CIS Chapter 12
A de facto industry standard for short-range wireless communications between wireless telephones and headsets, between PDAs and desktop computers, and between laptops.
Bluetooth:
A computer connection system that centralizes the management of user authentication by placing the responsibility for authenticating each user on a central authentication server.
Remote Authentication Dial-In User Service (RADIUS):
Commonly used in UNIX systems, a remote access authorization system based on a client/server configuration that makes use of a centralized data service in order to validate the user's credentials at the TACACS server.
Terminal Access Controller Access Control System (TACACS):
Networking devices categorized by their ability to perform the work of multiple devices, such as a stateful packet inspection firewall, network intrusion detection and prevention system, content filter, spam filter, and malware scanner and filter.
Unified Threat Management (UTM):
A set of protocols used to secure wireless networks; created by the Wi-Fi Alliance. Includes WPA and WPA2
Wi-Fi Protected Access (WPA):
A set of protocols designed to provide a basic level of security protection to wireless networks and to prevent unauthorized access or eavesdropping. WEP is part of the IEEE 802.11 wireless networking standard.
Wired Equivalent Privacy (WEP):
In an IDPS, a piece of software that resides on a system and reports back to a management server. Also referred to as a sensor.
agent:
An IDPS that compares current data and traffic patterns to an established baseline of normalcy, looking for variance out of parameters. Also known as a behavior-based IDPS.
anomaly-based IDPS:
Also known as a layer seven firewall, a device capable of examining the application layer of network traffic (for example, HTTP, SMTP, FTP) and filtering based upon its header content rather than the traffic IP headers.
application layer firewall:
A device capable of functioning both as a firewall and an application layer proxy server.
application layer proxy firewall:
An authentication component in the form of a token—a card or key fob that contains a computer chip and a liquid crystal display and shows a computer- generated number used to support remote login authentication. This token does not require calibration of the central authentication server; instead, it uses a challenge/response system.
asynchronous token:
A device placed between an external, untrusted network and an internal, trusted network. Also known as a sacrificial host, as it serves as the sole target for attack and should therefore be thoroughly secured.
bastion host:
The use of physiological characteristics to provide authentication for a provided identification. Biometric means "life measurement" in Greek.
biometrics:
A proxy server or application-level firewall that stores the most recently accessed information in its internal caches, minimizing the demand on internal servers.
cache server:
A predefined assessment level that triggers a predetermined response when surpassed. Typically, the response is to write the event to a log file and/or notify an administrator.
clipping level:
A software program or hardware/software appliance that allows administrators to restrict content that comes into or leaves a network—for example, restricting user access to Web sites with material that is not related to business, such as pornography or entertainment.
content filter:
Also called the equal error rate, the point at which the rate of false rejections equals the rate of false acceptances.
crossover error rate (CER):
A firewall function that involves examining multiple protocol headers and even content of network traffic, all the way through the TCP/IP layers and including encrypted, compressed, or encoded data.
deep packet inspection (DPI):
An intermediate area between a trusted network and an untrusted network that restricts access to internal systems.
demilitarized zone (DMZ):
A network configuration in which a device contains two network interfaces: one that is connected to the external network and one that is connected to the internal network. All traffic must go through the device to move between the internal and external networks.
dual-homed host:
An authentication card that contains digital user data, such as a personal identification number (PIN), against which user input is compared.
dumb card:
A firewall type that can react to network traffic and create or modify configuration rules to adapt.
dynamic packet filtering firewall:
The rate at which fraudulent users or nonusers are allowed access to systems or areas as a result of a failure in the biometric device. This failure is also known as a Type II error or a false positive.
false accept rate:
In information security, a combination of hardware and software that filters or prevents specific information from moving between the outside network and the inside network.
firewall:
In wireless networking, the geographic area in which there is sufficient signal strength to make a network connection.
footprint:
An IDPS that resides on a particular computer or server, known as the host, and monitors activity only on that system. Also known as a system integrity verifier.
host-based IDPS (HIDPS):
The general term for a system with the capability both to detect and modify its configuration and environment to prevent intrusions. An IDPS encompasses the functions of both intrusion detection systems and intrusion prevention technology.
intrusion detection and prevention system (IDPS):
An IDPS that resides on a computer or appliance connected to a segment of an organization's network and monitors traffic on that segment, looking for indications of ongoing or successful attacks.
network-based IDPS (NIDPS):
A networking device that examines the header information of data packets that come into a network and determines whether to drop them (deny) or forward them to the next network connection (allow), based on its configuration rules.
packet filtering firewall:
A plain-language phrase, typically longer than a password, from which a virtual password is derived.
passphrase:
A secret word or combination of characters that only the user should know; used to authenticate the user.
password:
A technology in which multiple real, routable external IP addresses are converted to special ranges of internal IP addresses, usually on a one-to-many basis; that is, one external valid address is mapped dynamically to a range of internal addresses by adding a unique port number to the address when traffic leaves the private network and is placed on the public network.
port-address translation (PAT):
A device that provides both firewall and proxy services
proxy firewall:
A server that exists to intercept requests for information from external users and provide the requested information by retrieving it from an internal server, thus protecting and minimizing the demand on internal servers. Some proxy servers are also cache servers.
proxy server:
A firewall architectural model that combines the packet filtering router with a second, dedicated device such as a proxy server or proxy firewall.
screened-host architecture:
A firewall architectural model that consists of one or more internal bastion hosts located behind a packet filtering router on a dedicated network segment, with each host performing a role in protecting the trusted network.
screened-subnet architecture:
An IDPS that examines systems or network data in search of patterns that match known attack signatures. Also known as a knowledge-based IDPS.
signature-based IDPS:
A firewall architecture in which a single device performing firewall duties, such as packet filtering, serves as the only perimeter device providing protection between an organization's networks and the external network. This architecture can be implemented as a packet filtering router or as a firewall behind a non-filtering router.
single bastion host architecture:
An authentication component similar to a dumb card that contains a computer chip to verify and validate several pieces of information instead of just a PIN.
smart card:
A tabular record of the state and context of each packet in a conversation between an internal and external user or system. A state table is used to expedite traffic filtering.
state table:
A firewall type that keeps track of each network connection between internal and external systems using a state table, and that expedites the filtering of those communications. Also known as a stateful inspection firewall.
stateful packet inspection (SPI) firewall:
An authentication component in the form of a token—a card or key fob that contains a computer chip and a liquid crystal display and shows a computer-generated number used to support remote login authentication. This token must be calibrated with the corresponding software on the central authentication server.
synchronous token:
A measurement of the true cost of a device or application, which includes not only the purchase price, but annual maintenance or service agreements, the cost to train personnel to manage the device or application, the cost of systems administrators, and the cost to protect it.
total cost of ownership (TCO):
The system of networks inside the organization that contains its information assets and is under the organization's control.
trusted network:
The system of networks outside the organization over which it has no control. The Internet is an example of an untrusted network.
untrusted network:
The derivative of a passphrase.
virtual password:
An attacker technique of moving through a geographic area or building, actively scanning for open or unsecured WAPs.
war driving:
An automatic phone-dialing program that dials every number in a configured range (e.g., 555-1000 to 555-2000) and checks whether a person, answering machine, or modem picks up.
war-dialer:
A device used to connect wireless networking users and their devices to the rest of the organization's network(s). Also known as a Wi-Fi router.
wireless access point (WAP):
