Security+ Glossary

Start Studying!

Terms form CompTIA's Security+ glossary! YAY!

Terms

undefined, object

copy deck

Worm: Piece of code that spreads from one computer to another on its own, not by attaching itself to another file
Auditing: In security terms, the process of tracking and recording system activities and resource access
Application Server: Network server that provides access to a particular application for network users
Hacker: Often used to improperly refer to a cracker
Profile-based Analysis: Same as Anomaly-based analysis
Hijacking Attack: A software attack where the attacker takes control of a TCP session to gain access to data or network resources using the identity of a legitimate network user
Root CA: Top-most CA in the hierarchy and consequently, the most trusted authority in the hierarchy
Sniffer Attack: Attack used either to steal the content of the communication itself or gain information that will be used to gain network access later
Certificate Repository: A database containing digital certificates
802.11e: Draft wireless standard for home and business; adds QoS and multimedia support features to 802.11a and 802.11b
Zombie: Also called a drone
Network-based IDS (NIDS): IDS system that primarily uses passive hardware sensors to monitor traffic on a specific segment of the network
Block Cipher: Usually more secure, but slower than other ciphers
Logic Bomb: Piece of code that sits dormant on a user's computer until it's triggered by a specific event, such as a specific date
Domain Name System (DNS): The service that maps names to IP addresses on most TCP/IP networks, including the internet
Tunneling: A data-transport technique in which a data packet is transferred inside the frame or packet of another protocol, enabling the infrastructure of one network to be used to travel to another network
Internet Key Exchange (IKE): Used by IPSec to create a master key, which is in turn used to generate bulk encryption keys for encrypting data
Algorithm: The rule, system, or mechanism used to encrypt data
Hash: Also called hash value and message digest
Intranet: Private network that employs Internet-style technologies for internal communication
Multi-factor Authentication: Any authentication scheme that requires validation of at least two of the possible authentication factors
Hotfix: A patch that is often issued on an emergency basis to address a specific security flaw
Public Key Cryptography Standard #10 (PKCS10): Describes the syntax used to request certification of a public key and other information
Schema: Set of rules in a directory service as to how objects are created and what their characteristics can be
802.11b: Most common and least expensive wireless network protocol
Security Baseline: Collection of security configuration settings that are to be applied to a particular system in the enterprise
Birthday Attack: Takes advantage of the probability of different password inputs producing the same encrypted output
Authentication Header Protocol: Takes an IP packet, hashes the IP header and payload with MD5 or SHA and adds its own header to the packet
Service Pack: Collection of system updates that can include functionality enhancements, new features, and typically all patches, updates, and hotfixes issued up to the point of the release of the Service Pack
Role Based Access Control (RBAC): Roles are created independently of user accounts
802.11a: Fast, secure, relatively expensive protocol for wireless communication
Backdoor Attack: Type of attack where an attacker creates a software mechanism to gain access to a system and its resources
Social Engineering Attack: Goal is to obtain sensitive data, including user names and passwords, from network users through deception and trickery
Key: A specific piece of information that is used in conjunction with an algorithm to perform encryption and decryption
Drone: Also known as a zombie
802.1x: IEEE standard used to provide a port-based authentication mechanism using 802.11a and 802.11b protocols
Directory Service: Network service that stores information about all the objects in a particular network, including users, groups, servers, client computers, and printers
eDirectory: Most current version of Novell's NDS directory service
M of N scheme: A mathematical control that takes into account the total number of key recovery agents (N) along with the number of agents required to perform a key recovery (M)
Coaxial Cable: Copper cable that features a central conductor surrounded by braided or foil shielding
Application Based IDS: IDS software component that monitors a specific application on a host
Remote Access Server (RAS): Gateway system that provides remote clients with access to all or part of an internal network
Network Address Translation (NAT): Simple form of Internet security that conceals internal addressing schemes from the public Internet by translating between a single public address on the external side of a router and private, non-routable addresses internally
User-Independent Process: General term for any process or application that can run in the background on a computer system without a particular user being logged in
Birthday Attack: Password attack; exploits weaknesses in mathematical algorithms used to encrypt passwords
Elgamal: Public-key encryption algorithm developed by Taher Elgamal
Hypertext Transfer Protocol Secure (HTTPS): Version of the HTTP protocol that employs Secure Sockets Layer (SSL) to encrypt communications between web browsers and web servers
Mandatory Access Control (MAC): Objects (files and other resources) are assigned security labels of varying levels, depending on the object's sensitivity.
Encapsulating Security Payload Protocol (ESP): IPSec protocol that provides data integrity as well as data confidentiality using either DES or 3DES
CAST-128: Symmetric encryption algorithm with a 128-bit key, named for its developers, Carlisle Adams and Stafford Tavares
Encryption: Only authorized parties with the necessary decryption information can decode and read the data
Default Security Attack: Attacker attempts to gain access to a computer by exploiting the security flaws that exist in the default configuration of the computer's operating system
Procedure: Instructions that detail specifically how to implement the policy
Malicious Code Attack: Can also make an operation system or an application take action to disrupt or disable other systems on the same network or on a remote network
SYN Flood Attack: Type of DoS attack in which the attacker sends multiple SYN messages initializing TCP connections with a target host
Replay Attack: Type of software attack where an attacker captures network traffic and stores it for retransmission at a later time to gain unauthorized access to a network
Password Attack: Type of attack in which the attacker attempts to obtain and make use of passwords illegitimately
Warez Servers: Contain pirated software that's illegally made available for download and general use
IPSec Driver: Watches packets being sent and received to determine if the packets need to be signed and encrypted, based on Group Policy or local Registry settings
Eavesdropping Attack: Software attack using special monitoring software to gain access to private communications on the network wire or across a wireless network
Digital Certificate: an electronic document that associates credentials with a public key
Role Based Access Control (RBAC): Access is controlled based on a user's role
3DES (Triple DES): Symmetric encryption algorithm; encrypts data by processing each block of data three times using differnt DES keys each time
Accounting: In security terms, the same as auditing
Enumeration: Attacker will try to gain access to users and groups, network resources, shares, applications and banners, or valid user names and passwords. Can be obtained through social engineering, network sniffing, dumpster diving, or watching a user log in
Security Association (SA): Result of the two-stage negotiation process, known as Phase 1 and Phase 2
Secure Hash Algorithm (SHA): 160-bit hash value
Biometrics: Authentication scheme based on an individual's physical characteristics
Firewall: Any software or hardware device that protects a system or network by blocking unwanted network traffic
TACACS/TACACS+: See RFC 1492 for more information
Discretionary Access Control (DAC): Administrator has discretion to place users on the list, if on the list, user is granted access, if not access is denied
RSA: The first successful algorithm to be designed for public key encryption. Named for its designers, Rivest, Shamir, and Adelman
Dynamic Host Configuration Protocol (DHCP): Network service that provides automatic assignment of IP addresses and other TCP/IP configuration information
Transport Layer Security (TLS): Security protocol that uses certificates and public key cryptography for mutual authentication and data encryption over a TCP/IP conection
Diffie-Hellmann: Cryptographic protocol that provides for secure key exchange
Policy Statement: An outline of the plan for the individiual security component
Access Control List (ACL): DAC scheme; the list that is associated with each object, specifying the subjects that can access the object and their level of access
Ethical Hacking: Planned attempts to penetrate the security defenses of a system in order to identify vulnerabilities
802.11b: Provides for 11Mbps transfer rate in the 2.4GHz frequency
Mandatory Access Control (MAC): Users are assigned a security level or clearance, and when they try to access an object, their clearance level is compared to the objects sensitivity level. If they match the user can access the object, if not, the user is denied access
Authentication Header Protocol: Protocol used by IPSec to provide data integrity through use of MD5 and SHA
Hardware Attack: An attack that targets a computer's physical components and peripherals, including its hard disk, motherboard, keyboard, network cabling, or smart card reader
Trojan Horse: When executed, seemingly harmless, it destroys and corrupts data on the user's hard drive
Ping Sweep: A scan of a range IP addresses to locate active hosts within the range
Misuse of Privilege attack: Attack in which a user uses legitimate administrative privileges to attack the system
Privilege Management Infrastructure (PMI): An implementation of a particular set of privilege management technologies
Novell Directory Services (NDS): Standards-based directory service from Novell, Inc that runs on Novell NetWare servers
Access Control: Process of determining and assigning privileges to various resources, objects, and data
Eavesdropping Attack: Also called sniffing
Software Exploitation Attack: Attacker attempts to gain access to a system or to sensitive data by exploiting a flaw or feature in an application
Secure FTP (SFTP): Secure, SSH-encrypted version of the FTP protocol
Certificate Practice Statement: A document that states how the CA will implement the certificate policy
Wireless Application Protocol (WAP): Designed to transmit data such as web pages, email, and newsgroup postings to and from wireless devices over very long distances
Software Attack: Goal is to disrupt or disable the operating systems and applications running on a system
Denial of Service Attack (DoS): Software attack in which an attacker disables systems that provide network services by consuming a network link's available bandwidth, consuming a single system's available resources, or exploiting programming flaws in an application or operating system
IPSec Policy: Set of security configuration settings that define how an IPSec enabled system will respond to IP network traffic
TACACS/TACACS+: Terminal Access Controller Access Control System (plus)
Registration Authority (RA): An authority in a network that processes requests for digital certificates from users
Profiling: Same as Footprinting
Disaster Recovery Plan: Policy that defines how people and resources will be protected in the case of a natural or man-made disaster and how the organization will recover from the disaster
Dictionary Attack: Type of password attack that automates password guessing by comparing encrypted passwords against a predetermined list of possible password values
Point-to-Point Tunneling Protocol (PPTP): Proprietary Microsoft VPN protocol
Dual Key Pair: Certificate that performs more than one function by combining services, such as encryption and digital signatures
Fault Tolerance: Ability of a network or system to withstand a foreseeable component failure and continue to provide an acceptable level of service
Secure Shell (SSH): Protocol for secure remote logon and transfer of data
Block Cipher: Symmetric encryption that encrypts data a block at a time, often in 64-bit blocks
Authorization: In security terms, The process of determining what rights and privileges a particular entity has
RC algorithms: Series of variable key length symmetric encryption algorithms developed by Ronald Rivest
Privilege Management: Use of authentication and authorization mechanisms to provide an administrator with centralized or decentralized control of user and group role-based privilege management
Footprinting: Stage of hacking process in which the attacker chooses a target organization or network and begins to gather information that is publicly available
Scanning: Attacker uses specific tools to determine an organization's infrastructure and discover vulnerabilities
Man-in-the-Middle Attack: Software attack where an attacker inserts himself between two hosts to gain access to their data transmissions
Certificate Policy: Security policy that determines what information a digital certificate will contain and the parameters for that information
Non-Repudiation: Security goal of ensuring that the party that sent the transmission or created data remains associated with that data
Berkeley Internet Name Domain (BIND): Popular Unix-based implementation of DNS
Public Root CA: Root CA created by a vendor
Port Scanning Attack: Software attack where an attacker scans your systems to see which ports are listening
Sniffer Attack: Software attack that uses special monitoring software to gain access to private communications on the network wire or across a wireless network.
802.11b: Called Wi-Fi, short for "wired fidelity"
Private Root CA: Root CA that is created by a company for use primarily within the company itself
Honeypot: Also called a decoy or sacrificial lamb
Zombie: Unauthorized software introduced on multiple computers to manipulate the computers into mounting a DDoS attack
Active IDS: Detects a security breach according to parameters it has been configured with, logs the activity, then takes appropriate action
Spyware: Code that's secretly installed on a user's computer to gather data about the user and relay it to a third party
Firmware: Rewritable computer chips that contain software instructions
Intrusion Detection System (IDS): Software and/or hardware system that scans, audits, and monitors the security infrastructure for signs of an attack in progress
Challenge Handshake Authentication Protocol (CHAP): User name/password authentication scheme in which the user is authenticated by a series of challenge messages and the password itself is never sent across the network
Simple Mail Transfer Protocol (SMTP): Communications protocol used to send email from a client to a server or between servers
Distributed Denial of Service Attack (DDoS): Software attack in which an attacker hijacks or manipulates multiple computers on disparate networks to carry out a DoS attack
Shared key encryption: Same as symmetric encryption
Logic Bomb: Once the code is triggered, it "detonates", erasing and corrupting data on the user's computer
Cracker: Term preferred by the hacker community for a user who gains unauthorized access to computers and network for malicious purposes
Discretionary Access Control (DAC): Access is controlled based on a user's identity, objects are configured with a list of users who are allowed access to them
Passive IDS: An IDS that detects potential security breaches, logs the activity, and alerts security personnel
Wardriving: A popular way to gain unauthorized access to a network; involves simply driving in a car with a laptop and a wireless NIC
Secure Sockets Layer (SSL): Security protocol that combines digital certificates for authentication with RSA public key encryption
802.11a: Supports speeds up to 54Mbps in the 5GHz frequency
Cleartext: Data in an unencrypted form
Coax: Coaxial cable nickname
Virus: Sample of code that spreads from one computer to another by attaching itself to other files
Service: Windows term for user-independent process
Takeover Attack: A type of software attack where an attacker gains access to a remote host and takes control of the system
Wired Equivalency Protocol (WEP): Provides 64, 128, and 256-bit encryption using Rivest Cipher 4 (RC4) algorithm for wireless communication using the 802.11a and 802.11b protocols
Network News Transfer Protocol (NNTP): Protocol used to post and retrieve messages from newsgroups, usually from the worldwide bulletin board system, called USENET
CA Hierarchy: Single CA or group of CAs that work together to issue digital certificates
Router: A networking device that connects multiple networks that use the same protocol
Trojan Horse: Malicious code that masquerades as a harmless file
802.11i: A standard that adds AES security to the 802.11 standard
Role Based Access Control (RBAC): Users are assigned to roles, and network objects are configured to allow access only to specific roles
Security Policy: Formalized statement that defines how security will be implemented within a particular organization
Warez: Pirated software that's illegally made available for download and general use
Warm Site: Location that is dormant or performs noncritical functions under normal conditions, but which can be rapidly converted to a key operations site if needed
Buffer Overflow Attack: Exploits fixed data buffer sizes in a target piece of software by sending data that is too large for the buffer
Virtual Private Network (VPN): A private network that is configured within a public network, such as the internet
Attacker: Another term for a user who gains unauthorized access to computers and networks for malicious purposes
Virus: Code in a program; corrupts and erases files on a user
Footprinting: Also called profiling
Hypertext Markup Language (HTML): Standard language that defines how web pages are formatted and displayed
Skipjack: Block cipher algorithm designed by the US National Security Agency (NSA) for use in tamper proof hardware in conjunction with the Clipper Chip
Database Server: Application server that hosts a database system for network users
Post Office Protocol v3 (POP3): One of the major protocols used by email clients to retrieve messages from an email server
Ciphertext: Data in encrypted form
Signature based analysis: IDS data analysis method that looks for network, host, or application activity that compares signatures in the datastream with known attack signatures
Hash: the value that results from hashing encryption
Token: Physical object that stores authentication information
Virtual LAN (VLAN): A point to point physical network; created by grouping selected hosts together, regardless of physical location
Confidentiality: Fundamental security goal of keeping information and communication private and protecting them from unauthorized access
Service Level Agreement (SLA): Contractual agreement between a service provider and a customer that stipulates the precise services and support options the vendor must provide
Symmetric Encryption: Two-way encryption scheme in which encryption and decryption are both performed by the same key
Message Digest 5 (MD5): Hash algorithm, based on RFC 1321, produces a 128-bit hash value and is used in IPSec policies for data authentication
Scanning: Attack will affect the target's border routers, firewalls, web servers, and other systems that are directly connected to the internet to see which services are listening on which ports and determine the OS and manufacturer of each system
High Availability: Rating that expresses how closely systems approach the goal of providing data availability 100% of the time while maintaining a high level of performance
Phishing: Type of email based social engineering attack, in which the attacker sends email from a spoofed source, such as a bank, to try to elicit private information from the victim
Brute Force Attack: Password attack where an attacker uses an application to exhaustively try every possible alphanumeric combination to crack passwords
Hot Site: Fully configured alternate network that can be online quickly after a disaster
Worm: Can corrupt or erase files on your hardrive; self propagating
Switch: Networking device with multiple network ports that combines multiple physical network segments into a single logical network
Message Digest: A hash value generated from an electronic message
Host based IDS (HIDS): IDS system that primarily uses software installed on a specific system such as a web server
AES: Encryption adopted by the US Government as the standard to replace DES
Internet Mail Access Protocol v4 (IMAP4): Email client protocol used to retrieve email from a web-enabled email sever by using a browser
Trust Model: A CA hierarchy
Single Sign On (SSO): An aspect of privilege management that provides users with one-time authentication to multiple resources, servers, or sites
Demilitarized Zone: Small section of a private network that is located between two firewalls and made available for public access
Paillier Cryptosystem: Asymmetric encryption algorithm developed by Pascal Paillier
Secure Multipurpose Internet Mail Extensions (S/MIME): Prevents attackers from intercepting and manipulating email and attachments by encrypting and digitally signing the contents of the email using public key cryptography
Hardening: Security technique in which the default security configuration of a system is altered to protect the system against attacks
IPSec Policy Agent: Service that runs on each Windows 2000 Server, 2000 Professional, and XP Professional computer that's used to transfer IPSec policy agent from Active Directory or the local Registry to the IPSec driver
Backdoor Attack: Can involve software or a bogus user account
Site Survey: Analysis technique that determines the coverage area of a wireless network, identifies any sources of interference, and establishes other characteristics of the coverage area
Broadcast Domain: Group of network hosts that will receive a network broadcast packet
Twisted Pair: Includes pairs of wires twisted around each other enclosed in a plastic jacket
Hypertext Transfer Protocol (HTTP): Primary protocol that enables clients to connect and interact with websites
Hash Value: Same as hash
Multiple Key Pairs: Multiple certificates issued to a single-entity, each performing a separate function
Digital Signature: An encrypted hash value that is appended to a message to identify the sender and message
Smart Card: Device similar to a credit card that can store authentication information, such as a user's private key, on an embedded microchip
Malware: Malicious code, such as viruses, Trojans, or worms
Integrity: Fundamental security security goal of ensuring that electronic data is not altered or tampered with
Media Access Control (MAC) Address: A unique physical address assigned to each network adapter board at the time of manufacture
IP Spoofing Attack: Type of software attack where an attacker creates IP packets with a forged source IP address and uses those packets to gain access to a remote system
TACACS/TACACS+: Standard protocols for providing centralized authentication and authorization services for remote users
Distributed Denial of Service Attack (DDos): Attack which uses zombies or drones
Anomaly-Based Analysis: IDS data analysis method that looks for network, host, or application changes as compared to preset parameters
Public-key Encryption: Same as asymmetric encryption
Data Encryption Standard (DES): Symmetric encryption algorithm that encrypts data in 64 bit blocks using a 56 bit keyy with 8 bits for parity
Remote Authentication Dial-in User Service (RADIUS): A standard protocol for providing centralized authentication and authorization services for remote users
Extranet: Private network that employs Internet-style technologies to enable communications between two or more separate companies or organizations
Patch: Small unit of supplemental code meant to address either a security problem or a functionality flaw in a software package or operating system
Eavesdropping Attack: Type of attack is used either to steal content of the communication itself or gain information that will help the attacker later gain access to you network and resources
Internet Protocol Security (IPSec): Set of open, non-proprietary standards that you can use to secure data as it travels across the network or the Internet through data authentication and encryption
Hashing encryption: One-way encryption that transforms cleartext into a coded form that is never decrypted
Standard: Definition of how adherence to the policy will be measured
Public Key Cryptography Standards (PKCS): A set of protocol standards developed by a consortium of vendors to send information over the Internet in a secure manner using a public key infrastructure (PKI)
Encryption: Security technique that converts data from plain, or cleartext form, into coded, or ciphertext form
NetWare Loadable Module (NLM): A Novell term for a user-independent process
Rollup: A collection of previously issued patches and hotfixes, usually meant to be applied to one component of a system, such as the web browser or particular service
Mutual Authentication: Security mechanism that requires each party in a communication to verify its identity
AES: Symmetric 128-bit block cipher based on the Rijndael algorithm
Daemon: Unix or Linux term for a user-independent process
Guideline: Suggestion for meeting the policy standard or best practices
Drone: Unauthorized software introduced on multiple comptetrs to manipulate the computers into mounting a DDoS attack
Public Key Infrastructure (PKI): System that is composed of a Certificate Authority (CA), certificates, software, services, and other cryptographic components, for the purpose of enabling authenticity and validation of data and/or entities
802.11: Family of specifications developed by the IEEE for wirless LAN technology
Incident Response Policy (IRP): The security policy that determines the actions that an organization will take following a confirmed or potential security breach
Windows Security Policies: Configuration settings within Windows operating systems that control the overall security behavior of the system
Port Scanning Attack: Software attack where the attacker is trying to find a way to gain unauthorized access
Dumpster Diving: Attacker will gain valuable information from items that are improperly disposed of in the trash
White Hat: A hacker who exposes security flaws in applications and operating systems so manufacturers can fix them before they become widespread problems
Stream Cipher: Relatively fast type of encryption that encrypts data one bit at a time
Public Key Cryptography Standard #10 (PKCS10): Certification Request Syntax Standard
Lightweight Directory Access Protocol (LDAP): Standard protocol that is used on TCP/IP networks to access a compliant directory service or directory database
Asymmetric Encryption: Two-way encryption scheme that uses paired private keys and public keys to perform encryption and decryption
Cold Site: Predetermined alternate location where a network can be rebuilt after a disaster
Public Cryptography Standard #7 (PKCS7): Describes the general syntax used for cryptographic data such as digital signatures
Availability: Fundamental security goal of ensuring that systems operate continuously and that authorized persons can access data they need
Smurf Attack: Type of DoS attack in which a ping message is broadcast to an entire network on behalf of a victim computer, flooding the victim computer with responses
Subordinate CA: Any CA below the root in the hierarchy
Security Association (SA): Negotiated relationship between two computers using IPsec
Backdoor: Mechanism for gaining access to a computer that bypasses or subverts the normal method of authorization
Sever Message Block (SMB): A protocol that runs on top of protocols such as TCP/IP, IPX/SPX, and NetBEUI, and is used to access shared network resources, such as files and printers
Active Directory: Standards-based directory service from Microsoft that runs on Microsoft Windows Servers
Certification Revocation List (CRL): A list of certificates that are no longer valid
Security Template: Predefined set of security configuration parameters that you can supply to a system to enforce security baseline rules
Wireless Transport Layer Security: Security layer or WAP and the wireless equivalent of TLS in wired networks
Black Hat: Hacker who exposes vulnerabilities for financial gain or malicious purpose
Pretty Good Privacy (PGP): Method of securing emails created to prevent attackers from intercepting and manipulating email and attachments by encrypting and digitally signing the contents of the email using public key cyrptography
Layer Two Tunneling Protocol (L2TP): De facto standard VPN protocol for tunneling across a variety of network protocols such as IP, Frame Relay, or ATM
Sniffer Attack: Same eavesdropping attack
Hacker: User who excels at programming or managing and configuring computer systems and has skills to gain access to computer systems through unauthorized or unapproved means
Certificate Management System: System that provides the software tools to perform day to day functions of the PKI
Blowfish: Freely available 64-bit block cipher algorithm that uses variable key length
Secure Hash Algorithm (SHA): Modeled after MD5 and considered the stronger of the two because it produces a 160-bit hash value
Backdoor: An example is Back Orifice
Business Continuity Plan (BCP): Policy which defines how normal day-to-day business will be maintained in the event of a business disruption or crisis
Anomaly-Based Analysis: Also known as profile-based analysis
Collision damage: Group of network hosts that must compete for access to the network media before making any type of network transmission
Authentication: In security terms, the process of uniquely identifying a particular individual or entity
Certificate Authority: Server that can issue digital certificates and the associated public/private key pairs
RFC 1321: MD5 is based on this
Key Escrow: Method for backing up private keys to protect them while allowing trusted third parties to access the keys under certain conditions
VPN Protocol: Protocols that provide VPN functionality
Malicious Code Attack: Type of software attack where an attacker inserts malicious software into a user's system to disrupt or disable the operating system or an application
File Transfer Protocol (FTP): A communications protocol that enables the transfer of files between a user's workstation and a remote host
Honeypot: A security tool used to lure attackers away from the actual network components.

Start Studying!

Deck Info

Number of cards 265