-
Notifications
You must be signed in to change notification settings - Fork 1
/
SY0_501.fortune
2009 lines (1502 loc) · 76.9 KB
/
SY0_501.fortune
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
3DES
Triple Digital Encryption Standard. A symmetric algorithm used to encrypt data and provide confidentiality. It is a block cipher that encrypts data in 64-bit blocks.
%
AAA
Authentication, authorization, and accounting. A group of technologies used in remote access systems. Authentication verifies a user's identification. Authorization determines if a user should have access. Accounting tracks a user's access with logs. Sometimes called AAAs of security.
%
ABAC
Attribute-based access control. An access control model that grants access to resources based on attributes assigned to subjects and objects.
%
acceptable use policy (AUP)
A policy defining proper system usage and the rules of behavior for employees. It often describes the purpose of computer systems and networks, how users can access them, and the responsibilities of users when accessing the systems.
%
access point (AP)
A device that connects wireless clients to wireless networks. Sometimes called wireless access point (WAP).
%
accounting
The process of tracking the activity of users and recording this activity in logs. One method of accounting is audit logs that create an audit trail.
%
ACLs (access control lists)
Lists of rules used by routers and stateless firewalls. These devices use the ACL to control traffic based on networks, subnets, IP addresses, ports, and some protocols.
%
active reconnaissance
A penetration testing method used to collect information. It sends data to systems and analyzes responses to gain information on the target. Compare with passive reconnaissance.
%
ad hoc
A connection mode used by wireless devices without an AP. When wireless devices connect through an AP, they are using infrastructure mode.
%
administrative controls
Security controls implemented via administrative or management methods.
%
AES (Advanced Encryption Standard)
A strong symmetric block cipher that encrypts data in 128-bit blocks. AES can use key sizes of 128 bits, 192 bits, or 256 bits.
%
affinity
A scheduling method used with load balancers. It uses the client's IP address to ensure the client is redirected to the same server during a session.
%
aggregation switch
A switch used to connect multiple switches together into a network. Switches connect to the aggregation switch and it connects to a router.
%
agile
A software development life cycle model that focuses on interaction between customers, developers, and testers. Compare with waterfall.
%
AH (authentication header)
An option within IPsec to provide authentication and integrity.
%
airgap
A physical security control that provides physical isolation. Systems separated by an airgap don't typically have any physical connections to other systems.
%
ALE (annualized loss expectancy)
The expected loss for a year. It is used to measure risk with ARO (annual rate of occurrence) and SLE (single loss expectancy) in a quantitative risk assessment. The calculation is SLE x ARO = ALE.
%
amplification attack
An attack that increases the amount of bandwidth sent to a victim.
%
anomaIy
A type of monitoring on intrusion detection and intrusion prevention systems. It detects attacks by comparing operations against a baseline. It is also known as heuristic detection.
%
ANT
A proprietary wireless protocol used by some mobile devices. It is not an acronym.
%
antispoofing
A method used on some routers to protect against spoofing attacks. A common implementation is to implement specific ru|es to block certain traffic.
%
antivirus
Software that protects systems from malware. Although it is called antivirus software, it protects against most malware, including viruses, Trojans, worms, and more.
%
application blacklist
A list of applications that a system blocks. Users are unable to install or run any applications on the list.
%
application cell
Also known as application containers. A virtualization technology that runs services or applications within isolated application cells (or containers). Each container shares the kernel of the host.
%
application whitelist
A list of applications that a system allows. Users are only able to install or run applications on the list.
%
APT (Advanced persistent threat) [crew]
A group that has both the capability and intent to launch sophisticated and targeted attacks.
%
ARO (annualized rate of occurrence)
The number of times a loss is expected to occur in a year. It is used to measure risk with ALE and SLE in a quantitative risk assessment.
%
arp
A command-line tool used to show and manipulate the Address Resolution Protocol (ARP) cache. *
%
ARP poisoning
An attack that misleads systems about the actual MAC address of a system.
%
asset value
An element of a risk assessment. It identifies the value of an asset and can include any product, system, resource, or process. The value can be a specific monetary value or a subjective value.
%
asymmetric encryption
A type of encryption using two keys to encrypt and decrypt data. It uses a public key and a private key. Compare with symmetric encryption.
%
attestation
A process that checks and validates system files during the boot process. TPMs sometimes use remote attestation, sending a report to a remote system for attestation.
%
audit trail
A record of events recorded In one or more logs. When security professionals have access to all the logs, they can re-create the events that occurred leading up to a security incident.
%
authentication
The process that occurs when a user proves an identity, such as with a password.
%
authorization
The process of granting access to resources for users who prove their identity (such as with a username and password) based on their proven identity.
%
availability
One of the three main goals of information security known as the CIA security triad. Availability ensures that systems and data are up and operational when needed. Compare with confidentiality and integrity.
%
backdoor
An alternate method of accessing a system. Malware often adds a backdoor into a system after it infects it.
%
background check
A check into a person's history, typically to determine eligibility for a job.
%
banner grabbing
A method used to gain information about a remote system. It identifies the operating system and other details on the remote system.
%
bcrypt
A key stretching algorithm. It is used to protect passwords. Bcrypt salts passwords with additional bits before encrypting them with Blowfish. This thwarts rainbow table attacks.
%
BIOS
Basic Input/Output System. A computer's firmware used to manipulate different settings such as the date and time, boot drive, and access password. UEFI is the designated replacement for BIOS.
%
birthday [theorem]
A password attack named after the birthday paradox in probability theory. The paradox states that for any random group of 23 people, there is a 50 percent chance that 2 of them have the same birthday.
%
black box test
A type of penetration test. Testers have zero knowledge of the environment prior to starting the test. Compare with gray box test and white box test.
%
block cipher
An encryption method that encrypts data in fixed-sized blocks. Compare with stream cipher.
%
Blowfish
A strong symmetric block cipher. It encrypts data in 64-bit blocks and supports key sizes between 32 and 448 bits. Compare with Twofish.
%
bluejacking
An attack against Bluetooth devices. It is the practice of sending unsolicited messages to nearby Bluetooth devices.
%
bluesnarfing
An attack against Bluetooth devices. Attackers gain unauthorized access to Bluetooth devices and can access all the data on the device.
%
bollards
Short vertical posts that act as a barricade. Bollards block vehicles but not people.
%
bots
Software robots that function automatically. A botnet is a group of computers that are joined together. Attackers often use malware to join computers to a botnet, and then use the botnet to launch attacks.
%
BPA (business partners agreement)
A written agreement that details the relationship between business partners, including their obligations toward the partnership.
%
bridge
A network device used to connect multiple networks together. It can be used instead of a router in some situations.
%
brute force
A password attack that attempts to guess a password. Online brute force attacks guess passwords of online systems. Offline attacks guess passwords contained in a file or database.
%
buffer overflow
An error that occurs when an application receives more input, or different input, than it expects. It exposes system memory that is normally inaccessible.
%
business impact analysis (BIA)
A process that helps an organization identify critical systems and components that are essential to the organization's success.
%
BYOD
Bring your own device. A mobile device deployment model. Employees can connect their personally owned device to the network. Compare with COPE and CYOD.
%
CA (certificate authority)
Certificate Authority. An organization that manages, Issues, and signs certificates. A CA is a main element of a PKI.
%
CAC (Common Access Card)
A specialized type of smart card used by the US. Department of Defense. It includes photo identification and provides confidentiality, integrity, authentication, and non-repudiation.
%
captive portal
A technical solution that forces wireless clients using web browsers to complete a process before accessing a network. It is often used to ensure users agree to an acceptable use policy or pay for access.
%
carrier unlocking
The process of unlocking a mobile phone from a specific cellular provider.
%
CBC (cipher block chaining)
A mode of operation used for encryption that effectively converts a block cipher into a stream cipher. It uses an IV for the first block and each subsequent block is combined with the previous block.
%
CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol)
An encryption protocol based on AES and used with WPA2 for wireless security. It is more secure than TKIP, which was used with the original release of WPA.
%
CER (Canonical Encoding Rules)
A base format for PKI certificates They are binary encoded files. Compare with DER.
%
certificate
A digital file used for encryption, authentication, digital signatures, and more. Public certificates include a public key used for asymmetric encryption.
%
certificate chaining
A process that combines all certificates within a trust model. It includes all the certificates in the trust chain from the root CA down to the certificate issued to the end user.
%
chain of custody
A process that provides assurances that evidence has been controlled and handled properly after collection. Forensic experts establish a chain of custody when they first collect evidence.
%
change management
The process used to prevent unauthorized changes. Unauthorized changes often result in unintended outages.
%
CHAP (Challenge Handshake Authentication Protocol)
An authentication mechanism where a server challenges a client. Compare with MS-CHAPv2 and PAP.
%
chroot
A Linux command used to change the root directory. It is often used for sandboxing.
%
ciphertext
The result of encrypting plaintext. Ciphertext is not in an easily readable format until it ls decrypted.
%
clean desk policy
A security policy requiring employees to keep their areas organized and free of papers. The goal is to reduce threats of security incidents by protecting sensitive data.
%
clickjacking
An attack that tricks users into clicking something other than what they think they're clicking.
%
cloud access security broker (CASB)
A software tool or service that enforces cloud-based security requirements. It is placed between the organization's resources and the cloud, monitors all network traffic, and can enforce security policies.
%
cloud deployment models
Cloud model types that identify who has access to cloud resources. Public clouds are for any organization. Private clouds are for a single organization. Community clouds are shared among community organizations. A hybrid cloud is a combination of two or more clouds.
%
code signing
The process of assigning a certificate to code. The certificate includes a digital signature and validates the code.
%
cold site
An alternate location for operations. A cold site will have power and connectivity needed for activation, but little else. Compare with hot site and warm site.
%
collision
A hash vulnerability that can be used to discover passwords. A hash collision occurs when two different passwords create the same hash.
%
compensating controIs
Security controls that are alternative controls used when a primary security control is not feasible.
%
compiled code
Code that has been optimized by an application and converted into an executable file. Compare with runtime code.
%
confidential data
Data meant to be kept secret among a certain group of people. As an example, salary data is meant to be kept secret and not shared with everyone within a company.
%
confidentiality
One of the three main goals of information security known as the CIA security triad. Confidentiality ensures that unauthorized entities cannot access data. Encryption and access controls help protect against the loss of confidentiality. Compare with availability and integrity.
%
configuration compliance scanner
A type of vulnerability scanner that verifies systems are configured correctly. It will often use a file that identifies the proper configuration for systems.
%
confusion
A cryptography concept that indicates ciphertext is significantly different than plaintext.
%
containerization
A method used to isolate applications in mobile devices. It isolates and protects the application, including any data used by the application.
%
context-aware authentication
An authentication method using multiple elements to authenticate a user and a mobile device. It can include identity, geolocation, the device type, and more.
%
continuity of operations planning
The planning process that identifies an alternate location for operations after a critical outage. It can include a hot site, cold site, or warm site.
%
control diversity
The use of different security control types, such as technical controls, administrative controls, and physical controls. Compare with vendor diversity.
%
controller-based AP
An AP that is managed by a controller. Also called a thin AP. Compare with fatAP.
%
COPE
Corporate-owned, personally enabled. A mobile device deployment model. The organization purchases and issues devices to employees. Compare with BYOD and CYOD.
%
corrective controls
Security controls that attempt to reverse the impact of a security incident.
%
CRL
Certificate revocation list. A list of certificates that a CA has revoked. Certificates are commonly revoked if they are compromised, or issued to an employee who has left the organization.
%
crossover error rate
The point where the false acceptance rate (FAR) crosses over with the false rejection rate (FRR). A lower CER indicates a more accurate biometric system.
%
cross-site request forgery (XSRF)
A web application attack. XSRF attacks trick users into performing actions on web sites, such as making purchases, without their knowledge.
%
cross-site scripting (XSS)
A web application vulnerability. Attackers embed malicious HTML or JavaScript code into a web site's code, which executes when a user visits the site.
%
crypto-malware
A type of ransomware that encrypts the user's data.
%
crypto moduIe
A set of hardware, software, and/or firmware that implements cryptographic functions. Compare with crypto service provider.
%
crypto service provider
A software library of cryptographic standards and algorithms. These libraries are typically distributed within crypto modules.
%
CSR
Certificate signing request. A method of requesting a certificate from a CA. It starts by creating an RSA-based private/public key pair and then including the public key in the CSR.
%
CTM
Counter mode. A mode of operation used for encryption that combines an IV with a counter. The combined result is used to encrypt blocks.
%
custom firmware
Mobile device firmware other than the firmware provided with the device. People sometimes use custom firmware to root Android devices.
%
cyber-incident response team
A group of experts who respond to security incidents. Also known as CIRT.
%
CYOD
Choose your own device. A mobile device deployment model. Employees can connect their personally owned device to the network as long as the device is on a preapproved list. Compare with BYOD and COPE.
%
DAC
Discretionary access control. An access control model where all objects have owners and owners can modify permissions for the objects (files and folders). Microsoft NTFS uses the DAC model.
%
data-at-rest
Any data stored on media. It's common to encrypt sensitive data-at-rest.
%
data execution prevention (DEP)
A security feature that prevents code from executing in memory regions marked as nonexecutable. It helps block malware.
%
data exfiltration
The unauthorized transfer of data outside an organization.
%
data-in-use
Any data currently being used by a computer. Because the computer needs to process the data, it is not encrypted while in use.
%
data retention policy
A security policy specifying how long data should be kept (retained).
%
data sovereignty
A term that refers to the legal implications of data stored in different countries. It is primarily a concern related to backups stored in alternate locations via the cloud.
%
DDoS
Distributed denial-of-service. An attack on a system launched from multiple sources intended to make a computer's resources or services unavailable to users. 0005 attacks typically include sustained, abnormally high network traffic. Compare with 005.
%
dead code
Code that is never executed or used. It is often caused by logic errors.
%
defense in depth
The use of multiple layers of security to protect resources. Control diversity and vendor diversity ate two methods organizations implement to provide defense in depth.
%
degaussing
The process of removing data from magnetic media using a very powerful demonic magnet. Degaussing is sometimes used to remove data from backup tapes or to destroy hard disks.
%
DER
Distinguished Encoding Rules. A base format for PKI certificates. They are BASE" ASCII encoded tiles Compare with CER.
%
DES
Data Encryption Standard. A legacy symmetric encryption standard used to provide confidentiality. It has been compromised and AES or 3DES should be used instead.
%
detective controls
Security controls that attempt to detect security incidents after they have occurred.
%
deterrent controIs
Security controls that attempt to discourage individuals from causing a security Incident.
%
dictionary [attack]
A password attack that uses a me of words and character combinations. The attack tries every entry within the file when trying to guess a password.
%
differential backup
A type of backup that backs up all the data that has changed or is different since the last full backup.
%
Diffie-Hellman
An asymmetric algorithm used to privately share symmetric keys. DH Ephemeral (DHE) uses ephemeral keys, which are re-created for each session. Elliptic Curve DHE (ECDHE) uses elliptic cuwe cryptography to generate encryption keys.
%
diffusion
A cryptography concept that ensures that small changes in plaintext result in significant changes in ciphertext.
%
dig
A command-line tool used to test DNS on Linux systems. Compare with nslookup.
%
digital signature
An encrypted hash of a message, encrypted with the sender's private key. It provides authentication, non-repudiation, and integrity.
%
disablement policy
A policy that identifies when administrators should disable user accounts.
%
dissolvable agent
A NAC agent that runs on a client, but deletes itself later. It checks the client for health. Compare with permanent agent.
%
DLL injection
An attack that injects a Dynamic Link Library (DLL) into memory and runs It. Attackets write the DLL inserting malicious code.
%
DLP
Data loss prevention. A group of technologies used to prevent data loss. They can block the use of USB devices, monitor outgoing email to detect and block unauthorized data transfers, and monitor data stored in the cloud.
%
DMZ
Demilitarized zone. A buffer zone between the Internet and an internal network. Internet clients can access the services hosted on servers in the DMZ, but the DMZ provides a layer of protection for the imemalnetwodt.
%
DNS
Domain Name System. A service used to resolve msi names to IP addresses. DNS zones include records sue has ArecoMsforva-taddressesandAAAArecordsforthéaddresses .
%
DNSSEC
Domain Name System Security Extensions. A suite of extensions to DNS used to protect the integrity of DNS records and prevmt some DNS attacks.
%
DNS poisoning
An attack that modifies or corrupts DNS results. DNSSEC helps prevent DNS poisoning.
%
Domain Hijacking
An attack that changes the registration of a domain name without permission from the owner.
%
DoS
DeniaI-of-service. An attack from a single source that attempts to disrupt the services provided by the attacked system. Compare with 0005.
%
downgrade attack
A type of attack that forces a system to downgrade its security. The attacker then exploits the lesser security control. POODLE
%
DSA
Digital signature algorithm. An encrypted hash of a message used for authentication, now repudiation, and integrity. The sender's private key encrypts the hash of the message.
%
dumpster diving
The practice of searching through trash looking to gain information from discarded documents. Shredding or burning papers helps prevent the success of dumpster diving.
%
EAP
Extensible Authentication Protocol. An authentication framework that provides general guidance for authentication methods. Variations include PEAP, EAP-TLS, EAP-'ITLS, and EAP-FAST.
%
EAP-FAST
EAP-Flexible Authentication via Secure Tunneling (EAP-FAST). A Cisco-designed replacement for Lightweight EAP (LEAP). EAP-FAST supports certificates, but they are optional.
%
EAP-TLS
Extensible Authentication Protocol-Transport Layer Security. An extension of EAP sometimes used with 802.1II. 11155 is one of the most secure EAP standards and is widely implemented. it requires certificates on the 802.1): sewer and on the clients.
%
EAP-TTLS
-Extensible Authentication Hotocol-Tunneled Transport Layer Security. An extension of EA? sometimes used with 802.1x. it auows systems to use some older authentication methods such as PAP within a 11.5 tunnel. It requires a certificate on the 802.1): server but not on the clients.
%
ECB
{lectronk Codebook. A legacy mode of operation used for encryption. It is weak and should not be used.
%
embedded system
Any device that has a dedicated function and uses a computer system to perform that function. it includes a CPU, an operating system. and one or more applications.
%
EMI
Electromagnetic interference. Interference caused by motors, power tines, and fluorescent Ughts. EM! shielding prevents outside interference sources from corrupting data and prevents data m emanating outside the cabte.
%
EMP (Electromagnetic Pulse)
A short burst of energy that can potentially damage electronic equipment. It can result from electrostatic discharge (ESD), lightning, and military weapons.
%
encryption
A process that scrambles, or ciphers, data to make it unreadable. Encryption normally includes a public algorithm and a private key. Compare with asymmetric and symmetric encryption.
%
Enterprise
A wireless mode that uses an 802.1x server for security. It forces users to authenticate with a username and password. Compare with Open and PSK modes.
%
ephemeral key
A type of key used in cryptography. Ephemeral keys have very short lifetimes and are re-created for each session.
%
error handling
A programming process that handles errors gracefully.
%
evil twin
A type of rogue AP. An evil twin has the same SSID as a legitimate AP.
%
exit interview
An interview conducted with departing employees just before they leave an organization.
%
exploitation frameworks
Tools used to store information about security vulnerabilities. They are often used by penetration testers (and attackers) to detect and exploit software.
%
extranet
The part of an internal network shared with outside entities. Extranets are often used to provide access to authorized business partners, customers, vendors, or others.
%
facial recognition
A biometric method that identihes people based on facial features.
%
false negative
A security incident that isn't detected or reported. As an example, a NIDS false negative occurs if an attack is active on the network but the NIDS does not raise an alert.
%
false positive
An alert on an event that isn't a security incident. As an example, a NIDS false positive occurs if the NIDS raises an alert but activity on the network is normal.
%
FAR (false acceptance rate)
Also called the false match rate. A rate that identifies the percentage of times a biometric authentication system incorrectly indicates a match.
%
Faraday cage
A room or enclosure that prevents signals from emanating beyond the room or enclosure.
%
fat AP
An AP that includes everything needed to connect wireless clients to a wireless network. Fat APs must be configured independently. Sometimes called a stand-alone AP. Compare with thin AP.
%
fault tolerance
The capability of a system to suffer a fault, but continue to operate. Said another way, the system can tolerate the fault as if it never occurred.
%
FDE (full disk encryption)
A method to encrypt an entire disk. Compare with SED.
%
federation
Two or more members of a federated identity management system. Used for single sign-on.
%
fingerprint scanners
Biometric systems that scan fingerprints for authentication.
%
firewalI
A software or a network device used to filter traffic. Firewalls can be application-based (running on a host), or a network-based device. Stateful firewalls filter traffic using rules within an ACL. Stateless firewalls filter traffic based on its state within a session.
%
firmware OTA updates
Over-the-air updates for mobile device firmware that keep them up to date. These are typically downloaded to the device from the internet and applied to update the device.
%
flood guard
A method of thwarting flood attacks. On switches, a flood guard thwarts MAC flood attacks. On routers, a flood guard prevents SYN flood attacks.
%
framework
A structure used to provide a foundation. Cybersecurity frameworks typically use a structure of basic concepts and provide guidance to professionals on how to implement security.
%
FRR
False rejection rate. Also called the false nonmatch rate. A rate that identifies the percentage of times a biometric authentication system incorrectly rejects a valid match.
%
FTPS
File Transfer Protocol Secure. An extension of FTP that uses TLS to encrypt FTP traffic. Some implementations of FTPS use TCP ports 989 and 990.
%
full backup
A type of backup that backs up all the selected data. A full backup could be considered a normal backup.
%
full tunnel
An encrypted connection used with VPNs. When a user is connected to a VPN, all traffic from the user is encrypted. Compare with split tunnel.
%
GCM
Galois/Counter Mode. A mode of operation used for encryption. It combines the Counter (CTM) mode with hashing techniques for data authenticity and confidentiality.
%
geofencing
A virtual fence or geographic boundary. It uses GPS to create the boundary. Apps can then respond when a mobile device is within the virtual fence.
%
geolocation
The location of a device identified by GPS. It can help locate a lost or stolen mobile device.
%
GPO
Group Policy Object. A technology used within Microsoft Windows to manage users and computers. It is implemented on a domain controller within a domain.
%
GPS
Global Positioning System. A satellite-based navigation system that identifies the location of a device or vehicle. Mobile devices often incorporate GPS capabilities.
%
GPS tagging
A process of adding geographical data to files such as pictures. It typically includes latitude and longitude coordinates of the location where the picture was taken or the file was created.
%
gray box test
A type of penetration test. Testers have some knowledge of the environment prior to starting the test. Compare with black box test and white box test.
%
group-based access control
A roie-based access control method that uses groups as roles.
%
Guest account
A pre-created account in Windows systems. It is disabled by default.
%
hacktivist
An attacker who launches attacks as part of an activist movement or to further a cause,
%
hardware root of trust
A known secure starting point. TPMs have a private key burned into the hardware that provides a hardware root of trust.
%
hash
A number created by executing a hashing algorithm against data, such as a file or message. Hashing is commonly used for integrity. Common hashing algorithms are MDS, SHA-i, and HMAC
%
heuristic/behavioral
A type of monitoring on intrusion detection and intrusion prevention systems. It detects attacks by comparing traffic against a baseline. It is also known as anomaly detection.
%
HlDS
Host-based intrusion detection system. Software installed on a system to detect attacks. it protects local resources on the host. A host-based intrusion prevention system (HIPS) is an extension of a HIDS. It is software installed on a system to detect and block attacks.
%
high availability
A term that indicates a system or component remains available close to 100 percent of the time.
%
HMAC
Hash-based Message Authentication Code. A hashing algorithm used to verify integrity and authenticity of a message with the use of a shared secret. It is typically combined with another hashing algorithm such as SHA.
%
hoax
A message, often circulated th rough email, that tells of impending doom from a virus or other security threat that simply doesn't exist.
%
home automation
Smart devices used within the home that have IP addresses. These are typically accessible via the Internet and are part of the Internet of things (loT).
%
honeypot
A server designed to attract an attacker. It typically has weakened security encouraging attackers to investigate it.
%
honeynet
A group of honeypots in a network. Honeynets are often configured in virtual networks.
%
hot and cold aisles
A method commonly used in data centers to keep equipment cool. Cool air flows from the front of the cabinets to the back, making the front aisle cooler and the back aisie warmer.
%
HOTP
HMAC-based One-Time Password. An open standard used for creating one-time passwords. It combines a secret key and a counter, and then uses HMAC to create a hash of the result.
%
hot site
An alternate location for operations. A hot site typically includes everything needed to be operational within 60 minutes. Compare with cold site and warm site.
%
HSM
Hardware security module. A removable or external device that can generate, store, and manage RSA keys used in asymmetric encryption. Compare with TPM.
%
HTTPS
Hypertext Transfer Protocol Secure. A protocol used to encrypt HTTP trafhc. HTTPS encrypts traffic with TLS using TCP port 443.
%
HVAC
Heating, ventilation, and air conditioning. A physical security control that increases availability by regulating airflow within data centers and server rooms.
%
IaaS
lnfrastructure as a Service. A cloud computing model that allows an organization to rent access to hardware in a self-managed platform. Compare with PaaS and $005.
%
lCS
Industrial control system. A system that controls large systems such as power plants or water treatment facilities. A SCADA system controls the ICS.
%
identification
The process that occurs when a user claims an identity, such as with a username.
%
lEEE 802.1x
An authentication protocol used in VPNs and wired and wireless networks. VPNs often implement it as a RADIUS server. Wired networks use it for port-based authentication. Wireless networks use it in Enterprise mode. It can be used with certilicate-based authentication.
%
ifconfig
A command-line tool used on Linux systems to show and manipulate settings on a network interface card (NIC). Similar to ipconfig used on Windows systems.
%
lMAP4
lnternet Message Access Protocol version 4. A protocol used to store and manage email on servers. IMAP4 uses TCP port 143. Secure IMAP4 uses TLS to encrypt IMAP4 traffic.
%
impact
The magnitude of harm related to a risk. It is the negative result of an event. such as the loss of confidentiality, integrity, or availability of a system or data. Compare with likelihood of occurrence.
%
implicit deny
A rule in an ACL that blocks all traffic that hasn't been explicitly allowed. The implicit deny rule is the last rule in an ACL.
%
Incident response
The process of responding to a security incident. Organizations often create an incident response plan that outlines the procedures to be used when responding to an incident.
%
incident response plan (lRP)
The procedures documented in an incident response policy.
%
incident response process
The phases of incident response, including preparation. identification. containment, eradication, recovery, and lessons learned.
%
incremental backup
A type of backup that backs up all the data that has changed since the last full or incremental backup.
%
injection attack
An attack that injects code or commands. Common injection attacks are DLL injection, command injection, and SQL injection attacks.
%
inline
A configuration that forces traffic to pass through a device. A NIPS is placed inline, allowing it to prevent malicious traffic from entering a network. Sometimes called in-band. Compare with out-of-band.
%
550 CompTlA Securit +: Get Certified Get Ahead
%
input validation
A programming process that verifies data is valid before using it.
%
insider
An attacker who launches attacks from within an organization, typically as an employee.
%
integer overflow
An application attack that attempts to use or create a numeric value that is too big for an application to handle. Input handling and error handling thwart the attack.
%
integrity
One of the three main goals of information security known as the CIA security triad, Integrity provides assurance that data or system configurations have not been modified. Audit legs and hashing are two methods used to ensure Integrity. Compare with availability and confidentiality.
%
intranet
An internal network. People use an intranet to communicate and share content with each other.
%
IoT
lntemet of things. The network of physical devices connected to the Internet. It typicaliy refers to smart devices with an IP address, such as wearable technology and home automation systems.
%
ip
A command-Iine tool used on Linux systems to show and manipulate settings on a network interface card (NIC). Developers created this to replace ifconflg.
%
ipconfig
A command-Iine tool used on Windows systems to show the configuration settings on a NIC.
%
lPsec
lntemet Protocol secu rity. A suite of protocols used to encrypt data-in-transit that can operate in both TunneI mode and Transport mode. It uses Tunnel mode for VPN traffic and Transport mode in private networks.
%
IP spoofing
An attack that changes the source IP address. iris scanners-Biometric systems that scan the iris of an eye for authentication.
%
ISA
Interconnection security agreement. An agreement that specifies technical and security requirements for connections between two or more entities. Compare with MOU/MOA.
%
IV (initialization vector) attack
A wireless attack that attempts to discover the IV. Legacy wireless security protocols are susceptible to IV attacks.
%
jailbreaking
The process of modifying an Apple mobile device to remove software restrictions. It allows a user to install software from any third-party source. Compare with rooting.
%
jamming
A DoS attack against wireless networks. It transmits noise on the same frequency used by a wireless network.
%
job rotation
A process that ensures employees rotate through different jobs to learn the processes and procedures in each job. It can sometimes detect fraudulent activity.
%
KDC
Key Distribution Center. Also known as a TGT server. Part of the Kerberos protocol used for network authentication. The KDC issues timestamped tickets that expire.
%
Kerberos
A network authentication mechanism used with Windows Active Directory domains and some Unix environments known as realms. It uses a KDC to issue tickets.
%
kernel
The central part of the operating system. In container virtualization, guests share the kernel. key escrow-The process of placing a copy of a private key in a safe environment.
%
keylogger
Software or hardware used to capture a user's keystrokes. Keystrokes are stored in a file and can be manually retrieved or automatically sent to an attacker.
%
key stretching
A technique used to increase the strength of stored passwords. it adds additional bits (called salts) and can help thwart brute force and rainbow table attacks.
%
known plaintext
A cryptographic attack that decrypts encrypted data. in this attack, the attacker knows the plaintext used to create ciphertext.
%
labeling
The process of ensuring data is tagged clearly so that users know its classification. Labels can be physical labels, such as on backup tapes, or digital labels embedded in files.
%
LDAP
Lightweight Directory Access Protocol. A protocol used to communicate with directories such as Microsoft Active Directory. It identifies objects with query strings using codes such as CN=Users and DC=GetCertifiedGetAhead.
%
LDAPS
Lightweight Directory Access Protocol Secure. A protocol used to encrypt LDAP traffic with TLS.
%
least functionality
A core principle of secure systems design. Systems should be deployed with only the applications, services, and protocols needed to meet their purpose.
%
least privilege
A security principle that specifies that individuals and processes are granted only the rights and permissions needed to perform assigned tasks or functions. but no more.
%
legal hold
A court order to maintain data for evidence.
%
likelihood of occurrence
The probability that something will occur. It is used with impact in a qualitative risk assessment. Compare with impact.
%
load balancer
Hardware or software that balances the load between two or more servers. Scheduling methods include source address IP affinity and round-robin.
%
location-based policies
Policies that prevent users from logging on from certain locations, or require that they log on only from specific locations.
%
logic bomb
A type of malware that executes in response to an event. The event might be a Specm date or time, or a user action such as when a user launches a specific program.
%
loop prevention
A method of preventing switching loop or bridge loop problems. Both 51? and RSTP prevent switching loops.
%
MAC
Mandatory access control. An access control model that uses sensitivity labels assigned to objects (files and folders) and subjects (users). MAC restricts access based on a need to know.
%
MAC
Media access control. A 48-bit address used to identify network interface cards. It is also called a hardware address or a physical address.
%
MAC filtering
A form of network access control to allow or block access based on the MAC address. It is configured on switches for port security or on APs for wireless security.
%
MAC spoofing
An attack that changes the source MAC address.
%
mail gatewayi
A server that examines and processes all incoming and outgoing email. It typically includes a spam filter and DLP capabilities. Some gateways also provide encryption services.
%
malware
Malicious software. It includes a wide range of software that has malicious intent, such as viruses, worms, ransomware, rootkits, logic bombs, and more.
%
mandatory vacation
A policy that forces employees to take a vacation. The goal is to deter malicious activity, such as fraud and embezzlement, and detect malicious activity when it occurs.
%
man-in-the-browser
An attack that infects vulnerable web browsers. It can allow the attacker to capture browser session data, including keystrokes.
%