Network Security Glossary: Key Terms and Concepts, Slides of Technology

Definitions and explanations for various terms and concepts related to network security. Topics include network access control, acceptable use policies, firewalls, intrusion detection systems, and more.

Typology: Slides

2021/2022

Uploaded on 08/05/2022

dirk88
dirk88 🇧🇪

4.4

(222)

3.1K documents

1 / 20

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Prowse,DavidL.CompTIA®Security+SY0401 er
t
Guide, Deluxe Edition, ThirdEdition.Indianapolis, IN:
PearsonEducationInc.,2015.Print.
Security+ Terminology
3-leg perimeter
AtypeofDMZwhereafirewallhasthreelegsthatconnecttotheLAN,theInternet,andtheDMZ.
10 tape rotation
Abackuprotationschemeinwhichtenbackuptapesareusedoverthecourseoftwo
weeks.
802.1X
AnauthenticationtechnologyusedtoconnectdevicestoaLANorWLAN.Itisanexampleof
portbasednetworkaccesscontrol(NAC).
acceptable use
Oftendefinedasapolicy,acceptableusedefinestherulesthatrestricthowacomputer,
network,orothersystemmaybeused.
access control list (ACL)
Alistofpermissionsattachedtoanobject.ACLsspecifywhatlevelofaccessa
user,users,orgroupshavetoanobject.Whendealingwithfirewalls,anACLisasetofrulesthatapplies
toalistofnetworknames,IPaddresses,andportnumbers.
access control model
Specifiesmethodologiesbywhichadmissiontophysicalareasand,more
importantly,computersystems,ismanagedandorganized.
account expiration
The date when a user’s account they use to log on to the network expires.
accounting
Thetrackingofdata,computerusage,andnetworkresources.Oftenitmeanslogging,
auditing,andmonitoringofthedataandresources.
active interception
Normallyreferstoplacingacomputerbetweenthesenderandthereceiverinan
efforttocaptureandpossiblymodifyinformation.
ad filtering
Waysofblockingandfilteringoutunwantedadvertisements;popupblockersandcontent
filtersareconsideredtobeadfilteringmethods.
Advanced Encryption Standard (AES)
AnencryptionstandardusedwithWPAandWPA2.The
successortoDES/3DESandisanothersymmetrickeyencryptionstandardcomposedofthreedifferent
blockciphers:AES128,AES192,andAES256.
adware
Typeofspywarethatpopsupadvertisementsbasedonwhatithaslearnedabouttheuser.
algorithms
Welldefinedinstructionsthatdescribecomputationsfromtheirinitialstatetotheirfinal
state.
anomaly-based monitoring
Alsoknownasstatisticalanomalybasedmonitoring,establishesa
performancebaselinebasedonasetofnormalnetworktrafficevaluations.
AP isolation
EachclientconnectedtotheAPwillnotbeabletocommunicatewitheachother,butthey
caneachstillaccesstheInternet.
application black-listing
Amethodofdisallowingoneormoreapplicationsfromuse.
application firewall
Afirewallthatcancontrolthetrafficassociatedwithspecificapplications.Worksall
thewayuptotheApplicationLayeroftheOSImodel.
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14

Partial preview of the text

Download Network Security Glossary: Key Terms and Concepts and more Slides Technology in PDF only on Docsity!

Prowse, David L. CompTIA®Security+ SY0‐401 ert Guide, Deluxe Edition, Third Edition. Indianapolis, IN:

Security+ Terminology

3-leg perimeter A type of DMZ where a firewall has three legs that connect to the LAN, the Internet, and the DMZ.

10 tape rotation A backup rotation scheme in which ten backup tapes are used over the course of two weeks.

802.1X An authentication technology used to connect devices to a LAN or WLAN. It is an example of port‐based network access control (NAC).

acceptable use Often defined as a policy, acceptable use defines the rules that restrict how a computer, network, or other system may be used.

access control list (ACL) A list of permissions attached to an object. ACLs specify what level of access a user, users, or groups have to an object. When dealing with firewalls, an ACL is a set of rules that applies to a list of network names, IP addresses, and port numbers.

access control model Specifies methodologies by which admission to physical areas and, more importantly, computer systems, is managed and organized.

account expiration The date when a user’s account they use to log on to the network expires.

accounting The tracking of data, computer usage, and network resources. Often it means logging, auditing, and monitoring of the data and resources.

active interception Normally refers to placing a computer between the sender and the receiver in an effort to capture and possibly modify information.

ad filtering Ways of blocking and filtering out unwanted advertisements; pop‐up blockers and content filters are considered to be ad filtering methods.

Advanced Encryption Standard (AES) An encryption standard used with WPA and WPA2. The successor to DES/ 3DES and is another symmetric key encryption standard composed of three different block ciphers: AES‐128, AES‐192, and AES‐256.

adware Type of spyware that pops up advertisements based on what it has learned about the user.

algorithms Well‐defined instructions that describe computations from their initial state to their final state.

anomaly-based monitoring Also known as statistical anomaly‐based monitoring, establishes a performance baseline based on a set of normal network traffic evaluations.

AP isolation Each client connected to the AP will not be able to communicate with each other, but they can each still access the Internet.

application black-listing A method of disallowing one or more applications from use.

application firewall A firewall that can control the traffic associated with specific applications. Works all the way up to the Application Layer of the OSI model.

Prowse, David L. CompTIA®Security+ SY0‐401 ert Guide, Deluxe Edition, Third Edition. Indianapolis, IN:

application-level gateway (ALG) Applies security mechanisms to specific applications, such as FTP and/ or BitTorrent. It supports address and port translation and checks whether the type of application traffic is allowed.

application white-listing A method of restricting users to specific applications.

ARP poisoning An attack that exploits Ethernet networks, and it may enable an attacker to sniff frames of information, modify that information, or stop it from getting to its intended destination.

asymmetric key algorithm A type of cipher that uses a pair of different keys to encrypt and decrypt data.

attack vector The path or means by which an attacker gains access to a computer.

audit trails Records or logs that show the tracked actions of users, regardless of whether the users successfully completed the actions.

authentication When a person’s identity is confirmed. Authentication is the verification of a person’s

identity.

authorization When a user is granted access to specific resources after authentication is complete.

availability Data is obtainable regardless of how information is stored, accessed, or protected.

backdoors Used in computer programs to bypass normal authentication and other security mechanisms in place.

back-to-back perimeter A type of DMZ where the DMZ is located between the LAN and application‐ level gateway (ALG) Applies security mechanisms to specific applications, such as FTP and/ or BitTorrent. It supports address and port translation and checks whether the type of application traffic is allowed.

blackout When a total loss of power for a prolonged period occurs.

blanket purchase agreement (BPA) A service‐level agreement (SLA) that is reoccurring.

block cipher A type of algorithm that encrypts a number of bits as individual units known as blocks.

bluejacking The sending of unsolicited messages to Bluetooth‐enabled devices such as mobile phones and tablets.

bluesnarfing The unauthorized access of information from a wireless device through a Bluetooth connection.

botnet A group of compromised computers used to distribute malware across the Internet; the members are usually zombies.

broadcast storm When there is an accumulation of broadcast and multicast packet traffic on the LAN coming from one or more network interfaces.

brownout When the voltage drops to such an extent that it typically causes the lights to dim and causes computers to shut off.

Prowse, David L. CompTIA®Security+ SY0‐401 ert Guide, Deluxe Edition, Third Edition. Indianapolis, IN:

cluster Two or more servers that work with each other.

cold site A site that has tables, chairs, bathrooms, and possibly some technical setup (for example, basic phone, data, and electric lines), but will require days if not weeks to set up properly.

Common Vulnerabilities and Exposures (CVE) ® An online list of known vulnerabilities (and patches) to software, especially web servers. It is maintained by the MITRE Corporation.

computer security audits Technical assessments made of applications, systems, or networks.

confidentiality Preventing the disclosure of information to unauthorized persons.

content filters Individual computer programs that block external files that use Java‐Script or images from loading into the browser.

cookies Text files placed on the client computer that store information about it, which could include your computer’s browsing habits and credentials. Tracking cookies are used by spyware to collect information about a web user’s activities. Session cookies are used by attackers in an attempt to hijack a session.

cross-site request forgery (XSRF ) An attack that exploits the trust a website has in a user’s browser in

an attempt to transmit unauthorized commands to the website.

cross-site scripting (XSS) A type of vulnerability found in web applications used with session hijacking.

crosstalk When a signal transmitted on one copper wire creates an undesired effect on another wire; the signal “bleeds” over, so to speak.

cryptanalysis attack A password attack that uses a considerable set of precalculated encrypted passwords located in a lookup table.

cryptographic hash functions Hash functions based on block ciphers.

cryptography The practice and study of hiding information.

data emanation (or signal emanation) The electromagnetic field generated by a network cable or network device, which can be manipulated to eavesdrop on conversations or to steal data.

Data Encryption Standard (DES) An older type of block cipher selected by the United States federal government back in the 1970s as its encryption standard; due to its weak key, it is now considered deprecated.

data loss prevention (DLP) Systems that are designed to protect data by way of content inspection. They are meant to stop the leakage of confidential data, often concentrating on communications.

default account An account installed by default on a device or within an operating system with a default set of user credentials that are usually insecure.

defense in depth The building up and layering of security measures that protect data from inception, on through storage and network transfer, and lastly to final disposal.

Prowse, David L. CompTIA®Security+ SY0‐401 ert Guide, Deluxe Edition, Third Edition. Indianapolis, IN:

demilitarized zone (DMZ) A special area of the network (sometimes referred to as a subnetwork) that houses servers that host information accessed by clients or other networks on the Internet.

denial-of-service (DoS) A broad term given to many different types of network attacks that attempt to make computer resources unavailable.

dictionary attack A password attack that uses a prearranged list of likely words, trying each of them one at a time.

differential backup Type of backup that backs up only the contents of a folder that have changed since the last full backup.

Diffie-Hellman key exchange Invented in the 1970s, it was the first practical method for establishing a shared secret key over an unprotected communications channel.

digital signature A signature that authenticates a document through math, letting the recipient know that the document was created and sent by the actual sender and not someone else.

directory traversal Also known as the ../ (dot dot slash) attack, a method of accessing unauthorized parent directories.

disaster recovery plan A plan that details the policies and procedures concerning the recovery and/ or continuation of an organization’s technology infrastructure.

discretionary access control (DAC) An access control policy generally determined by the owner.

disk duplexing When each disk is connected to a separate controller.

distributed denial-of-service (DDoS) An attack in which a group of compromised systems attack a single target, causing a DoS to occur at that host, usually using a botnet.

diversion theft When a thief attempts to take responsibility for a shipment by diverting the delivery to a nearby location.

DNS poisoning The modification of name resolution information that should be in a DNS server’s cache.

domain name kiting The process of deleting a domain name during the five‐day grace period (known as the add grace period, or AGP) and immediately reregistering it for another five‐day period to keep a domain name indefinitely and for free.

due care The mitigation action that an organization takes to defend against the risks that have been uncovered during due diligence.

due diligence Ensuring that IT infrastructure risks are known and managed.

due process The principle that an organization must respect and safeguard personnel’s rights.

dumpster diving When a person literally scavenges for private information in garbage and recycling containers.

Easter egg A platonic extra added to an OS or application as a sort of joke; the harmless cousin of the logic bomb.

Prowse, David L. CompTIA®Security+ SY0‐401 ert Guide, Deluxe Edition, Third Edition. Indianapolis, IN:

firewall A part of a computer system or network designed to block unauthorized access while permitting authorized communications. It is a device or set of devices configured to permit or deny computer applications based on a set of rules and other criteria.

first responders People who perform preliminary analysis of the incident data and determine whether the incident is an incident or just an event, and the criticality of the incident.

flood guard Security feature implemented on some firewalls to protect against SYN floods and other flooding attacks. Also known as attack guards.

fork bomb An attack that works by creating a large number of processes quickly to saturate the available processing space in the computer’s operating system. It is a type of wabbit.

Fraggle A type of DoS similar to the Smurf attack, but the traffic sent is UDP echo traffic as opposed to ICMP echo traffic.

full backup Type of backup where all the contents of a folder are backed up.

fuzz testing (fuzzing) When random data is inputted into a computer program in an attempt to find vulnerabilities.

grandfather-father-son A backup rotation scheme in which three sets of backup tapes must be defined— usually they are daily, weekly, and monthly, which correspond to son, father, and grandfather.

grayware A general term used to describe applications that are behaving improperly but without serious consequences; often describes types of spyware. Group Policy Used in Microsoft environments to govern user and computer accounts through a set of rules.

hardening The act of configuring an OS securely, updating it, creating rules and policies to help govern the system in a secure manner, and removing unnecessary applications and services.

hardware security module (HSM) A physical device that deals with the encryption of authentication processes, digital signings, and payment processes.

hash A summary of a file or message. It is generated to verify the integrity of the file or message.

hash function A mathematical procedure that converts a variable‐sized amount of data into a smaller block of data.

hoax The attempt at deceiving people into believing something that is false.

honeynet One or more computers, servers, or an area of a network, used to attract and trap potential attackers to counteract any attempts at unauthorized access of the network.

honeypot Generally is a single computer but could also be a file, group of files, or an area of unused IP address space used to attract and trap potential attackers to counteract any attempts at unauthorized access of the network.

host-based intrusion detection system (HIDS) A type of system loaded on an individual computer; it analyzes and monitors what happens inside that computer— for example, if any changes have been made to file integrity.

Prowse, David L. CompTIA®Security+ SY0‐401 ert Guide, Deluxe Edition, Third Edition. Indianapolis, IN:

hot and cold aisles The aisles in a server room or data center that circulate cold air into the systems and hot air out of them. Usually, the systems and cabinets are supported by a raised floor.

hot site A near duplicate of the original site of the organization, complete with phones, computers, networking devices, and full backups.

hotfix Originally, a hotfix was defined as a single problem fixing patch to an individual OS or application that was installed live while the system was up and running, and without a reboot necessary. However, this term has changed over time and varies from vendor to vendor.

HTTP proxy (web proxy) Caches web pages from servers on the Internet for a set amount of time.

hypervisor The portion of virtual machine software that allows multiple virtual operating systems (guests) to run at the same time on a single computer.

identification When a person is in a state of being identified. It can also be described as something that identifies a person such as an ID card.

identity proofing An initial validation of an identity.

implicit deny Denies all traffic to a resource unless the users generating that traffic are specifically granted access to the resource. For example, when a device denies all traffic unless a rule is made to open the port associated with the type of traffic desired to be let through.

incident management The monitoring and detection of security events on a computer network and the execution of proper responses to those security events.

incident response A set of procedures that an investigator follows when examining a computer security incident.

incremental backup Type of backup that backs up only the contents of a folder that have changed since the last full backup or the last incremental backup.

information assurance The practice of managing risks that are related to computer hardware and software systems.

information security The act of protecting information from unauthorized access. It usually includes an in‐depth plan on how to secure data, computers, and networks.

Infrastructure as a Service (IaaS) A cloud computing service that offers computer networking, storage, load balancing, routing, and VM hosting.

input validation (data validation) A process that ensures the correct usage of data.

integer overflow When arithmetic operations attempt to create a numeric value that is too big for the available memory space.

integrity This means that authorization is necessary before data can be modified.

Prowse, David L. CompTIA®Security+ SY0‐401 ert Guide, Deluxe Edition, Third Edition. Indianapolis, IN:

MAC flooding An attack that sends numerous packets to a switch, each of which has a different source MAC address, in an attempt to use up the memory on the switch. If this is successful, the switch will change state to fail‐open mode.

malware Software designed to infiltrate a computer system and possibly damage it without the user’s knowledge or consent.

mandatory access control (MAC) An access control policy determined by a computer system, not by a user or owner, as it is in DAC.

mandatory vacations When an organization requires that employees take a certain number of days of vacation consecutively.

man-in-the-browser (MITB) Infects a vulnerable web browser and modifies online transactions. Similar to MITM.

man-in-the-middle (MITM) A form of eavesdropping that intercepts all data between a client and a server, relaying that information back and forth.

mantrap An area between two doorways, meant to hold people until they are identified and authenticated.

many-to-one mapping When multiple certificates are mapped to a single recipient.

mean time between failures Defines the average number of failures per million hours for a product in question.

memorandum of understanding (MoU) A letter of intent between two entities (such as government agencies) concerning SLAs and BPAs. Message‐Digest Algorithm 5 (MD5) A 128 ‐bit key hash used to provide integrity of files and messages.

mobile device management (MDM) A centralized software solution that allows for the control and configuration of mobile devices.

multifactor authentication When two or more types of authentication are used when dealing with user access control.

mutual authentication When two computers (for example, a client and a server) verify each other’s

identity.

network access control (NAC) Sets the rules by which connections to a network are governed.

network address translation (NAT) The process of changing an IP address while it is in transit across a router. This is usually implemented so that one larger address space (private) can be remapped to another address space, or single IP address (public).

network intrusion detection system (NIDS) A type of IDS that attempts to detect malicious network activities— for example, port scans and DoS attacks— by constantly monitoring network traffic.

network intrusion prevention system (NIPS) Designed to inspect traffic, and based on its configuration or security policy, the system can remove, detain, or redirect malicious traffic.

Prowse, David L. CompTIA®Security+ SY0‐401 ert Guide, Deluxe Edition, Third Edition. Indianapolis, IN:

Network Management System (NMS) The software run on one or more servers that controls the monitoring of network‐attached devices and computers.

network mapping The study of physical and logical connectivity of networks.

network perimeter The border of a computer network, commonly secured by devices such as firewalls and NIDS/ NIPS solutions.

nonce A random number issued by an authentication protocol that can only be used once.

non-promiscuous mode When a network adapter captures only the packets that are addressed to it.

non-repudiation The idea of ensuring that a person or group cannot refute the validity of your proof against them.

NTLM hash Successor to the LM hash. A more advanced hash used to store Windows passwords, based off the RC4 algorithm.

NTLMv2 hash Successor to the NTLM hash. Based off the MD5 hashing algorithm.

null session When used by an attacker, a malicious connection to the Windows interprocess communications share (IPC $).

onboarding When a new employee is added to an organization, and to its identity and access management system.

one-time pad A cipher that encrypts plaintext with a secret random key that is the same length as the plaintext.

one-to-one mapping When an individual certificate is mapped to a single recipient.

Online Certificate Status Protocol (OCSP) An alternative to using a certificate revocation list (CRL). It contains less information than a CRL does, and does not require encryption.

open mail relay Also known as an SMTP open relay, enables anyone on the Internet to send e‐mail through an SMTP server.

Open Vulnerability and Assessment Language (OVAL) A standard and a programming language designed to standardize the transfer of secure public information across networks and the Internet utilizing any security tools and services available.

packet filtering In the context of firewalls, inspects each packet passing through the firewall and accepts or rejects it based on rules. Two types of packet filtering include stateless packet filters and stateful packet inspection (SPI).

password cracker Software tool used to recover passwords from hosts or to discover weak passwords.

patch An update to a system. Patches generally carry the connotation of a small fix in the mind of the user or system administrator, so larger patches often are referred to as software updates, service packs, or something similar.

patch management The planning, testing, implementing, and auditing of patches.

Prowse, David L. CompTIA®Security+ SY0‐401 ert Guide, Deluxe Edition, Third Edition. Indianapolis, IN:

pretexting When a person invents a scenario, or pretext, in the hope of persuading a victim to divulge information.

Pretty Good Privacy (PGP) An encryption program used primarily for signing, encrypting, and decrypting e‐mails in an attempt to increase the security of e‐mail communications.

private key A type of key that is known only to a specific user or users who keep the key a secret.

privilege escalation The act of exploiting a bug or design flaw in a software or firmware application to gain access to resources that normally would’ve been protected from an application or user.

promiscuous mode In a network adapter, this passes all traffic to the CPU, not just the frames addressed to it. When the network adapter captures all packets that it has access to regardless of the destination for those packets.

protected distribution system Security system implemented to protect unencrypted data transfer over wired networks.

Protected Extensible Authentication Protocol (PEAP) Protocol used to encapsulate EAP packets within encrypted and authenticated tunnels.

protocol analyzer Software tool used to capture and analyze packets.

proxy server Acts as an intermediary between clients, usually located on a LAN, and the servers that they want to access, usually located on the Internet.

public key A type of key that is known to all parties involved in encrypted transactions within a given group.

public key cryptography Uses asymmetric keys alone or in addition to symmetric keys. The asymmetric key algorithm creates a secret private key and a published public key.

public key infrastructure (PKI) An entire system of hardware and software, policies and procedures, and people, used to create, distribute, manage, store, and revoke digital certificates.

qualitative risk assessment An assessment that assigns numeric values to the probability of a risk and the impact it can have on the system or network.

quantitative risk assessment An assessment that measures risk by using exact monetary values.

radio frequency interference (RFI) Interference that can come from AM/ FM transmissions and cell towers.

RAID 1 Mirroring. Data is copied to two identical disks. If one disk fails, the other continues to operate.

RAID 5 Striping with parity. Data is striped across multiple disks; fault‐tolerant parity data is also written to each disk.

rainbow table In password cracking, a set of precalculated encrypted passwords located in a lookup table.

Prowse, David L. CompTIA®Security+ SY0‐401 ert Guide, Deluxe Edition, Third Edition. Indianapolis, IN:

ransomware A type of malware that restricts access to a computer system, and demands a ransom be paid.

recovery point objective (RPO) In business impact analysis, the acceptable latency of data.

recovery time objective (RTO) In business impact analysis, the acceptable amount of time to restore a function.

redundant ISP Secondary connections to another ISP; for example, a backup T‐ 1 line.

redundant power supply An enclosure that contains two complete power supplies, the second of which turns on when the first fails.

registration authority (RA) Used to verify requests for certificates.

Remote Access Service (RAS) A networking service that allows incoming connections from remote dial‐ in clients. It is also used with VPNs.

Remote Authentication Dial-In User Service (RADIUS) Used to provide centralized administration of dial‐up, VPN, and wireless authentication.

remote code execution (RCE) When an attacker acquires control of a remote computer through a code vulnerability. Also known as arbitrary code execution. Attackers often use a web browser’s URL field or a tool such as Netcat to accomplish this.

replay attack An attack in which valid data transmission is maliciously or fraudulently repeated or delayed.

residual risk The risk that is left over after a security plan and a disaster recovery plan have been implemented.

risk The possibility of a malicious attack or other threat causing damage or downtime to a computer system.

risk acceptance The amount of risk an organization is willing to accept. Also known as risk retention.

risk assessment The attempt to determine the amount of threats or hazards that could possibly occur in a given amount of time to your computers and networks.

risk avoidance When an organization avoids risk because the risk factor is too great.

risk management The identification, assessment, and prioritization of risks, and the mitigation and monitoring of those risks.

risk mitigation When a risk is reduced or eliminated altogether.

risk reduction When an organization mitigates risk to an acceptable level.

risk transference The transfer or outsourcing of risk to a third party. Also known as risk sharing.

Prowse, David L. CompTIA®Security+ SY0‐401 ert Guide, Deluxe Edition, Third Edition. Indianapolis, IN:

service set identifier (SSID) The name of a wireless access point (or network) to which network clients will connect; it is broadcast through the air.

shoulder surfing When a person uses direct observation to find out a target’s password, PIN, or other

such authentication information.

signature-based monitoring Frames and packets of network traffic are analyzed for predetermined attack patterns. These attack patterns are known as signatures.

Simple Network Management Protocol (SNMP) A TCP/ IP protocol that monitors network‐attached devices and computers. It’s usually incorporated as part of a network management system.

single point of failure An element, object, or part of a system that, if it fails, will cause the whole system to fail.

single sign-on (SSO) When a user can log in once but gain access to multiple systems without being asked to log in again.

Smurf attack A type of DoS that sends large amounts of ICMP echoes, broadcasting the ICMP echo requests to every computer on its network or subnetwork. The header of the ICMP echo requests will have a spoofed IP address. That IP address is the target of the Smurf attack. Every computer that replies to the ICMP echo requests will do so to the spoofed IP.

SNMP agent Software deployed by the network management system that is loaded on managed devices. The software redirects the information that the NMS needs to monitor the remote managed devices.

Software as a Service (SaaS) A cloud computing service where users access applications over the Internet that are provided by a third party.

spam The abuse of electronic messaging systems such as e‐mail and broadcast media

spear phishing A type of phishing attack that targets particular individuals.

special hazard protection system A clean agent sprinkler system such as FM‐ 200 used in server rooms.

spike A short transient in voltage that can be due to a short circuit, tripped circuit breaker, power outage, or lightning strike.

spim The abuse of instant messaging systems, a derivative of spam.

spoofing When an attacker masquerades as another person by falsifying information.

spyware A type of malicious software either downloaded unwittingly from a website or installed along with some other third‐party software.

standby generator Systems that turn on automatically within seconds of a power outage.

stateful packet inspection (SPI) Type of packet inspection that keeps track of network connections by examining the header in each packet.

Prowse, David L. CompTIA®Security+ SY0‐401 ert Guide, Deluxe Edition, Third Edition. Indianapolis, IN:

static NAT When a single private IP address translates to a single public IP address. This is also called one‐to‐one mapping.

steganography The science (and art) of writing hidden messages; it is a form of security through obscurity.

storage segmentation A clear separation of organizational and personal information, applications, and other content.

stream cipher A type of algorithm that encrypts each byte in a message one at a time.

supervisory control and data acquisition (SCADA) System of hardware and software that controls and monitors industrial systems such as HVAC.

surge Means that there is an unexpected increase in the amount of voltage provided.

symmetric key algorithm A class of cipher that uses identical or closely related keys for encryption and decryption.

SYN flood A type of DoS where an attacker sends a large amount of SYN request packets to a server in an attempt to deny service.

Systems Development Life Cycle (SDLC) The process of creating systems and applications, and the methodologies used to do so.

tailgating A type of piggybacking where an unauthorized person follows an authorized person into a secure area, without the authorized person’s consent.

TCP reset attack Sets the reset flag in a TCP header to 1, telling the respective computer to kill the TCP session immediately.

TCP/ IP hijacking When a hacker takes over a TCP session between two computers without the need of a cookie or any other type of host access.

teardrop attack A type of DoS that sends mangled IP fragments with overlapping and oversized payloads to the target machine.

TEMPEST Refers to the investigations of conducted emissions from electrical and mechanical devices, which could be compromising to an organization.

Temporal Key Integrity Protocol (TKIP) An algorithm used to secure wireless computer networks; meant as a replacement for WEP.

Terminal Access Controller Access-Control System Plus (TACACS +) A remote authentication protocol similar to RADIUS used in Cisco networks.

threat modeling A way of prioritizing threats to an application.

threat vector The method a threat uses to gain access to a target computer.

tickets Part of the authentication process used by Kerberos.

Prowse, David L. CompTIA®Security+ SY0‐401 ert Guide, Deluxe Edition, Third Edition. Indianapolis, IN:

vishing A type of phishing attack that makes use of telephones and VoIP.

VLAN hopping The act of gaining access to traffic on other VLANs that would not normally be accessible by jumping from one VLAN to another.

VPN concentrator A hardware appliance that allows hundreds of users to connect to the network from remote locations via a VPN.

vulnerability Weaknesses in your computer network design and individual host configuration.

vulnerability assessment Baselining of the network to assess the current security state of computers, servers, network devices, and the entire network in general.

vulnerability management The practice of finding and mitigating software vulnerabilities in computers and networks.

vulnerability scanning The act of scanning for weaknesses and susceptibilities in the network and on individual systems.

war-chalking The act of physically drawing symbols in public places that denote open, closed, or protected wireless networks.

war-dialing The act of scanning telephone numbers by dialing them one at a time and adding them to a list, in an attempt to gain access to computer networks.

war-driving The act of searching for wireless networks by a person in a vehicle through the use of a device with a wireless antenna, often a particularly strong antenna.

warm site A site that has computers, phones, and servers, but they might require some configuration before users can start working on them.

watering hole attack An attacker profiles which websites a user accesses and later infects those sites to redirect the user to other websites.

web of trust A decentralized model used for sharing certificates without the need for a centralized CA. web security gateway An intermediary that can scan for viruses and filter Internet content.

wet pipe sprinkler system Consists of a pressurized water supply system that can deliver a high quantity of water to an entire building via a piping distribution system.

whaling A phishing attack that targets senior executives.

white-box testing A method of testing applications or systems where the tester is given access to the internal workings of the system.

white hat A type of hacker that is contracted to break into a company’s system.

Wi-Fi Protected Access (WPA) A security protocol created by the Wi‐Fi Alliance to secure wireless computer networks; more secure than WEP.

Wi-Fi Protected Setup (WPS) A simplified way of connecting to wireless networks using an eight‐digit code. It is now deprecated due to its insecure nature and should be disabled if currently used.

Prowse, David L. CompTIA®Security+ SY0‐401 ert Guide, Deluxe Edition, Third Edition. Indianapolis, IN:

Wired Equivalent Privacy (WEP) A deprecated wireless network security standard, less secure than WPA.

wiretapping Tapping into a network cable in an attempt to eavesdrop on a conversation or steal data.

worm Code that runs on a computer without the user’s knowledge; a worm self‐replicates, whereas a virus does not.

X. 509 A common PKI standard developed by the ITU‐T that incorporates the single sign‐on authentication method.

zero day attack An attack that is executed on a vulnerability in software before that vulnerability is known to the creator of the software.

zombie An individual compromised computer in a botnet.