monitoring of network attached devices and computers.
Network Mapping	The study of physical and logical connectivity of networks.
Network News Transfer Protocol	Predominant protocol used by computer clients and servers for managing the notes posted on Usenet newsgroups.
Network Operating System	Computer operating system system that is designed primarily to support workstation, personal computer, and, in some instances, older terminal that are connected on a local area network (LAN)
Network Perimeter	The border of a computer network, commonly secured by devices such as firewalls and NIDS/NIPS solutions.
Network Time Protocol	Networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks
New Technology File System	Proprietary file system developed by Microsoft. Starting with Windows NT 3.1, it is the default file system of Windows NT family
New Technology LAN Manager	Suite of Microsoft security protocols that provides authentication, integrity, and confidentiality to users
No Execute	A bit setting to designate a part of memory to contain only data, not executable code.
Nonce	A random number issued by an authentication protocol that can only be used once.
Non-Disclosure Agreement	Contract by which one or more parties agree not to disclose confidential information that they have shared with each other as a necessary part of doing business together
Non-Promiscuous Mode	When a network adapter captures only the packets that are addressed to it.
Nonrepudiation	A way to guarantee that information received is from the source indicated. This must be legally enforceable. This is usually accomplished by "digitally signing" of messages, computer programs and other data. senders cannot deny they sent a message
NTLM Hash	Successor to the LM hash. A more advanced hash used to store Windows passwords, based off the RC4 algorithm.
NTLM2 Hash	Successor to the NTLM hash. Based off the MD5 hashing algorithm.
Null Session	When used by an attacker, a malicious connection to the Windows interprocess communications share (IPC$).
One Time Pad	Considered the MOST difficult symetric (or "private key") encryption to crack. Each file uses a diffferent random number.
One-to-One Mapping	When an individual certificate is mapped to a single recipient.
Online Certificate Status Protocol	Internet protocol used for obtaining the revocation status of an X.509 digital certificate
Open Authorization	Open standard for token-based authentication and authorization on the Internet
Open License Agreement	Volume licensing program for small- to mid-sized companies with fewer than 250 desktop computers
Open Mail Relay	Also known as an SMTP open relay; it enables anyone on the Internet to send e-mail through an SMTP server.
Open Vulnerability Assessment Language	A standard and a programming language designed to standardize the transfer of secure public information across networks and the Internet utilizing any security tools and services available
Operating System	The software that supports a computer's basic functions, such as scheduling tasks, executing applications, and controlling peripherals
Operating System Virtualization	A virtualized environment in which an entire operating system environment is simulated.
Operational Model of Security	Protection = Prevention + Detection + Response
Packet Capture	Computer networking term for intercepting a data packet that is crossing or moving over a specific computer network
Packet Filter	Another name for a firewall.
Packet Filtering	Inspects each packet passing through the firewall and accepts or rejects it based on rules.
Pan-Tilt-Zoom	Name given to a type of IP camera where the user can control the movement and position of the lens from a remote location using controls on an Internet browser or software application
Partition Table	A table on the hard drive that describes how the hard drive is organized.
Passenger Protocol	The original data being carried
Password Authentication Protocol	Authentication protocol that uses a password. Used by Point to Point Protocol to validate users before allowing them access to server resources
Password Cracker	Software tool used to recover passwords from hosts or to discover weak passwords.
Password-Based Key Derivation Function 2	Applies a pseudorandom function to the input password or passphrase along with a salt value and repeats the process many times to produce a derived key, which can then be used as a cryptographic key in subsequent operations
Patch	A general software security update intended to cover vulnerabilities that have been discovered.
Patch Management	The planning, testing, implementing, and auditing of patches.
Peer to Peer	Computer networks in which each computer can act as a server for the others, allowing shared access to files and peripherals without the need for a central server
Penetration Testing	A method of evaluating the security of a system by simulating one or more attacks on that system.
Perfect Forward Secrecy	Property of secure communication protocols in which compromise of long-term keys does not compromise past session keys
Performance Baseline	A baseline that is established to create the "norm" of performance.
Performance Monitors	Hardware or software through which data is accumulated on the normal operations of the systems and networks.
Permanent DoS Attack	Generally consists of an attacker exploiting security flaws in routers and other networking hardware by flashing the firmware of the device and replacing it with a modified image.
Permissions	File system permissions control what resources a person can access on the network.
Personal Electronic Device	Lightweight consumer electronic device that looks like a hand-held computer but instead performs specific tasks
Personal Firewall	Applications that protect an individual computer from unwanted Internet traffic; they do so by way of a set of rules and policies.
Personal Identity Verification	Common credentialing and standard background investigation process required by Homeland Security Presidential Directive 12 (HSPD-12).
Personal Software Firewall	Software that runs as a program on a local system to protect it against attacks.
Personally Identifiable Information	Information used to uniquely identify, contact, or locate a person.
Pharming	When an attacker redirects one website’s traffic to another bogus and possibly malicious website by modifying a DNS server or hosts file.
Phishing	Impersonating a trusted sender to obtain the recipient's logon and other confidential data.
Piggybacking	When an unauthorized person tags along with an authorized person to gain entry to a restricted area.
Ping Flood	When an attacker attempts to send many ICMP echo request packets (pings) to a host in an attempt to use up all available bandwidth.
Ping Of Death	An attack that uses IP packet fragmentation techniques to crash remote systems.
Plain Old Telephone Service	The world's collection of interconnected voice-oriented public telephone networks, both commercial and government-owned (Also PSTN)
Platform as a Service	A cloud computing service that provides various software solutions to organizations especially the ability to develop applications without the cost or administration of a physical platform.
Pluggable Authentication Modules	Mechanism to integrate multiple low-level authentication schemes into a high-level application programming interface (API). It allows programs that rely on authentication to be written independently of the underlying authentication scheme
Point of Presence	An access point to the internet, can be in the ISP, external to an ISP, or leased from a carrier or aggregator.
Point-to-Point Protocol	Foundation for ALL modern transmission methods. Developed for serial communications (Modem, X.25, and ISDN), but its decendents are everywhere present in network communications.
Point-to-Point Tunneling Protocol	Protocol that appears to operate in the Data Link (Layer 2), but the protocol functionally operates in the Session (Layer 5)
Policy	Rules or guidelines used to guide decisions and achieve outcomes. They can be written or configured on a computer.
Polymorphic Virus	A virus that changes how it appears and encrypts its contents differently each time.
Pop-Up Blocker	An application or add-on to a web browser that blocks pop-up windows that usually contain advertisements.
Port Address Translation	Like NAT, but it translates both IP addresses and port numbers.
Port Scanner	Software used to decipher which ports are open on a host.
Post Office Protocol v3	The current version of Post Office Protocol
Pre-Action Sprinkler System	Similar to a dry pipe system, but there are requirements for it to be set off such as heat or smoke.
Pre-Shared Key	Shared secret which was previously shared between the two parties using some secure channel before it needs to be used
Pretexting	When a person invents a scenario, or pretext, in the hope of persuading a victim to divulge information.
Pretty Good Privacy	Uses keys and a secret passphrase to encrypt and decrypt e–mail.
Private Branch Exchange	Telephone system within an enterprise that switches calls between enterprise users on local lines while allowing all users to share a certain number of external phone lines
Private Key	A type of key that is known only to a specific user or users who keep the key a secret.
Privilege Auditing	Reviewing a subject's privileges over and object.
Privilege Escalation	The act of exploiting a vulnerability in the software to gain access to resources that the user would normally be restricted from obtaining.
Privilege Management	Process of assigning and revoking privileges to objects; it covers the procedures of managing object authorizations.
Programmable Read–Only Memory	A chip with which the contents can be overwritten to provide new functionality.
Promiscuous Mode	In a network adapter, this passes all traffic to the CPU, not just the frames addressed to it. When the network adapter captures all packets that it has access to regardless of the destination for those packets.
Protected Extensible Authentication Protocol	Provides security via server–side PKI certificates
Protocol Analyzer	Software tool used to capture and analyze packets.
Proxy Auto Configuration	Defines how web browsers and other user agents can automatically choose the appropriate proxy server (access method) for fetching a given URL
Proxy Server	A server that sits between an intranet and its Internet connection and handles requests to access internet resources on behalf of intranet clients
Public Key	A type of key that is known to all parties involved in encrypted transactions within a given group.
Public Key Cryptography	Uses asymmetric keys alone or in addition to symmetric keys. The asymmetric key algorithm creates a secret private key and a published public key.
Public Key Infrastructure	An entire system of hardware and software, policies and procedures, and people, used to create, distribute, manage, store, and revoke digital certificates.
Public Switched Telephone Network	The world's collection of interconnected voice-oriented public telephone networks, both commercial and government-owned (Also POTS)
Qualitative Risk Assessment	An assessment that assigns numeric values to the probability of a risk and the impact it can have on the system or network.
Quantitative Risk Assessment	An assessment that measures risk by using exact monetary values.
Radio Frequency Interference	Interference that can come from AM/FM transmissions and cell towers.
Rainbow Tables	In password cracking, a set of precalculated encrypted passwords located in a lookup table.
Rapid Application Development	Suite of software development methodology techniques used to expedite software application development
RC 4	RSA variable length stream cipher
RC 5	RSA variable length block–cipher
RC4 40 or 128 bit stream cipher	The most widely used stream cipher, used in SSL and WEP. Simple and fast – but very easy to crack. By Ron Rivest or RSA security
Read Only Memory	A chip that cannot be reprogrammed.
Real-time Transport Protocol	Network protocol for delivering audio and video over IP networks
Recovery Agent	Microsoft Windows user who has been granted the right to decrypt data that was encrypted by other users
Recovery Point Objectives	In business impact analysis, the acceptable latency of data.
Recovery Time Objectives	In business impact analysis, the acceptable amount of time to restore a function.
Redundant Array of Independent Disks 1	Mirroring. Data is copied to two identical disks. If one disk fails, the other continues to operate.
Redundant Array of Independent Disks 5	Striping with Parity. Data is striped across multiple disks; fault tolerant parity data is also written to each disk.
Redundant Array of Inexpensive Disks	Data storage virtualization technology that combines multiple physical disk drive components into a single logical unit for the purposes of data redundancy, performance improvement, or both
Redundant ISP	Secondary connections to another ISP; for example, a backup T-1 line.
Redundant Power Supply	An enclosure that contains two complete power supplies, the second of which turns on when the first fails.
Registration Authority	Authority in a network that verifies user requests for a digital certificate and tells the certificate authority (CA) to issue it
Remote Access Service	A networking service that allows incoming connections from remote dial-in clients. It is also used with VPNs.
Remote Authentication Dial-In User Server	Used to provide centralized administration of dial-up, VPN, and wireless authentication.
Remote Desktop Protocol	Microsoft protocol designed to facilitate application data transfer security and encryption between client users, devices and a virtual network server. It enables a remote user to add a graphical interface to the desktop of another computer.
Remote Triggered Black Hole Filtering	Technique that provides the ability to drop undesirable traffic before it enters a protected network
Removable Storage	Devices, such as USB flash drives, that can store data from a computer and then be disconnected.
Replay Attack	Any attack in which an attacker records an authentication or other credentials, to be replayed later to spoof the secure service
Resident Virus	A virus that is loaded into random access memory and can interrupt almost any function executed by the computer operating system and alter it.
Residual Risk	The risk that is left over after a security and disaster recovery plan have been implemented.
Return On Investment	Used to compare a company's profitability or to compare the efficiency of different investments. Formula = (Net Profit / Cost of Investment) x 100.
Risk	The likelihood that a threat agent will exploit a vulnerability.
Risk Acceptance	The amount of risk an organization is willing to accept. Also known as risk retention.
Risk Assessment	The attempt to determine the amount of threats or hazards that could possibly occur in a given amount of time to your computers and networks.
Risk Avoidance	When an organization avoids risk because the risk factor is too great.
Risk Management	The identification, assessment, and prioritization of risks, and the mitigating and monitoring of those risks.
Risk Mitigation	When a risk is reduced or eliminated altogether.
Risk Reduction	When an organization mitigates risk to an acceptable level.
Risk Transference	The transfer or outsourcing of risk to a third party. Also known as risk sharing.
Rivest, Shamir and Adleman	A public key cryptography algorithm created by Rivest, Shamir, Adleman. It is commonly used in e-commerce.
Role–Based Access Control	Access control based on subjects being assigned certain roles. Access control is managed at the role level instead of the subject level.
Rootkit	A set of software tools used by an intruder to break into a computer, obtain special privileges to perform unauthorized functions, and then hide all traces of its existence.
RSA Variable Key Size Encryption Algorithm	A stream cipher, remarkable for its simplicity and speed in software, but multiple vulnerabilities have been discovered, rendering it insecure
Sag	An unexpected decrease in the amount of voltage provided.
Salting	The randomization of the hashing process to defend against cryptanalysis password attacks and Rainbow Tables.
Sandbox	A restrictive fence that surrounds a java program and keeps it awway from private data and other resources on a local computer.
Sarbanes–Oxley Act	A US federal act that enforces reporting requirements and internal controls on electronic financial reporting systems.
Script Kiddie	An unskilled user who downloads automated attack software to attack computers.
Scripting Language	A computer programming language that is typically interpreted into a language the computer can understand without the need f a compiler.
Secure Code Review	An in-depth code inspection procedure.
Secure Coding Concepts	The best practices used during the life cycle of software development.
Secure Hash Algorithm	A group of hash functions designed by the NSA and published by the NIST, widely used in government
Secure Hypertext Transfer Protocol	Obsolete alternative to the HTTPS protocol for encrypting web communications carried over HTTP
Secure Shell	A protocol that can create a secure channel between two computers or network devices.
Secure Sockets Layer	A cryptographic protocol that provides secure Internet communications such as web browsing, instant messaging, e-mail, and VoIP.
Secure/Multipurpose Internet Mail Extensions	Built into most Web browsers. This method of sending e–mail uses RSA encryption.
Secured File Transfer Protocol	Network protocol that provides file transfer and manipulation functionality over any reliable data stream
Security Assertions Markup Language	XML-based, open-standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider.
Security Content Automation Protocol	Method for using specific standards to enable the automated vulnerability management, measurement, and policy compliance evaluation of systems deployed in an organization
Security Information and Event Management	software products and services combining security information management (SIM) and security event management (SEM)
Security Log Files	Files that log activity of users. They show who did what and when, plus whether they succeeded or failed in their attempt.
Security Policy	A document or series of documents that clearly defines the defense mechanisms an organization will employ to keep information secure.
Security Posture	The risk level to which a system, or other technology element, is exposed
Security Posture Assessments	Assessments that use baseline reporting and other analyses to discover vulnerabilities and weaknesses in systems and networks.
Security Template	A method to configure a suite of configuration baseline security settings.
Security Tokens	Physical devices given to authorized users to help with authentication. These devices might be attached to a keychain or are part of a card system.
Separation of Duties	This is when more than one person is required to complete a particular task or operation.
Server Message Block Protocol	Network file sharing protocol that allows applications on a computer to read and write to files and to request services from server programs in a computer network
Server Virtualization	Creating and managing multiple server operating systems.
Service Level Agreement	Part of a service contract where the level of service is formally defined.
Service Pack	A cumulative package of all security updates plus additional features.
Service Set Identifier	The name of a wireless access point (or network) to which network clients will connect; it is broadcast through the air.
Session Control Protocol	Method of creating multiple light-duty connections from a single TCP (Transmission Control Protocol) connection. Several such lightweight connections can be active simultaneously
Session Ticket	Authentication Credential from KDC allows client access to resource server
SHA 1 Hash Size	160 bits
Shielded Twisted Pair	Special kind of copper telephone wiring used in some business installations. An outer covering or shield is added to the ordinary twisted pair telephone wires; the shield functions as a ground
Short Message Service	Text messaging service component of most telephone, World Wide Web, and mobile telephony systems. It uses standardized communication protocols to enable mobile phone devices to exchange short text messages.
Shoulder Surfing	When a person uses direct observation to find out a target’s password, PIN, or other such authentication information.
Signature Files	Antivirus update files; also known as definition files.
Signature–Based Defense	A method that identifies malware on a computer by matching it to an antivirus signature file.
Signature-Based Monitoring	Frames and packets of network traffic are analyzed for predetermined attack patterns. These attack patterns are known as signatures.
Signed Java Applet	A java applet from a trusted source
Simple Certificate Enrollment Protocol	Protocol is used by numerous manufacturers of network equipment and software who are developing simplified means of handling certificates for large-scale implementation to everyday users
Simple Mail Transfer Protocol	Internet standard for electronic mail (email) transmission
Simple Network Management Protocol	A TCP/IP protocol that monitors network-attached devices and computers. It’s usually incorporated as part of a network management system.
Simple Object Access Protocol	Messaging protocol that allows programs that run on disparate operating systems (such as Windows and Linux) to communicate using Hypertext Transfer Protocol (HTTP) and its Extensible Markup Language (XML)
Single Loss Expectancy	Monetary value expected from the occurrence of a risk on an asset. It is related to risk management and risk assessment
Single Point of Failure	An element, object, or part of a system that, if it fails, will cause the whole system to fail.
Single Sign-On	When a user can log in once but gain access to multiple systems without being asked to log in again.
Skipjack Blocksize	64 bits
Skipjack Key Length	80 bits
Small Computer System Interface	Set of parallel interface standards developed by the American National Standards Institute (ANSI) for attaching printers, disk drives, scanners and other peripherals to computers
SMTP Open Relay	An uncontrolled smtp relay
SMTP Relay	Forwarding e–mail sent from an email client to a remote domain through an smtp server.
Smurf Attack	A non–OS–specific attack that uses a third party's network segment to overwhelm a host with a flood of Internet Control Message Protocol (ICMP) packets.
Snap–In	A software modue that provides administrative capabilities for a device.
Sniffing	Listening–in on all of the traffic on the network. Watch for key strings before beginning a capture; most also have the capability of translating the machine language of the network into human–readable form, and interpret it
SNMP Agent	Software deployed by the network management system that is loaded on managed devices. The software redirects the information that the NMS needs to monitor the remote managed devices.
snoop	Solaris built in sniffer
Social Engineering	Con–artistry. An indirect attack on a system that relies on the inherent trusting nature, or gullibility of human beings.
Software as a Service	A cloud computing service where users access applications over the Internet that are provided by a third party.
Software Development Life Cycle Methodology	Term used in systems engineering, information systems and software engineering to describe a process for planning, creating, testing, and deploying an information system
Solid State Drive	All-electronic storage device that is an alternative to a hard disk
Spam	Unsolicited e–mail.
Spam over Internet Messaging	Unsolicited bulk messages broadcast over VoIP (Voice over Internet Protocol) to phones connected to the Internet
Spear Phishing	A type of phishing attack that targets particular individuals.
Special Hazard Protection System	A clean agent sprinkler system such as FM-200 used in server rooms.
Spike	A short transient in voltage that can be due to a short circuit, tripped circuit breaker, power outage, or lightning strike.
Spoofing	Making data look like it's coming from a different source than it is.
Spy	A person who has been hired to break into a computer and steal information.
Spyware	A general term used to describe software that violates a user's personal security
SQL Injection	An injection attack that uses structered query language
Standby Generator	Systems that turn on automatically within seconds of a power outage.
Stateful Packet Inspection	Type of packet inspection that keeps track of network connections by examining the header in each packet
Static Network Address Translation	When a single private IP address translates to a single public IP address. This is also called one-to-one mapping.
Steganography	he science (and art) of writing hidden messages; it is a form of security through obscurity.
Storage And Retention Policies	Policies that outline the requirements for data storage.
Storage Area Network	A specialized high–speed network for attaching servers to storage devices
Stream Cipher	A symmetric key cipher where plaintext bits are combined with a pseudo–random cipher bit stream. Typically very fast, with little system impact – but it is highly suscpetable to cracking, because of the pseudo–random key
Structured Exception Handler	mechanism for handling both hardware and software exceptions.
Structured Query Language	Standard computer language for relational database management and data manipulation
Subscriber Identity Module	Integrated circuit that is intended to securely store the international mobile subscriber identity (IMSI) number and its related key, which are used to identify and authenticate subscribers on mobile telephony devices
Supplicant	The user or client that wants to be authenticated
Surge	Means that there is an unexpected increase in the amount of voltage provided.
Swarm	Downloading parts of a bittorrent file simultaneously from multiple users.
Symmetric Key Algorithm	A class of cipher that uses identical or closely related keys for encryption and decryption.
SYN Flood / SYN Attack	DOS attack exploiting the TCP 3–way handshake. A multitude of SYN requests are sent to the target. The target responds with a SYN/ACK and waits for a default period for an ACK. The attacker will never reply
Synchronous Optical Network Technologies	Standardized digital comms protocol that is used to transmit a large volume of data over relatively long distances using a fiber optic medium. Multiple digital data streams are transferred at the same time over optical fiber using LEDs and laser beams
System Control and Data Acquisition	Control system architecture that uses computers for high-level process supervisory management, but uses other peripheral devices such as programmable logic controllers and discrete PID controllers to interface to the process plant or machinery.
System Events	Operational actions that are performed by the operating system.
System Integrity Verifier	An IDS that notifies when essential files have changed
System Monitoring	A low–level systme program that uses a notification engine designed to monitor and track down hidden activity on a desktop system, server, pda or cell phone.
Systems Development Life Cycle	The process of creating systems and applications, and the methodologies used to do so.
Tailgating	A type of piggybacking where an unauthorized person follows an authorized person into a secure area, without the authorized person’s consent.
TCP 3–way Handshake	SYN –> <– SYN/ACK ACK/SYN –> Establishes a "Session" between two computers over a network.
TCP Reset Attack	Sets the reset flag in a TCP header to 1, telling the respective computer to kill the TCP session immediately.
TCP/IP Hijacking	When a hacker takes over a TCP session between two computers without the need of a cookie or any other type of host access.
tcpdump	Unix built in sniffer
Teardrop Attack	A type of DoS that sends mangled IP fragments with overlapping and oversized payloads to the target machine.
Telnet	Standard, insecure TCP/IP remote terminal session protocol
TEMPEST	Refers to the investigations of conducted emissions from electrical and mechanical devices, which could be compromising to an organization.
Temporal Key Integrity Protocol	An algorithm used to secure wireless computer networks; meant as a replacement for WEP.
Terminal Access Controller Access Control System	A remote authentication protocol similar to RADIUS used more often in UNIX networks.
Terminal Access Controller Access Control System Plus	Protocol developed by Cisco and released as an open standard beginning in 1993. Handles authentication, authorization, and accounting (AAA) services
Third–Party Cookie	A cookie that is used by a web site other than the site that created it.
Threat	An event or action that may defeat the security measures in place and result in a loss.
Threat Agent	A person or thing that has the power to carry out a threat.
Ticket Authentication Server	One of the components of Kerberos. Issues a TGT (Ticket Granting Ticket), which the client can use in future communications with Kerberos to prove pre–authentication and obtain
Ticket Granting Ticket	Cached Authentication Credential from TGS allows client to request Session Ticket
Tickets	Part of the authentication process used by Kerberos.
Time Bomb	Trojans set off on a certain date.
Time-based One-Time Password	Temporary passcode, generated by an algorithm, for use in authenticating access to computer systems. The algorithm that generates each password uses the current time of day as one of its factors, ensuring that each password is unique
Time-of-Day Restriction	When a user’s logon hours are configured to restrict access to the network during certain times of the day and week.
Token	Hardware device used in authentication (something you have)
Torrents	Active internet connections that download a specific file through a bittorrent.
Towers of Hanoi	A backup rotation scheme based on the mathematics of the Towers of Hanoi puzzle. Uses three backup sets. For example, the first tape is used every second day, the second tape is used every fourth day, and the third tape is used every eighth day.
Tracker	A server program operated by the person or organization who wants to share a bittorrent file.
Transaction Signature	Computer networking protocol used primarily by the Domain Name System (DNS) to provide a means of authenticating updates to a DNS database
Transmission Control Protocol/Internet Protocol	Basic communication language or protocol of the Internet. It can also be used as a communications protocol in a private network
Transport Layer Security	New version of ssl
Transport Mode	IPSec Mode where only the data(payload) is encrypted
Trap Door	Code segments that were deliberatedly coded into the security or OS, to be used by the coder at a future date. Modern hyjacking methods sometimes allow intruders to "patch" a trapdoor, then return later to exploit it.
Triple Data Encryption Standard	Similar to DES but applies the cipher algorithm three times to each cipher block.
Trivial File Transfer Protocol	Simple protocol used for transferring files. Uses the User Datagram Protocol (UDP) to transport data from one end to another. Mostly used to read and write files/mail to or from a remote server
Trojan	Malicious software that masquerades as useful software. Rely on the end–user to run them.
Trojan Horse	Applications that appear to perform desired functions but are actually performing malicious functions behind the scenes.
Trojan Horses	A program advertised as performing one activity but actually doing something else, or performing both the advertised and malicious activities.
Trusted Computer System Evaluation Criteria	A DoD standard that sets basic requirements for assessing the effectiveness of computer security access policies. Also known as The Orange Book.
Trusted Platform Module	International standard for a secure cryptoprocessor, which is a dedicated microcontroller designed to secure hardware by integrating cryptographic keys into devices
Tunnel Mode	IPSec Mode where data and IP headers are encrypted
Tunneling	The encapsulation of one packet in another, The inner packet is often encrypted and could not be forwarded by standard routers. The outer packet looks like a standard packet which can be handled by typical routers
UDP Flood Attack	A similar attack to the Fraggle. It uses the connectionless User Datagram Protocol. It is enticing to attackers because it does not require a synchronization process.
Unified Extensible Firmware Interface	Specification that defines a software interface between an operating system and platform firmware
Unified Threat Management	Term to describe a category of security appliances which integrates a range of security features into a single appliance. Combine firewall, gateway anti-virus, and intrusion detection and prevention capabilities into a single platform
Uniform Resource Identifier	String of characters used to identify a resource. Such identification enables interaction with representations of the resource over a network, typically the World Wide Web, using specific protocols
Uninterruptable Power Supply	Takes the functionality of a surge suppressor and combines that with a battery backup, protecting computers not only from surges and spikes, but also from sags, brownouts, and blackouts.
Universal Serial Bus	Common interface that enables communication between devices and a host controller such as a personal computer (PC)
Unshielded Twisted Pair	Most common kind of copper telephone wiring. To reduce crosstalk or electromagnetic induction between pairs of wires, two insulated copper wires are twisted around each other
USA Patriot Act	A US federal act that broadens the surveillance of law enforcement agencies to enhance the detection and suppression of terrorism.
Usage Auditing	The process of examining whihc subjects are accessing specific objects and how frequently.
User Acceptance Testing	Last phase of the software testing process where actual software users test the software to make sure it can handle required tasks in real-world scenarios, according to specifications
User Account Control	A security component of Windows Vista that keeps every user (besides the actual Administrator account) in standard user mode instead of as an administrator with full administrative rights—even if they are a member of the administrators group.
User Datagram Protocol	Part of the Internet Protocol suite used by programs running on different computers on a network. Used to send short messages called datagrams but overall, it is an unreliable, connectionless protocol
Vampire Tap	A device used to add computers to a 10BASE5 network. It pierces the copper conductor of a coaxial cable and can also be used for malicious purposes.
Variable Length Subnet Masking	Means to specify a different subnet mask for the same network number on different subnets. A network administrator can use a long mask on networks with few hosts and a short mask on subnets with many hosts
Video Teleconferencing	Telecommunication in the form of a videoconference.
Virtual Local Area Network	Any broadcast domain that is partitioned and isolated in a computer network at the data link layer (OSI layer 2)
Virtual Local Area Network Hopping	The act of gaining access to traffic on other VLANs that would not normally be accessible by jumping from one VLAN to another.
Virtual Machine	A self–contained software environment.
Virtual Private Network	An encrypted tunnel between two nodes over a public network.
Virtualization	A means of managing and presenting computer resources by function without regard to their physical layout or location.
Virtualization Desktop Infrastructure	Virtualization technology that hosts a desktop operating system on a centralized server in a data center.
Virus	A program that secretly attaches itself to a legitimate "carrier," such as a document or program, and then executes when that document is open or the program is launched.
Vishing	A type of phishing attack that makes use of telephones and VoIP.
Voice over IP	Methodology and group of technologies for the delivery of voice communications and multimedia sessions over Internet Protocol (IP) networks, such as the Internet
VPN Concentrator	A hardware appliance that allows hundreds of users to connect to the network from remote locations via a VPN.
Vulnerability	A weakness that allows a threat agent to bypass security.
Vulnerability Assessment	Baselining of the network to assess the current security state of computers, servers, network devices, and the entire network in general.
Vulnerability Management	The practice of finding and mitigating software vulnerabilities in computers and networks.
Vulnerability Scanning	The act of scanning for weaknesses and susceptibilities in the network and on individual systems.
Wardialing	The act of scanning telephone numbers by dialing them one at a time and adding them to a list, in an attempt to gain access to computer networks.
Wardriving	The act of searching for wireless networks by a person in a vehicle through the use of a device with a wireless antenna, often a particularly strong antenna.
Warm Site	This will have computers, phones, and servers, but they might require some configuration before users can start working on them.
Web of Trust	A decentralized model used for sharing certificates without the need for a centralized CA.
Web-Application Firewall	Application firewall for HTTP applications that applies a set of rules to an HTTP conversation
WEP High Security Key Size	128 bits
WEP Low Security Key Size	nominally 64 bits
Wet Pipe Sprinkler System	Consists of a pressurized water supply system that can deliver a high quantity of water to an entire building via a piping distribution system.
Whaling	A phishing attack that targets senior executives.
WiFi Protected Access	A security protocol created by the Wi-Fi Alliance to secure wireless computer networks, more secure than WEP.
WiFi Protected Setup	Network security standard to create a secure wireless home network
Wired Equivalent Privacy	Can be cracked by modern equipment in minutes. Superceeded by WPA and WPA2. It is still being used widely (probably obsolete equipment or ease of implementation)
Wireless Access Point	Networking hardware device that allows a Wi-Fi compliant device to connect to a wired network. Usually connects to a router (via a wired network) as a standalone device, but it can also be an integral component of the router itself
Wireless Intrusion Detection System	Network device that monitors the radio spectrum for the presence of unauthorized access points
Wireless Intrusion Prevention System	Network device that automatically take countermeasures to unauthorized access points
Wireless TLS	Security level for Wireless Application Protocol (WAP) applications
wireshark	Free network sniffer (formerly ethereal, just renamed because or a copyright suite). Very similar to Unix TCPDUMP
Wiretapping	Tapping into a network cable in an attempt to eavesdrop on a conversation or steal data.
Word Splitting	Spam that horizontally separates words so that they can still be read by the human eye.
Worm	Malicious, self–replicating software that runs stand–alone/without the need for a host file or a willing user to propogate it.
X.509	A common PKI standard developed by the ITU-T that incorporates the single sign-on authentication method.
Zero Day	A vulnerability that is not known to the security public and therefore no protections, patches, or detection signatures exist for it
Zero Day Attack	An attack that occurs when an attacker discovers and exploits a previously unknown flaw, providing "zero days" of warning.
Zombie	Computer under the control of an attacker.

Created by: ccman1

Popular Computers sets

Definitions for Word Processing and the main parts of the MS Word 2010 window

WP Page Formatting

WP Paragraph Formatting terms

Review business letter parts

Review the three paragraph formats (block, indented, hanging indent)

WP font formatting features in Word 2010

Arkansas CBA unit 1 Hardware

"Know" box contains:
Time elapsed:
Retries: