Sec+ Remember This
MD5 Message Digest 5
A common hashing algorithm that produces a 128-bit hash and verifies integrity.
HMAC Hash-based message authentication code
A fixed-length string of bits that also uses a shared secret key to add randomness. Verifies integrity and authenticity of a message.
TPM Trusted Platform Module
A hardware chip on the motherboard included on many laptops and provides full disk encryption. Includes a unique RSA asymmetric key.
MTBF Mean time between failures
A measure of a system's reliability. (repairable)
HSM Hardware Security Module
A removable or external device that can generate, store, and manage RSA keys used in asymmetric encryption. Used by many server-based apps to protect keys.
DHE Diffie-Hellman
A secure method of sharing symmetric encryption keys over a public network.
Blowfish
A strong symmetric 64-bit block cipher that is widely used today. Supports key sizes between 32 and 448 bits. Faster than AES-256
AES Advanced Encryption Standard
A strong symmetric block cipher that encrypts data in 128-bit blocks. Uses 128-bit, 192-bit, or 256-bit keys. Selected as current standard and is much less resource intensive than 3DES.
RC4
A strong symmetric stream cipher that can use between 40 and 2,048 bit keys.
DES Data Encryption Standard
A symmetric block cipher that encrypts data in 64-bit blocks. Uses a relatively small key of 56-bits and can be broken with brute force attacks.
3DES Triple Data Encryption Standard
A symmetric block cipher that encrypts in 64-bit blocks and was designed as a replacement to DES. Uses key sizes of 56 bits, 112 bits, or 168 bits.
Ransomware
A type of malware that takes control of a user's system or data. Criminals then attempt to extort payment from the victim by threatening to damage user's system or data.
Vishing
A type of phishing that uses the phone or VoIP. Can be fully automated.
Increase Availability
Add fault tolerance and redundancies (RAID, failover clusters, backups, and generators). HVAC also important.
SAML Security Assertion Markup Language
An XML-based standard used to exchange authentication and authorization info between different parties. Provides SSO for web-based apps.
OCSP Online Certificate Status Protocol
An alternative to CRL, which returns answers such as good, revoked, or unknown.
RSA Rivest, Shamir, and Adleman
An asymmetric encryption method using both a public key and a private key in a matched pair. It's widely used to protect data such as email and other data transmitted over the internet.
Certificates
An important part of asymmetric encryption. Includes public keys along with details on the owner and on the CA that issued it. Owners share their public key by sharing a copy of this.
RAID Redundant array of inexpensive disks
An inexpensive method used to add fault tolerance and increase availability.
SHA Secure Hash Algorithm
Another common algorithm that consists of SHA-0, 1, 2, and 3.
Single Point of Failure
Any component whose failure results in the failure of an entire system. Elements such as RAID, failover clustering, UPSs, and generators remove many single points of failure.
Trojan
Appears to be something useful but includes a malicious component, such as installing a backdoor on a user's system. Can be delivered via drive-by downloads and can also infect from rogueware, pirated software, games, or infected USB drives.
Rogue Access Points
Are malicious and often used to capture and exfiltrate data. Provides access to unauthorized users.
Test Restores
Are the best way to test the integrity of a company's backup data. Backup media should be protected with the same level of protection as the actual data.
XSS Cross-site scripting
Attack allows attackers to capture user info such as cookies. Input validation at the server help mitigate threats.
DDoS Distributed Denial of Service
Attack consists of multiple computers attacking a single target. They typically include sustained, abnormally high network traffic.
DoS Denial of Service
Attack is from a single source that attempts to disrupt the services provided by another system.
WPA cracking
Attackers capture traffic with wireless sniffer waiting for client to connect so they can capture the four-way authentication handshake info. Brute force is then used to discover passphrase.
Honeypots & Honeynets
Attempt to divert attackers from live networks and allow security personnel to observe and gather intel on attack methodologies.
Transitive Access Attack
Attempts to access a back-end server through another server. Example is SQL Injection Attack.
LDAP Injection Attack
Attempts to access or modify data hosted on directory service servers.
MTTR Mean time to recover
Average time it takes to restore a failed system.
Full Backup
Backs up all data specified, but takes a long time and can interfere with operations. It can also be quite expensive purchasing the required media.
Bcrypt
Based on Blowfish used on Unix and Linux to protect passwords by salting password with additional bits before encrypting with Blowfish. Key stretching technique to help prevent brute force and rainbow table attacks.
LDAP Lightweight Directory Access Protocol
Based on earlier version of X.500. Used to identify objects in query strings with codes. Secure version encrypts with SSL or TLS.
Rule-BAC Rule-based Access Control
Based on set of approved instructions, such as ACL. Rules trigger in response to event.
Forensic Image
Bit-by-bit copy of data which is not modified during the capture to preserve the original and maintain usability as evidence. Hashing provides integrity for captured images.
Web Security Gateway & UTM
Both combine multiple security controls into single appliance. Inspect data streams and include URL filtering, malware inspection, and content inspection components.
Certificate Revocation
CAs revoke certificates when private key is compromised, if CA is compromised, or when an employee leaves.
Hot Spot Configuration
Can be completed with WEP and Open System Authentication or security disabled so that users do not need a pre-shared key.
WAP range
Can be limited by reducing WAPs power level.
Metrics
Can be used to prove the success of a training or security awareness program by comparing incidents before and after the training.
Anomaly-based IDSs
Can detect unknown anomalies. Start with baseline of normal behavior and sends alert when traffic significantly differs.
Network-based DLP
Can examine and analyze network traffic and detect if confidential or any PII data is included in email.
Port Scanner
Can help determine what services and protocols are running on a remote system by identifying open ports.
Vulnerability Scanner
Can identify vulnerabilities, misconfigured systems, and the lack of security controls such as up-to-date patches. Scans are passive and have little impact on a system during a test.
HIDS Host-based intrusion detection system
Can monitor all traffic on single host and may detect malicious activity missed by antivirus software.
Endpoint DLP
Can prevent users from copying or printing sensitive data
RAID-5
Can survive the failure of one disk.
RAID-6
Can survive the failure of two disks.
Replay Attacks
Capture data in a session with the intent of later impersonating one of the parties in the session. Timestamps and sequence numbers are effective countermeasures.
XSRF Cross-site request forgery scripting
Causes users to perform actions on web sites, such as making purchases, without their knowledge. Can be used to steal cookies and harvest passwords.
Wireless Audit
Checks wireless signal footprint, power level, antenna placement, and encryption of wireless traffic. Use war driving to detect rogue access points and identify unauthorized users.
Door Access Systems
Cipher locks (don't identify), proximity cards (with pin = identify and authenticate), biometrics (identify and authenticate).
Security Controls
Classified as technical, management, and operational
SaaS Software as a Service
Cloud-based technologies provides software or applications to users over a network such as the internet. (Web-based email)
Warm Site
Combo of hot and cold site.
Communication Plan
Commonly included in BCPs and DRPs. Identifies alternate methods of comm, such as war room or push-to-talk phones. Also identifies who must be contacted, such as response team members, employees, suppliers, customers, media, and regulatory agencies.
ECC Elliptical Curve Cryptography
Commonly used with small wireless devices since it doesn't take much processing power to achieve desired security.
Dual-Factor Authentication
Consists of two different factors: Users have something (smart card) and know something (pin)
SLE Single loss expectancy
Cost of a single loss.
SHA-1
Creates 160-bit hashes and verifies integrity.
IPsec Internet Protocol Security
Creates secure tunnels for VPNs. Built into IPv6 and can encrypt any type of IPv6 traffic. Uses Internet Key Exchange (IKE) over port 500. Identified with protocol ID 50 for ESP. Must use HMAC for authentication and integrity. Uses AES or 3DES for encryption with ESP(encrypt entire packet).
Account Disablement
Data and security keys associated with account remain available which are no longer accessible if the account is deleted.
Forensic Analysis
Data should be collected from the most volatile to the least volatile. Order: cache memory, regular RAM, swap or paging file, hard drive data, logs stored on remote systems, and archived media.
Incident Response Policy
Defines an incident and incident response procedures. Starts with preparation to prevent incidents.
Change Management
Defines the process and accounting structure for handling modifications and upgrades. Goals are to reduce risks related to unintended outages and provide documentation for all changes.
Antivirus Software
Detects and removes malware, such as viruses, Trojans, and worms. Signature-based detects known malware and heuristic-based detects previously unknown malware.
Vulnerability Assessment
Determines the security posture of a system or network by identifying vulnerabilities and weaknesses.
Port Security
Disable unused ports, limit MAC addresses per port. Prevents rogue devices from connecting.
SYN Flood Attack
Disrupts the TCP initiation process by withholding the third packet of the TCP three-way handshake. Flood guards protect against these types of attacks.
Mobile Site
Do not have dedicated locations but can provide temporary support during a disaster.
Stream Ciphers
Encrypt data a single bit, or single byte, at a time in a stream. More efficient than block ciphers.
Block Ciphers
Encrypt data in a specific-sized block such as 64-bit or 128-bit blocks. Not as efficient as stream ciphers.
Digital Signature
Encrypted hash of a message. Sender's private key encrypts and recipient uses sender's public key to decrypt. Provides authentication (ID sender), non-repudiation (prevents denial), and integrity (verifies message).
SSH
Encrypts FTP as SFTP and TCP wrappers using port 22. Used with SCP (Secure copy) to copy encrypted files over network.
SSL Secure Sockets Layer
Encrypts traffic such as SMTP and LDAP with use of certificates. Used by FTPS (File Transfer Protocol Secure) to encrypt FTP traffic.
TLS Transport Layer Security
Encrypts with use of certificates. Designed as replacement for SSL.
SSO Single Sign-on
Enhances security by requiring users to use and remember only one set of credentials for authentication. One set of credentials used throughout user's session.
Succession Planning
Ensures an organization can continue to thrive even if key leaders unexpectedly leave or are unavailable.
Design Review
Ensures systems and software are developed properly.
Logic Bomb
Executes in response to an event, such as when a specific application is executed or a specific time arrives.
Proxy
Forwards requests from client. Provides caching to improve performance and reduce bandwidth usage. Can filter URLs and log activity.
Full/Differential Backup
Full backup followed by differential back up covering several days. Reduce the amount of time needed to perform backups.
Full/Incremental Backup
Full backup followed by incremental back ups each day. Reduce the amount of time needed to perform backups.
Preventive Controls
Hardening systems, security guards, change management process, account disablement policy.
WEP
Has several weaknesses and shouldn't be used. Includes use of weak IVs (initialization vector) to create encryption keys as opposed to RC4 symmetric encryption protocol.
White Box Testers
Have full knowledge of the system prior to a pentest.
Gray Box Testers
Have some knowledge of the system prior to a pentest.
Rootkits
Have system-level or kernel-level access and can modify system files and system access. They can hide their running processes to avoid detection with hooking techniques and tools that can inspect RAM can discover these hidden hooked processes.
Black Box Testers
Have zero prior knowledge of the system prior to a pentest. Often use fuzzing.
Routine Audits
Help an organization ensure they are following their policies, such as principle of lest privilege and account management best practices.
Error & Exception Handling
Helps protect the integrity of the OS and controls errors shown to users. Apps should show generic error message but detailed log info.
Steganography
Hides messages or other data within a file. Hashing is used to detect if steganography has been used.
Password History
History of 24 remembers the last 24 passwords.
ARO Annual rate of occurrence
How many times the loss will occur in a year.
Sniffing
IDS & IPS capability
Application Whitelisting
Identifies authorized software for workstations, servers, and mobile devices. Prevents users from installing or running software that isn't approved.
Signature-based Detection
Identifies issues based on known attacks or vulnerabilities and known anomalies .
BIA Business Impact Analysis
Identifies systems and components that are essential to the organization's successes. It also identifies maximum downtime limits for these systems and components, various scenarios of impact, and potential losses.
RTO Recovery Time Objective
Identifies the maximum amount of time it should take to restore a system after an outage. It's derived from the maximum allowable outage time identified in the BIA.
SSID Service set identifier
Identifies the name of the wireless network and should be changed from the default name. Disabling the broadcast can hide network from casual users, but can be discover by an attacker with a wireless sniffer.
WPA
Immediate replacement for WEP and used TKIP and RC4 for older hardware compatibility.
Group Policy
Implemented on a domain controller within a domain and is used to create password policies, lock down GUI, configure host-based firewalls, etc.
DIAMETER
Improvement over RADIUS supporting additional capabilities including securing transmissions with EAP.
Backup Best Practices
Include storing a copy off-site for retention purposes, labeling media, performing test restores, and destroying media when it is no longer usable.
DNS Domain Name Server
Includes A records for IPv4 and AAAA records for IPv6 addresses. Uses TCP port 53 for zone transfer and UDP port 53 for client queries. Most run BIND software on Linux or Unix Servers.
Transport Encryption
Includes SSH, IPSec, HTTPS, SSL, and TLS to protect the confidentiality of data transmitted over a network.
DRP Disaster Recovery Plan
Includes a hierarchical list of critical systems and often prioritizes services to restore after an outage. Testing validates the plan and the final phase includes a review to identify any lessons learned and possible plan update.
CRL Certificate revocation list
Includes a publicly available list of revoked certs.
Mobile Device Security
Includes device encryption, screen locks, and remote wipe.
NAC Network Access Control
Includes methods to inspect clients for health (up to date antivirus software). Can restrict access of unhealthy clients to remediation network. Can be used for VPN clients and for internal clients.
SHA-3
Includes multiple versions with hashes of 224, 256, 384, and 512 bits.
Hot Site
Includes personnel, equipment, software, and comm capabilities of the primary site with all the data up to date. Provides shortest recovery time and is the most effective disaster recovery solution but also the most expensive.
SHA-2
Includes versions consisting of 224, 256, 384, and 256 hashes. Each number represents the number of bits in the hash. Verifies integrity.
Load Balancing
Increases the overall processing power of a service by sharing the load among multiple servers. Also ensure availability when a service has an increased number of requests.
NIDS Network-based intrusion detection system
Installed on network devices to monitor traffic and detect attacks. It cannot monitor encrypted traffic or monitor traffic on individual hosts.
Twofish
Is a symmetric 128-bit block cipher and supports 128, 192, or 256-bit keys.
Pentest
Is an active test that can assess deployed security controls and determine impact of threat. It starts with vulnerability scan then tries to exploit the vulnerabilities by attacking or simulating an attack. It is obtrusive and can potentially compromise a system.
MTTF Mean time to failure
Length of time you can expect a device to remain in operation before it fails. (nonrepairable)
Risk
Likelihood that threat will exploit a vulnerability.
Detective Controls
Log monitoring, trend analysis, security audits, CCTV systems
Phishing
Malicious spam used to trick into revealing personal info or clicking on a link.
Written Security Policies
Management controls that identify a security plan. Technical, operational, and additional management controls enforce securtiy policies.
Spyware
Monitors a user's computer.
CHAP Challenge Handshake Authentication Protocol
More secure than PAP in that it doesn't send info in clear text. Uses PPP.
Enterprise Mode
More secure than personal mode. Uses 802.1X server (RADIUS server) to add authentication
Discovery Mode
Must be disabled to provide protection for Bluetooth devices.
Kerberos
Network authentication protocol within MS Active Directory Domain. Issues time stamped tickets that expire after a certain time period. Uses UDP port 88.
False Negative
Network doesn't detect active attack.
Buffer Overflow
Occurs when app receives more data than it can handle, or receives unexpected data that exposes system memory.
Data Leakage
Occurs when users install P2P software and unintentionally share files. P2P software is often blocked on an organization's firewall.
Failover Clusters
One method of server redundancy that provides high availability for servers. Can remove a server as a single point of failure.
HOTP HMAC-based One-time password
Password that does not expire. Open source standard.
TOTP Time-based one-time password
Password that expires after 30 seconds. Open source standard.
WPA2
Permanent replacement for WEP and WPA supporting stronger AES encryption algorithm. Supports CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol).
Separation of Duties
Prevents any single person or entity from being able to complete all the functions of a critical or sensitive process by dividing the tasks between employees. Helps prevent fraud that can occur if a single person prints and signs checks.
EMI Shielding Electromagnetic interference shielding
Prevents outside interference sources from corrupting data and prevents data from emanating outside the cable.
Security Awareness
Primary goal is to reinforce user compliance with security policies and help reduce risks posed by users.
LEAP Lightweight EAP
Proprietary to Cisco and does not require a digital cert.
Account Lockout
Protects against brute force attacks.
Full Disk Encryption
Protects entire disks, including USB flash drives and drives on mobile devices.
Data Column Encryption
Protects individual fields within a database.
Host-based Firewall
Provide protection for individual hosts. Linux systems support xtables.
Baseline Reporting
Provides a report after comparing baselines with current systems. Can be used for security baselines, operating system baselines, application configuration baselines, and software baselines.
Backdoor
Provides another way of accessing a system created by many types of malware.
RADIUS Remote Authentication Dial-In User Service
Provides centralized authentication.
Encryption
Provides confidentiality and helps ensure that data is viewable only by authorized users.
ESP Encapsulating Security Payload
Provides confidentiality, integrity, and authentication for VPN traffic.
PaaS Platform as a Service
Provides customers with a fully managed platform, which the vendor keeps up to date with current patches.
IaaS Infrastructure as a Service
Provides customers with access to hardware in a self-managed platform where customers are responsible for keeping up to date.
UPS Uninterruptible power supply
Provides fault tolerance for power and can protect against power fluctuations. Provides short-term power. Generators provide long-term power.
Virtualization
Provides increased availability with lower operating costs and high level of flexibility when testing security controls, updates, and patches since they can be easily reverted with snapshots.
Host software baseline
Provides list of approved software and a list of software installed on systems. Can be used to identify unauthorized software.
POP3 Post Office Protocol v3
Receives email on port 110.
Email Encryption
Recipient's public key encrypts and recipient's private key decrypts.
Recovery Agents
Recover user messages and data when users lose access to their private keys. In some cases, they can recover the private key from a key escrow.
Pharming Attack
Redirects a web site's traffic to another site and can do so by modifying the hosts file on the user's system.
Wildcard Certs
Reduce the management burden associated with certificates.
Humidity Controls
Reduce the potential for damage from electrostatic discharge and damage from condensation.
RPO Recovery Point Objective
Refers to the amount of data you can afford to lose.
PEAP & EAP-TTLS Protected EAP and EAP Tunneled TLS
Require a cert on the 802.1x server
Job Rotation Policies
Require employees to change roles on a regular basis to help ensure they cannot continue with fraudulent activities.
EAP-TLS Extensible Authentication Protocol-TLS
Requires certs on both the 802.1x server and each of the clients
Mandatory Vacation Policy
Requires employees to take time away from their job. Also helps to deter fraud and discover malicious activities while the employee is away.
Clean Desk Policy
Requires users to organize their areas to reduce the risk of possible data theft. Reminds users to secure sensitive data and may include a statement about not writing down passwords.
ARP Address Resolution Protocol
Resolves MAC addresses to IPv4
MAC filtering
Restricts access to wireless networks to specific clients. Attacker can use sniffer to discover allowed MAC addresses and spoof MAC address.
Code Review
Reviews software line-by-line to identify potential vulnerabilities such as race conditions or susceptibility to buffer overflow attacks.
Evil Twin
Rogue access point using same SSID as legitimate access point.
ALE Annual loss expectancy
SLE x ARO
SMTP Simple Mail Transfer Protocol
Sends email on TCP port 25
Fuzzing
Sends random strings of data to apps looking for vulnerabilities. Admin uses this technique to test apps, while attackers use it to detect attack methods.
Typo Squatting
Similar domain names used for malicious purposes.
NDP Neighbor Discovery Protocol
Similar to ARP with IPv6
IPS Intrusion Prevention System
Similar to IDS except it is placed in-line with traffic. Can actively monitor data streams, detect malicious content and stop attacks in progress. Can be used internally to protect private networks.
Standardized Image
Snapshot of a single system used to streamline deployments allowing for a secure starting point and reduced cost. Used as baseline to identify anomalies.
Authentication
Something you know(password or pin = weakest factor). Can also be something you are such as biometrics (strongest) and something you have (smart card, token). User proves claimed identity (password or pin) and credentials are verified.
DAC Discretionary Access Control
Specifies that every object has an owner, and owner has full, explicit control of object. MS NTFS uses this.
Incremental Backup
Starts with full backup, then only backs up data that has changed or is different since the last full backup or last incremental backup.
Differential Backup
Starts with full backup, then only backs up data that has changed or is different since the last full backup.
Whaling
Targets high-level executives.
Spear Phishing
Targets specific groups of users. Digital signatures provide assurances as to who sent the email and if its valid.
CSR Certificate signing request
The first step to create a RSA-based private key, which is used to create a public key. The public key is included in this and after the CA validates your identity, embeds the public key in the certificate.
Hardening
The practice of making an OS or application more secure from its default installation.
Key Escrow
The process of placing a copy of a private key in a safe environment useful for recovery.
COOP Continuity of operations planning
These sites provide an alternate location for operations after a critical outage. Most common sites are hot, cold, warm, and mobile.
PKI Public Key Infrastructure
This requires a trust model between CAs. Most trust models are hierarchical and centralized with a central root CA.
NAT Network Address Translation
Translates public IP addresses to private and private back to public. Dynamic version uses multiple public IP addresses and PAT uses single public IP address.
Smurf Attacks
Typically use directed broadcasts to launch through amplifying networks. Disabling directed broadcasts on routers can mitigate this threat.
Bluesnarfing
Unauthorized access to or theft of info from Bluetooth device.
Bluejacking
Unauthorized sending of text messages to nearby Bluetooth device.
Zero-day Exploits
Undocumented and unknown to the public.
Spam
Unwanted email.
Technical Controls
Use technology to reduce vulnerabilities. Includes encryption, antivirus software, IDSs, firewalls, and principle of least privilege. Also motion detectors and fire suppression.
PBKDF2
Used by WPA2, Apple iOS, and Cisco to increase security of passwords. Adds a salt of at least 64-bits. Key stretching technique to help prevent brute force and rainbow table attacks.
Omnidirectional Antenna
Used by most WAPs to transmit and receive signals in all directions at the same time.
L2TP Layer 2 Tunneling Protocol
Used for VPNs and commonly combined with IPSec. Uses UDP port 1701.
Isolation Mode
Used in an access point to prevent clients from connecting to each other. Sometimes used in public networks to protect wireless clients.
Yagi Antenna
Used to connect two WAPs together since it can focus into a single direction while also increasing gain and reducing the radiation pattern.
Public Key
Used to decrypt info encrypted with a matching private key.
Private Key
Used to decrypt info encrypted with a matching public key.
SNMP Simple Network Management Protocol
Used to manage and monitor network devices via UDP ports 161 and 162.
SQL Injection Attack
Used to pass queries to back-end databases through web servers. Input validation and stored procedures reduce threat. It's an example of a transitive access attack that can bypass many other security controls.
Identification
User claims identity such as username or email address
Switch Loop Protection
Uses STP or RSTP to protect against
PPTP Point-to-Point Tunneling Protocol
Uses TCP port 1723
Client-side Attack
Uses an app on the client computer, such as a web browser.
ECDHE Elliptical Curve Diffie-Hellman Ephemeral
Uses ephemeral keys generated using ECC.
Armored Virus
Uses one or more technologies to make it difficult to reverse engineer. Common techniques include using complex code, using encryption, or hiding the location.
PAP Password Authentication Protocol
Uses password or pin to send info across network in clear text making it susceptible to sniffing attacks. Uses PPP.
IMAP4 Internet Message Access Protocol version 4
Uses port 143
Role-BAC Role-based Access Control
Uses roles based on jobs and functions.
Symmetric Encryption
Uses same key to encrypt and decrypt data. Used by RADIUS.
MAC Mandatory Access Control
Uses sensitivity labels for users and data such as classification levels and clearances.
Quantitative Risk Assessment
Uses specific monetary amounts to identify cost and asset values. Uses judgment to categorize risks based on probability and impact. ALE = SLE x ARO
Asymmetric Encryption
Uses two keys in a matched pair to encrypt and decrypt data. Require a certificate and a PKI.
HMAC-MD5
Verifies integrity and authenticity. Creates 128-bit hashes. Used by IPSec and TLS.
HMAC-SHA1
Verifies integrity and authenticity. Creates 160-bit hashes. Used by IPSec and TLS.
Hashing
Verifies integrity for data such as email, downloaded files, and files stored on a disk. It is a number created with an algorithm. It's a one way function that cannot be reversed to re-create the original file.
Input Validation
Verifies validity of inputted data before using it. Server-side validation is more secure than client side. Lack of this is the most common security issue on web-based apps.
Digital Signatures
Verify integrity of emails and files. Require certs that provide authentication and non-repudiation
Personal Mode
WPA-PSK & WPA2-PSK. A mode that uses a pre-shared key and does not provide individual authentication.
Web site Encryption
Web site's public key encrypts (symmetric key), web site's private key decrypts (asymmetric), and the symmetric key encrypts the data in the web session.
False Positive
When an alert or alarm is actually harmless. Ex: scan detects a vulnerability, but vulnerability doesn't exist.
Cold Site
Will have power and connectivity needed for COOP activation, but little else. Least expensive and the hardest to test.
Implicit Deny
deny any any. Forces firewall to block any traffic not previously allowed in ACL. Used on routers and firewalls as last rule on ACL.
Protocol Analyzer
(aka sniffer) Used by admin to capture, display, and analyze packets sent over a network. Useful as troubleshooting tool for comm problems between systems and to detect attacks that manipulate or fragment packets. To capture traffic, NIC must be in promiscuous mode.
