Als Security + Acronyms
AUP
Acceptable Use Policy. A set of rules enforced in a network that restrict the use to which the network may be put.
ACL
Access Control List, a set of data that informs a computer's operating system which permissions, or access rights, that each user or group has to a specific system object, such as a directory or file. Each object has a unique security attribute that identifies which users have access to it, and the ACL is a list of each object and user access privileges such as read, write or execute. 1-15
AP
Access Point, a hardware device or a computer's software that acts as a communication hub for users of a wireless device to connect to a wired LAN. APs are important for providing heightened wireless security and for extending the physical range of service a wireless user has access to.
ARP
Address Resolution Protocol. A low-level computer networking protocol used for resolution of a Network Layer address (IP) into a Data Link Layer address (Ethernet MAC address).
AES256
Advanced Encryption Standard 256-bit (also written as AES-256). A symmetric-key encryption algorithm that uses 256-bit encryption key. Twofish? 2-59
AES
Advanced Encryption Standard. Symmetric-key encryption standard comprising three block ciphers, AES-128, AES-192 and AES-256. Each of these ciphers has a 128-bit block size, with key sizes of 128, 192 and 256 bits, respectively. When used with 256-bit key, it is referred to as AES256. AES uses the Rijandel algorithm. 2-59
GRE
Generic Routing Encapsulation. A tunneling protocol developed by Cisco that can encapsulate a wide variety of protocol packet types inside IP tunnels, creating a virtual point-to-point link to Cisco routers at remote points over an IP internetwork.
GPG
Gnu Privacy Guard uses web of trust like PGP used for email
GPU
Graphic Processing Unit. A specialized microprocessor designed to remove the burden of graphic-intense calculations from the CPU. In personal computers, a GPU can be present on a dedicated video card, integrated on the motherboard, or in certain CPUs, placed on the CPU die. Integrated GPUs share a portion of the system's RAM and are commonly much less capable than dedicated solutions.
UTM
All in one appliacnce. Unified Threat Management (UTM) is an approach to security management that allows an administrator to monitor and manage a wide variety of security-related applications and infrastructure components through a single management console.
ARO
Annualized Rate of Occurrence. An estimate based on the historical data of how often a threat would be successful in exploiting a vulnerability. For example, if an event occurs once every 10 years, then its annualized rate of occurrence is 1 / 10 = 0.1.
API
Application Programming Interface. A collection of code that allows computer programmers to speed up the process of creating software applications. The main advantage from using APIs comes from the fact that they usually contain many readily available functions designed to perform specific tasks. An API call allows the programmer to take advantage of the block of code already defined within API instead of writing the entire programming code required to perform a given task from scratch.
ASP
Application Service Provider. A vendor that provides application functionality and associated services across a network to multiple customers using a rental or usage-based transaction-pricing model.
AH
Authentication Header. A component of the Internet Protocol Security (IPsec) protocol suite designed to provide connectionless data integrity service and data origin authentication service for IP datagrams, and (optionally) to provide protection against replay attacks. AH does not provide confidentiality, which means it does not encrypt the data. The data is readable, but protected from modification by the use of hash. AH can be used alone or in combination with the Encapsulating Security Payload (ESP) protocol (another component of the IPsec suite). AH packets are identified with protocol ID number 51 embedded in the packet. 2-63
AAA
Authentication, Authorization and Accounting. Security architecture framework designed for: Verification of the identity of a person or process (Authentication) Granting or denying access to network resources (Authorization) Tracking the services users are accessing as well as the amount of network resources they are consuming (Accounting)
BIOS
Basic Input/Output System. A computer program permanently stored in a chip on the motherboard. BIOS contains all the necessary code to identify and initialize basic system hardware components, such as disk drives, keyboard, and monitor. Its primary function is to set up the hardware for loading and starting an operating system.
BYOD
Bring Your Own Device, is a phrase that has become widely adopted to refer to employees who bring their own computing devices - such as smartphones, laptops and PDAs - to the workplace for use and connectivity on the secure corporate network.
BAC
Business Availability Center. An application management solution designed for monitoring and management of business services and application health. BAC allows to reduce downtime and improve the quality of user experience by optimizing the availability and performance of applications and business services.
BCP
Business Continuity Plan is a plan to continue operations if a place of business (e.g., an office, work site or data center) is affected by adverse physical conditions, such as a storm, fire or crime. Such a plan typically explains how the business would recover its operations or move operations to another location. For example, if a fire destroys an office building or data center, the people and business or data center operations would relocate to a recovery site.
BIA
Business Impact Analysis (BIA) predicts the consequences of disruption of a business function and process and gathers information needed to develop recovery strategies. Potential loss scenarios should be identified during a risk assessment. Operations may also be interrupted by the failure of a supplier of goods or services or delayed deliveries. There are many possible scenarios which should be considered.
BPA
Business Partner Agreement:This agreement should document how future business decisions will be made, including how the partners will divide profits, resolve disputes, change ownership (bring in new partners or buy out current partners) and how to dissolve the partnership. Although partnership agreements are not legally required, they are strongly recommended and it is considered extremely risky to operate without one.
CA
Certificate Authority. A private or public entity that issues, distributes, and revokes digital certificates. A CA is a trusted third party that is trusted by both the subject (owner) of the certificate and the party relying upon the certificate. One of the CA's functions is to verify the identity of each entity before issuing a certificate and consequently to guarantee that the individual granted the unique certificate is, in fact, who they claim to be. After the certificate is issued, the certificate holder can use it as proof of their identity. As long as both parties in a communication or transaction trust a specific third party CA, then the two entities can trust that each is who they claim to be.
CRL
Certificate Revocation List. A list of digital certificates (identified by their serial numbers) that have been revoked and should no longer be relied upon. A CRL is published by a Certificate Authority (CA). When a potential user in a public key infrastructure (PKI) framework attempts to access a server, the server allows or denies access based on the CRL entry for that particular user. A CRL is generated and published periodically, often at a defined interval. The main drawback of this method is that in order to keep the list up to date at the client's end it has to be downloaded frequently. This problem can be solved by choosing an alternative, newer solution known as the Online Certificate Status Protocol (OCSP), which works on a direct query basis and provides answers regarding the certificate's status with no such delay.
DMZ
Demilitarized Zone. A lightly protected subnet placed on the outside of the company's firewall consisting of publicly available servers. The purpose of DMZ is to offer services, such as web browsing, FTP, or email, to both the public and internal clients without compromising the security of the private LAN.
HTTPS
HTTP Secure port 443
HSM
Hardware Security Module. A piece of hardware and associated software/firmware that usually attaches to the inside of a PC or server and provides at least the minimum of cryptographic functions. These functions include (but are not limited to) encryption, decryption, key generation, and hashing. The physical device offers some level of physical tamper-resistance and has a user interface and a programmable interface.
JBOD
Just a Bunch of Disks
KDC
Key Distribution Center. A type of key center (used in symmetric cryptography) that implements a key-distribution protocol to provide keys (usually, session keys) to two (or more) entities that wish to communicate securely.
PPTP
Point-to-Point Tunneling Protocol (PPTP) is a protocol (set of communication rules) that allows corporations to extend their own corporate network through private "tunnels" over the public Internet. Effectively, a corporation uses a wide-area network as a single large local area network. A company no longer needs to lease its own lines for wide-area communication but can securely use the public networks. This kind of interconnection is known as a virtual private network (VPN). uses port 1723
PAT
Port Address Translation (PAT), is an extension to network address translation (NAT) that permits multiple devices on a local area network (LAN) to be mapped to a single public IP address. The goal of PAT is to conserve IP addresses.
POP3
Post Office Protocol v3 transfers emails from servers to clients.Uses Port 110
PSK
Pre-Shared Key or PSK is a shared secret which was previously shared between the two parties using some secure channel before it needs to be used. To build a key from shared secret, the key derivation function should be used. Such systems almost always use symmetric key cryptographic algorithms. The term PSK is used in Wi-Fi encryption such as Wired Equivalent Privacy (WEP) or Wi-Fi Protected Access (WPA), notably in Extensible Authentication Protocol, where it is known as EAP-PSK, where both the wireless access points (AP) and all clients share the same key.
PGP
Pretty Good Privacy (PGP) is a popular program used to encrypt and decrypt e-mail over the Internet. PGP uses public and private keys for asymmetric encryption and decryption of email.
PAC
Proxy Auto Configuration (PAC) file is a JavaScript function definition that determines whether web browser requests (HTTP, HTTPS, and FTP) go direct to the destination or are forwarded to a web proxy server. PAC files are used to support explicit proxy deployments in which client browsers are explicitly configured to send traffic to the web proxy. The big advantage of PAC files is that they are usually relatively easy to create and maintain. The use of a PAC file is highly recommended with explicit proxy deployments of Websense Web Security Gateway (for the Content Gateway -- web proxy -- component) and is required to support the hybrid web filtering feature of Web Security Gateway Anywhere.
RAS
Remote Access Server A feature built into Windows NT that enables users to log into an NT-based LAN using a modem, X.25 connection or WAN link. RAS works with several major network protocols, including TCP/IP, IPX, and Netbeui. To use RAS from a remote node, you need a RAS client program, which is built into most versions of Windows, or any PPP client software. For example, most remote control programs work with RAS.
Authenication Factors
Something you know- Password, pin Something you have - Smart card, token Something you are - Finger print, iris scan
SPIM
Spim is spam delivered through instant messaging (IM) instead of through e-mail messaging.
SAN
Storage Area Network (SAN) is a dedicated high-speed network (or subnetwork) that interconnects and presents shared pools of storage devices to multiple servers.
SEH
Structured Exception Handling is the native exception handling mechanism for Windows and a forerunner technology to VEH.[1] It features the finally mechanism not present in standard С++ exceptions (but present in most imperative languages introduced later). SEH is set up and handled separately for each thread of execution.
SQL
Structured Query Language. Used by SQL-based databases, such as Microsoft's SQL Server. Websites integrated with a SQL database are subject to SQL injection attacks. Input validation with forms and stored procedures help prevent SQL injection attacks. Microsoft's SQL Server uses port 1433 by default
SIM
Subscriber Identity Module, is a smart card that stores data for GSM cellular telephone subscribers. Such data includes user identity, location and phone number, network authorization data, personal security keys, contact lists and stored text messages. Security features include authentication and encryption to protect data and prevent eavesdropping.
VLAN
Virtual LAN, a network of computers that behave as if they are connected to the same wire even though they may actually be physically located on different segments of a LAN. VLANs are configured through software rather than hardware, which makes them extremely flexible. One of the biggest advantages of VLANs is that when a computer is physically moved to another location, it can stay on the same VLAN without any hardware reconfiguration.
VoiP
Voice over IP A group of technologies used to transmit voice over IP networks. Vishing is a form that sometimes uses VoIP.
WEP
Wired Equivalent Privacy (WEP) is a security protocol, specified in the IEEE Wireless Fidelity (Wi-Fi) standard, 802.11b, that is designed to provide a wireless local area network (WLAN) with a level of security and privacy comparable to what is usually expected of a wired LAN. A wired local area network (LAN) is generally protected by physical security mechanisms (controlled access to a building, for example) that are effective for a controlled physical environment, but may be ineffective for WLANs because radio waves are not necessarily bound by the walls containing the network.
WAP
Wireless Access Point In a wireless local area network (WLAN), an access point is a station that transmits and receives data (sometimes referred to as a transceiver).
WIDS
Wireless Intrusion Detection System (WIDS) monitors the radio spectrum for the presence of unauthorized, rogue access points and the use of wireless attack tools. The system monitors the radio spectrum used by wireless LANs, and immediately alerts a systems administrator whenever a rogue access point is detected. Conventionally it is achieved by comparing the MAC address of the participating wireless devices.
WIPS
Wireless Intrusion Prevention Service The primary purpose of a WIPS is to prevent unauthorized network access to local area networks and other information assets by wireless devices. These systems are typically implemented as an overlay to an existing Wireless LAN infrastructure, although they may be deployed standalone to enforce no-wireless policies within an organization. Some advanced wireless infrastructure has integrated WIPS capabilities.
WTLS
Wireless Transport Layer Security (WTLS) is the security level for Wireless Application Protocol (WAP) applications. Based on Transport Layer Security (TLS) v1.0 (a security layer used in the Internet, equivalent to Secure Socket Layer 3.1), WTLS was developed to address the problematic issues surrounding mobile network devices - such as limited processing power and memory capacity, and low bandwidth - and to provide adequate authentication, data integrity, and privacy protection mechanisms.
ISP
(Internet Service Provider) A company that provides access to the Internet.
PBX
A PBX (private branch exchange) is a telephone system within an enterprise that switches calls between enterprise users on local lines while allowing all users to share a certain number of external phone lines.
phreak
A phreak is someone who breaks into the telephone network illegally, typically to make free long-distance phone calls or to tap phone lines.
CHAP
Challenge Handshake Authentication Protocol. A remote access authentication protocol used primarily over dial-up connections. CHAP relies on a shared secret (usually a password) that both ends of the connection know. Unlike other authentication mechanisms, such as Password Authentication Protocol (PAP) which sends the credentials in clear text, CHAP doesn't send the actual password over the insecure public link. After receiving a logon request from the client, the server creates a nonce (a number used once) as a challenge mechanism and sends it to the client. The client adds a shared secret to the nonce and calculates a hash value from the combined data, which is next sent to the server. At the receiving end, the server performs the same calculation (one-way hash on the combined shared secret and nonce), and if the resulting hash value matches the one received from the client, the client is authenticated. Once the client is authenticated, CHAP periodically sends a new challenge to the client at random intervals in order to prevent session hijacking. If an attacker disconnects the legitimate client and authenticates himself to the server with the intercepted hash, he won't be able to calculate the correct hash value when the server challenges the client with the different nonce and the connection will be automatically closed.
CSU
Channel Service Unit/Data Service Unit. The CSU is a device that connects a terminal to a digital line. Typically, the two devices are packaged as a single unit. The dSU is a device that performs protective and diagnostic functions for a telecommunications line. You can think of it as a very high-powered and expensive modem. Such a device is required for both ends of a T-1 or T-3 connection, and the units at both ends must be set to the same communications standard.
CIO
Chief Information Officer (CIO) is a job title commonly given to the person in an enterprise responsible for the information...
CTO
Chief Technology Officer (CTO), sometimes known as a chief technical officer, is an executive-level position in a company or other entity whose occupant is focused on scientific and technological issues within an organization.[1]
CCTV
Closed-Circuit Television (CCTV), also known as video surveillance, is the use of video cameras to transmit a signal to a specific place, on a limited set of monitors. It differs from broadcast television in that the signal is not openly transmitted, though it may employ point to point (P2P), point to multipoint, or mesh wireless links.
CAC
Common Access Card. A United States Department of Defense (DoD) smart card issued as standard identification for active-duty military personnel, reserve personnel, civilian employees, other non-DoD government employees, state employees of the National Guard, and eligible contractor personnel.
CAPTCHA
Completely Automated Public Turing test to tell Computers and Humans Apart, a technique used by a computer to tell if it is interacting with a human or another computer. Because computing is becoming pervasive, and computerized tasks and services are commonplace, the need for increased levels of security has led to the development of this way for computers to ensure that they are dealing with humans in situations where human interaction is essential to security.
CERT
Computer Emergency Readiness Team was formed by the Defense Advanced Research Projects Agency ( DARPA ) in November 1988 after the Internet was assaulted in the Internet worm incident. Today, CERT focuses on security breach and denial-of-service incidents, providing alerts and incident-handling and avoidance guidelines. CERT also conducts an ongoing public awareness campaign and engages in research aimed at improving security systems.
CIRT
Computer Security Incident Response Team (CSIRT, pronounced "see-sirt") is an organization that receives reports of security breaches, conducts analyses of the reports and responds to the senders. A CSIRT may be an established group or an ad hoc assembly
CP
Contingency Plan is a plan devised for an outcome other than in the usual (expected) plan. It is often used for risk management when an exceptional risk that, though unlikely, would have catastrophic consequences. Contingency plans are often devised by governments or businesses. For example, suppose many employees of a company are traveling together on an aircraft which crashes, killing all aboard. The company could be severely strained or even ruined by such a loss. Accordingly, many companies have procedures to follow in the event of such a disaster. The plan may also include standing policies to mitigate a disaster's potential impact, such as requiring employees to travel separately or limiting the number of employees on any one aircraft.
COOP
Continuity of Operations Plan site provides an alternate location for operations after a critical outage. The most common sites are hot, cold, and warm sites.
CSR
Control and Status Register (CSR) is a register in many central processing units that are used as storage devices for information about instructions received from machines. The device is generally placed in the register address 0 or 1 in CPUs [1] and works on the concept of using a comparison of flags (carry, overflow and zero, usually) to decide on various If-then instructions related to electronic decision flows
CAN
Controller Area Network. Originally developed for use in automotive applications, CAN was designed to allow microcontrollers and devices to communicate with each other within a vehicle without a host computer. CAN is a message-based protocol, designed specifically for automotive applications but now also used in other areas such as industrial automation and medical equipment.
CAR
Corrective Action Report:Procedure used in response to a defect. This implies that you are reporting on a detected Non Conformance (NCR or NCMR) and have determined root cause to correct this from reoccuring.
CCMP
Counter mode with Cipher Block Chaining Message Authentication Mode CCMP is the standard encryption protocol for use with the WPA2 standard and is much more secure than the WEP protocol and TKIP protocol of WPA. CCMP provides the following security services:[2] Data confidentiality; ensures only authorized parties can access the information Authentication; provides proof of genuineness of the user Access control in conjunction with layer management Because CCMP is a block cipher mode using a 128-bit key, it is secure against attacks to the 264 steps of operation.
XSRF
Cross-Site Request Forgery (XSRF or CSRF) is a method of attacking a Web site in which an intruder masquerades as a legitimate and trusted user. An XSRF attack can be used to modify firewall settings, post unauthorized data on a forum or conduct fraudulent financial transactions. A compromised user may never know that such an attack has occurred. If the user does find out about an attack, it may only be after the damage has been done and a remedy may be impossible.
XSS
Cross-Site Scripting (XSS) is a security exploit in which the attacker inserts malicious coding into a link that appears to be from a trustworthy source. When someone clicks on the link, the embedded programming is submitted as part of the client's Web request and can execute on the user's computer, typically allowing the attacker to steal information.
CRC
Cyclic Redundancy Check, a common technique for detecting data transmission errors. Transmitted messages are divided into predetermined lengths that are divided by a fixed divisor. According to the calculation, the remainder number is appended onto and sent with the message. When the message is received, the computer recalculates the remainder and compares it to the transmitted remainder. If the numbers do not match, an error is detected.
DES
Data Encryption Standard. A block cipher based on a symmetric-key algorithm that uses a 56-bit key. It is considered compromised and was replaced with 3DES (Triple DES), which applies the DES algorithm three times to each data block resulting in a key size of 168 bits.
DEP
Data Execution Prevention. A security feature in modern operating systems that monitors applications to make sure they use system memory safely. In Microsoft environment, DEP is defined as a set of hardware and software technologies that perform additional checks on memory to help protect against malicious code exploits. If a program tries to execute code from memory in a an incorrect way, DEP closes the program.
DLP
Data Loss Prevention. Software or hardware based security solutions designed to detect and prevent unauthorized use and transmission of confidential information outside of the corporate network. DLP systems can be divided into: Data in Motion (DiM) DLP systems, which are software or hardware tools that monitor network traffic in order to detect sensitive data that is being sent in violation of information security policies. Data at Rest (DaR) DLP systems, which prevent the stored data from being accessed for example by encrypting backup tapes and other storage devices. Data in Use (DiU) DLP systems, which run on end-user workstations or servers in the organization. Data Loss Prevention may be referred to differently by different vendors. Other terms for DLP may include such terms as: Data Leakage Protection, Data Leak Prevention, Information Leak Detection and Prevention (ILDP), Information Leak Prevention (ILP), Content Monitoring and Filtering (CMF), Information Protection and Control (IPC) or Extrusion Prevention System.
DRA
Data Recovery Agent (DRA) is a Microsoft Windows user who has been granted the right to decrypt data that was encrypted by other users. The assignment of DRA rights to an approved individual provides an IT department with a way to unlock encrypted data in case of an emergency.
DSA
Digital Signature Algorithm. An algorithm specified in the Federal Information Processing Standards Publication 186-3. DSA is a cryptographic algorithm used to generate a digital signature. Signature generation uses a private key to generate a digital signature; signature verification uses a public key that corresponds to, but is not the same as, the private key. Each signatory possesses a private and public key pair. Public keys may be known by the public; private keys are kept secret. Anyone can verify the signature by employing the signatory's public key. Only the user that possesses the private key can perform signature generation. A hash function is used in the signature generation process to obtain a condensed version of the data to be signed; the condensed version of the data is often called a message digest. The message digest is input to the digital signature algorithm to generate the digital signature. Digital signatures are used to detect unauthorized modifications to data and to authenticate the identity of the signatory. In addition, the recipient of signed data can use a digital signature as evidence in demonstrating to a third party that the signature was, in fact, generated by the claimed signatory. This is known as non-repudiation, since the signatory cannot easily repudiate the signature at a later time.
DRP
Disaster Recovery Plan. A set of procedures that are implemented when business functions become disrupted by a damaging event. The main goal of DRP is to restore mission-critical functions as quickly as possible and minimize losses. The key components of a DRP are data backups, procedures for recovering computer systems, and planning for alternate sites.
DAC
Discretionary Access Control (DAC) model specifies that every object has an owner, and Windows systems use the DAC model by default for NTFS files and folders. DACs are discretionary because the subject (owner) can transfer authenticated objects or information access to other users. In other words, the owner determines object access privileges.
DDoS
Distributed Denial of Service. As opposed to the simple Denial of Service (DoS) attacks that usually are performed from a single system, a Distributed Denial of Service attack uses multiple compromised computer systems to perform an attack against its target. The intermediary systems that are used as platform for the attack are the secondary victims of the DDoS attack; they are often referred to as zombies, and collectively as a botnet. The goal of DoS and DDoS attacks is to flood the bandwidth or resources of a targeted system so that it becomes overwhelmed with false requests and in result doesn't have time or resources to handle legitimate requests.
DNS
Domain Name Service resolves host names to IP addresses Port 53. DNS poisoning attempts to modify or corrupt cached DNS results. A pharming attack is a specific type of DNS poisoning attack that redirects a website's traffic to another website
DHCP
Dynamic Host Configuration Protocol. DHCP provides configuration parameters to Internet hosts. It is built on a client-server model, where designated DHCP server hosts allocate network addresses and deliver configuration parameters to dynamically configured hosts. Usually the DHCP server provides the client with at least IP address, subnet mask, and default gateway.
DLL
Dynamic Link Library. A DLL is a library that contains code and data that can be used by more than one Microsoft Windows application at the same time. When multiple programs use the same library of functions, a DLL can reduce the duplication of code that is loaded on the disk and in physical memory saving system resources. For the Microsoft Windows operating systems, much of the functionality of the operating system is provided by dynamic link libraries (DLL). Typically, a DLL provides one or more particular functions and a program accesses the functions by creating either a static or dynamic link to the DLL. A static link remains constant during program execution while a dynamic link is created by the program as needed. A dynamic link library (DLL) file is an executable file that allows Windows applications to share code and other resources necessary to perform particular tasks. DLLs most often appear as files with a .DLL extension, but they may also have an .EXE or other extension, such as .OCX (for libraries containing ActiveX controls), or .DRV (for legacy system drivers). Some of the other files that are implemented as DLLs in Windows operating systems include, for example, Control Panel (.CPL) files - each item located in Windows Control Panel is a specialized DLL.
EMI
Electromagnetic Interference. A magnetic field produced as a side effect from the flow of electricity. In data lines that are not properly shielded EMI can cause corruption of data.
ECC
Elliptic Curve Cryptography. An encryption technique based on the idea of using points on a curve to define a public/private key pair. ECC requires less computational power and at the same time produces shorter cryptographic keys making it suitable for smaller devices such as cell phones and wireless devices. Asymmetric
ESP
Encapsulating Security Payload. The Encapsulating Security Payload (ESP) is a component of the Internet Protocol Security (IPsec) protocol suite. ESP is designed to provide a mix of security services in IPv4 and IPv6. ESP is used to provide confidentiality, data origin authentication, connectionless integrity, an anti-replay service (a form of partial sequence integrity), and limited traffic flow confidentiality. ESP is identified with the protocol ID number 50.
EFS
Encrypted File System. The encryption component of the NTFS file system. EFS enables transparent encryption and decryption of files by using advanced, standard cryptographic algorithms. EFS uses a combination of symmetric (one key is used to encrypt the files) and asymmetric (two keys are used to protect the encryption key) cryptography to make decrypting the files difficult without the correct key. Any individual or program that doesn't possess the appropriate cryptographic key cannot read the encrypted data. However, the cryptography keys for EFS are in practice protected by the user account password, and are therefore susceptible to most password attacks. In other words, encryption of files is only as strong as the password to unlock the decryption key.
EAP
Extensible Authentication Protocol. An authentication framework frequently used in wireless networks and Point-to-Point connections. EAP defines a framework for authentication, but does not specify how the authentication is implemented. EAP supports wide range of authentication schemes. Commonly used methods capable of operating in wireless networks include EAP-TLS, EAP-SIM, EAP-AKA, LEAP and EAP-TTLS.
XML
Extensible Markup Language, a specification developed by the W3C. XML is a pared-down version of SGML, designed especially for Web documents. It allows designers to create their own customized tags, enabling the definition, transmission, validation, and interpretation of data between applications and between organizations.
FTP
File Transfer Protocol supports uploading and downloading of files to and from the FTP server using TCP Ports 20 for data, 21 for control
HMAC
Hashed Message Authentication Code. A specific construction for calculating a message authentication code (MAC) involving a cryptographic hash function in combination with a secret key. A Message Authentication Code (MAC) is an algorithm that mathematically combines a key with a hash to provide a "code" that can be appended with a given piece of data to ensure its integrity. As with any MAC, HMAC may be used to simultaneously verify both the data integrity and the authenticity of a message. Any cryptographic hash function, such as MD5 or SHA-1, may be used in the calculation of an HMAC; the resulting MAC algorithm is termed HMAC-MD5 or HMAC-SHA1 accordingly. The cryptographic strength of the HMAC depends upon the cryptographic strength of the underlying hash function, the size of its hash output length in bits and on the size and quality of the cryptographic key.
HVAC
Heating, Ventilation, Air Conditioning
HIDS
Host Based Intrusion Detection System. A security application designed to monitor and analyze the local computer system for malicious or anomalous activity. In some cases HIDS also analyzes the network traffic to and from the specific computer on which the intrusion detection software is installed on. Common examples of HIDS are antivirus software and anti-spyware applications.
HIPS
Host Based Intrusion Prevention System. A security application designed to monitor and analyze the local computer system for malicious or anomalous activity. Intrusion prevention systems are considered extensions of intrusion detection systems because they both monitor network traffic and/or system activities for malicious activity. The main differences are, unlike intrusion detection systems that are restricted to a passive response (such as recording an event or sending notification to the manager's console) intrusion prevention systems are placed in-line and are able to actively prevent/block intrusions that are detected by terminating processes or sessions, or by implementing network configuration changes on the fly (e.g instructing a firewall to reject IP traffic from certain address).
HTTP
Hypertext Transfer Protocol Port 80
HTTP and HTTPS
Hypertext Transfer Protocol and Hypertext Transfer Protocol Secure Ports 80 and 443 and transmit data over the internet unencrypted and encrypted formats.
IRP
Incident Response Plan (IRP) is a set of written instructions for adequately detecting, responding to and limiting the effects of an information security incident, an event that may or may not be an attack or threat to computer system or corporate data security.
IR
Incident response is an organized approach to addressing and managing the aftermath of a security breach or attack (also known as an incident). The goal is to handle the situation in a way that limits damage and reduces recovery time and costs. An incident response plan includes a policy that defines, in specific terms, what constitutes an incident and provides a step-by-step process that should be followed when an incident occurs.
IaaS
Infrastructure as a Service, IaaS is defined as computer infrastructure, such as virtualization, being delivered as a service. IaaS is popular in the data center where software and servers are purchased as a fully outsourced service and usually billed on usage and how much of the resource is used - compared to the traditional method of buying software and servers outright. May also be called enterprise-level hosting platform.
IV
Initialization Vector (IV) Attack - One method of creating different keys is an initialization vector (IV). The IV provides randomization of the keys to help ensure that the keys are not reused. Unfortunately, WEP uses a relatively small IV, and the result is the WEP regularly reuses the same keys. Because of this, attackers can use an IV attack to discover the keys and read the data.
IM
Instant Messaging. A form of real-time direct text-based chat between two or more users using personal computers or other devices. The user's text is conveyed over a network, such as the Internet. More advanced instant messaging software clients also allow enhanced modes of communication, such as live voice or video calling. Instant Messaging communication usually occurs in cleartext making it vulnerable to packet sniffing and eavesdropping. IM users are also exposed to various types of social engineering attacks and malicious code delivered through the IM file transfer capability. Infected user's contact list can also be exploited as a medium for malware propagation over the network. Due to its peer-to-peer architecture, Instant Messaging is easy to deploy and use, but difficult to control and manage from a corporate point of view (misuse of the IM applications in a workplace creates a liability for not only the offender but also the employer).
ICMP
Internet Control Message Protocol, is used for testing basic connectivity and includes tools such as Ping, Pathping, and Tracert. Many DoS attacks use this so most routers and firewalls block ICMP.
IKE
Internet Key Exchange (IKE) protocol is a key management protocol standard that is used in conjunction with the IPSec standard. IKE enhances IPSec by providing additional features, flexibility, and ease of configuration for the IPSec standard. IKE uses port 500 to authenticate clients in the IPsec conversation. IKE creates security associations (SA's) for the VPN and uses these to set up a secure channel between the client and the VPN server.
IMAP4
Internet Message Access Protocol, a protocol for retrieving e-mail messages. The latest version, IMAP4, is similar to POP3 but supports some additional features. For example, with IMAP4, you can search through your e-mail messages for keywords while the messages are still on mail server. You can then choose which messages to download to your machine. Uses port 143
IPSEC
Internet Protocol Security. A collective name for security architecture and protocols to provide security services for Internet Protocol traffic. The IPsec architecture specifies security protocols (AH and ESP), security associations (ISAKMP), key management (IKE), and algorithms for authentication and encryption. IPsec can be implemented in a host-to-host transport mode (where only the payload of the IP packet is usually encrypted and/or authenticated) or in a network tunnel mode (where the entire IP packet is encrypted and/or authenticated).
IP
Internet Protocol. IP specifies the format of packets, also called datagrams, and the addressing scheme. Most networks combine IP with a higher-level protocol called Transmission Control Protocol (TCP), which establishes a virtual connection between a destination and a source. IP by itself is something like the postal system. It allows you to address a package and drop it in the system, but there's no direct link between you and the recipient. TCP/IP, on the other hand, establishes a connection between two hosts so that they can send messages back and forth for a period of time. IPv4 32 bit IPv6 128 bit.
IRC
Internet Relay Chat. An Internet text messaging system that allows one to converse with others in real time. IRC is structured as a network of servers, each of which accepts connections from client programs, one per user. The IRC client applications send and receive messages to and from an IRC server and the IRC server broadcasts all messages to everyone participating in a discussion.
ISA
Internet Service Agreement-an agreement established between the organizations that own and operate connected IT systems to document the technical requirements of the interconnection. The ISA also supports a Memorandum of Understanding or Agreement (MOU/A) between the organizations.[1]
IDS
Intrusion Detection System (IDS) inspects all inbound and outbound network activity and identifies suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system.
L2TP
Layer 2 Tunneling Protocol. A tunneling protocol that combines features of the Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Forwarding Protocol (L2F). L2TP is a tunneling protocol used to support virtual private networks (VPNs). It does not provide any encryption or confidentiality by itself; it relies on an encryption protocol that it passes within the tunnel to provide privacy. Authentication and data encryption features can be provided when L2TP is used to encapsulate IPsec.
LDAP
Lightweight Directory Access Protocol. The Lightweight Directory Access Protocol (LDAP) is an Internet protocol for accessing distributed directory services (i.e. managed lists of network resources such as users, computers, or groups) that act in accordance with X.500 data and service models (i.e. a series of computer networking standards covering electronic directory services). LDAP operates over TCP port 389 and also on TCP port 636 when encrypted with either TLS or SSL.
LEAP
Lightweight Extensible Authentication Protocol. A proprietary wireless LAN authentication method developed by Cisco Systems. LEAP uses dynamic Wired Equivalent Privacy (WEP) keys for mutual authentication between a wireless client and a RADIUS server.
LANMAN
Local Area Network Manager. Legacy password storage mechanism for Microsoft Windows. Due to its weaknesses LANMAN is not recommended and should be disabled on all current versions of Windows (in Vista and later the protocol is disabled by default). LANMAN was replaced with NT LAN Manager (NTLM) with the release of Windows NT. It is still shipped with Windows for backward compatibility and might still be in use on some systems for passwords that are less than 15 characters long.
LSO
Locally Shared Object commonly called Flash cookies (due to their similarities with HTTP cookies), are pieces of data that websites which use Adobe Flash may store on a user's computer. Local shared objects have been used by all versions of Flash Player (developed by Macromedia, which was later acquired by Adobe Systems) since version Flash cookies, which can be stored or retrieved whenever a user accesses a page containing a Flash application, are a form of local storage. Similar to that of cookies, they can be used to store user preferences, save data from flash games, or to track users' Internet activity.[2] LSOs have been criticised as a breach of browser security, but there are browser settings and addons to limit the duration of their storage.
MBR
Master Boot Record. 512-byte sector on the outermost track of the hard drive designated as the beginning of the hard drive. Master Boot Record consists of master boot program and partition table. Partition table contains the description, location, and size of each partition on the drive. Partition set as an active partition is the partition used to boot the OS and during the computer startup process the role of the master boot program is to check the partition table in order to find the active partition and execute the code stored in its first sector. The first sector of the active partition is also known as the OS boot record and it contains the code that starts the process of loading the operating system.
MTU
Maximum Transmission Unit. The largest frame length which may be sent on a physical medium. MTU is used, for example, by the Transmission Control Protocol (TCP) to determine the maximum allowable packet size, any messages larger than the MTU are divided into smaller packets before being sent. A larger MTU brings greater efficiency because each packet carries more user data while protocol overheads, such as headers or underlying per-packet delays, remain fixed. On the other hand, corruption of a single bit in a packet requires that the entire packet be retransmitted and retransmissions of larger packets take longer.
MTBF
Mean Time Between Failures provides a measure of a system's reliability and is usually represented in hours. More specifically, the MTBF identifies the average time between failures.
MTTF
Mean Time to Failure
MOU
Memorandum of Understanding. A document established between two or more parties to define their respective responsibilities in accomplishing a particular goal or mission.
MAC/
Message Authentication Code (MAC) is a cryptographic checksum on data that uses a session key to detect both accidental and intentional modifications of the data.
MD5
Message-Digest Algorithm 5. A cryptographic hash function that produces a 128-bit hash value. An MD5 hash is typically expressed as a 32-digit hexadecimal number. MD5 is used to verify the integrity of data or messages. MD5 is a one-way function. One-way means that it is easy to apply hash function to some data and produce a result (a hash), but it's impossible to recreate the original data from the result of the hash function alone. It could be compared to a book with its table of contents: it's easy to recreate the table of contents of a book if we have all the chapters, but it's not possible to do it the opposite way. Table of contents could be called a digest here (and in hashing the resulting value is also called a digest, or checksum, or simply a hash). The resulting hash is the exact "content in a nutshell" (in the form of a string) derived from the main content. In case there's any change to the data after the original hash was taken, the next time when a hash function is applied the resulting hash value after modification will be different from the original hash.
MAN
Metropolitan Area Network. A data network intended to serve an area approximating that of a large city. A MAN usually interconnects a number of local area networks (LANs) using a high-capacity backbone technology, such as fiber-optical links.
MSCHAP
Microsoft Challenge Handshake Authentication Protocol. The Microsoft version of the Challenge Handshake Authentication Protocol. MS-CHAP exists in two versions, MS-CHAPv1 and MS-CHAPv2. MS-CHAPv2 offers additional protection by introducing mutual authentication.
MaaS
Monitoring as a Service
MPLS
Multiprotocol Label Switching allows packets to be forwarded at the Layer 2 (switching) level rather than at the Layer 3 (routing) level is important for Quality of Service (QoS).
NIST
National Institute of Standards and Technology is a part of the U.S. Department of Commerce, and it includes a Computer Security Division with the Information Technology Labratory (ITL). The ITL publishes Special Publications (SP's) in the 800 series
NFC
Near Field Communication (NFC) is a short-range wireless connectivity standard (Ecma-340, ISO/IEC 18092) that uses magnetic field induction to enable communication between devices when they're touched together, or brought within a few centimeters of each other.
NAC
Network Access Control. A set of rules enforced in a network that the clients attempting to access the network must comply with. Depending on whether policies are enforced before or after end-stations gain access to the network, NAC can be implemented as: Pre-admission NAC, where a host must, for example, be virus free or have patches applied before it is allowed to connect to the network. Post-admission NAC, where a host is being granted/denied permissions based on its actions after it has been provided with the access to the network.
NAT
Network Address Translation. A technology that provides an IP proxy between a private LAN and a public network such as the Internet. Computers on the private LAN can access the Internet through a NAT-capable router which handles the IP address translation. NAT hides the internal IP addresses by modifying IP address information in IP packet headers while in transit across a traffic routing device.
NIDS
Network Based Intrusion Detection System. A system that tries to detect malicious activity by examining network traffic. NIDS does not take any active steps to prevent the attack. It relies on a passive response instead, which may include saving the information about an event in logs or sending an alert.
NIPS
Network Based Intrusion Prevention System. A network security appliance that monitors the entire network for suspicious traffic. As opposed to the Network Based Intrusion Detection System (NIDS), NIPS is capable of an active response that may include resetting connection or reprogramming a firewall to block network traffic from the suspected malicious source.
NOS
Network Operating System. Typically, the term Network Operating System refers to a specialized server operating system (such as Windows Server, Novell NetWare, or a Unix-like operating system) that is designed to control the whole network and its resources. These are systems that can provide resource sharing, security, network access control, management, and other features for multiple computer hosts and network devices on a network. In a broader sense, NOS may also refer to any basic operating system enhanced by additional networking features and as such this term may also apply to the less specialized, client operating systems such as Windows XP.
NTP
Network Time Protocol (NTP) is a protocol that is used to synchronize computer clock times in a network of computers.
SaaS
Software as a Service (SaaS) is a software distribution model in which applications are hosted by a vendor or service provider and made available to customers over a network, typically the Internet.
NTFS
New Technology File System. A file system developed by Microsoft for Windows NT. NTFS was introduced in 1993 with the release of the Microsoft Windows NT 3.1 (with "NT" referring to NTFS v1.0 implemented in the latest version of Windows, which at that time was 3.1). NTFS was designed as a replacement for its predecessor, the File Allocation Table (FAT) file system, and also became the preferred file system for later releases of MS Windows. Its advantages over FAT include improved reliability due to the file system recovery features, increased security achieved by allowing users to set permissions on files or folders (through the Discretionary Access Control access control model), support for the Encrypting File System (EFS) technology used to store encrypted files on NTFS volumes, file compression, and disk quotas.
NTLM
New Technology Lanman NTLM uses a challenge-response mechanism for authentication, in which clients are able to prove their identities without sending a password to the server. It consists of three messages, commonly referred to as Type 1 (negotiation), Type 2 (challenge) and Type 3 (authentication). The protocol continues to be supported in Windows 2000 but has been replaced by Microsoft Kerberosas the default/standard.
NDA
Non-Disclosure Agreement is a legal contract between at least two parties that outlines confidential material, knowledge, or information that the parties wish to share with one another for certain purposes, but wish to restrict access to or by third parties. It is a contract through which the parties agree not to disclose information covered by the agreement.
OCSP
OCSP (Online Certificate Status Protocol) is one of two common schemes for maintaining the security of a server and other network resources.
OTP
One Time Pad
OLA
Open License Agreement
OVAL
Open Vulnerability and Assessment Language. OVAL is an XML-based language that provides a standard for how to check for the presence of vulnerabilities and configuration issues on computer systems. OVAL standardizes the three main steps of the process:1. Collecting system characteristics and configuration information of a system. 2. Analyzing the system to determine the current state 3. Reporting the results
SSD
Solid State Drive
PBKDF2
PBKDF2 (Password-Based Key Derivation Function 2)PBKDF2 applies a pseudorandom function, such as a cryptographic hash, cipher, or HMAC to the input password or passphrase along with a salt value and repeats the process many times to produce a derived key, which can then be used as a cryptographic key in subsequent operations. The added computational work makes password cracking much more difficult, and is known as key stretching. When the standard was written in 2000, the recommended minimum number of iterations was 1000, but the parameter is intended to be increased over time as CPU speeds increase. Having a salt added to the password reduces the ability to use precomputed hashes (rainbow tables) for attacks, and means that multiple passwords have to be tested individually, not all at once. The standard recommends a salt length of at least 64 bits.
PEAP
PEAP (Protected Extensible Authentication Protocol) is a version of EAP, the authentication protocol used in wireless networks and Point-to-Point connections. PEAP is designed to provide more secure authentication for 802.11 WLANs (wireless local area networks) that support 802.1X port access control.
PKI
PKI (public key infrastructure) enables users of a basically unsecure public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority.
PAP
Password Authentication Protocol, the most basic form of authentication, in which a user's name and password are transmitted over a network and compared to a table of name-password pairs. Typically, the passwords stored in the table are encrypted. The Basic Authentication feature built into the HTTP protocol uses PAP. The main weakness of PAP is that both the username and password are transmitted "in the clear" -- that is, in an unencrypted form. Contrast with CHAP.
PED
Personal Electronics Device
PIV
Personal Identity Verification (PIV) card is a United States Federal smart card that contains the necessary data for the cardholder to be granted to Federal facilities and information systems and assure appropriate levels of security for all applicable Federal applications.
POTS
Plain old Telephone service
PAM
Pluggable Authentication Module A UNIX programming interface that enables third-party security methods to be used. By using PAM, multiple authentication technologies, such as RSA, DCE, Kerberos, smart card and S/Key, can be added without changing any of the login services, thereby preserving existing system environments.
PPP
Point-to-Point Protocol. A protocol that provides a standard method for transporting multi-protocol datagrams over point-to-point links. PPP is comprised of three main components: A method for encapsulating multi-protocol datagrams. A Link Control Protocol (LCP) for establishing, configuring, and testing the data-link connection. A family of Network Control Protocols (NCPs) for establishing and configuring different network-layer protocols.
RAD
RAD (rapid application development) is a concept that products can be developed faster and of higher quality through: Gathering requirements using workshops or focus groups Prototyping and early, reiterative user testing of designs The re-use of software components A rigidly paced schedule that defers design improvements to the next product version Less formality in reviews and other team communication Some companies offer products that provide some or all of the tools for RAD software development.
RIPEMD
RIPEMD (RACE Integrity Primitives Evaluation Message Digest) is a family of cryptographic hash functions developed in Leuven, Belgium, by Hans Dobbertin, Antoon Bosselaers and Bart Preneel at the COSIC research group at the Katholieke Universiteit Leuven, and first published in 1996. RIPEMD was based upon the design principles used in MD4, and is similar in performance to the more popular SHA-1.
RPO
Recovery Point Objective. The point in time to which systems and data must be recovered after a disaster has occurred.
RTO
Recovery Time Objective (RTO) is the maximum tolerable length of time that a computer, system, network, or application can be down after a failure or disaster occurs. The RTO is a function of the extent to which the interruption disrupts normal operations and the amount of revenue lost per unit time as a result of the disaster. These factors in turn depend on the affected equipment and application(s). An RTO is measured in seconds, minutes, hours, or days and is an important consideration in disaster recovery planning (DRP).
RAID
Redundant Array of Inexpensive Disks
RADIUS
Remote Authentication Dial-In User Service. An Internet protocol for carrying dial-in users' authentication information and configuration information between a shared, centralized authentication server (the RADIUS server) and a network access server (the RADIUS client) that needs to authenticate the users of its network access ports. In a RADIUS environment, a user presents authentication information and possibly other information to the RADIUS client, and the client passes that information to the RADIUS server. The server authenticates the client using a shared secret value and checks the presented information, and then returns to the client all authorization and configuration information needed by the client to serve the user.
ROI
Return of Investment
RC4
Rivest Cipher 4, A series of symmetric encryption algorithms developed by RSA Security. RC4 -- a variable key-size stream cipher with byte-oriented operations. The algorithm is based on the use of a random permutation.
RSA
Rivest Shamir Aldeman is an Internet encryption and authentication system that uses an algorithm developed in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman. It is an Asymmetric encryption method. RSA uses the mathematical properties of prime numbers to generate secure public and private keys
RBAC
Role Based Access Control. An access control model wherein rights and permissions are assigned to roles instead of to users. Within an organization, roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Members of staff (or other system users) are assigned particular roles, and through those role assignments acquire the permissions to perform particular system functions. Since users are not assigned permissions directly, but only acquire them through their role (or roles), management of individual user rights becomes a matter of simply assigning appropriate roles to the user; this simplifies common operations, such as adding a user, or changing a user's department.
RBAC/
Rule Based Access Control. An access control model in which access to resources is granted or denied depending on Access Control List (ACL) entries. An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. Each entry in a typical ACL specifies a subject and an operation. When a subject requests an operation on an object in an ACL-based security model, the operating system first checks the ACL for an applicable entry to decide whether the requested operation is authorized. In computer networks, Rule Based Access Control model is usually implemented in network devices such as firewalls in order to control inbound and outbound traffic based on filtering rules.
SHTTP
S-HTTP (Secure HTTP) is an extension to the Hypertext Transfer Protocol (HTTP) that allows the secure exchange of files on the World Wide Web. Each S-HTTP file is either encrypted, contains a digital certificate, or both. For a given document, S-HTTP is an alternative to another well-known security protocol, Secure Sockets Layer (SSL). A major difference is that S-HTTP allows the client to send a certificate to authenticate the user whereas, using SSL, only the server can be authenticated. S-HTTP is more likely to be used in situations where the server represents a bank and requires authentication from the user that is more secure than a userid and password.
SAML
SAML (Security Assertion Markup Language) is an Extensible Markup Language (XML) standard that allows a user to log on once for affiliated but separate Web sites (SSO). It is used to exchange authentication and authorization info between different parties.
SCADA
SCADA (supervisory control and data acquisition) is a category of software application program for process control, the gathering of data in real time from remote locations in order to control equipment and conditions. SCADA is used in power plants as well as in oil and gas refining, telecommunications, transportation, and water and waste control.
SFTP
SFTP is a term that refers to either Secure File Transfer Protocol or SSH File Transfer Protocol, and is a computing network protocol for accessing and managing files on remote systems. Port 22
SMS
SMS (Short Message Service), commonly referred to as "text messaging," is a service for sending short messages of up to 160 characters (224 characters if using a 5-bit mode) to mobile devices, including cellular phones, smartphones and PDAs.
SMTP
SMTP (Simple Mail Transfer Protocol) is a TCP/IP protocol used in sending and receiving e-mail. Between SMTP Clients and Servers and between SMTP servers.Uses Port 25
SOAP
SOAP (Simple Object Access Protocol) is a way for a program running in one kind of operating system (such as Windows 2000) to communicate with a progam in the same or another kind of an operating system (such as Linux) by using the World Wide Web's Hypertext Transfer Protocol (HTTP)and its Extensible Markup Language (XML) as the mechanisms for information exchange. Since Web protocols are installed and available for use by all major operating system platforms, HTTP and XML provide an already at-hand solution to the problem of how programs running under different operating systems in a network can communicate with each other. SOAP specifies exactly how to encode an HTTP header and an XML file so that a program in one computer can call a program in another computer and pass it information. It also specifies how the called program can return a response.
SSL
SSL (Secure Sockets Layer) is a commonly-used protocol for managing the security of a message transmission on the Internet; it uses a program layer located between the Internet's HTTP and TCP program layers.Uses Port 443 when encrypting HTTP and Port 636 when encrypting LDAP/SSL, LDAPS
SFTP
Secure File Transfer Protocol uses SSH to encrypt FTP traffic and uses Port 22. FTPS uses SSL to encrypt FTP traffic
SHA
Secure Hash Algorithm. A hashing function used to provide integrity. SHA1 uses 160 bits, and SHA-256 uses 256 bits. Hashing algorithms always provide a fixed-size bit string regardless of the size of the hashed data. By comparing the hashes at two different times, you can verify integrity of the data.
SSH
Secure Shell. A tunneling protocol for secure remote login and other secure network services designed as a replacement for Telnet and other insecure remote shells. SSH has three main parts: Transport layer protocol: Provides server authentication, confidentiality, and integrity; and can optionally provide compression. This layer typically runs over a TCP connection, but might also run on top of any other reliable data stream. User authentication protocol: Authenticates the client-side user to the server. It runs over the transport layer protocol. Connection protocol: Multiplexes the encrypted tunnel into several logical channels. It runs over the user authentication protocol. Apart from providing the ability to log in remotely and execute commands on a remote host, SSH is also used for secure file transfer through the SSH-based protocols such as SSH File Transfer Protocol (SFTP) or Secure Copy (SCP). SSH is based on a client-server model and runs by default on TCP port 22.
S/MIME
Secure/Multipurpose Internet Mail Extensions. Multipurpose Internet Mail Extensions (MIME) is an Internet protocol that enhances the basic format of Internet electronic mail messages to enable transmission of text in languages other than English using character encodings other than ASCII and non-text attachments such as images, sounds, video, and executable files. MIME also extends the format of email to support message bodies with multi-part content and header information in non-ASCII character sets. S/MIME is an Internet protocol to provide encryption and digital signatures for MIME data.
SCAP
Security Content Automation Protocol (SCAP) A method with automated vulnerability management measurements, and policy compliance evaluation tools.
SIEM
Security Information and Event Management (SIEM) is an approach to security management that seeks to provide a holistic view of an organization's information technology (IT) security. SIEM combines SIM (security information management) and SEM (security event management) functions into one security management system. The acronym is pronounced "sim" with a silent e.
SLA
Service Level Agreement. A part of a service contract that defines performance expectations of the customer and service provider. SLA is a negotiated agreement to provide a service at a performance level that meets or exceeds the specified performance objectives. Typical SLA objectives are related to the services provided, the standards of service, the delivery timetable, responsibilities of supplier and customer, provisions for legal and regulatory compliance, mechanisms for monitoring and reporting of services, payment terms, how disputes will be resolved, confidentiality and non-disclosure provisions, and termination conditions.
STP
Shielded Twisted Pair. A type of twisted pair copper cabling used in Ethernet and telephone networks. Shielded twisted pair cable reduces interference from adjacent wire pairs (crosstalk), and Electromagnetic Interference (EMI) / Radio Frequency Interference (RFI) from outside sources such as power generating machinery. STP can be implemented with the use of a braided screen or foil and protecting sheath can cover all four pairs only, or (in order to offer the best protection) cover all four pairs and additionally each individual pair of wires.
SCEP
Simple Certificate Enrollment Protocol is an Internet Draft in the Internet Engineering Task Force (IETF). This protocol is being referenced by several manufacturers of network equipment and software who are developing simplified means of handling certificates for large-scale implementation to everyday users. The protocol is designed to make the issuing and revocation of digital certificates as scalable as possible. The idea is that any standard network user should be able to request their digital certificate electronically and as simply as possible. These processes have usually required intensive input from network administrators, and so have not been suited to large scale deployments.
SNMP
Simple Network Management Protocol (SNMP) is the protocol governing network management and the monitoring of network devices and their functions. SNMP uses the User Datagram Protocol (UDP) and is not necessarily limited to TCP/IP networks. Port 161
SLE
Single Loss Expectancy. A loss of value to an asset resulting from a single security incident. The formula for calculating SLE is defined as: Single Loss Expectancy (SLE) = Asset Value (AV) x Exposure Factor (EF) The Exposure Factor in the SLE formula is a predicted percentage value reflecting the extent of damage to the asset when the incident occurs.
SSO
Single sign-on (SSO)is a session/user authentication process that permits a user to enter one name and password in order to access multiple applications.
SCSI
Small Computer System Interface
SDLC
Software Development Life Cycle Most methodologies share some combination of the following stages of software development: Analyzing the problem Market research Gathering requirements for the proposed business solution Devising a plan or design for the software-based solution Implementation (coding) of the software Testing the software Deployment Maintenance and bug fixing These stages are often referred to collectively as the software development lifecycle, or SDLC
SDLM
Software Development Methodology (also known as a software development process, model, or life cycle) is a framework that is used to structure, plan, and control the process of developing information systems. A wide variety of such frameworks have evolved over the years, each with its own recognized strengths and weaknesses. There are several different approaches to software development: some take a more structured, engineering-based approach to developing business solutions, whereas others may take a more incremental approach, where software evolves as it is developed piece-by-piece. One system development methodology is not necessarily suitable for use by all projects. Each of the available methodologies is best suited to specific kinds of projects, based on various technical, organizational, project and team considerations.
SONET
Synchronous Optical NETworking. An international standard for high-speed, long-distance data communications over fiber-optic media. SONET defines interface standards at the Physical Layer of the OSI seven-layer model and most commonly employs a ring-based topology. Transmission rates of signals that can be carried on SONET networks are defined through Optical Carrier (OC) specifications. Optical Carrier classifications are based on the abbreviation OC followed by a number specifying a multiple of a base unit of 51.84 Mbps. SONET defines various OC specifications offering different speeds, from OC-1 (transmission speeds of up to 51.84 Mbps) through OC-768 (transmission speeds of up to 39.2 Gbps).
TACACS+
TACACS+ is an entirely new protocol. TACACS+ and RADIUS have generally replaced the earlier protocols in more recently built or updated networks. TACACS+ uses the Transmission Control Protocol (TCP) and RADIUS uses the User Datagram Protocol (UDP). Some administrators recommend using TACACS+ because TCP is seen as a more reliable protocol. Whereas RADIUS combines authentication and authorization in a user profile, TACACS+ separates the two operations.
TCP/IP
TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic communication language or protocol of the Internet. Provides connection oriented traffic (guaranteed delivery). Uses a three way handshake Syn (synchronize)> SYN/ACK synchronize acknowledge< ACK acknowledge.
TKIP
TKIP (Temporal Key Integrity Protocol) is an encryption protocol included as part of the IEEE 802.11i standard for wireless LANs (WLANs). It was designed to provide more secure encryption than the notoriously weak Wired Equivalent Privacy (WEP), the original WLAN security protocol. TKIP is the encryption method used in Wi-Fi Protected Access (WPA), which replaced WEP in WLAN products.
Telnet
Telnet is frequently used to connect to remote devices. It transmits in the clear.Port 23 / with SSH Port 22
ALE
The Annualized Loss Expectancy (ALE) is the expected monetary loss that can be expected for an asset due to a risk over a one year period. It is defined as: ALE = SLE * ARO where SLE is the Single Loss Expectancy and ARO is the Annualized Rate of Occurrence. 1-54
MAC
The MAC acronym may apply to: Mandatory Access Control. An access control model where every resource has a sensitivity label matching a clearance level assigned to a user (in order to be able to access the resource, user's clearance level must be equal or higher than the sensitivity level assigned to the resource). With mandatory access control users cannot set or change access policies at their own discretion; labels and clearance levels can only be applied and changed by an administrator. Media Access Control. A sublayer of the Data Link Layer specified in the OSI model. Media Access Control address (MAC address). A unique identifier assigned to network interfaces (48-bit hexadecimal number defining the so called physical address of the Network Interface Card). Message Authentication Code. A Message Authentication Code (MAC) is an algorithm that mathematically combines a secret key with a hash to provide a "code" that can be appended with a given piece of data to ensure its integrity. Message Authentication Code may be used to simultaneously verify both the data integrity as well as its authenticity, by allowing verifiers (who also possess the secret key) to detect any changes to the data.
RTP
The Real-Time Transport Protocol (RTP) is an Internet protocol standard that specifies a way for programs to manage the real-time transmission of multimedia data over either unicast or multicast network services. It is used for delivering audio and video over an IP network.
TGT
Ticket-Granting Ticket (TGT), is a small amount of encrypted data that is issued by a server in the Kerberos authentication model to begin the authentication process. When the client receives an authentication ticket, the client sends the ticket back to the server along with additional information verifying the client's identity. The server then issues a service ticket and a session key (which includes a form of password), completing the authorization process for that session.
TOTP
Time-Based One-Time Password (TOTP) is a temporary code, generated by an algorithm, for use in authenticating access to computer systems.
TSIG
Transaction Signature, TSIG is a computer networking protocol used by the Domain Name System (DNS) as a way to authenticate updates to a dynamic DNS database. The RFC 2845 specification specifically states that the TSIG protocol allows for transaction level authentication using shared secrets and one way hashing. It can be used to authenticate dynamic updates as coming from an approved client, or to authenticate responses as coming from an approved recursive name server.
TLS
Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and their users on the Internet. When a server and client communicate, TLS ensures that no third party may eavesdrop or tamper with any message. TLS is the successor to the Secure Sockets Layer (SSL).
3DES
Triple Digital Encryption Standard-Also referred to as 3DES, a mode of the DES encryption algorithm that encrypts data three times. Three 64-bit keys are used, instead of one, for an overall key length of 192 bits (the first encryption is encrypted with second key, and the resulting cipher text is again encrypted with a third key). 2-46
TFTP
Trivial File Transfer Protocol used to communicate with network devices. UDP port 69
TPM
Trusted Platform Module (TPM) is a specialized chip on an endpoint device that stores RSA encryption keys specific to the host system for hardware authentication. Each TPM chip contains an RSA key pair called the Endorsement Key (EK). The pair is maintained inside the chip and cannot be accessed by software. The Storage Root Key (SRK) is created when a user or administrator takes ownership of the system. This key pair is generated by the TPM based on the Endorsement Key and an owner-specified password.
URI
URI (Uniform Resource Identifier; pronounced YEW-AHR-EYE) is the way you identify any of those points of content, whether it be a page of text, a video or sound clip, a still or animated image, or a program. The most common form of URI is the Web page address, which is a particular form or subset of URI called a Uniform Resource Locator (URL). A URI typically describes:
URL
URL (Uniform Resource Locator, previously Universal Resource Locator) - usually pronounced by sounding out each letter but, in some quarters, pronounced "Earl" - is the unique address for a file that is accessible on the Internet.
USB
USB (Universal Serial Bus) is a plug-and-play interface between a computer and add-on devices, such as media players, keyboards, telephones, digital cameras, scanners, flash drives, joysticks and printers. USB supports hot-swapping, which means that a new device can be added to your computer without having to add an adapter card or even having to turn the computer off. The USB peripheral bus standard was developed by Compaq, IBM, DEC, Intel, Microsoft, NEC, and Northern Telecom. The technology is available without charge for all computer and device vendors.
UEFI
Unified Extensible Firmware Interface (UEFI) is a specification for a software program that connects a computer's firmware to its operating system (OS). UEFI is expected to eventually replace BIOS. Like BIOS, UEFI is installed at the time of manufacturing and is the first program that runs when a computer is turned on. It checks to see what hardware components the computing device has, wakes the components up and hands them over to the operating system. The new specification addresses several limitations of BIOS, including restrictions on hard disk partition size and the amount of time BIOS takes to perform its tasks.
UPS
Uninterruptable Power supply
UTP
Unshielded Twisted Pair
UAT
User Acceptance Testing (UAT) - also called beta testing, application testing, and end user testing - is a phase of software development in which the software is tested in the "real world" by the intended audience.
UDP
User Datagram Protocol provides connectionless sessions (without a three way handshake) ICMP traffic audio and video streaming use UDP. Many DoS attacks use UDP.
VPN
VPN is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or individual users with secure access to their organization's network. A VPN ensures privacy through security procedures and tunneling protocols such as the Layer Two Tunneling Protocol ( L2TP ). Data is encrypted at the sending end and decrypted at the receiving end.
VTC
Video Teleconferencing
VDI
Virtual Desktop Infrastructure (VDI) is the practice of hosting a desktop operating system within a virtual machine (VM) running on a centralized server. VDI is a variation on the client/server computing model, sometimes referred to as server-based computing. The term was coined by VMware Inc.
WAF
Web Application Firewall is a form of firewall which controls input, output, and/or access from, to, or by an application or service. It operates by monitoring and potentially blocking the input, output, or system service calls which do not meet the configured policy of the firewall. The application firewall is typically built to control all network traffic on any OSI layer up to the application layer. It is able to control applications or services specifically, unlike a stateful network firewall which is - without additional software - unable to control network traffic regarding a specific application. There are two primary categories of application firewalls, network-based application firewalls and host-based application firewalls.
WPA2
Wi-Fi Protected Access 2, the follow on security method to WPA for wireless networks that provides stronger data protection and network access control. It provides enterprise and consumer Wi-Fi users with a high level of assurance that only authorized users can access their wireless networks. Based on the IEEE 802.11i standard, WPA2 provides government grade security by implementing the National Institute of Standards and Technology (NIST) FIPS 140-2 compliant AES encryption algorithm and 802.1x-based authentication.
WPA
Wi-Fi Protected Access, a Wi-Fi standard that was designed to improve upon the security features of WEP. The technology is designed to work with existing Wi-Fi products that have been enabled with WEP (i.e., as a software upgrade to existing hardware), but the technology includes two improvements over WEP:
WPS
Wi-Fi Protected Setup (WPS; originally Wi-Fi Simple Config) is a network security standard that attempts to allow users to easily secure a wireless home network but could fall to brute-force attacks if one or more of the network's access points do not guard against the attack.
PCAP
pcap (packet capture) consists of an application programming interface (API) for capturing network traffic. Unix-like systems implement pcap in the libpcap library; Windows uses a port of libpcap known as WinPcap.
P2P
peer-to-peer, or abbreviated P2P,applications allow users to share files such as music, video, and data over the Internet. Instead of a single server providing the data to end users, all computers in the P2P network are peers, and any computer can act as a server to other clients. ex Napster