Sec+ 701

3DES

Triple Digital Encryption Standard.

A Symmetric algorithm is used to encrypt data and provide confidentiality. It is a block cipher that encrypts data in 64-bit blocks. It was originally designed as a replacement for DES (Digital Encryption Standard), and is still used in some applications, such as when hardware doesn't support AES (Advanced Encryption Standard).

802.1X

A port-based authentication protocol, also known as IEEE 802.1X. *IEEE (Institute of Electrical and Electronics Engineers).

An authentication protocol used in VPNs (Virtual Private Networks) and wired and wireless networks. VPNs often implement it as a RADIUS (Remote Authentication Dial-In User Service) server. Wired networks use it for port-based authentication. Wireless networks use it in Enterprise mode, and it often uses one of the EAP authentication protocols.

Compare with EAP (Extensible Authentication Protocol), PEAP (Protected Extensible Authentication Protocol), EAP-TLS (Extensible Authentication Protocol-Transport Layer Security), and EAP-TTLS (Extensible Authentication Protocol-Tunneled Transport Layer Security).

AAA

Authentication, Authorization, and Accounting.

AAA protocols are used in remote access systems. For example, TACACS+ (Terminal Access Controller Access-Control System) is an AAA protocol that uses multiple challenges and responses during a session.
Authentication verifies a user's identification.
Authorization determines if a user should have access.
Accounting tracks a user's access with logs.

ABAC

Attribute-Based Access Control.

An access control scheme. ABAC grants access to resources based on attributes assigned to subjects and objects.

Compare with DAC (Discretionary Access Control), MAC (Media/Mandatory Access Control), Role-based Access Control, and Rule-based Access Control.

AUP

Acceptable Use Policy.

A policy defining proper system usage and the rules of behavior for employees. It often describes the purpose of computer systems and networks, how users can access them, and the responsibilities of users when accessing the systems.

Access Control Vestibules

A physical security mechanism designed to control access to a secure area. An access control vestibule prevents tailgating. It is a room, or even a building, with two doors that creates a large buffer area between teh secure and unsecured areas.

*This was previously known as a mantrap.

AP

Access point.

A device that connects wireless clients to wireless networks. Sometimes called a Wireless Access Point (WAP)

Account Audit

An audit that analyzes user accounts and assigned privileges. It identifies the privileges (rights and permissions) granted to users and compares them against what the users need.

Accounting

The process of tracking the activity of users and recording this activity in logs. One method of accounting is audit logs that create an audit trail.

ACE

Access Control Entry.

Identifies a user or group that is granted permission to a resource. ACEs are contained within a DACL in NTFS.

ACK

Acknowledge.

A packet in a TCP (Transmission Control Protocol) handshake. In a SYN (Synchronize) flood attack, attackers send the SYN packet but don't complete the handshake after receiving the SYN/ACK packet.

ACL

Access Control List.

Lists of rules used by routers and stateless firewalls. These devices use the ACL to control traffic based on networks, subnets, IP addresses, ports, and some protocols.

Active Reconnaissance

A penetration testing method is used to collect information. It uses tools to send data to systems and then analyzes responses, and gains knowledge on the target.

Compare with Passive Reconnaissance.

Ad Hoc

A connection mode used by wireless devices without an AP (Access Point). When wireless devices connect through an AP, they are using infrastructure mode.

Compare with WiFi Direct.

AES

Advanced Encryption Standard.

A symmetric algorithm used to encrypt data and provide confidentiality. AES is a block cipher, and it encrypts data in 128-bit blocks. It is quick, highly secure, and used in a wide assortment of cryptography schemes. It includes key sizes of 128 bits, 192 bits, or 256 bits.

AES-256

Advanced Encryption Standard 256 bit.

AES sometimes includes the number of bits used in the encryption keys and AES-256 uses 256-bit encryption keys.

Affinity

A scheduling method used with load balancers. It uses the client's IP (Internet Protocol) address to ensure the client is redirected to the same server during a session.

Agent

A NAC (Network Access Control) agent that is installed on a client. It checks the client for health and is sometimes called just an agent. Compare with agentless or dissolvable agent.

Agentless

A NAC (Network Access Control) agent that runs on a client, but deletes itself later. It checks the client for health and is the same as a dissolvable client.

Compare with a permanent agent.

AH

Authentication Header.

An option within IPsec (Internet Protocol Security) to provide authentication and integrity. IPsec includes uses AH to provide authentication and integrity using HMAC (Hash-Based Message Authentication Code). ESP (Encapsulated Security Protocol) provides confidentiality, integrity, and authentication using HMAC and AES (Advanced Encryption Standard) or 3DES (Triple Advanced Encryption Standard). AH is identified with protocol ID number 51.

Compare with IPSec and ESP.

Air Gap

A physical security control that provides physical isolation. Systems separated by an air gap (a gap of air) don't typically have any physical connections to other systems. Sometimes spelled as airgap.

ALE

Annualized/Annual Loss Expectancy.

The Expected loss for a year. The ALE identifies the expected annual loss and is used to measure risk with ARO and SLE in a quantitative risk assessment. The calculation is SLE (Single Loss Expectancy) x ARO (Annualized/Annual Rate of Occurrence) = ALE.

Compare with SLE and ARO

Allow List

A list of applications that a system allows. Users are only able to install or run applications on the list. Sometimes referred to as a whitelist.

Compare with block list and deny list.

ARO

Annualized/Annual Rate of Occurrence.

The number of times a loss is expected to occur in a year. The ARO is used to measure risk with ALE and SLE in a quantitative risk assessment. The calculation is SLE (Single Loss Expectancy) x ARO = ALE (Annual Loss Expectancy).

Compare with SLE and ALE.

Anomaly

A variance from a baseline. Some intrusion detection and intrusion prevention systems detect attacks by comparing traffic against a baseline. It is also known as heuristic detection.

Anonymization

A process that removes PII (Personally Identifiable Information) from a data set. The goal is to remove any data from a data set to ensure that data can't be traced back to an individual. Ideally, anonymization is permanent, but if not done effectively, the process can be reversed.

Compare with data masking, pseudo-anonymization, and tokenization.

Anti-Malware

Software that protects systems from viruses and other malware. It protects against most malware, including viruses, Trojans, worms, and more.

Compare with antivirus.

Anti-Virus

Software that protects systems from malware. Although it is called antivirus software, it protects against most malware, including viruses, Trojans, worms, and more.

Compare with anti-malware.

API

Application Programming Interface.

A software module or component. An API gives developers access to features or data within another application, service, or operating system. APIs or often used with web applications, IoT (Internet of Things) devices, and cloud-based services.

API Attacks

Attacks on an API (Application Programming Interface). API attacks attempt to discover and exploit vulnerabilities in APIs.

APT

Advanced Persistent Threat.

A group that has both the capability and intent to launch sophisticated and targeted attacks. A nation-state (such as a foreign government) sponsored APTs.

Argon2

A key stretching algorithm. Argon2 uses a password and salt that is passed through an algorithm several times. This thwarts rainbow table attacks.

Compare with Bcrypt and PBKDF2.

arp (cmd tool)

A command-line tool used to show and manipulate the Address Resolution Protocol (ARP) cache.

Compare with ARP

ARP

Address Resolution Protocol.

Resolves IPv4 addresses to MAC addresses.

Compare with arp.

ARP Poisoning

An attack that misleads systems about the actual MAC (Media Access Control) address of a system. ARP poisoning attacks can redirect traffic through an attacker's system by sending false MAC address updates.

ASCII

American Standard Code for Information Interchange.
Code used to display characters.

Asset Value

An element of a risk assessment. It identifies the value of an asset and can include any product, system, resource, or process. The value can be a specific monetary value or a subjective value.

Asymmetric Encryption

A type of encryption uses two keys to encrypt and decrypt data. It uses a public key and a private key.

Compare with symmetric encryption.

Attestation

A process that checks and validates system files during the boot process. TPMs (Trusted Platform Module) sometimes use remote attestation, sending a report to a remote system for attestation.

Audit Trail

A record of events recorded In one or more logs. When security professionals have access to all the logs, they can re-create the events that occurred leading up to a security incident.

Authentication

The process that occurs when a user proves an identity. Users often claim an identity with a username and prove the identity is theirs with a password.

Authentication Attributes

Attributes that are sometimes used with authentication factors. They include:
Somewhere You Are,
Something You Do,
Something You Exhibit,
Someone You Know.

For more info look at: "Somewhere You Are", "Something You Do", "Something You Exhibit", & "Someone You Know".

Compare with Authentication Factors:
Something You Know,
Something You Have,
Something You Are.

Authentication Factors

The different methods used for authentication. The common authentication factors are something you know, such as a password or PIN (Personal Identification Number), something you have, such as a smart card, a phone, or a USB token, and something you are, such as a fingerprint or other biometric identification.
Authentication Factors include:
Something You Know (Password),
Something You Have (Smart Card, USB Token),
Something You Are (Biometrics).

Compare with Authentication Attributes:
Somewhere You Are,
Something You Do,
Something You Exhibit,
Someone You Know.

Authorization

The process of granting access to resources for users who prove their based on their proven identity. Users typically claim an identity with a username and prove their identity with a password.

Availability

One of the three main goals of information security is known as the CIA security triad. Availability ensures that systems and data are up and operational when needed.

Compare with confidentiality and integrity.

Backdoor

An alternate method of accessing a system. Malware often adds a backdoor into a system after the worm infects the system.

Background Check

A check into a person's history, typically to determine eligibility for a job.

Banner Grabbing

A method used to gain information about a remote system. It identifies the operating system and other details on the remote system.

BCP

Business Continuity Plan.

A plan that helps an organization predict and plan for potential outages of critical services or functions. It includes disaster recovery elements that provide the steps used to return critical functions to operation after an outage. A BIA (Business Impact Analysis) is part of a BCP, and the BIA drives decisions to create redundancies such as failover clusters or alternate sites.

Compare with BIA and DRP (Disaster Recovery Plan).

Bcrypt

A key stretching algorithm. It is used to protect passwords. Bcrypt salts passwords with additional bits before encrypting them with blowfish. This thwarts rainbow table attacks.

Compare with Argon2 and PBKDF2.

BIA

Business Impact Analysis.

A process that helps an organization identify critical systems and components that are essential to the organization's success. It identifies various scenarios that can impact these systems and components, maximum downtime limits, and potential losses from an incident. The BIA helps identify RTOs (Recovery Time Objectives) and RPOs (Recovery Point Objectives).

Compare with BCP (Business Continuity Plan), DRP (Disaster Recovery Plan), RTO, and RPO.

BIND

Berkeley Internet Name Domain.

BIND is DNS (Domain Name System) software that runs on Linux and Unix servers. Most Internet-based DNS servers use BIND.

BIOS

Basic Input/Output System.

A computer's firmware is used to manipulate different settings such as the date and time, boot drive, and access password. UEFI (Unified Extensible Firmware Interface) is the designated replacement for BIOS.

Compare with UEFI.

Birthday Attack

A password attack named after the birthday paradox in probability theory. The paradox states that for any random group of 23 people, there is a 50 percent chance that 2 of them have the same birthday.

Wiki Definition: There's a higher chance of sharing a trait with someone as more people join the equation. Hackers use that mathematical probability to crack digital signatures and perform hash collision attacks.

Blockchain

A distributed, decentralized, public ledger. The word block refers to pieces of digital information (the ledger), and chain refers to a public database. Digital cryptocurrencies use blockchain technology.

Block Cipher

An encryption method that encrypts data in fixed-size blocks.

Compare with stream cipher.

Block List

A list of applications that a system blocks or denies. Users are unable to install or run any applications on the list. Also called the deny list.

Compare with allow list

Blowfish

A strong symmetric block cipher. It encrypts data in 64-bit blocks and supports key sizes between 32 and 448 bits.

Compare with Twofish.

Bluejacking

An attack against Bluetooth devices. It is the practice of sending unsolicited messages to nearby Bluetooth devices.

Bluesnarfing

An attack against Bluetooth devices. Attackers gain unauthorized access to Bluetooth devices and can access all the data on the device.

Bluebugging

An attack against bluetooth devices. Attackers gain full access to the phone and installs a backdoor giving the attacker full access to the phone at any time. In addition to gaining full access to the phone, the attacker installs a backdoor.xml

Blue Team

Personnel involved in cybersecurity readiness are experts in defending systems.

Compare with the red team, purple team, white team, and capture the flag.

Bollards

Short vertical posts that act as a barricade. Bollards block vehicles but not people.

Boot Attestation

An entity verifies (or attests) that the boot files have not been modified. As an example, a TPM supports a secure boot attestation process by first verifying node of the boot files have changed.

Boot Integrity

Processes that verify the integrity of the boot process for the system.

Compare with measured boot, boot attestation, and hardware root of trust.

Bots and Botnets

Software that functions automatically. A botnet is a group of computers that are joined together. Attackers often use malware to join computers to a botnet and then use the botnet to launch attacks.

Braindump

A list of questions and answers for exams. They rarely have explanations and often have incorrect answers. Braindump users are tricked into memorizing incorrect answers for questions after memorizing them. They think they're ready for the live exam, but they often fail the exam repeatedly without understanding why.

BPDU Guard

Bridge Protocol Data Unit Guard.

A technology that detects false BPDU messages. False BPDU messages can indicate a switching loop problem and shut down switch ports. The BPDU guard detects false BPDU messages and blocks the BPDU attack.

BYOD

Bring Your Own Device.

A mobile device deployment model. A BYOD model allows employees to connect personally owned devices, such as tablets and smartphones, to a company network. Data security is often a concern with BYOD policies causing organizations to consider CYOD (Choose Your Own Device) or COPE (Corporately Owned, Personally Enabled) models.

Compare with COPE and CYOD

Brute Force

A password attack that attempts to guess a password. Online brute force attacks guess passwords of online systems. Offline attacks guess passwords contained in a file or database.

Buffer Overflow

An error occurs when an application receives more input or different input, than it expects. It exposes system memory that is normally inaccessible.

Burning

A data sanitization process. Burning is typically performed within an incinerator.

Compare with shredding, pulping, pulverizing, and degaussing.

CA

Certificate Authority

An organization that manages, issues, and signs certificates and is part of a PKI (Public Key Infrastructure). Certificates are an essential part of asymmetric encryption, and they include public keys and details on the owner of the certificate and the CA that issued the certificate. Certificate owners share their public keys by sharing a copy of their certificates.

Compare with PKI

CAPTCHA

Completely Automated Public Turing Test to Tell Computers and Humans Apart.

A technique used to prevent automated tools from interacting with a website. Users must type in text often from a slightly distorted image.

Captive Portal

A technical solution that forces wireless clients using web browsers to complete a process before accessing a network. It is often used to ensure users agree to an acceptable use policy or pay for access.

Capture the Flag

A competition involving cybersecurity personnel. Capture the flag (CTF) events vary depending on who is hosting the event but typically involve red teams, blue teams, purple teams, and white teams.

Carrier Unlocking

The process of unlocking a mobile phone from a specific cellular provider.

CBC

Cipher Block Chaining.

A mode of operation used by some symmetric encryption ciphers. It uses an IV (Initial Vector) for the first block and each subsequent block is combined with a previous block.

CCMP

Counter Mode with Cipher Block Chaining Message Authentication Code Protocol.

An encryption protocol based on AES (Advanced Encryption Standard) and used with WPA2 (WiFi Protected Access) for wireless security.

CER

Canonical Encoding Rules.

A base format for PKI (Public Key Infrastructure) certificates. They are ASCII-encoded (American Standard Code for Information Interchange) files.

Compare with DER (Distinguished Encoding Rules).

CERT

Computer Emergency Response Team.

A group of experts who respond to security incidents.

Certificate

A digital file used for encryption, authentication, digital signatures, and more. Public certificates include a public key used for asymmetric encryption.

Certificate Chaining

A process that combines all certificates within a trust model. It includes all the certificates in the trust chain from the root CA (Certificate Authority) down to the certificate issued to the end user.

Compare with certificate authority and intermediate CA.

CSR

Certificate Signing Request.

A method of requesting a certificate from a CA (Certificate Authority). It starts by creating an RSA-based private/public key pair and then including the public key in the CSR. Most CAs require CSRs to be formatted using the Public-Key Cryptography Standards (PKCS) #10 specification.

Chain of Custody

A process that provides assurances that evidence has been controlled and handled properly after collection. Forensic experts establish a chain of custody when they first collect evidence.

Change Management

The process used to prevent unauthorized changes. Unauthorized changes often result in unintended outages

*Messer Definition
"Change management is the process for making any type of change. This could be a software upgrade, a hardware replacement, or any other type of modification to the existing environment. Having a formal change management process minimizes the risk of a change and makes everyone aware of the changes as they occur."

CHAP

Challenge Handshake Authentication Protocol.

An authentication mechanism where a server challenges a client.

Compare with MS-CHAPv2 and PAP.

Checksum

A type of hash that is quick but not necessarily cryptographically secure. It is often used to validate the integrity of data. RAID-5 disks use checksum bits to verify that data on disks aren't corrupt.

CYOD

Choose Your Own Device.

A mobile device deployment model. Employees can connect their personally owned device to the network as long as the device is on a preapproved list. Note that the device is purchased by and owned by employees.

Compare with BYOD (Bring Your Own Device) and COPE (Corporately Owned, Personally Enabled).

CIA

Confidentiality, Integrity, Availability.

These three form the security triad:
-Confidentiality helps prevent the unauthorized disclosure of data.
-Integrity provides assurances that data has not been modified, tampered with, or corrupted.
-Availability indicates that data and services are available when needed.

CIO

Chief Information Officer.

A "C" level executive position in some organizations. A CIO focuses on using methods within the organization to answer relevant questions and solve problems.

Ciphertext

The result of encrypting plaintext. Ciphertext is not in an easily readable format until it is decrypted.

Compare with plaintext.

Clean Desk Space

A security policy requires employees to keep their areas organized and free of papers. The goal is to reduce threats of security incidents by protecting sensitive data.

CCTV

Closed Circuit Television.

A detective control that provides video surveillance. Video surveillance provides reliable proof of a person's location and activity. It is also a physical security control, and it can increase the safety of an organization's assets.

CASB

Cloud Access Security Broker.

A software tool or service that enforces cloud-based security requirements. It is placed between the organization's resources and the cloud, monitors all network traffic, and can enforce security policies.

Cloud Deployment Models

Cloud model types that identify who has access to cloud resources. Public clouds are for any organization, and private clouds are for a single organization. Community clouds are shared among community organizations. A hybrid cloud is a combination of two or more clouds.

Code Reuse

Code reuse refers to reusing code instead of re-creating code that already exists. A primary benefit is that existing code has already been tested, while new code may introduce new bugs.

Code Signing

The process of assigning a certificate to code. The certificate includes a digital signature and validates the code.

Cold Site

An alternate location for operations. A cold site will have power and connectivity needed for activation, but little else.

Compare with hot site and warm site.

Collision

A hash vulnerability that can be used to discover passwords. A hash collision occurs when two different passwords create the same hash. A collision attack attempts to find two different passwords that create the same hash