Network_Security_Glossary.pdf
Document Details
Uploaded by ChivalrousRetinalite3695
Tags
Related
- Chapter 11 - 02 - Understand Wireless Network Encryption Mechanisms - 01_ocred.pdf
- Chapter 11 - 04 - Discuss and Implement Wireless Network Security Measures - 03_ocred.pdf
- Combined Question Set - Past Paper PDF
- Network Security Concepts PDF
- Module 5: Encryption and Decryption PDF
- CISSP All-in-One Exam Guide Quick Review PDF
Full Transcript
Glossary Term Definition 3DES Triple DES (3DES) is a block cipher type of encryption considered to be less vulnerable than DES. AES Advanced Encryption Standard (AES) is a block cipher type of encryption that comes in 128, 192, and...
Glossary Term Definition 3DES Triple DES (3DES) is a block cipher type of encryption considered to be less vulnerable than DES. AES Advanced Encryption Standard (AES) is a block cipher type of encryption that comes in 128, 192, and 256 bits. AH An authentication header (AH) provides authentication, integrity, and anti-replay for data packets. ARP Spoofing A form of spoofing in which MAC address/IP address combinations are compromised through stealing the IP address of a host and then using that to force traffic to an attacking machine. Access Control The act of restricting both physical and file and server access so those who need it have it, but those who do not need it do not have it. Account Lockout The process of preventing an account from logging on after several incorrect logon attempts. Active Directory A directory service used in a Windows domain to store and administer users, groups, printers, devices, and other objects. Administrative A type of share which is only accessible by administrators, backup operators, and server operators. Share Adware A form of malware that displays advertisements while an app is being used. Antispam Software used to prevent spam email from reaching a client's email program. Antivirus A piece of software that helps to ward off malware. Also known as an antimalware system. Application-Level A firewall that does filtering at the application layer of the OSI model (Layer 7); also known as a proxy Firewall server. Asymmetric A type of encryption in which one key encrypts data and another key decrypts data. Encryption Attack Surface The totality of ways in which a system can be attacked. Auditing A mechanism by which a log tracks who has logged on to a system and what has been accessed on the system. Authentication The act of verifying identification to an application or a system. Availability The part of the CIA triangle that ensures data is accessible by those who need it when they need it. Backdoor Malware used to do unauthorized tasks on a system through an opening in the system. Base-64-Encoded A certificate type that supports the storage of a single certificate, but not a private key. X.509 Biometrics The form of authentication that uses devices such as retina scanners, voice recognition, fingerprint scanners, or facial recognition for authentication. BitLocker An encryption system that encrypts entire drives. BitLocker To Go An encryption system that encrypts removable hard drives. Block Cipher A block of plain text plus a key to encrypt the block of text. Botnet A network full of computers which have been taken over to carry out a DDoS. Brute Force An attack in which all possible combinations of characters are used to crack a password. Attack Buffer Overflow The overloading of a reserved space of data; causes a system to slow down, freeze, or crash. CA A certificate authority (CA) is a server or third-party entity used to issue digital certificates. CHAP Challenge Handshake Authentication Protocol (CHAP) is a challenge-response authentication protocol that uses MD5 hashing. CIA Triangle The combination of confidentiality, integrity, and availability as it relates to securing data and systems. CRL A Certificate Revocation List (CRL) is used to store certificates that have been revoked due to expiration or due to being compromised. Circuit Filtering A firewall filtering method that analyzes data at layer 5 (the Session layer) of the OSI model. 103 | Appendix: Glossary Network Security Project Workbook, First Edition Term Definition Confidentiality The act of keeping data and systems secure from unauthorized access. Cookie A piece of text that stores information from a webpage, such as user information, site preferences, and shopping cart contents. Cross-Site An injection of a script that bypasses a web browser's security mechanism. Scripting Attack DDoS Attack A Distributed Denial of Service (DDoS) attack is a DoS attack using multiple machines. DER Distinguished Encoding Rules (DER) are encoded binary X.509 certificates which do not support private key storage. DES Data Encryption Standard (DES) is a 56-bit block cipher type of encryption. DNS Poisoning An injection of a bogus destination for an IP address. DNS Spoofing A redirection of a web request to an incorrect website. DNSSEC DNS Security Extensions (DNSSEC) are used to ensure outgoing Internet traffic is always sent to the correct server, through authentication and integrity-checking via public key encryption. Defense in Depth Security through layers of a building, such as the external perimeter, the physical door, and the internal part of a building. Delegation The act of passing control of a resource (such as an organizational unit) from one entity to another. Device Guard A tool that uses code integrity policies to lock devices only to run trusted apps. Dictionary Attack An attack in which a list of potential passwords is used to try to guess a password. Digital Certificate A type of certificate used to store public keys and information such as user, organization, serial number, and expiration date. Digital Signature A certificate that is used to verify the authenticity of a document or email message. DoS Attack A Denial of Service (DoS) attack is an attack in which networks are disrupted to the point where they cannot function. Dynamic NAT A form of NAT in which a private network device gets a public IP address from a pool of available public IP addresses. EAP-MS-CHAPv2 Extensible Authentication Protocol Microsoft CHAP Version 2 (EAP-MS-CHAPv2) is a universal authentication frame- work that can use biometrics and the what-you-have form of authentication. EFS An Encrypting File System (EFS) is a Windows encryption mechanism that encrypts files and folders. ESP An Encapsulating Security Payload (ESP) provides CIA for the IP payload in data. Effective The cumulative total of inherited and explicit permissions given to a user or group on a resource. Permissions Email Bombing A DoS attack in which an attempt is made to send massive volumes of email to an address. Encryption The adding of ciphertext to data to scramble the data to make it unreadable without a decryption key. Enterprise Root A certificate authority that sits at the top of a hierarchy of certificate authorities. CA Event Viewer A Windows tool used to store and present application, security, and system logs, all for the purpose of information and troubleshooting. Explicit Permissions that are granted to a user or group by an administrator. Permissions External The entry area to a building and the immediate area outside of a building. Perimeter Firewall A network security system and/or hardware device that controls any incoming and outgoing network traffic based on a set of rules provided by an administrator. Group Policy A Windows tool that is used to control rights for users, groups, and organizational units. HKEY_CLASSES_ A registry hive that handles file association. ROOT HKEY_CURRENT_ A registry hive that contains volatile configuration information. 104 | Appendix: Glossary Network Security Project Workbook, First Edition Term Definition CONFIG HKEY_CURRENT_ A registry hive that has settings specific to the current user of a system. USER HKEY_LOCAL_MA- A registry hive that stores machine-specific settings. CHINE HKEY_USERS A registry hive that saves user-specific settings. Hardening A security tactic in which a server or device only has installed on it what it needs to perform its prescribed role. Hash Function A one-way encryption type that offers no decryption. Hoax A fake virus often used to detract attention away from a real virus. Honeynet A collection of honeypots, which are used to catch attackers trying to infiltrate a network. Honeypot A system that traps attackers when they attempt to attack a network. IKE An Internet Key Exchange (IKE) defines the method for the initial encryption key exchange between endpoints. IKEv2 Internet Key Exchange Version 2 (IKEv2) is a tunneling protocol with a connection that stays up and is automatically reestablished as a client moves from network to network. IP Address An attack of an IP address where a source IP address is forged. Spoofing IPsec A suite of protocols used to protect data in transit. Inherited Permissions on a file or folder that are present because of permissions given to a parent folder or Permissions drive. Integrity The part of the CIA triangle that involves ensuring data is accurate, valid, and protected against unauthorized changes. Internal The area of a building immediately inside of the entryway. Perimeter Kerberos The default Windows network authentication protocol. Keylogger A hardware or software-based device used by attackers to record keystrokes. L2TP Layer 2 Tunneling Protocol (L2TP) is an industry-standard tunneling protocol for VPNs. L2TP uses IPsec. LDAP Lightweight Directory Access Protocol (LDAP) is used to query and modify data in Active Directory. MAC Filter Used to limit which MAC addresses can reach a wireless access point. MS-CHAPv2 Microsoft CHAP Version 2 (MS-CHAPv2) is a two-way form of authentication that is considered stronger than CHAP. Malicious A Windows tool used to remove malware from a system. Software Removal Tool Malware A file, program, or code used to cause malicious harm to a system. Man in the An interception of data being transferred. Data can be captured and/or manipulated on the way to a Middle destination. Multifactor Authentication with two or more factors (what you know, what you have, who you are). Also known as Authentication two-factor authentication. NAT Network Address Translation (NAT) is used to secure private network devices through hiding private IP addresses behind public IP addresses. Network Sniffer A tool used to capture network packets on connected ports; can be used for analysis or hacking. Offline Files Files that are copies of files from network drives; this allows a user to work on these files even when not connected to the network on which the files reside. PAP Password Authentication Protocol (PAP) is a form of authentication which uses plain text and thus is not recommended. 105 | Appendix: Glossary Network Security Project Workbook, First Edition Term Definition PGP Pretty Good Privacy (PGP) encrypts an email message with a public key and a session key. Upon receipt of the message, a private key extracts the session key, and then both keys decrypt the message. PKCS #12 Personal Information Exchange Format #12 (PKCS #12) supports the storage and exporting of certificates and private keys. PKCS #7 Personal Information Exchange Format #7 (PKCS #7) is a cryptographic message syntax standard that supports the storage of certificates. PKI Public Key Infrastructure (PKI) is a system used to create, manage, distribute, use, store, and revoke digital certificates. PPTP Point-to-Point Tunneling Protocol (PPTP) is a form of encryption for VPNs that is considered old and weak. PTR Records Pointer Records (PTR) are used for a reverse DNS lookup, which is a lookup in which an IP address is used to find a hostname. Packet Filtering A filtering mechanism in which data packets are filtered by port and/or protocol. Padded Cell A system set up to wait for an IDS (Intrusion Detection System) to detect attackers and transfer them to an isolated system. Password History A list of passwords for a user that, when set, cannot be used again as a password until a specified number of different passwords have been used. Perimeter Also known as a DMZ, a network that separates public and private networks. These often contain Network web servers, email servers, and proxy servers. Permission Level A specific permission that can be granted on files and/or folders. Pharming An attack that redirects a website's traffic to an illegitimate website. Phishing A social engineering tactic in which users are asked to supply personal information through a response to an email or through navigating to a website that looks legitimate but is not legitimate. Polymorphic Virus A virus that constantly morphs so that antivirus software has a tough time catching it. Principle of Least A security concept in which people have the privileges they need for data and systems, but no more Privilege than that. Private Key A type of key used to decrypt data. Protocol An imposter-like misuse of a network protocol to attack a network. Spoofing Public Key A shared key used to start asymmetric encryption. RA Registration Authority (RA) is a PKI system used to distribute keys, not digital certificates. RADIUS A Remote Authentication Dial-In User Service (RADIUS) is used to authenticate outside connections from dial-ins, VPNs, web servers, and wireless access points. RC4 A popular type of stream cipher-based encryption. RODC A read-only domain controller (RODC) is a domain controller with a read-only copy of Active Directory. Ransomware An attack involving malicious software used to block or encrypt data until a payment is made to unblock or decrypt data. Registry A central database that stores all configuration information about a system and its operating system. Removable A device that can easily be added to and removed from a computer; this includes DVDs, thumb Device drives, external drives, and removable memory cards. Replay Attack An attack in which data on a network is captured and then resent. Residual Risk The remaining amount of risk after mitigation takes place. Risk The probability that a threat will become a reality. Risk Acceptance The acknowledgment of the existence of a risk. No action is taken on the risk. Risk Avoidance The act of doing nothing about a risk. 106 | Appendix: Glossary Network Security Project Workbook, First Edition Term Definition Risk Mitigation The act of lessening a risk and/or the impact of a risk. Risk Transfer The sharing of a risk burden. Rootkit Software or hardware used to gain administrative access to a computer without being detected. Routing The connecting of networks. A routing table is used to decide where packets go from one network to the next. Run As A Windows feature that allows a user to run a program using a different account (like an administrator account). S/MIME A Secure/Multipurpose Internet Mail Extension (S/MIME) is used by web browsers and email providers for encryption. It is also used to embed objects in email messages. SCCM A System Center Configuration Manager (SCCM) is used to push out updates to client machines. SPF A Sender Policy Framework (SPF) is an email validation system used to prevent spam email sent through source address spoofing. SQL Injection An attack in which SQL code is used to gain access to a SQL database source and then run malicious Attack code. SSID A Service Set Identifier (SSID) is used as an identification piece for a wireless network. SSL A Secure Socket Layer (SSL) uses asymmetric encryption, primarily on websites and VPN connections. SSO Single sign-on (SSO) is an authentication mechanism that allows a single sign-on account to access multiple resources. SSTP Secure Socket Tunneling Protocol (SSTP) uses HTTPS over TCP port 443 for encryption. Secure Areas Areas of a building that should have a restricted list of people who can enter them. Secure Dynamic A setting in DNS where only members of an Active Directory domain can create records on a DNS DNS Updates server. Secure Website A website which starts with an HTTPS prefix. Security Baseline A collection of settings used to provide a positive security impact. Security A tool used for security baseline management features and to export security baselines. Compliance Manager Separation of A concept by which multiple services are installed across multiple servers. Services Shares Permissions granted to users or groups on files and folders. Permission levels for shares include Full Control, Change, and Read. Smart Card A badge-like device usually waved over, swiped, or inserted into a device to provide authentication. SmartScreen A tool used with Edge and Internet Explorer to help prevent a user from falling victim to phishing. Filter Social The act of trying to get information from people by trying to look like a legitimate entity. Engineering Software An attack in which a virus or worm takes advantage of a software vulnerability. Vulnerability Attack Spyware A form of malware that collects personal information, usually without a user's knowledge. This data is then often sent to a third-party advertiser. Stand-Alone CA A CA which does not use Active Directory and does not automatically enroll people with certificates. Stateful Firewall An inspection of data based on source and destination IP address, packet type, and port number. Inspection Session state is stored, and return traffic is allowed. Stateless Firewall An inspection of data based on source and destination IP address, packet type, and port number. Inspection The session state is not stored. Static NAT A form of NAT which maps one private IP address to one public IP address. Stream Cipher A type of encryption that performs bit-by-bit encryption. 107 | Appendix: Glossary Network Security Project Workbook, First Edition Term Definition Strong Password A password with at least eight characters and at least three of the following types of characters: uppercase letters, lowercase letters, numbers, and symbols. Subnetting The use of logical networks to segment devices according to machine type and security needs. Symmetric A type of encryption in which the same key is used to encrypt and decrypt data. Encryption Syslog A logging system used to audit non-Microsoft products. TLS Transport Layer Security (TLS) is a type of software-based encryption that is an extension of SSL. TPM A Trusted Platform Module (TPM) is an international standard for integrating cryptographic keys into devices. Threat A possibility of data or systems being compromised. Threat Modeling The process of identifying threats and vulnerabilities and then defining countermeasures to prevent them. Token Device A small device with a form of electronic key that is used as a form of authentication. Transport Mode A mode of IPsec used for end-to-end communications. Trojan Horse An imposter program made to look like it is useful but is actually a form of malware. Tunnel Mode A mode of IPsec used for server-to-server and server-to-gateway communications. Tunneling A mechanism used to transmit data over part of a VPN connection securely. UAC User Account Control (UAC) is used to help protect against unauthorized installations and other computer changes. Unsecure Protocols which transfer data for authentication in plain text. These include PAP, FTP, and Telnet. Authentication Protocols VLAN Virtual LAN (VLAN) is a logical network managed on a physical switch. VPN A Virtual Private Network (VPN) is a network that uses public means to communicate private information. Virtual Smart A type of smart card that is not physical but uses the TPM (Trusted Platform Module) chip on a Card computer. Virus Malicious code that attaches itself to another mechanism (like a program) and then is used to inflict damage on a system. Vulnerability A weakness in the confidentiality, integrity, or availability of data. WEP Wired Equivalent Privacy (WEP) is an encryption method that should not be used as it has been cracked. WPA Wi-Fi Protected Access (WPA) uses a shared key to secure wireless networks. WPA2 A version of Wi-Fi Protected Access (WPA) that uses IEEE 802.11i standards. WSUS Windows Server Update Services (WSUS) are used to push updates out to client machines. Windows An antimalware app that ships with Windows. Defender Windows Firewall The Windows version of a firewall. It is software-based and can use rules to allow or block incoming or outgoing traffic. Worm A form of malware that is self-replicating and can run without a carrier. Zero Day Attack An attack involving taking advantage of a software vulnerability unknown to a vendor. Zombie A computer that becomes part of a Botnet and helps carry out a DDoS. 108 | Appendix: Glossary Network Security Project Workbook, First Edition