All-in-1 / CompTIA Security+ All-in-One Exam Guide, …ebook.eqbal.ac.ir/Security/Certification/Security+ SY0-301/Glossary...All-in-1 / CompTIA Security+ All-in-One Exam Guide,

GLOSSARY

All-in-1 / CompTIA Security+ All-in-One Exam Guide, 3rd Ed./ White / 177147-6

3DES Triple DES encryption—three rounds of DES encryption used to improve security.

802.11 A family of standards that describe network protocols for wireless devices.

802.1X An IEEE standard for performing authentication over networks.

acceptable use policy (AUP) A policy that communicates to users what specific uses of computer resources are permitted.

access A subject’s ability to perform specific operations on an object, such as a file. Typical access levels include read, write, execute, and delete.

access control Mechanisms or methods used to determine what access permis-sions subjects (such as users) have for specific objects (such as files).

access control list (ACL) A list associated with an object (such as a file) that identifies what level of access each subject (such as a user) has—what they can do to the object (such as read, write, or execute).

Active Directory The directory service portion of the Windows operating system that stores information about network-based entities (such as applications, files, print-ers, and people) and provides a structured, consistent way to name, describe, locate, access, and manage these resources.

ActiveX A Microsoft technology that facilitates rich Internet applications, and therefore extends and enhances the functionality of Microsoft Internet Explorer. Like Java, ActiveX enables the development of interactive content. When an ActiveX-aware browser encounters a web page that includes an unsupported feature, it can automati-cally install the appropriate application so the feature can be used.

613

Glossary.indd 613 6/2/11 11:22 AM

All-in-1 / CompTIA Security+ All-in-One Exam Guide, 3rd Ed./ White / 177147-6 All-in-1 / CompTIA Security+ All-in-One Exam Guide, 3rd Ed./ White / 177147-6

Glossary

615CompTIA Security+ All-in-One Exam Guide, Third Edition

614Address Resolution Protocol (ARP) A protocol in the TCP/IP suite specifica-tion used to map an IP address to a Media Access Control (MAC) address.

adware Advertising-supported software that automatically plays, displays, or downloads advertisements after the software is installed or while the application is being used.

algorithm A step-by-step procedure—typically an established computation for solving a problem within a set number of steps.

annualized loss expectancy (ALE) How much an event is expected to cost the business per year, given the dollar cost of the loss and how often it is likely to occur. ALE = single loss expectancy × annualized rate of occurrence.

annualized rate of occurrence (ARO) The frequency with which an event is expected to occur on an annualized basis.

anomaly Something that does not fit into an expected pattern.

application A program or group of programs designed to provide specific user functions, such as a word processor or web server.

ARP See Address Resolution Protocol.

asset Resources and information an organization needs to conduct its business.

asymmetric encryption Also called public key cryptography, this is a system for encrypting data that uses two mathematically derived keys to encrypt and decrypt a message—a public key, available to everyone, and a private key, available only to the owner of the key.

audit trail A set of records or events, generally organized chronologically, that re-cord what activity has occurred on a system. These records (often computer files) are often used in an attempt to re-create what took place when a security incident occurred, and they can also be used to detect possible intruders.

auditing Actions or processes used to verify the assigned privileges and rights of a user, or any capabilities used to create and maintain a record showing who accessed a particular system and what actions they performed.

authentication The process by which a subject’s (such as a user’s) identity is verified.

authentication, authorization, and accounting (AAA) Three common functions performed upon system login. Authentication and authorization almost al-ways occur, with accounting being somewhat less common.



Glossary


614Authentication Header (AH) A portion of the IPsec security protocol that pro-vides authentication services and replay-detection ability. AH can be used either by it-self or with Encapsulating Security Payload (ESP). Refer to RFC 2402.

availability Part of the “CIA” of security. Availability applies to hardware, software, and data, specifically meaning that each of these should be present and accessible when the subject (the user) wants to access or use them.

backdoor A hidden method used to gain access to a computer system, network, or application. Often used by software developers to ensure unrestricted access to the sys-tems they create. Synonymous with trapdoor.

backup Refers to copying and storing data in a secondary location, separate from the original, to preserve the data in the event that the original is lost, corrupted, or destroyed.

baseline A system or software as it is built and functioning at a specific point in time. Serves as a foundation for comparison or measurement, providing the necessary visibility to control change.

BGP See Border Gateway Protocol.

biometrics Used to verify an individual’s identity to the system or network using something unique about the individual, such as a fingerprint, for the verification pro-cess. Examples include fingerprints, retinal scans, hand and facial geometry, and voice analysis.

BIOS The part of the operating system that links specific hardware devices to the operating system software.

Blowfish A free implementation of a symmetric block cipher developed by Bruce Schneier as a drop-in replacement for DES and IDEA. It has a variable bit-length scheme from 32 to 448 bits, resulting in varying levels of security.

bluebugging The use of a Bluetooth-enabled device to eavesdrop on another per-son’s conversation using that person’s Bluetooth phone as a transmitter. The bluebug application silently causes a Bluetooth device to make a phone call to another device, causing the phone to act as a transmitter and allowing the listener to eavesdrop on the victim’s conversation in real life.

bluejacking The sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs, or laptop computers.

bluesnarfing The unauthorized access of information from a Bluetooth-enabled de-vice through a Bluetooth connection, often between phones, desktops, laptops, and PDAs.



Glossary


616Border Gateway Protocol (BGP) The interdomain routing protocol imple-mented in Internet Protocol (IP) networks to enable routing between autonomous systems.

botnet A term for a collection of software robots, or bots, that run autonomously and automatically and, commonly, invisibly in the background. The term is most often associated with malicious software, but it can also refer to the network of computers using distributed computing software.

buffer overflow A specific type of software coding error that enables user input to overflow the allocated storage area and corrupt a running program.

Bureau of Industry and Security (BIS) In the U.S. Department of Com-merce, the department responsible for export administration regulations that cover en-cryption technology in the United States.

Business Continuity Planning (BCP) The plans a business develops to con-tinue critical operations in the event of a major disruption.

cache The temporary storage of information before use, typically used to speed up systems. In an Internet context, refers to the storage of commonly accessed web pages, graphic files, and other content locally on a user’s PC or a web server. The cache helps to minimize download time and preserve bandwidth for frequently accessed web sites, and it helps reduce the load on a web server.

Capability Maturity Model (CMM) A structured methodology helping organi-zations improve the maturity of their software processes by providing an evolutionary path from ad hoc processes to disciplined software management processes. Developed at Carnegie Mellon University’s Software Engineering Institute.

centralized management A type of privilege management that brings the au-thority and responsibility for managing and maintaining rights and privileges into a single group, location, or area.

CERT See Computer Emergency Response Team.

certificate A cryptographically signed object that contains an identity and a public key associated with this identity. The certificate can be used to establish identity, analo-gous to a notarized written document.

certificate revocation list (CRL) A digitally signed object that lists all of the current but revoked certificates issued by a given certification authority. This allows users to verify whether a certificate is currently valid even if it has not expired. CRL is analogous to a list of stolen charge card numbers that allows stores to reject bad credit cards.



Glossary


616certification authority (CA) An entity responsible for issuing and revoking certificates. CAs are typically not associated with the company requiring the certificate, although they exist for internal company use as well (such as Microsoft). This term is also applied to server software that provides these services. The term certificate author-ity is used interchangeably with certification authority.

chain of custody Rules for documenting, handling, and safeguarding evidence to ensure no unanticipated changes are made to the evidence.

Challenge Handshake Authentication Protocol (CHAP) Used to pro-vide authentication across point-to-point links using the Point-to-Point Protocol (PPP).

change (configuration) management A standard methodology for perform-ing and recording changes during software development and operation.

change control board (CCB) A body that oversees the change management process and enables management to oversee and coordinate projects.

CHAP See Challenge Handshake Authentication Protocol.

CIA of security Refers to confidentiality, integrity, and authorization, the basic functions of any security system.

cipher A cryptographic system that accepts plaintext input and then outputs cipher-text according to its internal algorithm and key.

ciphertext Used to denote the output of an encryption algorithm. Ciphertext is the encrypted data.

CIRT See Computer Emergency Response Team.

closed circuit television (CCTV) A private television system, usually hard-wired in security applications to record visual information.

cloud computing The automatic provisioning of computational resources on de-mand across a network.

cold site An inexpensive form of backup site that does not include a current set of data at all times. A cold site takes longer to get your operational system back up, but it is considerably less expensive than a warm or hot site.

collisions Used in the analysis of hashing cryptography, it is the property by which an algorithm will produce the same hash from two different sets of data.

Computer Emergency Response Team (CERT) Also known as a Computer Incident Response Team (CIRT), this group is responsible for investigating and re-sponding to security breaches, viruses, and other potentially catastrophic incidents.



Glossary


618computer security In general terms, the methods, techniques, and tools used to ensure that a computer system is secure.

computer software configuration item See configuration item.

confidentiality Part of the CIA of security. Refers to the security principle that states that information should not be disclosed to unauthorized individuals.

configuration auditing The process of verifying that configuration items are built and maintained according to requirements, standards, or contractual agreements.

configuration control The process of controlling changes to items that have been baselined.

configuration identification The process of identifying which assets need to be managed and controlled.

configuration item Data and software (or other assets) that are identified and managed as part of the software change management process. Also known as computer software configuration item.

configuration status accounting Procedures for tracking and maintaining data relative to each configuration item in the baseline.

cookie Information stored on a user’s computer by a web server to maintain the state of the connection to the web server. Used primarily so preferences or previously used information can be recalled on future requests to the server.

countermeasure See security control.

Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) An enhanced data cryptographic encapsulation mecha-nism based upon the counter mode with CBC-MAC from AES, designed for use over wireless LANs.

cracking A term used by some to refer to malicious hacking, in which an individ-ual attempts to gain unauthorized access to computer systems or networks. See also hacking.

CRC See Cyclic Redundancy Check.

CRL See Certificate Revocation List.

cross-site request forgery (CSRF or XSRF) A method of attacking a system by sending malicious input to the system and relying upon the parsers and execution elements to perform the requested actions, thus instantiating the attack. XSRF exploits the trust a site has in the user’s browser.



Glossary


618cross-site scripting (XSS) A method of attacking a system by sending script commands to the system input and relying upon the parsers and execution elements to perform the requested scripted actions, thus instantiating the attack. XSS exploits the trust a user has for the site.

cryptanalysis The process of attempting to break a cryptographic system.

cryptography The art of secret writing that enables an individual to hide the con-tents of a message or file from all but the intended recipient.

Cyclic Redundancy Check (CRC) An error detection technique that uses a se-ries of two 8-bit block check characters to represent an entire block of data. These block check characters are incorporated into the transmission frame and then checked at the receiving end.

DAC See Discretionary Access Control.

Data Encryption Standard (DES) A private key encryption algorithm adopted by the government as a standard for the protection of sensitive but unclassified infor-mation. Commonly used in triple DES, where three rounds are applied to provide greater security.

Data Execution Prevention A security feature of an OS that can be driven by software, hardware, or both, designed to prevent the execution of code from blocks of data in memory.

Data Loss Prevention (DLP) Technology, processes, and procedures designed to detect when unauthorized removal of data from a system occurs. DLP is typically active, preventing the loss, either by blocking the transfer or dropping the connection.

datagram A packet of data that can be transmitted over a packet-switched system in a connectionless mode.

decision tree A data structure in which each element is attached to one or more structures directly beneath it.

demilitarized zone (DMZ) A network segment that exists in a semi-protected zone between the Internet and the inner secure trusted network.

denial-of-service (DoS) attack An attack in which actions are taken to deprive authorized individuals from accessing a system, its resources, the data it stores or pro-cesses, or the network to which it is connected.

DES See Data Encryption Standard.

DHCP See Dynamic Host Configuration Protocol.



Glossary


620DIAMETER The DIAMETER base protocol is intended to provide an authentica-tion, authorization, and accounting (AAA) framework for applications such as network access or IP mobility. DIAMETER is a draft IETF proposal.

Diffie-Hellman A cryptographic method of establishing a shared key over an inse-cure medium in a secure fashion.

digital signature A cryptography-based artifact that is a key component of a pub-lic key infrastructure (PKI) implementation. A digital signature can be used to prove identity because it is created with the private key portion of a public/private key pair. A recipient can decrypt the signature and, by doing so, receive the assurance that the data must have come from the sender and that the data has not changed.

digital signature algorithm (DSA) A United States government standard for implementing digital signatures.

direct-sequence spread spectrum (DSSS) A method of distributing a com-munication over multiple frequencies to avoid interference and detection.

disaster recovery plan (DRP) A written plan developed to address how an or-ganization will react to a natural or manmade disaster in order to ensure business continuity. Related to the concept of a business continuity plan (BCP).

discretionary access control (DAC) An access control mechanism in which the owner of an object (such as a file) can decide which other subjects (such as other users) may have access to the object, and what access (read, write, execute) these objects can have.

distributed denial-of-service (DDoS) attack A special type of DoS attack in which the attacker elicits the generally unwilling support of other systems to launch a many-against-one attack.

diversity of defense The approach of creating dissimilar security layers so that an intruder who is able to breach one layer will be faced with an entirely different set of defenses at the next layer.

Domain Name Service (DNS) The service that translates an Internet domain name (such as www.mcgraw-hill.com) into IP addresses.

DRP See disaster recovery plan.

DSSS See direct-sequence spread spectrum.

dumpster diving The practice of searching through trash to discover material that has been thrown away that is sensitive, yet not destroyed or shredded.



Glossary


620Dynamic Host Configuration Protocol (DHCP) An Internet Engineering Task Force (IETF) Internet Protocol (IP) specification for automatically allocating IP addresses and other configuration information based on network adapter addresses. It enables ad-dress pooling and allocation and simplifies TCP/IP installation and administration.

EAP See Extensible Authentication Protocol.

electromagnetic interference (EMI) The disruption or interference of elec-tronics due to an electromagnetic field.

elliptic curve cryptography (ECC) A method of public-key cryptography based on the algebraic structure of elliptic curves over finite fields.

Encapsulating Security Payload (ESP) A portion of the IPsec implementa-tion that provides for data confidentiality with optional authentication and replay-detection services. ESP completely encapsulates user data in the datagram and can be used either by itself or in conjunction with Authentication Headers for varying degrees of IPsec services.

Encrypted File System (EFS) A security feature of Windows, from Windows 2000 onward, that enables the transparent encryption/decryption of files on the system.

escalation auditing The process of looking for an increase in privileges, such as when an ordinary user obtains administrator-level privileges.

evidence The documents, verbal statements, and material objects admissible in a court of law.

exposure factor A measure of the magnitude of loss of an asset. Used in the cal-culation of single loss expectancy (SLE).

Extensible Authentication Protocol (EAP) A universal authentication framework used in wireless networks and point-to-point connections. It is defined in RFC 3748 and has been updated by RFC 5247.

false positive Term used when a security system makes an error and incorrectly reports the existence of a searched-for object. Examples include an intrusion detection system that misidentifies benign traffic as hostile, an antivirus program that reports the existence of a virus in software that actually is not infected, or a biometric system that allows system access to an unauthorized individual.

FHSS See frequency-hopping spread spectrum.

File Transfer Protocol (FTP) An application-level protocol used to transfer files over a network connection.



Glossary


622firewall A network device used to segregate traffic based on rules.

File Transfer Protocol Secure (FTPS) An application-level protocol used to transfer files over a network connection, which uses FTP over a SSL or TLS connection.

flood guard A network device that blocks flooding-type DOS/DDOS attacks, fre-quently part of an IDS/IPS.

forensics (or computer forensics) The preservation, identification, documen-tation, and interpretation of computer data for use in legal proceedings.

free space Sectors on a storage medium that are available for the operating system to use.

frequency-hopping spread spectrum (FHSS) A method of distributing a communication over multiple frequencies over time to avoid interference and detection.

Generic Routing Encapsulation (GRE) A tunneling protocol designed to en-capsulate a wide variety of network layer packets inside IP tunneling packets.

hacking The term used by the media to refer to the process of gaining unauthorized access to computer systems and networks. The term has also been used to refer to the process of delving deep into the code and protocols used in computer systems and networks. See also cracking.

hash A form of encryption that creates a digest of the data put into the algorithm. These algorithms are referred to as one-way algorithms because there is no feasible way to decrypt what has been encrypted.

hash value See message digest.

hashed message authentication code (HMAC) The use of a cryptographic hash function and a message authentication code to ensure the integrity and authentic-ity of a message.

heating, ventilation, air conditioning (HVAC) The systems used to heat and cool air in a building or structure.

HIDS See host-based intrusion detection system.

HIPS See host-based intrusion prevention system.

honeypot A computer system or portion of a network that has been set up to attract potential intruders, in the hope that they will leave the other systems alone. Since there are no legitimate users of this system, any attempt to access it is an indication of unau-thorized activity and provides an easy mechanism to spot attacks.



Glossary


622host-based intrusion detection system (HIDS) A system that looks for computer intrusions by monitoring activity on one or more individual PCs or servers.

host-based intrusion prevention system (HIPS) A system that automati-cally responds to computer intrusions by monitoring activity on one or more individ-ual PCs or servers and responding based on a rule set.

hot site A backup site that is fully configured with equipment and data and is ready to immediately accept transfer of operational processing in the event of failure on the operational system.

Hypertext Transfer Protocol (HTTP) A protocol for transfer of material across the Internet that contains links to additional material.

Hypertext Transfer Protocol over SSL/TLS (HTTPS) A protocol for trans-fer of material across the Internet that contains links to additional material that is car-ried over a secure tunnel via SSL or TLS.

ICMP See Internet Control Message Protocol.

IDEA See International Data Encryption Algorithm.

IEEE See Institute for Electrical and Electronics Engineers.

IETF See Internet Engineering Task Force.

IKE See Internet Key Exchange.

impact The result of a vulnerability being exploited by a threat, resulting in a loss.

incident response The process of responding to, containing, analyzing, and re-covering from a computer-related incident.

information security Often used synonymously with computer security, but places the emphasis on the protection of the information that the system processes and stores, instead of on the hardware and software that constitute the system.

Infrastructure as a Service (IaaS) The automatic, on-demand provisioning of infrastructure elements, operating as a service; a common element of cloud computing.

initialization vector (IV) A data value used to seed a cryptographic algorithm, providing for a measure of randomness.

Institute for Electrical and Electronics Engineers (IEEE) A nonprofit, technical, professional institute associated with computer research, standards, and con-ferences.



Glossary


624intangible asset An asset for which a monetary equivalent is difficult or impossi-ble to determine. Examples are brand recognition and goodwill.

integrity Part of the CIA of security, the security principle that requires that infor-mation is not modified except by individuals authorized to do so.

International Data Encryption Algorithm (IDEA) A symmetric encryp-tion algorithm used in a variety of systems for bulk encryption services.

Internet Assigned Numbers Authority (IANA) The central coordinator for the assignment of unique parameter values for Internet protocols. The IANA is char-tered by the Internet Society (ISOC) to act as the clearinghouse to assign and coordi-nate the use of numerous Internet protocol parameters.

Internet Control Message Protocol (ICMP) One of the core protocols of the TCP/IP protocol suite, used for error reporting and status messages.

Internet Engineering Task Force (IETF) A large international community of network designers, operators, vendors, and researchers, open to any interested indi-vidual concerned with the evolution of Internet architecture and the smooth op-eration of the Internet. The actual technical work of the IETF is done in its working groups, which are organized by topic into several areas (such as routing, transport, and security). Much of the work is handled via mailing lists, with meetings held three times per year.

Internet Key Exchange (IKE) The protocol formerly known as ISAKMP/Oak-ley, defined in RFC 2409. A hybrid protocol that uses part of the Oakley and part of the Secure Key Exchange Mechanism for Internet (SKEMI) protocol suites inside the Inter-net Security Association and Key Management Protocol (ISAKMP) framework. IKE is used to establish a shared security policy and authenticated keys for services that re-quire keys (such as IPsec).

Internet Message Access Protocol version 4 (IMAP4) One of two com-mon Internet standard protocols for e-mail retrieval.

Internet Protocol (IP) The network layer protocol used by the Internet for rout-ing packets across a network.

Internet Protocol Security (IPsec) A protocol used to secure IP packets dur-ing transmission across a network. IPsec offers authentication, integrity, and confiden-tiality services and uses Authentication Headers (AH) and Encapsulating Security Pay-load (ESP) to accomplish this functionality.

Internet Security Association and Key Management Protocol (ISAKMP) A protocol framework that defines the mechanics of implementing a key exchange protocol and negotiation of a security policy.



Glossary


624Internet service provider (ISP) A telecommunications firm that provides ac-cess to the Internet.

intrusion detection system (IDS) A system to identify suspicious, malicious, or undesirable activity that indicates a breach in computer security.

IPsec See Internet Protocol Security.

ISAKMP/Oakley See Internet Key Exchange.

Kerberos A network authentication protocol designed by MIT for use in client/server environments.

key In cryptography, a sequence of characters or bits used by an algorithm to encrypt or decrypt a message.

key distribution center (KDC) A component of the Kerberos system for au-thentication that manages the secure distribution of keys.

keyspace The entire set of all possible keys for a specific encryption algorithm.

Layer Two Tunneling Protocol (L2TP) A Cisco switching protocol that oper-ates at the data-link layer.

LDAP See Lightweight Directory Access Protocol.

least privilege A security principle in which a user is provided with the minimum set of rights and privileges that he or she needs to perform required functions. The goal is to limit the potential damage that any user can cause.

Lightweight Directory Access Protocol (LDAP) An application protocol used to access directory services across a TCP/IP network.

Lightweight Extensible Authentication Protocol (LEAP) A version of EAP developed by Cisco prior to 802.11i to push 802.1X and WEP adoption.

load balancer A network device that distributes computing across multiple computers.

local area network (LAN) A grouping of computers in a network structure con-fined to a limited area and using specific protocols, such as Ethernet for OSI layer 2 traffic addressing.

logic bomb A form of malicious code or software that is triggered by a specific event or condition. See also time bomb.

loop protection The requirement to prevent bridge loops at the layer 2 level, which is typically resolved using the Spanning Tree algorithm on switch devices.



Glossary


626MAC See mandatory access control, Media Access Control, or Message Authentica-tion Code.

man-in-the-middle attack Any attack that attempts to use a network node as the intermediary between two other nodes. Each of the endpoint nodes thinks it is talk-ing directly to the other, but each is actually talking to the intermediary.

mandatory access control (MAC) An access control mechanism in which the security mechanism controls access to all objects (files), and individual subjects (pro-cesses or users) cannot change that access.

master boot record (MBR) A strip of data on a hard drive in Windows systems, meant to result in specific initial functions or identification.

maximum transmission unit (MTU) A measure of the largest payload that a particular protocol can carry in a single packet in a specific instance.

MD5 Message Digest 5, a hashing algorithm and a specific method of producing a message digest.

Media Access Control (MAC) A protocol used in the data-link layer for local network addressing.

message authentication code (MAC) A short piece of data used to authenti-cate a message. See hashed message authentication code.

message digest The result of applying a hash function to data. Sometimes also called a hash value. See hash.

metropolitan area network (MAN) A collection of networks interconnected in a metropolitan area and usually connected to the Internet.

Microsoft Challenge Handshake Authentication Protocol (MSCHAP) A Microsoft-developed variant of the Challenge Handshake Authentication Protocol (CHAP).

mitigation Action taken to reduce the likelihood of a threat occurring.

MSCHAP See Microsoft Challenge Handshake Authentication Protocol.

NAC See Network Access Control.

NAP See Network Access Protection.

NAT See Network Address Translation.



Glossary


626Network Access Control (NAC) An approach to endpoint security that in-volves monitoring and remediating endpoint security issues before allowing an object to connect to a network.

Network Access Protection (NAP) A Microsoft approach to Network Access Control.

Network Address Translation (NAT) A method of readdressing packets in a network at a gateway point to enable the use of local, nonroutable IP addresses over a public network such as the Internet.

network-based intrusion detection system (NIDS) A system for examin-ing network traffic to identify suspicious, malicious, or undesirable behavior.

network-based intrusion prevention system (NIPS) A system that exam-ines network traffic and automatically responds to computer intrusions.

Network Basic Input/Output System (NetBIOS) A system that provides communication services across a local area network.

network operating system (NOS) An operating system that includes addi-tional functions and capabilities to assist in connecting computers and devices, such as printers, to a local area network.

nonrepudiation The ability to verify that an operation has been performed by a particular person or account. This is a system property that prevents the parties to a transaction from subsequently denying involvement in the transaction.

Oakley protocol A key exchange protocol that defines how to acquire authenti-cated keying material based on the Diffie-Hellman key exchange algorithm.

object reuse Assignment of a previously used medium to a subject. The security implication is that before it is provided to the subject, any data present from a previous user must be cleared.

one-time pad An unbreakable encryption scheme in which a series of nonrepeat-ing, random bits are used once as a key to encrypt a message. Since each pad is used only once, no pattern can be established and traditional cryptanalysis techniques are not effective.

Open Vulnerability and Assessment Language (OVAL) An XML-based standard for the communication of security information between tools and services.



Glossary


628operating system (OS) The basic software that handles input, output, display, memory management, and all the other highly detailed tasks required to support the user environment and associated applications.

Orange Book The name commonly used to refer to the now outdated Department of Defense Trusted Computer Security Evaluation Criteria (TCSEC).

OVAL See Open Vulnerability and Assessment Language.

password A string of characters used to prove an individual’s identity to a system or object. Used in conjunction with a user ID, it is the most common method of authen-tication. The password should be kept secret by the individual who owns it.

Password Authentication Protocol (PAP) A simple protocol used to au-thenticate a user to a network access server.

patch A replacement set of code designed to correct problems or vulnerabilities in existing software.

PBX See private branch exchange.

peer-to-peer (P2P) A network connection methodology involving direct con-nection from peer to peer.

penetration testing A security test in which an attempt is made to circumvent se-curity controls in order to discover vulnerabilities and weaknesses. Also called a pen test.

permissions Authorized actions a subject can perform on an object. See also access controls.

personally identifiable information (PII) Information that can be used to identify a single person.

phreaking Used in the media to refer to the hacking of computer systems and net-works associated with the phone company. See also cracking.

plaintext In cryptography, a piece of data that is not encrypted. It can also mean the data input into an encryption algorithm that would output ciphertext.

Point-to-Point Protocol (PPP) The Internet standard for transmission of IP packets over a serial line, as in a dial-up connection to an ISP.

Point-to-Point Protocol Extensible Authentication Protocol (PPP EAP)EAP is a PPP extension that provides support for additional authentication methods within PPP.



Glossary


628Point-to-Point Protocol Password Authentication Protocol (PPP PAP)PAP is a PPP extension that provides support for password authentication methods over PPP.

Pretty Good Privacy (PGP) A popular encryption program that has the ability to encrypt and digitally sign e-mail and files.

preventative intrusion detection A system that detects hostile actions or net-work activity and prevents them from impacting information systems.

privacy Protecting an individual’s personal information from those not authorized to see it.

private branch exchange (PBX) A telephone exchange that serves a specific business or entity.

privilege auditing The process of checking the rights and privileges assigned to a specific account or group of accounts.

privilege management The process of restricting a user’s ability to interact with the computer system.

Protected Extensible Authentication Protocol (PEAP) A protected ver-sion of EAP developed by Cisco, Microsoft, and RSA Security that functions by encap-sulating the EAP frames in a TLS tunnel.

public key cryptography See asymmetric encryption.

public key infrastructure (PKI) Infrastructure for binding a public key to a known user through a trusted intermediary, typically a certificate authority.

qualitative risk assessment The process of subjectively determining the impact of an event that affects a project, program, or business. It involves the use of expert judgment, experience, or group consensus to complete the assessment.

quantitative risk assessment The process of objectively determining the im-pact of an event that affects a project, program, or business. It usually involves the use of metrics and models to complete the assessment.

RADIUS Remote Authentication Dial-In User Service is a standard protocol for pro-viding authentication services. It is commonly used in dial-up, wireless, and PPP envi-ronments.

RAS See Remote Access Service.



Glossary


630RBAC See rule-based access control or role-based access control.

recovery time objective (RTO) The amount of time a business has to restore a process before unacceptable outcomes result from a disruption.

Remote Access Service/Server (RAS) A combination of hardware and soft-ware used to enable remote access to a network.

repudiation The act of denying that a message was either sent or received.

residual risk Risks remaining after an iteration of risk management.

risk The possibility of suffering a loss.

risk assessment or risk analysis The process of analyzing an environment to identify the threats, vulnerabilities, and mitigating actions to determine (either quantitatively or qualitatively) the impact of an event affecting a project, program, or business.

risk management Overall decision-making process of identifying threats and vul-nerabilities and their potential impacts, determining the costs to mitigate such events, and deciding what cost-effective actions can be taken to control these risks.

role-based access control (RBAC) An access control mechanism in which, instead of the users being assigned specific access permissions for the objects associated with the computer system or network, a set of roles that the user may perform is as-signed to each user.

rule-based access control (RBAC) An access control mechanism based on rules.

safeguard See security controls.

Secure Copy Protocol (SCP) A network protocol that supports secure file transfers.

Secure FTP A method of secure file transfer that involves the tunneling of FTP through an SSH connection. This is different than SFTP, which is listed below as Secure Shell File Transfer Protocol.

Secure Hash Algorithm (SHA) A hash algorithm used to hash block data. The first version is SHA1, with subsequent versions detailing hash digest length: SHA256, SHA384, and SHA512.

Secure/Multipurpose Internet Mail Extensions (S/MIME) An encrypt-ed implementation of the MIME (Multipurpose Internet Mail Extensions) protocol specification.



Glossary


630Secure Shell (SSH) A set of protocols for establishing a secure remote connection to a computer. This protocol requires a client on each end of the connection and can use a variety of encryption protocols.

Secure Shell File Transfer Protocol (SFTP) A secure file transfer subsystem associated with secure shell protocol (SSH).

Secure Sockets Layer (SSL) An encrypting layer between the session and trans-port layer of the OSI model designed to encrypt above the transport layer, enabling se-cure sessions between hosts.

security association (SA) An instance of security policy and keying material applied to a specific data flow. Both IKE and IPsec use SAs, although these SAs are inde-pendent of one another. IPsec SAs are unidirectional and are unique in each security protocol, whereas IKE SAs are bidirectional. A set of SAs are needed for a protected data pipe, one per direction per protocol. SAs are uniquely identified by destination (IPsec endpoint) address, security protocol (AH or ESP), and security parameter index (SPI).

security baseline The end result of the process of establishing an information system’s security state. It is a known good configuration resistant to attacks and infor-mation theft.

security content automation protocol (SCAP) A method of using specific protocols and data exchanges to automate the determination of vulnerability manage-ment, measurement, and policy compliance across a system or set of systems.

security controls A group of technical, management, or operational policies and procedures designed to implement specific security functionality. Access controls are an example of a security control.

segregation or separation of duties A basic control that prevents or detects errors and irregularities by assigning responsibilities to different individuals so that no single individual can commit fraudulent or malicious actions.

service level agreement (SLA) An agreement between parties concerning the expected or contracted up-time associated with a system.

service set identifier (SSID) Identifies a specific 802.11 wireless network. It transmits information about the access point to which the wireless client is connecting.

signature database A collection of activity patterns that have already been iden-tified and categorized and that typically indicate suspicious or malicious activity.

Simple Mail Transfer Protocol (SMTP) The standard Internet protocol used to transfer e-mail between hosts.



Glossary


632Simple Network Management Protocol (SNMP) A standard protocol used to remotely manage network devices across a network.

single loss expectancy (SLE) Monetary loss or impact of each occurrence of a threat. SLE = asset value × exposure factor.

single sign-on (SSO) An authentication process by which the user can enter a single user ID and password and then move from application to application or resource to resource without having to supply further authentication information.

slack space Unused space on a disk drive created when a file is smaller than the allocated unit of storage (such as a sector).

sniffer A software or hardware device used to observe network traffic as it passes through a network on a shared broadcast media.

social engineering The art of deceiving another person so that he or she reveals confidential information. This is often accomplished by posing as an individual who should be entitled to have access to the information.

Software as a Service (SaaS) The provisioning of software as a service, com-monly known as on-demand software.

software development lifecycle model (SDLC) The processes and proce-dures employed to develop software. Sometimes also called secure development life-cycle model when security is part of the development process.

spam E-mail that is not requested by the recipient and is typically of a commercial nature. Also known as unsolicited commercial e-mail (UCE).

spam filter A security appliance designed to remove spam at the network layer before it enters e-mail servers.

spim Spam sent over an instant messaging channel.

spoofing Making data appear to have originated from another source so as to hide the true origin from the recipient.

symmetric encryption Encryption that needs all parties to have a copy of the key, sometimes called a shared secret. The single key is used for both encryption and decryption.

tangible asset An asset for which a monetary equivalent can be determined. Ex-amples are inventory, buildings, cash, hardware, software, and so on.

Telnet A network protocol used to provide cleartext bidirectional communication over TCP.



Glossary


632Tempest The U.S. military’s name for the field associated with electromagnetic eaves-dropping on signals emitted by electronic equipment. See also van Eck phenomenon.

Temporal Key Integrity Protocol (TKIP) A security protocol used in 802.11 wireless networks.

threat Any circumstance or event with the potential to cause harm to an asset.

time bomb A form of logic bomb in which the triggering event is a date or specific time. See also logic bomb.

TKIP See Temporal Key Integrity Protocol.

token A hardware device that can be used in a challenge-response authentication process.

Transmission Control Protocol (TCP) The transport layer protocol for use on the Internet that allows packet-level tracking of a conversation.

Transport Layer Security (TLS) A newer form of SSL being proposed as an Internet standard.

trapdoor See backdoor.

Trivial File Transfer Protocol (TFTP) A simplified version of FTP used for low-overhead file transfers using UDP port 69.

Trojan horse A form of malicious code that appears to provide one service (and may indeed provide that service) but that also hides another purpose. This hidden pur-pose often has a malicious intent. This code may also be simply referred to as a Trojan.

Trusted Platform Module (TPM) A hardware chip to enable trusted comput-ing platform operations.

uninterruptible power supply (UPS) A source of power (generally a battery) designed to provide uninterrupted power to a computer system in the event of a tem-porary loss of power.

usage auditing The process of recording who did what and when on an informa-tion system.

User Datagram Protocol (UDP) A protocol in the TCP/IP protocol suite for the transport layer that does not sequence packets—it is “fire and forget” in nature.

User ID A unique alphanumeric identifier that identifies individuals who are logging in or accessing a system.



Glossary


634vampire taps A tap that connects to a network line without cutting the connection.

van Eck phenomenon Electromagnetic eavesdropping through the interception of electronic signals emitted by electrical equipment. See also Tempest.

virtual local area network (VLAN) A broadcast domain inside a switched system.

virtual private network (VPN) An encrypted network connection across an-other network, offering a private communication channel across a public medium.

virus A form of malicious code or software that attaches itself to other pieces of code in order to replicate. Viruses may contain a payload, which is a portion of the code that is designed to execute when a certain condition is met (such as on a certain date). This payload is often malicious in nature.

vulnerability A weakness in an asset that can be exploited by a threat to cause harm.

wireless access point (WAP) A network access device that facilitates the con-nection of wireless devices to a network.

war-dialing An attacker’s attempt to gain unauthorized access to a computer sys-tem or network by discovering unprotected connections to the system through the tele-phone system and modems.

war-driving The attempt by an attacker to discover unprotected wireless networks by wandering (or driving) around with a wireless device, looking for available wireless access points.

web application firewall (WAF) A firewall that operates at the application level, specifically designed to protect web applications by examining requests at the applica-tion stack level.

WEP See Wired Equivalent Privacy.

wide area network (WAN) A network that spans a large geographic region.

Wi-Fi Protected Access (WPA/WPA2) A protocol to secure wireless communi-cations using a subset of the 802.11i standard.

Wired Equivalent Privacy (WEP) The encryption scheme used to attempt to provide confidentiality and data integrity on 802.11 networks.

Wireless Application Protocol (WAP) A protocol for transmitting data to small handheld devices such as cellular phones.

Wireless Transport Layer Security (WTLS) The encryption protocol used on WAP networks.



Glossary


634worm An independent piece of malicious code or software that self-replicates. Un-like a virus, it does not need to be attached to another piece of code. A worm replicates by breaking into another system and making a copy of itself on this new system. A worm can contain a destructive payload but does not have to.

X.509 The standard format for digital certificates.

XOR Bitwise exclusive OR, an operation commonly used in cryptography.

XSRF See cross-site request forgery.

XSS See cross-site scripting.


Documents

All-in-1 / CompTIA Security+ All-in-One Exam Guide, …ebook.eqbal.ac.ir/Security/Certification/Security+ SY0-301/Glossary...All-in-1 / CompTIA Security+ All-in-One Exam Guide,