Network_Security_Glossary.pdf

Transcript

Glossary
Term Definition
3DES Triple DES (3DES) is a block cipher type of encryption considered to be less vulnerable than DES.
AES Advanced Encryption Standard (AES) is a block cipher type of encryption that comes in 128, 192, and
256 bits.
AH An authentication header (AH) provides authentication, integrity, and anti-replay for data packets.
ARP Spoofing A form of spoofing in which MAC address/IP address combinations are compromised through
stealing the IP address of a host and then using that to force traffic to an attacking machine.
Access Control The act of restricting both physical and file and server access so those who need it have it, but those
who do not need it do not have it.
Account Lockout The process of preventing an account from logging on after several incorrect logon attempts.
Active Directory A directory service used in a Windows domain to store and administer users, groups, printers,
devices, and other objects.
Administrative A type of share which is only accessible by administrators, backup operators, and server operators.
Share
Adware A form of malware that displays advertisements while an app is being used.
Antispam Software used to prevent spam email from reaching a client's email program.
Antivirus A piece of software that helps to ward off malware. Also known as an antimalware system.
Application-Level A firewall that does filtering at the application layer of the OSI model (Layer 7); also known as a proxy
Firewall server.
Asymmetric A type of encryption in which one key encrypts data and another key decrypts data.
Encryption
Attack Surface The totality of ways in which a system can be attacked.
Auditing A mechanism by which a log tracks who has logged on to a system and what has been accessed on
the system.
Authentication The act of verifying identification to an application or a system.
Availability The part of the CIA triangle that ensures data is accessible by those who need it when they need it.
Backdoor Malware used to do unauthorized tasks on a system through an opening in the system.
Base-64-Encoded A certificate type that supports the storage of a single certificate, but not a private key.
X.509
Biometrics The form of authentication that uses devices such as retina scanners, voice recognition, fingerprint
scanners, or facial recognition for authentication.
BitLocker An encryption system that encrypts entire drives.
BitLocker To Go An encryption system that encrypts removable hard drives.
Block Cipher A block of plain text plus a key to encrypt the block of text.
Botnet A network full of computers which have been taken over to carry out a DDoS.
Brute Force An attack in which all possible combinations of characters are used to crack a password.
Attack
Buffer Overflow The overloading of a reserved space of data; causes a system to slow down, freeze, or crash.
CA A certificate authority (CA) is a server or third-party entity used to issue digital certificates.
CHAP Challenge Handshake Authentication Protocol (CHAP) is a challenge-response authentication
protocol that uses MD5 hashing.
CIA Triangle The combination of confidentiality, integrity, and availability as it relates to securing data and
systems.
CRL A Certificate Revocation List (CRL) is used to store certificates that have been revoked due to
expiration or due to being compromised.
Circuit Filtering A firewall filtering method that analyzes data at layer 5 (the Session layer) of the OSI model.
103 | Appendix: Glossary Network Security Project Workbook, First Edition
 Term Definition
Confidentiality The act of keeping data and systems secure from unauthorized access.
Cookie A piece of text that stores information from a webpage, such as user information, site preferences,
and shopping cart contents.
Cross-Site An injection of a script that bypasses a web browser's security mechanism.
Scripting Attack
DDoS Attack A Distributed Denial of Service (DDoS) attack is a DoS attack using multiple machines.
DER Distinguished Encoding Rules (DER) are encoded binary X.509 certificates which do not support
private key storage.
DES Data Encryption Standard (DES) is a 56-bit block cipher type of encryption.
DNS Poisoning An injection of a bogus destination for an IP address.
DNS Spoofing A redirection of a web request to an incorrect website.
DNSSEC DNS Security Extensions (DNSSEC) are used to ensure outgoing Internet traffic is always sent to the
correct server, through authentication and integrity-checking via public key encryption.
Defense in Depth Security through layers of a building, such as the external perimeter, the physical door, and the
internal part of a building.
Delegation The act of passing control of a resource (such as an organizational unit) from one entity to another.
Device Guard A tool that uses code integrity policies to lock devices only to run trusted apps.
Dictionary Attack An attack in which a list of potential passwords is used to try to guess a password.
Digital Certificate A type of certificate used to store public keys and information such as user, organization, serial
number, and expiration date.
Digital Signature A certificate that is used to verify the authenticity of a document or email message.
DoS Attack A Denial of Service (DoS) attack is an attack in which networks are disrupted to the point where they
cannot function.
Dynamic NAT A form of NAT in which a private network device gets a public IP address from a pool of available
public IP addresses.
EAP-MS-CHAPv2 Extensible Authentication Protocol Microsoft CHAP Version 2 (EAP-MS-CHAPv2) is a universal
authentication frame- work that can use biometrics and the what-you-have form of authentication.
EFS An Encrypting File System (EFS) is a Windows encryption mechanism that encrypts files and folders.
ESP An Encapsulating Security Payload (ESP) provides CIA for the IP payload in data.
Effective The cumulative total of inherited and explicit permissions given to a user or group on a resource.
Permissions
Email Bombing A DoS attack in which an attempt is made to send massive volumes of email to an address.
Encryption The adding of ciphertext to data to scramble the data to make it unreadable without a decryption
key.
Enterprise Root A certificate authority that sits at the top of a hierarchy of certificate authorities.
CA
Event Viewer A Windows tool used to store and present application, security, and system logs, all for the purpose
of information and troubleshooting.
Explicit Permissions that are granted to a user or group by an administrator.
Permissions
External The entry area to a building and the immediate area outside of a building.
Perimeter
Firewall A network security system and/or hardware device that controls any incoming and outgoing
network traffic based on a set of rules provided by an administrator.
Group Policy A Windows tool that is used to control rights for users, groups, and organizational units.
HKEY_CLASSES_ A registry hive that handles file association.
ROOT
HKEY_CURRENT_ A registry hive that contains volatile configuration information.

104 | Appendix: Glossary Network Security Project Workbook, First Edition
 Term Definition
CONFIG
HKEY_CURRENT_ A registry hive that has settings specific to the current user of a system.
USER
HKEY_LOCAL_MA- A registry hive that stores machine-specific settings.
CHINE
HKEY_USERS A registry hive that saves user-specific settings.
Hardening A security tactic in which a server or device only has installed on it what it needs to perform its
prescribed role.
Hash Function A one-way encryption type that offers no decryption.
Hoax A fake virus often used to detract attention away from a real virus.
Honeynet A collection of honeypots, which are used to catch attackers trying to infiltrate a network.
Honeypot A system that traps attackers when they attempt to attack a network.
IKE An Internet Key Exchange (IKE) defines the method for the initial encryption key exchange between
endpoints.
IKEv2 Internet Key Exchange Version 2 (IKEv2) is a tunneling protocol with a connection that stays up and is
automatically reestablished as a client moves from network to network.
IP Address An attack of an IP address where a source IP address is forged.
Spoofing
IPsec A suite of protocols used to protect data in transit.
Inherited Permissions on a file or folder that are present because of permissions given to a parent folder or
Permissions drive.
Integrity The part of the CIA triangle that involves ensuring data is accurate, valid, and protected against
unauthorized changes.
Internal The area of a building immediately inside of the entryway.
Perimeter
Kerberos The default Windows network authentication protocol.
Keylogger A hardware or software-based device used by attackers to record keystrokes.
L2TP Layer 2 Tunneling Protocol (L2TP) is an industry-standard tunneling protocol for VPNs. L2TP uses
IPsec.
LDAP Lightweight Directory Access Protocol (LDAP) is used to query and modify data in Active Directory.
MAC Filter Used to limit which MAC addresses can reach a wireless access point.
MS-CHAPv2 Microsoft CHAP Version 2 (MS-CHAPv2) is a two-way form of authentication that is considered
stronger than CHAP.
Malicious A Windows tool used to remove malware from a system.
Software Removal
Tool
Malware A file, program, or code used to cause malicious harm to a system.
Man in the An interception of data being transferred. Data can be captured and/or manipulated on the way to a
Middle destination.
Multifactor Authentication with two or more factors (what you know, what you have, who you are). Also known as
Authentication two-factor authentication.
NAT Network Address Translation (NAT) is used to secure private network devices through hiding private
IP addresses behind public IP addresses.
Network Sniffer A tool used to capture network packets on connected ports; can be used for analysis or hacking.
Offline Files Files that are copies of files from network drives; this allows a user to work on these files even when
not connected to the network on which the files reside.
PAP Password Authentication Protocol (PAP) is a form of authentication which uses plain text and thus is
not recommended.

105 | Appendix: Glossary Network Security Project Workbook, First Edition
 Term Definition
PGP Pretty Good Privacy (PGP) encrypts an email message with a public key and a session key. Upon
receipt of the message, a private key extracts the session key, and then both keys decrypt the
message.
PKCS #12 Personal Information Exchange Format #12 (PKCS #12) supports the storage and exporting of
certificates and private keys.
PKCS #7 Personal Information Exchange Format #7 (PKCS #7) is a cryptographic message syntax standard
that supports the storage of certificates.
PKI Public Key Infrastructure (PKI) is a system used to create, manage, distribute, use, store, and revoke
digital certificates.
PPTP Point-to-Point Tunneling Protocol (PPTP) is a form of encryption for VPNs that is considered old and
weak.
PTR Records Pointer Records (PTR) are used for a reverse DNS lookup, which is a lookup in which an IP address is
used to find a hostname.
Packet Filtering A filtering mechanism in which data packets are filtered by port and/or protocol.
Padded Cell A system set up to wait for an IDS (Intrusion Detection System) to detect attackers and transfer them
to an isolated system.
Password History A list of passwords for a user that, when set, cannot be used again as a password until a specified
number of different passwords have been used.
Perimeter Also known as a DMZ, a network that separates public and private networks. These often contain
Network web servers, email servers, and proxy servers.
Permission Level A specific permission that can be granted on files and/or folders.
Pharming An attack that redirects a website's traffic to an illegitimate website.
Phishing A social engineering tactic in which users are asked to supply personal information through a
response to an email or through navigating to a website that looks legitimate but is not legitimate.
Polymorphic Virus A virus that constantly morphs so that antivirus software has a tough time catching it.
Principle of Least A security concept in which people have the privileges they need for data and systems, but no more
Privilege than that.
Private Key A type of key used to decrypt data.
Protocol An imposter-like misuse of a network protocol to attack a network.
Spoofing
Public Key A shared key used to start asymmetric encryption.
RA Registration Authority (RA) is a PKI system used to distribute keys, not digital certificates.
RADIUS A Remote Authentication Dial-In User Service (RADIUS) is used to authenticate outside connections
from dial-ins, VPNs, web servers, and wireless access points.
RC4 A popular type of stream cipher-based encryption.
RODC A read-only domain controller (RODC) is a domain controller with a read-only copy of Active
Directory.
Ransomware An attack involving malicious software used to block or encrypt data until a payment is made to
unblock or decrypt data.
Registry A central database that stores all configuration information about a system and its operating
system.
Removable A device that can easily be added to and removed from a computer; this includes DVDs, thumb
Device drives, external drives, and removable memory cards.
Replay Attack An attack in which data on a network is captured and then resent.
Residual Risk The remaining amount of risk after mitigation takes place.
Risk The probability that a threat will become a reality.
Risk Acceptance The acknowledgment of the existence of a risk. No action is taken on the risk.
Risk Avoidance The act of doing nothing about a risk.

106 | Appendix: Glossary Network Security Project Workbook, First Edition
 Term Definition
Risk Mitigation The act of lessening a risk and/or the impact of a risk.
Risk Transfer The sharing of a risk burden.
Rootkit Software or hardware used to gain administrative access to a computer without being detected.
Routing The connecting of networks. A routing table is used to decide where packets go from one network to
the next.
Run As A Windows feature that allows a user to run a program using a different account (like an
administrator account).
S/MIME A Secure/Multipurpose Internet Mail Extension (S/MIME) is used by web browsers and email
providers for encryption. It is also used to embed objects in email messages.
SCCM A System Center Configuration Manager (SCCM) is used to push out updates to client machines.
SPF A Sender Policy Framework (SPF) is an email validation system used to prevent spam email sent
through source address spoofing.
SQL Injection An attack in which SQL code is used to gain access to a SQL database source and then run malicious
Attack code.
SSID A Service Set Identifier (SSID) is used as an identification piece for a wireless network.
SSL A Secure Socket Layer (SSL) uses asymmetric encryption, primarily on websites and VPN connections.
SSO Single sign-on (SSO) is an authentication mechanism that allows a single sign-on account to access
multiple resources.
SSTP Secure Socket Tunneling Protocol (SSTP) uses HTTPS over TCP port 443 for encryption.
Secure Areas Areas of a building that should have a restricted list of people who can enter them.
Secure Dynamic A setting in DNS where only members of an Active Directory domain can create records on a DNS
DNS Updates server.
Secure Website A website which starts with an HTTPS prefix.
Security Baseline A collection of settings used to provide a positive security impact.
Security A tool used for security baseline management features and to export security baselines.
Compliance
Manager
Separation of A concept by which multiple services are installed across multiple servers.
Services
Shares Permissions granted to users or groups on files and folders. Permission levels for shares include Full
Control, Change, and Read.
Smart Card A badge-like device usually waved over, swiped, or inserted into a device to provide authentication.
SmartScreen A tool used with Edge and Internet Explorer to help prevent a user from falling victim to phishing.
Filter
Social The act of trying to get information from people by trying to look like a legitimate entity.
Engineering
Software An attack in which a virus or worm takes advantage of a software vulnerability.
Vulnerability
Attack
Spyware A form of malware that collects personal information, usually without a user's knowledge. This data
is then often sent to a third-party advertiser.
Stand-Alone CA A CA which does not use Active Directory and does not automatically enroll people with certificates.
Stateful Firewall An inspection of data based on source and destination IP address, packet type, and port number.
Inspection Session state is stored, and return traffic is allowed.
Stateless Firewall An inspection of data based on source and destination IP address, packet type, and port number.
Inspection The session state is not stored.
Static NAT A form of NAT which maps one private IP address to one public IP address.
Stream Cipher A type of encryption that performs bit-by-bit encryption.

107 | Appendix: Glossary Network Security Project Workbook, First Edition
 Term Definition
Strong Password A password with at least eight characters and at least three of the following types of characters:
uppercase letters, lowercase letters, numbers, and symbols.
Subnetting The use of logical networks to segment devices according to machine type and security needs.
Symmetric A type of encryption in which the same key is used to encrypt and decrypt data.
Encryption
Syslog A logging system used to audit non-Microsoft products.
TLS Transport Layer Security (TLS) is a type of software-based encryption that is an extension of SSL.
TPM A Trusted Platform Module (TPM) is an international standard for integrating cryptographic keys into
devices.
Threat A possibility of data or systems being compromised.
Threat Modeling The process of identifying threats and vulnerabilities and then defining countermeasures to prevent
them.
Token Device A small device with a form of electronic key that is used as a form of authentication.
Transport Mode A mode of IPsec used for end-to-end communications.
Trojan Horse An imposter program made to look like it is useful but is actually a form of malware.
Tunnel Mode A mode of IPsec used for server-to-server and server-to-gateway communications.
Tunneling A mechanism used to transmit data over part of a VPN connection securely.
UAC User Account Control (UAC) is used to help protect against unauthorized installations and other
computer changes.
Unsecure Protocols which transfer data for authentication in plain text. These include PAP, FTP, and Telnet.
Authentication
Protocols
VLAN Virtual LAN (VLAN) is a logical network managed on a physical switch.
VPN A Virtual Private Network (VPN) is a network that uses public means to communicate private
information.
Virtual Smart A type of smart card that is not physical but uses the TPM (Trusted Platform Module) chip on a
Card computer.
Virus Malicious code that attaches itself to another mechanism (like a program) and then is used to inflict
damage on a system.
Vulnerability A weakness in the confidentiality, integrity, or availability of data.
WEP Wired Equivalent Privacy (WEP) is an encryption method that should not be used as it has been
cracked.
WPA Wi-Fi Protected Access (WPA) uses a shared key to secure wireless networks.
WPA2 A version of Wi-Fi Protected Access (WPA) that uses IEEE 802.11i standards.
WSUS Windows Server Update Services (WSUS) are used to push updates out to client machines.
Windows An antimalware app that ships with Windows.
Defender
Windows Firewall The Windows version of a firewall. It is software-based and can use rules to allow or block incoming
or outgoing traffic.
Worm A form of malware that is self-replicating and can run without a carrier.
Zero Day Attack An attack involving taking advantage of a software vulnerability unknown to a vendor.
Zombie A computer that becomes part of a Botnet and helps carry out a DDoS.

108 | Appendix: Glossary Network Security Project Workbook, First Edition