Sec+ ACRONYMS

802.1x

A port-based authentication protocol. Wireless connections such as WPA2 can use this. Enterprise mode requires this and PEAP and EAP-TTLS requires a certificate on this server.

3DES

A symmetric algorithm used to encrypt data and provide confidentiality. It is a block cipher that encrypts data in 64-bit blocks.

AAA

Protocols are used in remote access systems. For example, TACACS+ is a type of this protocol that uses multiple challenges and responses during a session.

ACE

Identifies a user or group that is granted permission to a resource. Contained within a DACL in NTFS.

ACK

A packet in a TCP handshake. In a SYN flood attack, attackers send the SYN packet, but don't complete the handshake after receiving the SYN or this packet.

ACL

Routers and packet-filtering firewalls perform basic filtering using an this to control traffic based on networks, subnets, IP addresses, ports, and some protocols.

AES

A symmetric algorithm used to encrypt data and provide confidentiality. Is a block cipher and it encrypts data in 128-bit blocks. It is quick, highly secure, and used in a wide assortment of cryptography schemes. Includes key sizes of 128-bit, 192-bit or 256 bit.

AES-256

Sometimes includes the number of bits used in the encryption key. This is advanced encryption standard 256 bit. Blowfish is faster than this.

AH

IPsec includes both this and ESP. Provides authentication and integrity using HMAC. Identified with protocol ID number 51.

ALE

This identifies the expected annual loss and is used to measure risk with ARO and SLE in a quantitative risk assessment. The calculation is SLE * ARO.

AP

Short for wireless access point. Provide access to a wired network to wireless clients.

API

A software module or component that identifies inputs and outputs for applications.

APT

A group that has both the capability and intent to launch sophisticated and targeted attacks.

ARO

Identifies how many times a loss is expected to occur in a year and it is used to measure risk with ALE and SLE in a quantitative risk assessment.

ARP

Resolver IPv4 addresses to MAC addresses. When this poisoning attacks are used it can redirect traffic through an attacker's system by sending false MAC address updates.

ASCII

Code used to display characters.

ASP

Provides an application as a service over a network.

AUP

This defines proper system usage. It will often describe the purpose of computer systems and networks, how users can access them, and the responsibilities of users when accessing the systems.

BAC

An application that shows availability and performance of applications used or provided by a business.

BCP

A plan that helps an organization predict and plan for potential outages of critical services or functions. It includes disaster recovery elements that provide the steps used to return critical functions to operation after an outages. BIA is a part of this and drives decisions to create redundancies.

BIA

This identifies systems and components that are essential to the organization's success. It identifies various scenarios that can impact these systems and components, maximum downtime limits, and potential losses from an incident. Helps identify RTOs and RPOs.

BIND

This is DNS software that runs on Linux or Unix servers. Most internet-based DNS servers use this.

BIOS

A computer's firmware used to manipulate different settings such as the date and time, boot drive, and access password.

BPA

A written agreement that details the relationship between business partners, including their obligations toward the partnership.

BYOD

A policy allowing employess to connect personally owned devices, such as tablets or phones, to a company network.

CA

An organization that manages, issues, and signs certificates and is part of a PKI. Certificates are important part of asymmetric encryption.

CAC

A specialized type of smart card used by the US DoD. It includes photo identification and provides confidentiality, integrity, authentication, and non-repudiation for the users.

CAN

A standard that allows microcontrollers and devices to communicate with each other without a host computer.

CAPTCHA

Technique used to prevent automated tools from interacting with a web site.

CAR

A report used to document actions taken to correct an event, incident, or outage.

CCMP

An encryption protocol based on AES and used with WPA2 for wireless security. It is more secure than TKIP.

CCTV

This is a detective control that provides video surveillance. Provides reliable proof of a person's activity and location.

CERT

A group of experts who respond to security incidents. Includes SIRT, CIRT, or IRT

CHAP

Authentication mechanism where a server challenges a client. More secure than PAP and uses PPP. MS-CHAPv2 is an improvement over this and uses mutual authentication.

CIA

These three form the security triad.

CIO

A "C" level executive position in some organizations. Focuses on using methods within the organization to answer relevant questions and solve problems.

COOP

These planning sites provide alternate location for operations after a critical outage. Includes hot, cold, warm, and mobile sites.

CP

Plans for contingencies in the event of a disaster to keep an organization operation.

CRC

An error detection code used to detect accidental changes that can affect the integrity of data.

CRL

A list of corticates that a CA has revoked. Certificates are commonly revoked if they are compromised, or issued to an employee who has left the organization.

CSR

A method of requesting a certificate from a CA. It starts by creating RSA-based private/public key pair and then including the public key in the CSR.

CSR

A register in a processor used for temporary storage of data.

CSU

A line bridging device used with T1 and similar lines. It typically connects with a DSU.

CTO

A "C" level executive position in some organizations. They focus on technology and evaluate new technologies.

CVE

A dictionary of publicly known security vulnerabilities and exposures.

DAC

An access control model where all objects have owners and owners can modify permissions for the objects.

DACL

List of access control entries in Microsoft NFTS. Each ACE includes a security identifier and permission.

DBA

Administers databases on database servers.

dBd

Identifies the gain of an antenna compared with a type of dipole antenna. Higher of this indicate the antenna can transmit and receive over greater distances.

DDos

An attack on a system launched from multiple sources intended to make a computer's resources or services unavailable to users.

DEP

A security feature in some operating systems. It helps prevent an application or service from executing code from a nonexecutable memory region.

DES

An older symmetric encryption standard used to provide confidentiality. Is a block cipher and it encrypts data in 64 bit blocks. Uses 56 bit keys.

DHCP

A service used to dynamically assign TCP/IP configuration information to clients.

DHE

Instead of using keys that stay the same over a long period, uses ephemeral keys, which changes for each new session.

DLP

A network-based these systems can examine and analyze network traffic. It can detect if confidential company data or any PII data is included in email and reduce the risk of internal users emailing sensitive data outside the organization. End-Point DLP systems can prevent users from copying or printing sensitive data.

DMZ

A buffer zone between the internet and the internal network. It allows access to services while segmenting access to the internal network.

DNAT

A form of NAT that changes the destination IP address for incoming traffic. It is used for port forwarding.

DNAT

A form of NAT that uses multiple public IP addresses.

DNS

Used to resolve host names to IP addresses.

DNSSEC

A suite of specifications used to protect the integrity of DNS records and prevent DNS poisoning attacks.

DoS

An attack from a single source that attempts to disrupt the services provided by the attacked system.

DRP

A document designed to help a company respond to disasters, such as hurricanes, floods, and fires. It includes a hierarchical list of critical systems and often prioritizes services to restore after an outage. Testing validates this.

DSA

A digital signature is an encrypted hash of a message. The sender's private key encrypts the hash of the message to create the digital signature. The recipient decrypts the hash with the sender's public key.

DSL

Improvement over traditional dial-up to access the Internet.

DSU

An interface used to connect equipment to a T1 and similar lines. It typically connects with CSU as a CSU/DSU.

EAP

An authentication framework that provides general guidance for authentication methods.

EAP-TLS

An extension of EAP sometimes used with 802.1x. This is one of the most secure EAP standards and is widely implemented. Requires certificates on the 802.1x server and the wireless clients.

EAP-TTLS

An extension of EAP sometimes used with 802.1x. It allows systems to use some older authentications method such as PAP within a TLS tunnel.

ECC

An asymmetric encryption algorithm commonly used with small wireless devices. It uses small key sizes and requires less processing power than many other encryption methods.

ECDHE

A version of Diffie-Hellman that uses ECC to generate encryption keys. Ephemeral keys are re-created for each session.

EFS

A feature with NTFS on Windows systems that supports encrypting individual files or folders for confidentiality.

EMI

Interference caused by motors, power lines, and fluorescent lights. This shielding prevents outside interferences from corrupting data and prevents data from emanating outside the cable.

ESD

Release of static electricity. Can damage equipment and low humidity causes a higher incidence of this.

ESP

IPsec includes both AH and this. This provides confidentiality, integrity, and authentication using HMAC and AES or 3DES. Is identified with protocol ID number 50.

FACL

An ACL used for file systems.

FCoE

A lower-cost alternative to traditional SANs. It supports sending Fibre Channel commands over an IP network.

FDE

Method to encrypt an entire disk.

FTP

Used to upload and download files to an server. Uses TCP ports 20 and 21.

FTPS

An extension of FTP that uses SSL to encrypt FTP traffic. Some implementations of this use TCP ports 989 and 990.

GPG

Free software based on the OpenPGP standard and used to encrypt and decrypt files.

GPO

Group policy is used within Microsoft Windows to manage users and computers. It is implemented on a domain controller within a domain.

GPS

Can help locate lost mobile devices. Remote wipe, or remote sanitize, erases all data on lost devices.

GRE

A tunneling protocol developed by Cisco systems.

GUI

Users interact with the graphical elements instead of typing commands from a text interface.

HDD

A disk drive that has one or more platters and a spindle.

HIDS

An IDS used to monitor an individual server or workstation. It protects local resources on the host such as the operating system files, and in some cases, it can detect malicious activity missed by antivirus software.

HIPS

An extension of a host-based IDS. Designed to react in real time to catch an attack in action.

HMAC

A hashing algorithm used to verify integrity and authenticity of a message with the use of a shared secret. Combined with MD5 and SHA-1.

HTOP

An open standard used for creating one-time passwords, similar to those used in tokens or key fobs. It combines a secret key and an incrementing counter, and then uses HMAC to create a hash of the result.

HSM

A removable or external device that can generate, store, and manage RSA keys used in asymmetric encryption. High-volume e-commerce sites use this to increase the performance of SSL sessions.

HTML

Language used to create web pages.

HTTP

Used for web traffic on the internet and in intranets. Uses TCP port 80.

HTTPS

Encrypts HTTP traffic with SSL or TLS using TCP port 443.

HVAC

Systems increase availability by regulating airflow within data centers and server rooms. Results in fewer failures and longer MTBF times.

IaaS

A cloud-computing technology that allows an organization to rent access o hardware. Provides customers with access to hardware in a self-managed platform.

ICMP

Used for diagnostics such as ping. Many DoS attacks use this. It is common to block these at firewalls and routers.

IDS

A detective control used to detect attacks after they occur. Monitors a network or host for intrusions and provides ongoing protection.

IGMP

Used for multicasting. Computers belonging to a multicasting group have a multicasting IP address in addition to a standard unicast IP address.

IIS

A Microsoft Windows web server. Comes free with Microsoft products. Linux systems use Apache as a web server.

IKE

Ussed with IPsec to create a secure channel over UDP port 500 in a VPN tunnel.