Question | Answer |
A remote authentication protocol that is used to communicate with an authentication server commonly used in Unix networks. | TACAS (Terminal Access Controller Access-Control System) |
The software product or computer system that is the subject of an evaluation. | Target of Engagement (TOE) |
A network protocol used for remote connections to a server. Provides bidirectional communication using a virtual terminal connection. | Telnet |
A security protocol used in IEEE 802.11i to replace WEP without the requirement to replace legacy hardware. | TKIP (Temporal Key Integrity Protocol) |
Any circumstance or event with the potential to adversely impact an organizations operations, assets or individuals through an information system. | Threat |
A three-step process computers execute to negotiate a connection with each other. The steps are: SYN, SYN/ACK, ACK. | Three-Way (TCP) Handshake |
A group of people, gathered together by a business entity, working to address a specific problem or goal. | Tiger Team |
A program designed to execute at a specific time to release malicious code onto a computer system or network. | Time Bomb |
A limit on the amount of time or number of iterations or transmissions in computer and network technology a packet can experience before it will be discarded. | TTL (Time To Live) |
Recording the time, normally in a log file, when an event happens or when information is created or modified. | Timestamping |
A small Trojan program that listens or port 777. | Tini |
A utility that traces a packet from your computer to an Internet host. It shows the number of hops and how long each packet requires to complete the hop. | Traceroute |
A connection-oriented, layer 4 protocol for transporting data over network segments. It's considered reliable because it guarantees delivery and proper reordering of packets. Used for long haul traffic on the internet. | TCP (Transmission Control Protocol) |
A standard for ecrypting email, web pages and other stream-oriented information transmitted over the Internet. | TLS (Transport Layer Security) |
A non-self-replicating type of malware that appears to have a useful purpose but instead gives unathorized access to the users computer system. | Trojan Horse |
The set of all hardware, firmware and software components critical to a systems IT security. | TCB (Trusted Computer Base) |
A U.S. Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system. | TCSEC (Trusted Computer System Evaluation Criteria) |
The act of using numerous electronic serial numbers on a cell phone until a valid number is located. | Tumbling |
A point-to-point connection between two endpoints created to exchange data. Typically it's either an encrypted connection or a connection using a protocol in a method for wihch it was not designed. | Tunnel |
Transmitting one protocol encapsulated inside another protocol. | Tunneling |
A self-replicating malicious program that attempts installation beneath antivirus sofware by directly intercepting the interrupt handlers of the operating system to evade detection. | Tunneling Virus |
An international encoding standard, working within multiple languages and scripts, that represents each letter, digit, or symbol with a unique numeric value that applies across different platforms. | Unicode |
A string that represents the location of a web resouce (i.e., a website address). | URL (Uniform Resouce Locator) |
A connectionless, layer 4 transport protocol. Faster that TCP but offers no reliability. It's on a best effort basis. Used where a small amount of packet loss is acceptable, such as streaming video and audio. | UDP (User Datagram Protocol) |
Devices, connected to multiple switches and routers, grouped 'logically' into broadcast domains regardless of there physical location. | VLAN (Virtual Local Area Network) |
A technology that establishes a tunnel to create a private, dedicated, leased-line network over the Internet. The data is encrypted so it's readable only by the sender and receiver. Typically used by employees to remotely connect to the company network. | VPN (Virtual Private Network) |
A malicious computer program with self-replication capabilities that attaches to a file and moves with the host from one computer to another. | Virus |
An e-mail message warning users of a nonexistent virus and encouraging them to pass on the message to other users. | Virus Hoax |
A weakness in an information system or its security controls that could be exploited or triggered by a threat source. | Vulnerability |
A formal description and evaluation of the vulnerabilities in an information system. | Vulnerability Assessment |
The cyclical practice of identifying, classifying, remediating and mitigating vulnerabilities. | Vulnerability Management |
Sending packets or requests to another system to gain information to be used to identify weaknesses and protect the system from attacks. | Vulnerability Scanning |
Drawing symbols in public places to alert other to an open Wi-Fi network. Information may include the SSIDs, administrative passwords to APs, and other information. | War Chalking |
The act of dialing all numbers within an organization to discover open modems. | War Dialing |
The act of searching for Wi-Fi wireless networks by a person in a moving vehicle, using a portable device. | War Driving |
An environmentally conditioned workspace partially equipped with IT and telecommunications equipment to support relocated IT operations in the event of a significant disruption. | Warm Site |
A program designed to browse websites in an automated, methodical manner. Sometimes these programs are used to harvest information from websites, such as e-mail addresses. | Web Spider |
A penetration testing method where the attacker knows all the information about the intended target. It is designed to simulate an attack by an insider. | White Box Testing |
A query and response protocol widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address, or an autonomous system. | Whois |
Two or more LANs connected by a high-speed line across a large geographical area. | WAN (Wide Area Network) |
A security protocol for wireless local area networks defined in the 802.11b standard, intended to provide the same level of security as a wired LAN. | WEP (Wired Equivalent Privacy) |
Provides data encryption for IEEE 802.11 wireless networks so data can only be decrypted by the intended recipients. | WPA (Wi-Fi Protected Access) |
Monitoring of telephone or Internet conversations, typically by covert meams. | Wiretapping |
A self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself. | Worm |
Software used to bind a Trojan and a legitimate program together so the Trojan will be installed when the legitimate program is executed. | Wrapper |
An agreement between the penetration tester and the client detailing the activities the tester is permitted to perform. | Written Authorization |
A mathematical operation requiring two binary inputs: If the inputs match, the output is a 0, otherwise it is a 1. | XOR Operation |
A Windows based GUI version of nmap. | Zenmap |
A computer system that performs tasks dictated by an attacker from a remote location. | Zombie |