CompTIA Security+ SY0-501 Glossary (full)

3DES

Triple Digital Encryption Standard. A symmetric algorithm used to encrypt data and provide confidentiality. It is a block cipher that encrypts data in 64-bit blocks.

AAA

Authentication, authorization, and accounting. A group of technologies used in remote access systems. Authentication verifies a user's identification. Authorization determines if a user should have access. Accounting tracks a user's access with logs. Sometimes called AAAs of security.

ABAC

Attribute-based access control. An access control model that grants access to resources based on attributes assigned to subjects and objects.

acceptable use policy (AUP)

A policy defining proper system usage and the rules of behavior for employees. It often describes the purpose of computer systems and networks, how users can access them, and the responsibilities of users when accessing the systems.

access point (AP)

A device that connects wireless clients to wireless networks. Sometimes called wireless access point (WAP).

accounting

The process of tracking the activity of users and recording this activity in logs. One method of accounting is audit logs that create an audit trail.

ACLs (access control lists)

Lists of rules used by routers and stateless firewalls. These devices use the ACL to control traffic based on networks, subnets, IP addresses, ports, and some protocols.

active reconnaissance

A penetration testing method used to collect information. It sends data to systems and analyzes responses to gain information on the target. Compare with passive reconnaissance.

ad hoc

A connection mode used by wireless devices without an AP. When wireless devices connect through an AP, they are using infrastructure mode.

administrative controls

Security controls implemented via administrative or management methods.

AES (Advanced Encryption Standard)

A strong symmetric block cipher that encrypts data in 128-bit blocks. AES can use key sizes of 128 bits, 192 bits, or 256 bits.

affinity

A scheduling method used with load balancers. It uses the client's IP address to ensure the client is redirected to the same server during a session.

aggregation switch

A switch used to connect multiple switches together into a network. Switches connect to the aggregation switch and it connects to a router.

agile

A software development life cycle model that focuses on interaction between customers, developers, and testers. Compare with waterfall.

AH (authentication header)

An option within IPsec to provide authentication and integrity.

airgap

A physical security control that provides physical isolation. Systems separated by an airgap don't typically have any physical connections to other systems.

ALE (annualized loss expectancy)

The expected loss for a year. It is used to measure risk with ARO (annual rate of occurrence) and SLE (single loss expectancy) in a quantitative risk assessment. The calculation is SLE x ARO = ALE.

amplification attack

An attack that increases the amount of bandwidth sent to a victim.

anomaIy

A type of monitoring on intrusion detection and intrusion prevention systems. It detects attacks by comparing operations against a baseline. It is also known as heuristic detection.

ANT

A proprietary wireless protocol used by some mobile devices. It is not an acronym.

antispoofing

A method used on some routers to protect against spoofing attacks. A common implementation is to implement specific ru|es to block certain traffic.

antivirus

Software that protects systems from malware. Although it is called antivirus software, it protects against most malware, including viruses, Trojans, worms, and more.

application blacklist

A list of applications that a system blocks. Users are unable to install or run any applications on the list.

application cell

Also known as application containers. A virtualization technology that runs services or applications within isolated application cells (or containers). Each container shares the kernel of the host.

application whitelist

A list of applications that a system allows. Users are only able to install or run applications on the list.

APT (Advanced persistent threat) [crew]

A group that has both the capability and intent to launch sophisticated and targeted attacks.

ARO (annualized rate of occurrence)

The number of times a loss is expected to occur in a year. It is used to measure risk with ALE and SLE in a quantitative risk assessment.

arp

A command-line tool used to show and manipulate the Address Resolution Protocol (ARP) cache. *

ARP poisoning

An attack that misleads systems about the actual MAC address of a system.

asset value

An element of a risk assessment. It identifies the value of an asset and can include any product, system, resource, or process. The value can be a specific monetary value or a subjective value.

asymmetric encryption

A type of encryption using two keys to encrypt and decrypt data. It uses a public key and a private key. Compare with symmetric encryption.

attestation

A process that checks and validates system files during the boot process. TPMs sometimes use remote attestation, sending a report to a remote system for attestation.

audit trail

A record of events recorded In one or more logs. When security professionals have access to all the logs, they can re-create the events that occurred leading up to a security incident.

authentication

The process that occurs when a user proves an identity, such as with a password.

authorization

The process of granting access to resources for users who prove their identity (such as with a username and password) based on their proven identity.

availability

One of the three main goals of information security known as the CIA security triad. Availability ensures that systems and data are up and operational when needed. Compare with confidentiality and integrity.

backdoor

An alternate method of accessing a system. Malware often adds a backdoor into a system after it infects it.

background check

A check into a person's history, typically to determine eligibility for a job.

banner grabbing

A method used to gain information about a remote system. It identifies the operating system and other details on the remote system.

bcrypt

A key stretching algorithm. It is used to protect passwords. Bcrypt salts passwords with additional bits before encrypting them with Blowfish. This thwarts rainbow table attacks.

BIOS

Basic Input/Output System. A computer's firmware used to manipulate different settings such as the date and time, boot drive, and access password. UEFI is the designated replacement for BIOS.

birthday [theorem]

A password attack named after the birthday paradox in probability theory. The paradox states that for any random group of 23 people, there is a 50 percent chance that 2 of them have the same birthday.

black box test

A type of penetration test. Testers have zero knowledge of the environment prior to starting the test. Compare with gray box test and white box test.

block cipher

An encryption method that encrypts data in fixed-sized blocks. Compare with stream cipher.

Blowfish

A strong symmetric block cipher. It encrypts data in 64-bit blocks and supports key sizes between 32 and 448 bits. Compare with Twofish.

bluejacking

An attack against Bluetooth devices. It is the practice of sending unsolicited messages to nearby Bluetooth devices.

bluesnarfing

An attack against Bluetooth devices. Attackers gain unauthorized access to Bluetooth devices and can access all the data on the device.

bollards

Short vertical posts that act as a barricade. Bollards block vehicles but not people.

bots

Software robots that function automatically. A botnet is a group of computers that are joined together. Attackers often use malware to join computers to a botnet, and then use the botnet to launch attacks.

BPA (business partners agreement)

A written agreement that details the relationship between business partners, including their obligations toward the partnership.

bridge

A network device used to connect multiple networks together. It can be used instead of a router in some situations.

brute force

A password attack that attempts to guess a password. Online brute force attacks guess passwords of online systems. Offline attacks guess passwords contained in a file or database.

buffer overflow

An error that occurs when an application receives more input, or different input, than it expects. It exposes system memory that is normally inaccessible.

business impact analysis (BIA)

A process that helps an organization identify critical systems and components that are essential to the organization's success.

BYOD

Bring your own device. A mobile device deployment model. Employees can connect their personally owned device to the network. Compare with COPE and CYOD.

CA (certificate authority)

Certificate Authority. An organization that manages, Issues, and signs certificates. A CA is a main element of a PKI.

CAC (Common Access Card)

A specialized type of smart card used by the US. Department of Defense. It includes photo identification and provides confidentiality, integrity, authentication, and non-repudiation.

captive portal

A technical solution that forces wireless clients using web browsers to complete a process before accessing a network. It is often used to ensure users agree to an acceptable use policy or pay for access.

carrier unlocking

The process of unlocking a mobile phone from a specific cellular provider.

CBC (cipher block chaining)

A mode of operation used for encryption that effectively converts a block cipher into a stream cipher. It uses an IV for the first block and each subsequent block is combined with the previous block.

CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol)

An encryption protocol based on AES and used with WPA2 for wireless security. It is more secure than TKIP, which was used with the original release of WPA.

CER (Canonical Encoding Rules)

A base format for PKI certificates They are binary encoded files. Compare with DER.

certificate

A digital file used for encryption, authentication, digital signatures, and more. Public certificates include a public key used for asymmetric encryption.

certificate chaining

A process that combines all certificates within a trust model. It includes all the certificates in the trust chain from the root CA down to the certificate issued to the end user.

chain of custody

A process that provides assurances that evidence has been controlled and handled properly after collection. Forensic experts establish a chain of custody when they first collect evidence.

change management

The process used to prevent unauthorized changes. Unauthorized changes often result in unintended outages.

CHAP (Challenge Handshake Authentication Protocol)

An authentication mechanism where a server challenges a client. Compare with MS-CHAPv2 and PAP.

chroot

A Linux command used to change the root directory. It is often used for sandboxing.

ciphertext

The result of encrypting plaintext. Ciphertext is not in an easily readable format until it ls decrypted.

clean desk policy

A security policy requiring employees to keep their areas organized and free of papers. The goal is to reduce threats of security incidents by protecting sensitive data.

clickjacking

An attack that tricks users into clicking something other than what they think they're clicking.

cloud access security broker (CASB)

A software tool or service that enforces cloud-based security requirements. It is placed between the organization's resources and the cloud, monitors all network traffic, and can enforce security policies.

cloud deployment models

Cloud model types that identify who has access to cloud resources. Public clouds are for any organization. Private clouds are for a single organization. Community clouds are shared among community organizations. A hybrid cloud is a combination of two or more clouds.

code signing

The process of assigning a certificate to code. The certificate includes a digital signature and validates the code.

cold site

An alternate location for operations. A cold site will have power and connectivity needed for activation, but little else. Compare with hot site and warm site.

collision

A hash vulnerability that can be used to discover passwords. A hash collision occurs when two different passwords create the same hash.

compensating controIs

Security controls that are alternative controls used when a primary security control is not feasible.

compiled code

Code that has been optimized by an application and converted into an executable file. Compare with runtime code.

confidential data

Data meant to be kept secret among a certain group of people. As an example, salary data is meant to be kept secret and not shared with everyone within a company.

confidentiality

One of the three main goals of information security known as the CIA security triad. Confidentiality ensures that unauthorized entities cannot access data. Encryption and access controls help protect against the loss of confidentiality. Compare with availability and integrity.

configuration compliance scanner

A type of vulnerability scanner that verifies systems are configured correctly. It will often use a file that identifies the proper configuration for systems.

confusion

A cryptography concept that indicates ciphertext is significantly different than plaintext.

containerization

A method used to isolate applications in mobile devices. It isolates and protects the application, including any data used by the application.

context-aware authentication

An authentication method using multiple elements to authenticate a user and a mobile device. It can include identity, geolocation, the device type, and more.

continuity of operations planning

The planning process that identifies an alternate location for operations after a critical outage. It can include a hot site, cold site, or warm site.

control diversity

The use of different security control types, such as technical controls, administrative controls, and physical controls. Compare with vendor diversity.

controller-based AP

An AP that is managed by a controller. Also called a thin AP. Compare with fatAP.

COPE

Corporate-owned, personally enabled. A mobile device deployment model. The organization purchases and issues devices to employees. Compare with BYOD and CYOD.

corrective controls

Security controls that attempt to reverse the impact of a security incident.

CRL

Certificate revocation list. A list of certificates that a CA has revoked. Certificates are commonly revoked if they are compromised, or issued to an employee who has left the organization.

crossover error rate

The point where the false acceptance rate (FAR) crosses over with the false rejection rate (FRR). A lower CER indicates a more accurate biometric system.

cross-site request forgery (XSRF)

A web application attack. XSRF attacks trick users into performing actions on web sites, such as making purchases, without their knowledge.

cross-site scripting (XSS)

A web application vulnerability. Attackers embed malicious HTML or JavaScript code into a web site's code, which executes when a user visits the site.

crypto-malware

A type of ransomware that encrypts the user's data.

crypto moduIe

A set of hardware, software, and/or firmware that implements cryptographic functions. Compare with crypto service provider.

crypto service provider

A software library of cryptographic standards and algorithms. These libraries are typically distributed within crypto modules.

CSR

Certificate signing request. A method of requesting a certificate from a CA. It starts by creating an RSA-based private/public key pair and then including the public key in the CSR.

CTM

Counter mode. A mode of operation used for encryption that combines an IV with a counter. The combined result is used to encrypt blocks.

custom firmware

Mobile device firmware other than the firmware provided with the device. People sometimes use custom firmware to root Android devices.

cyber-incident response team

A group of experts who respond to security incidents. Also known as CIRT.