By Fatskills Exam Guides Team — the exam nerds behind 28,500+ quizzes and 2.1M practice questions across 500+ global exams.
A acceptable use policy (AUP): An organization’s policy that provides specific detail about what users may do with their network access, including email and instant messaging usage for personal purposes, limitations on access times, and the storage space available to each user. access control list (ACL) In the broadest sense, the underlying data associated with a network resource that defines the access permissions.: The most common privileges include the ability to read, write to, delete, and execute a file. accounting: The tracking, primarily for auditing purposes, of users’ access to resources. active logging: A common intelligence gathering tool used during the forensics process. active reconnaissance: Reconnaissance that requires engaging with the target, such as through port scanning and service identification. Address Resolution Protocol (ARP): A protocol that resolves a device’s assigned IP address to its MAC hardware address. administrative control: A control based on business and organizational processes and procedures. Advanced Encryption Standard (AES): A symmetrical 128-bit fixed-block encryption system that has a key size of 128, 192, or 256 bits and replaces the legacy DES standard. advanced persistent threat (APT): A threat that is rooted in the capability to infiltrate a network and remain inside while going undetected. This access often provides the means for a more strategic target or defined objective, including the capability to exfiltrate information over a long period of time. adversarial artificial intelligence: (AI) Techniques such as machine learning used to solve a variety of problems and challenges used by an adversary. Agile: An SDLC model that breaks development into cycles.: The Agile model combines iterative and incremental process models. air gap: A physical isolation gap between a system or network and the outside world. annual loss expectancy (ALE): The expected cost per year arising from a risk’s occurrence. It is calculated as the product of the single loss expectancy (SLE) and the annualized rate of occurrence (ARO). annual rate of occurrence (ARO): The number of times a given risk will occur within a single year. antispam: A software program that can add another layer of defense to the infrastructure by filtering out undesirable email. antivirus: A software program used to protect the user environment that scans for email and downloadable malicious code. Arduino: A low-cost single-board computer used to create interactive projects. armored virus: A virus that is hard to detect and that seeks to make analyzing its functions difficult. ARP poisoning: An attack in which a perpetrator tricks a device into thinking any IP address is related to any MAC address. In addition, perpetrators can broadcast a fake or spoofed ARP reply to an entire network and poison all computers. asymmetric keys: A pair of key values (one public and the other private) used to encrypt and decrypt data, respectively. Only the holder of the private key can decrypt data encrypted with the public key; this means that anyone who obtains a copy of the public key can send data to the private key holder in confidence. attribute-based access control (ABAC): A logical access control model recommended as the preferred access control model for information sharing among diverse organizations by the Federal Identity, Credential, and Access Management (FICAM) Roadmap. auditing: The tracking of user access to resources, primarily for security purposes. authentication: The process of identifying users. Authentication Header (AH): A component of the IPsec protocol that provides integrity, authentication, and antireplay capabilities. authorization: The process of identifying what a given user is allowed to do. automated indicator sharing (AIS): An initiative from the U.S. Department of Homeland Security that enables the exchange of cybersecurity threat indicators. B banner grabbing: A technique used to identify what operating system is running on a machine, as well as the services that are running. baseline: A measure of normal activity that is used to determine abnormal system and network behaviors. Bcrypt: A key-stretching algorithm based on the Blowfish cipher that provides an adaptive hash function. behavior-based IDS: A detection method in which a user notices an unusual pattern of behavior, such as a continually operating hard drive or a significantly slowed level of performance. behavior-based monitoring: The use of established patterns of baseline operations to identify variations that might identify unauthorized access attempts. birthday attack: An attack that finds collisions within hash functions, resulting in a more efficient method of brute-forcing one-way hashes. black box (unknown environment): A test conducted when the assessor has no information or knowledge about the inner workings of the system or knowledge of the source code. blockchain: A digital ledger where transactions are grouped into blocks, each linked to the previous block through a cryptographic hash and shared with the network. block cipher: An algorithm that transforms a message from plaintext (unencrypted form) to ciphertext (encrypted form), one piece at a time.: The block size represents a standard chunk of data that is transformed in a single operation. Blowfish: A block cipher that can encrypt using any size chunk of data and perform encryption with any length encryption key, up to 448 bits. bluejacking: An attack used to generate messages that appear to be from the device itself, leading users to follow obvious prompts and establish an open Bluetooth connection to the attacker’s device. bluesnarfing: A Bluetooth attack that can expose or alter a user’s information. boot sector virus: A type of virus that is placed into the first sector of a hard drive so that when the computer boots, the virus loads into memory. bot: Short for robot, an automated computer program that needs no user interaction. Bots allow hackers to take control of a system. Many bots used together can form a botnet. botnet: A large number of computers (bots) that forward transmissions to other computers on the Internet. You might also hear a botnet referred to as a zombie army. bring your own device (BYOD): A policy that allows employees to use personal mobile devices for access to enterprise data and systems. brute-force attack: An attack that relies on cryptanalysis or algorithms capable of performing exhaustive key searches. buffer overflow: An attack that occurs when the data presented to an application or a service exceeds the storage space allocation that has been reserved in memory for that application or service. business continuity plan (BCP): A plan that describes a long-term systems and services replacement and recovery strategy, designed for when a complete loss of facilities occurs.: A business continuity plan prepares for automatic failover of critical services to redundant offsite systems. business impact analysis (BIA): The process of determining the impacts that might result from the interruption of time-sensitive or critical business processes. business partner agreement (BPA): A type of contract that establishes the responsibilities of each partner. C captive portal: A web page that is first launched when a user is connecting through a network and that usually requires some type of interaction before the user is allowed access to other networking or Internet sites. cat: A command-line file-manipulation command for reading files sequentially that is used to concatenate files. .cer: A common certificate extension. certificate authority (CA): A system that issues, distributes, and maintains current information about digital certificates. Such authorities can be private (operated within a company or an organization for its own use) or public (operated on the Internet for general public access). certificate policy: A statement that governs the use of digital certificates. certificate revocation list (CRL): A list generated by a CA that enumerates digital certificates that are no longer valid and the reasons they are no longer valid. certificate signing request (CSR): A request to apply for a digital certificate. certification practice statement (CPS): A document that defines the practices and procedures a CA uses to manage the digital certificates it issues. chain of custody: The documentation of all transfers of evidence from one person to another, showing the date, time, reason for transfer, and signatures of both parties involved in the transfer. Chain of custody also refers to the process of tracking evidence from a crime scene to the courtroom. Challenge Handshake Authentication Protocol (CHAP): A widely used authentication method in which a hashed version of a user’s password is transmitted during the authentication process. chmod: A command-line tool used to change access permissions for files and directories. choose your own device (CYOD): An option in which an organization controls the devices an employee can use by providing a list of approved devices. cipher: A method of encrypting text.: The term cipher also refers to an encrypted message (although the term ciphertext is preferred). cipher block chaining (CBC): A commonly used mode that provides for confidentiality only and not integrity. clickjacking: A hijacking attack that takes advantage of browser vulnerabilities and allows the attacker to redirect clicks or keystrokes to something the user does not expect. cloud access security broker (CASB): A Gartner-created term that describes a cloud cybersecurity layer focused on visibility, compliance, data security, and threat protection. Cloud Security Alliance (CSA): A nonprofit organization that provides security best practices for cloud-based services and computing. cold site: A remote site that has electricity, plumbing, and heating installed, ready for use when enacting disaster recovery or business continuity plans. At a cold site, the company enacting the plan supplies all other equipment, systems, and configurations. Compare this with hot and warm sites. common access card (CAC): A smart card used in military, reserve officer, and military contractor identity authentication systems. compensating control: An alternative control that is intended to reduce the risk of an existing or potential control weakness. computer/cyber-incident response team (CIRT): A team of experts that responds to security incidents. Also referred to as a CSIRT (computer security incident response team). confusion: A method that involves hiding any connection between ciphertext and plaintext, making it difficult to reverse from ciphertext to plaintext without the key. container: A technology that packages applications and services together with their runtime environment, allowing them to be run anywhere. continuity of operations plan (COOP): An initiative issued to ensure that government departments and agencies are able to continue operation in case of natural, human-caused, or technological threats and national security emergencies. Core Root of Trust Measurement (CRTM): The first trusted action executed at bootup. It measures the bootloader and sends the hash value to the TPM chip for storage in one of the platform configuration registers (PCR) before execution. corporate owned, personally enabled (COPE): A policy by which employees are able to use corporate-owned devices for personal use. corrective control: A control that is reactive and provides measures to reduce harmful effects or restore the system being impacted. counter mode: A mode that essentially turns a block cipher into a stream cipher. Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP): A protocol based on the Advanced Encryption Standard (AES) encryption cipher. cross-site request forgery (XSRF): A web attack that exploits existing site trust, such as unexpired banking session cookies, to perform actions on the trusting site using the already existing trusted account. cross-site scripting (XSS): A web attack in which malicious executable code is placed on a website to allow the attacker to hijack a user session to conduct unauthorized access activities, expose confidential data, and log successful attacks back to the attacker. cryptographic module Any combination of hardware, firmware, or software that implements cryptographic functions such as encryption, decryption, digital signatures, authentication techniques, and random number generation. cryptography: The process of protecting information by disguising (encrypting) it in a format that only authorized systems or individuals can read. crypto-malware Malware that is specifically designed to find potentially valuable data on a system and encrypt it. Cuckoo: A malware analysis tool that provides results of what a file does when executed in an isolated environment. curl: A command-line tool that provides the ability to get and send data using URLs. CVE/CVSS (Common Vulnerabilities and Exposure/Common Vulnerability Scoring System): A list of publicly known vulnerabilities that provides descriptions and references, along with severity ratings. cyber kill chain: A framework that is used to track the steps or phases that an attacker goes through as part of an intrusion. D dark web: A part of the web that can’t be accessed like regular websites but that requires the use of special software that provides secure communications. data classification: A system of organizing data into categories based upon the data sensitivity to help guide data protection measures. data disposal: The practice of disposing of equipment used by an organization. Data Encryption Standard (DES): A block cipher that uses a 56-bit key and 8 bits of parity on each 64-bit chunk of data. data execution prevention: A security technology that can prevent security threats from executing code on a system. data exfiltration: The unauthorized transfer of data; also known as data theft. data loss prevention (DLP) Security services that identify, monitor, and protect data during use, storage, or transfer between devices. DLP software relies on deep inspection of data and transactional details for unauthorized access operations. decryption: The process of turning ciphertext into plaintext. defense-in-depth: A term rooted in military strategy that requires a balanced emphasis on people, technology, and operations to maintain information assurance (IA). demilitarized zone (DMZ): An area in a network that allows limited and controlled access from the public Internet. Also called a screened subnet. denial of service (DoS): A type of attack that denies legitimate users access to a server or services by consuming sufficient system resources or network bandwidth to render a service unavailable. detective control: A control that warns that physical security measures are being violated. deterrent control: A control that is intended to discourage individuals from intentionally violating information security policies or procedures. development and operations (DevOps): A term that originated from the recognition that organizational infrastructure should support development or the SDLC along with production capacity. dictionary attack: An attack in which software is used to compare hashed data, such as a password, to a word in a hashed dictionary. This is repeated until matches are found in the hashes.: The goal is to match the password exactly to determine the original password that was used as the basis of the hash. differential backup: A backup that provides only the data that has changed since the last full backup. It is incomplete without the last full backup. Diffie-Hellman (D-H) key exchange: An early key exchange design in which two parties, without prior arrangement, can agree on a secret key that is known only to them. Diffie-Hellman Ephemeral (DHE): An ephemeral version of D-H key exchange that uses a different key for every conversation and supports perfect forward secrecy. diffusion: A method for mitigating the capability to identify patterns that might help break a cipher. digital certificate: An electronic document that includes the user’s public key and the digital signature of the certificate authority (CA) that has authenticated the user.: The digital certificate can also contain information about the user, the CA, and attributes that define what users are allowed to do with systems they access using the digital certificate. Digital Signature Algorithm (DSA): A U.S. standard for the generation and verification of digital signatures to ensure authenticity. disaster recovery plan (DRP): A plan that spells out actions to be taken in case a business is hit with a natural or human-caused disaster. discretionary access control (DAC): An access control method in which access rights are configured at the discretion of accounts with authority over each resource, including the capability to extend administrative rights through the same mechanism. distinguished encoding rules (DER): The binary form of a PEM certificate. distributed denial of service (DDoS): An attack that originates from multiple systems simultaneously, causing even more extreme consumption of bandwidth and other resources than a DoS attack. DLL injection: A programming error that allows an attacker to run code within the context of another process, making it more difficult for an organization to trace the attack. DNS poisoning: An attack that involves redirecting legitimate traffic by changing the IP record for a specific domain. dnsenum: A tool that enumerates DNS by finding DNS servers and DNS records such as mail exchange servers, domain name servers, and the address records for a domain. domain hijacking: An attack that occurs when a domain is taken over without the original owner’s knowledge or consent. Domain Name System (DNS): A system that is responsible for translation of hierarchical human-readable named addresses into their numeric IP equivalents. Domain Name System Security Extension (DNSSEC): A suite of specifications that provides protection against DNS attacks by authenticating DNS response data. domain reputation Protection for registered domains that provides monitoring and threat intelligence. dry-pipe fire suppression: A sprinkler system with pressurized air in the pipes. If a fire starts, a slight delay occurs as the pipes fill with water. This system is used in areas where wet-pipe systems might freeze. dumpster diving: A technique used by an attacker that involves gathering useful information from discarded data. DV certificate: A certificate that is easily and quickly obtained that only verifies and includes the domain name. E EAP Flexible Authentication via Secure Tunneling (EAP-FAST): A proposed replacement to the Lightweight Extensible Authentication Protocol (LEAP) used for wireless authentication connections. EAP Transport Layer Security (EAP-TLS): A protocol that uses certificate-based mutual authentication, negotiation of the encryption method, and encrypted key determination between the client and the authenticating server. EAP Tunneled Transport Layer Security (EAP-TTLS): A protocol that is similar to PEAP but further extends TLS. With an established secure tunnel, the server authenticates the client using authentication attributes in the TLS wrapper. edge computing Computing that happens near the edge of a network, close to where it’s used or needed. e-discovery: The discovery process for electronically stored information. eliciting information: The use of varying techniques that can directly or indirectly lead to sensitive data loss or other compromise. El Gamal: An extension to the Diffie-Hellman design that is a complete public key encryption algorithm. It uses some of the key exchange elements from Diffie-Hellman and incorporates encryption on those keys. elasticity: The capability to expand and reduce cloud resources as needed. electromagnetic interference (EMI) Electronic device interference that occurs when a device is in the vicinity of another device. EMI affects the performance of a device. electromagnetic pulse (EMP): An electronic event that happens when a source emits a short-duration pulse of energy. electronic codebook (ECB): A simple deterministic mode that divides a message into blocks and then encrypts each block on its own. elliptic curve cryptography (ECC): A method in which elliptic curve equations are used to calculate encryption keys for use in general-purpose encryption. Elliptic Curve Diffie-Hellman Ephemeral (ECDHE): A variant of the Diffie-Hellman key agreement protocol for ECC that uses an ephemeral mode of operation and supports perfect forward secrecy. Encapsulating Security Payload (ESP): A method that provides confidentiality, data origin authentication, connectionless integrity, an antireplay service, and traffic flow confidentiality. encryption: The process of turning plaintext into ciphertext. encryption algorithm: A mathematical formula or method used to scramble information before it is transmitted over insecure media. Examples include RSA, DH, IDEA, Blowfish, MD5, and DSS/DSA. end-of-life (EOL) Unsupported software that the vendor has retired. ephemeral key: A key that is used for only a single session. escalation of privilege: An exploitation technique that gives an attacker or tester access to a higher authorization and provides the capability to conduct more advanced commands and routines. EV certificate: A type of digital certificate that provides a high level of trust and security features proving the owner of the certificate. evil twin: A situation in which an unauthorized wireless access point has been set up to mount on-path attack. exploitation framework: A structure that helps in penetrating testing and risk assessments. Each exploitation framework contains a set of exploits for known vulnerabilities. extranet: A special internetwork architecture in which an organization’s external partners and customers are granted access to some parts of its intranet and the services it provides in a secure, controlled manner. F federation: A way to connect identity management systems by allowing identities to cross multiple jurisdictions. file integrity checker: A tool that computes a cryptographic hash such as SHA-1 or MD5 for all selected files.: A database of the hashes is created, and the hashes are periodically recalculated and compared to the hashes in the database to check for modification. File Transfer Protocol (FTP): A client/server data file transfer service for TCP networks that are capable of anonymous or authenticated access. firewall: A network system that monitors incoming and outgoing traffic and makes determinations to allow or deny the traffic based on policy. framework: A structure that generally includes more components than a guide and is used as a basis for implementing and managing security controls. full backup: A complete backup of all data. This is the most time- and resource-intensive form of backup, requiring the largest amount of data storage. fuzzing: An unknown environment for software testing in which semi-random data is injected into a program or protocol stack to detect bugs. G Galois/Counter Mode (GCM): A cryptographic block cipher mode of operation that provides for both integrity and confidentiality and that works in 128-bit blocks. General Data Protection Regulation (GDPR): A regulation intended to strengthen data protection for all individuals within the European Union (EU). geofencing: The use of GPS coordinates or radio-frequency identification (RFID) to define a geographic perimeter. GNU Privacy Guard (GPG): A tool that encrypts and decrypts email messages by using asymmetric encryption schemes such as RSA. gray box (partially known environment): A testing method that combines white box and black box techniques. It can be thought of as being translucent as the tester has some understanding of or limited knowledge of the inner workings of the system being tested. grep: A command-line file manipulation command that searches files for patterns. group policy: A tool that eases administration in managing the environment of users in a Microsoft network. This can include installing software and updates or controlling what appears on the desktop.: The group policy object (GPO) applies a group policy to users and computers. guide Specific information about how standards should be implemented.: A guide or guideline is generally not mandatory and provides recommendations or good practices. H hacktivist: A threat actor who uses digital tools for malicious intent, based on political, social, or ideological reasoning. hardware security module (HSM): A dedicated crypto-processor that is specifically designed for the protection of transactions, identities, and applications by securing cryptographic keys. hash value: The resultant output or data generated from an encryption hash when applied to a specific set of data. If it is computed and passed as part of an incoming message and then is recomputed upon message receipt, this value can be used to verify the received data when the two hash values match. hash-based message authentication code (HMAC): A code that provides additional security to MAC by adding another integrity check to the data being transmitted. hashing: A methodology used to calculate a short, secret value from a data set of any size (usually for an entire message or for individual transmission units). This secret value is recalculated independently on the receiving end and is compared to the submitted value to verify the sender’s identity. head: A command-line file manipulation command that displays the beginning of a text file or file fed to the command. Health Insurance Portability and Accountability Act (HIPAA) U.S. legislation that includes data privacy and security provisions for protecting medical information. heating, ventilation, air conditioning (HVAC): A form of environmental control that warms, cools, and transports air for the purpose of thermal and humidity regulation. hoax: A situation that seems like it could be legitimate but often results from people seeking to carry out various threats. honeyfile: A file used as bait intended to attract an attacker. honeynet: A network used as bait to attract an attacker. honeypot: A decoy system designed to attract hackers.: A honeypot usually has all its logging and tracing enabled, and its security level is lowered on purpose. Such systems often include deliberate lures or bait, in the hopes of attracting would-be attackers who think they can obtain valuable items on these systems. host-based IDS (HIDS) Systems that monitor communications on a host-by-host basis and try to filter malicious data. These types of IDSs are good at detecting unauthorized file modifications and user activity. host-based IPS (HIPS): A software intrusion detection system capable of reacting to and preventing or terminating unauthorized access within a single host system. hot site: A physical site that is immediately available for continuing computer operations if an emergency arises. It typically has all the necessary hardware and software loaded and configured, and it is available continuously. Compare this with warm and cold sites. HOTP (HMAC-based one-time password): An algorithm that relies on a shared secret and a moving factor or counter. hping: A packet assembler and analyzer that provides a number of security capabilities. Hypertext Transfer Protocol (HTTP): A client/server protocol for network transfer of information between a web server and a client browser over the World Wide Web (WWW). Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS): A protocol used in a secured connection that encapsulates data transferred between the client and web server. It occurs on port 443. hypervisor: A virtualization platform that enables more than one operating system to run on a host computer at the same time. It controls how access to a computer’s processors and memory is shared.: A Type I native or bare-metal hypervisor is software that runs directly on a hardware platform.: A Type II, or hosted, hypervisor is software that runs in an operating system environment. I identification: A user or device presenting information such as a username, a process ID, a smart card, or another unique identifier, claiming an identity. identity fraud: The use of a person’s personal information without authorization to deceive or commit a crime. IEEE 802.1X: A standard designed to enhance the security of wireless networks. impersonation: A method by which someone assumes the character or appearance of someone else. incremental backup: A backup that includes only the data that has changed since the last incremental backup. It resets the archive bit. indicator of compromise (IOC) Evidence that indicates a security breach or event has occurred. industrial control system (ICS): A system that is considered to be critical to the infrastructure, such as manufacturing, a logistics and transportation network, energy and utilities, telecommunication services, agriculture, and food production networks. influence campaign Coordinated actions that seek to affect the development, actions, and behavior of the targeted population. Infrastructure as a Service (IaaS): A cloud computing model in which hardware, storage, and networking components are virtualized and provided by an outsourced service provider. Infrastructure as Code (IaC): The incorporation of infrastructure configuration into application code. Also known as the programmable infrastructure. initial exploitation: An exploitation technique that commonly has only regular user access, with no access to high-value areas. initialization vector (IV): A fixed-size input of a random or pseudo-random value used with block cipher modes. integer overflow: A software programming error that can facilitate malicious code or a buffer overflow. integrity measurement: A method that uses attestation challenges from computed hashes of system or application information to obtain confidence in the trustworthiness and identity of a platform or software. interconnection security agreement (ISA): An agreement between organizations that have connected or shared IT systems. International Organization for Standardization (ISO): A body that provides best practice recommendations on information security management. Internet Control Message Protocol (ICMP): A transport protocol in the TCP/IP suite that operates separately from TCP or UDP transfer. ICMP is intended for passing error messages and is used for services such as ping and traceroute. Internet of Things (IoT): A network of connected devices that perform specific functions using embedded systems and sensors. Internet Protocol Security (IPsec): A tool used for the encryption of TCP/IP traffic. IPsec provides security extensions to IPv4. It manages special relationships, called security associations, between pairs of machines. intranet: A portion of the information technology infrastructure that belongs to and is controlled by an organization. intrusion detection system (IDS): A sophisticated network protection system designed to detect attacks in progress but not to prevent potential attacks from occurring. Many IDSs actually can trace attacks back to an apparent source, and some can even automatically notify all hosts through which attack traffic passes that they are forwarding such traffic. intrusive scan: A vulnerability scan that tries to exploit a vulnerability. ipconfig: A tool that displays network settings such as IP address, subnet mask, and default gateway. IP spoofing: An attack that seeks to bypass IP address filters by setting up a connection from a client and sourcing the packets with an IP address that is allowed through the filter. J jailbreaking Removing the restriction to run only Apple-authorized apps on a device. jamming attack: An attack on a wireless network that is performed by setting up a nearby access point and using a dedicated wireless jamming device. K Kerberos: A set of authentication services, including the authentication service (AS) exchange protocol, the ticket-granting service (TGS) exchange protocol, and the client/server (CS) exchange protocol. key derivation function: A function that derives a key, based on the password as the origin point. key escrow: A situation in which a CA or another entity maintains a copy of the private key associated with the public key signed by the CA. key exchange: A technique in which a pair of keys is generated and then exchanged between two systems (typically, a client and server) over a network connection to allow them to establish a secure connection. key management: The process of creating and managing cryptographic keys and digital certificates. key stretching: A technique that involves running a password through an algorithm to produce an enhanced key, usually of at least 128 bits. keylogger: A tool that monitors and sends keystrokes typed from an infected machine. L layered security: The practice of implementing security at different levels or layers to form a complete security strategy and provide better protection than by implementing an individual security defense. LDAP injection: A technique in which malicious input is applied to a directory server, which may result in unauthorized queries, granting of permissions, and even password changes. least functionality: The principle that, by default, systems provide a wide variety of functions and services, some of which are not necessary to support the essential operation of the organization. least privilege: An access control practice in which a logon is given only minimal access to resources required to perform its tasks. Lightweight Directory Access Protocol (LDAP): A TCP/IP protocol that allows client systems to access directory services and related data. In most cases, LDAP is used as part of management or other applications or in browsers to access directory services information. logger: A command-line tool that is used to add logs to the local syslog file or a remote syslog server. logic bomb: A virus or Trojan horse designed to execute malicious actions when a certain event occurs or when a specified period of time goes by. M MAC spoofing: An attack that involves spoofing the hard-coded Media Access Control (MAC) address of a network card. macro virus: A virus inserted into a Microsoft Office document and emailed to unsuspecting users. malware Malicious software used to cause damage or gain unauthorized access to systems. mandatory access control (MAC): A centralized security method in which users are not allowed to change permissions on objects. man-in-the-middle (on-path attack): An attack in which a hacker attempts to intercept data in a network stream and then insert his or her own data into the communication.: The goal is to disrupt or take over communications. mantrap (access control vestibule): A two-door configuration used in high-security facilities that allows only one person to pass at a time. mean time between failures (MTBF): The point in time at which a device will still be operational, denoting the average time a device will function before failing. mean time to failure (MTTF): The expected time to failure for a nonrepairable system. mean time to recovery (MTTR): The average time that a device will take to recover from any failure. memorandum of agreement (MOA): A document that outlines the terms and details of an agreement between parties, including each party’s requirements and responsibilities. Also known as an MOU. memorandum of understanding (MOU): A binding, collaborative agreement entered into by two or more parties. memory leak: A programming error that reduces performance of a system and can cause an entire application or computer to become unresponsive. It has an impact on a system’s availability. message authentication code (MAC): A piece of information used to authenticate a message. It works like a hash to detect tampering. message digest: The output of an encryption hash that is applied to some fixed-size chunk of data.: A message digest provides a profound integrity check because even a change to 1 bit in the target data changes the resulting digest value. This explains why digests are included so often in network transmissions. Message Digest algorithm: A hashing algorithm based on a message digest. Microsoft CHAP (MSCHAP): An encrypted authentication mechanism that is similar to CHAP. It has two versions: MSCHAPv1 and MSCHAPv2. mission-essential function: An activity that needs to be immediately functional at an alternate site until normal operations can be restored. MITRE ATT&CK: A knowledge base and framework of different attack techniques to understand and defend against an attacker. model verification: A method used to automatically and thoroughly check whether a system model meets a given specification. multifactor authentication: A type of authentication that requires more than just a password for account access. Multifactor authentication involves two or more of the types of authentication (something you know, something you have, something you are, something you do, and somewhere you are), not simply multiple credentials or keys of the same type. multipartite virus: A virus that infects executable files and also attacks the master boot record of a system. N National Institute of Standards and Technology (NIST): An agency within the U.S. Department of Commerce that is responsible for developing measurement standards, including standards for cybersecurity best practices, monitoring, and validation. near-field communication (NFC): A set of standards for contactless communication between devices. netcat: A network utility for gathering information from TCP and UDP network connections. network-based IDS (NIDS): An IDS that monitors packet flow and tries to locate unauthorized packets that might have gotten through the firewall.: A NIDS may be used to detect DoS attacks and unauthorized user access. network-based IPS (NIPS): A device or software program designed to sit inline with traffic flows and prevent attacks in real time. Network Time Protocol (NTP): A UDP protocol used for device clock synchronization that provides a standard time base over variable-latency networks. This is critical for time-synchronized encryption and access protocols such as Kerberos. next-generation firewall: A firewall that goes beyond traditional port and IP address examination to include application and user awareness. nmap: A network scanning tool used for locating network hosts, detecting operating systems, and identifying services. nondisclosure agreement (NDA): A legally binding document that organizations might require of their employees and other people who come into contact with confidential information. nonresident virus: A type of virus that, when executed, looks for targets locally and even across the network. normalization: The conversion of data to its anticipated, simplest known form. nslookup: A command-line utility used for troubleshooting DNS. NTLM (NT LAN Manager): An older Microsoft authentication protocol that requires Active Directory and relies on Microsoft Windows user credentials in the authentication process. O OAuth (Open Authorization): A framework used for Internet token-based authorization that provides API authorization between applications. obfuscation: The act of making something difficult to understand. object identifier (OID): A hierarchical globally unique identifier for an object. OCSP stapling: A process that helps reduce the certificate validity request load by allowing a web server to “staple” a time-stamped OCSP response as part of the TLS handshake with the client. offboarding: A process in which user identities that no longer require access to the environment are disabled or deactivated and then deleted from the environment, based on organizational policy. onboarding: A process used to create an identity profile and the information required to describe the identity. Online Certificate Status Protocol (OCSP): An Internet protocol defined by the IETF that is used to validate digital certificates issued by a CA. OCSP was created as an alternative to certificate revocation lists (CRLs) and overcomes certain limitations of CRLs. open source intelligence (OSINT) Information available for collection from publicly available information sources. Open Vulnerability Assessment Language (OVAL): A community open standard for the transfer of information regarding security tools and services. It focuses on vulnerabilities, patch states, and configuration states. Open Web Application Security Project (OWASP): A nonprofit organization that provides resources to improve the security of software. OpenID Connect: An identity layer based on OAuth 2.0 specifications used for consumer single sign-on. order of restoration: The order in which backup tapes are restored. order of volatility In the evidence collection process, collection that occurs from the most volatile component to the least volatile. OV certificate: A type of certificate that provides stronger assurance than does a domain-validated certificate. P P12: An extension used for PFX-encoded certificates. P7B: A Base64-encoded certificate format used on Windows and Java Tomcat systems. PAP (Password Authentication Protocol): A legacy plaintext authentication protocol for remote server access that does not support stronger authentication mechanisms. pass the hash: A type of replay attack in which the attacker provides the hashed password to an accepting authentication scheme. passive reconnaissance Reconnaissance techniques that not require actively engaging with the targeted systems. password attack: An attack on a password using manual or automated techniques, such as dictionary, brute-force, spraying, and rainbow table attacks. Password-Based Key Derivation Function 2 (PBKDF2): A key-stretching algorithm that applies a pseudo-random function to a password, combined with a salt of at least 64 bits, and then repeats the process at least 1,000 times. password cracker: A software utility that allows direct testing of user logon password strength by conducting brute-force password tests. Payment Card Industry Data Security Standard (PCI DSS): A standard that governs the use and storage of credit card data. perfect forward secrecy: A mechanism to prevent the compromise of a private key used to create session keys from compromising past session keys. persistence: An exploitation technique that enables the tester to gain additional compromising information. personal health information (PHI) Any medical data that can be used to identify an individual. Personal Information Protection and Electronics Document Act (PIPEDA): A Canadian law governing the collection and use of personal information. personally identifiable information (PII) Broadly, any data that can be used to identify an individual. PFX: A binary certificate format also known as PKCS#12. pharming: An attack that redirects victims to a bogus website. phishing: An attempt to acquire sensitive information by masquerading as a trustworthy entity via electronic communication, usually email. physical control: A control that forms the outer line of physical defense against direct access to data. ping: A network tool for testing the basic function of a network that is commonly used to test whether a remote host is alive or responding. pinning: A method that extends beyond normal certificate validation to help thwart on-path attacks. plain old telephone service (POTS): The traditional audio circuit-switched telephone service, which predated modern broadband network connectivity using audio modem endpoint devices for remote data access. POTS is still used in many rural and underdeveloped areas that lack broadband infrastructure. Platform as a Service (PaaS): The delivery of a computing platform, often an operating system with associated services, over the Internet without downloads or installation. pointer dereference: A programming error in which an application dereferences a pointer that it expects to be valid but that is really null, resulting in a system crash. polymorphic virus: A virus that can change form or signature each time it is executed, to avoid detection. pop-up blocker: A program used to block a common method of Internet advertising in which a window pops up in the middle of the screen, displaying a message, when you click a link or button on a website. potentially unwanted program (PUP) Software that often is not wanted, although it may not be explicitly malicious. PowerShell: A command-line shell and scripting interface for Microsoft Windows environments. Pretty Good Privacy (PGP): An encryption program that is an alternative to S/MIME. preventive control: A control that attempts to prevent unwanted events by inhibiting the free use of computing resources. privacy enhanced mail (PEM): The most common format and extension for certificates. privacy impact assessment (PIA): An assessment needed for any organization that collects, uses, stores, or processes personal information such as PII or PHI. privacy threshold assessment: An assessment used before a privacy impact assessment to determine whether a system contains personal information such as PII or PHI. private key: A key that is maintained on a host system or application. privilege escalation: A method of software exploitation that takes advantage of a program’s flawed code. Usually, this crashes the system and leaves it in a state in which arbitrary code can be executed or an intruder can function as an administrator. Protected EAP (PEAP): An encrypted form of the EAP authentication protocol, which couples EAP with transport encryption to protect credentials during transfer. protocol analyzer: A tool that troubleshoots network issues by gathering packet-level information across the network. It captures packets and decodes the information into readable data for analysis. public key: A key that is made available to whoever is going to encrypt the data sent to the holder of a private key. Python: A popular and widely used general-purpose programming language. R race condition: A way in which a program executes sequences of code. It typically occurs when code sequences are competing for the same resource or interfering by acting at the same time. RACE Integrity Primitives Evaluation Message Digest (RIPEMD): A group of hash functions developed within academia, based on the design of MD4. radio-frequency identification (RFID): A wireless technology that was initially common to supply-chain and inventory tracking. RAID (redundant array of inexpensive/independent disks) Multiple disks arranged as a large, high-performance logical disk to provide redundancy in case of disk failure. rainbow table: A table that consists of a large set of precomputed hash values for every possible combination of characters. May be used in brute-force cracking of passwords that have been hashed. ransomware: A form of malware that attempts to hold a person or company hostage, often for monetary gain. Raspberry Pi: A single-board computer with integrated peripherals that is commonly used for hobbies, projects, and prototypes. real-time operating system (RTOS): A small operating system used in embedded systems and IoT applications that typically run in a SoC environment. recovery point objective (RPO): The amount of time that can elapse during a disruption before the quantity of data lost during that period exceeds the business continuity plan’s maximum allowable threshold. recovery site: The site an organization chooses for disaster recovery. recovery time objective (RTO): A measure of the time in which a service should be restored during disaster recovery operations. redundancy Replication of a component in identical copies to compensate for random hardware failures. refactoring: A practice for software developers that involves identifying ways to make code more efficient through better design. registration authority (RA): A network authority that provides a CA with authentication of a client’s certificate request and serves as an aggregator of information. remote access Trojan (RAT): A backdoor Trojan installed on a system that allows a remote attacker to take control of the targeted system. Remote Authentication Dial-In User Service (RADIUS): An Internet protocol used for remote-access services. It conveys user authentication and configuration data between a centralized authentication server and a remote-access server (RADIUS client) to permit the remote-access server to authenticate requests to use its network access ports. remote wipe: A technique that involves deleting a handheld device’s data remotely (for example, if the device is lost or stolen). resident virus: A type of virus that resides in memory. By living in the memory of a system, the virus can be loaded each time the system starts or can infect other areas based on specific actions. risk acceptance: The process of recognizing a risk, identifying it, and then accepting that it is sufficiently unlikely or of such limited impact that corrective controls are not warranted. risk avoidance: A solution for eliminating a vulnerability that gives rise to a particular risk so that it is avoided altogether. risk mitigation: The reduction in likelihood or impact of a risk’s exposure. risk register: A specialized software program, cloud service, or master document that provides a method to record information about identified risks. risk transference: A strategy that involves moving risk to hosted providers who assume the responsibility for recovery and restoration or acquiring insurance to cover the costs of equipment theft or data exposure. Rivest Cipher (RC) One of the most commonly implemented ciphers for encryption security. rogue access point: An unauthorized wireless access point. role-based access control (RBAC): A security method that combines MAC and DAC. RBAC uses profiles, which are defined for specific roles within a company, and then users are assigned to such roles. This facilitates administration in a large group of users because when you modify a role and assign it new permissions, those settings are automatically conveyed to all users assigned to that role. root of trust: A sequence in which software images are authenticated by previously verified software before they are executed. rooting: A process that enables complete access to a mobile device. Root-level access allows a user to configure the device to run unauthorized apps and set different permissions by circumventing Android’s security architecture. rootkit: A piece of software that can be installed and hidden on a computer, mainly for the purpose of compromising the system. ROT13: A substitution cipher that rotates each letter by 13 places. router: A device that connects multiple network segments and routes packets between them. Routers split broadcast domains. RSA algorithm: An asymmetric cryptography algorithm that allows anyone to create products that incorporate different implementations of the algorithm, without being subject to license and patent enforcement. rule-based access control: An extension of access control that includes stateful testing to determine whether a particular request for resource access may be granted. When a rule-based method is in force, access to resources might be granted or restricted, based on conditional testing. S salt: An additional input of random data to a function that hashes a password. sandboxing: A method that allows programs and processes to be run in an isolated environment, to limit access to files and the host system. scalability: The capability to handle the changing needs of a system, process, or application within the confines of the current resources. scanless: A port scanning utility that uses websites to do scanning and enables the user to remain anonymous. script kiddie: A threat actor who runs exploits developed by others but who can’t write sophisticated code and might not even know how to program. secure boot: An action that permits a platform to record evidence that can be presented to a remote party in a platform attestation. Secure Hash Algorithm (SHA): A hash algorithm pioneered by the National Security Agency and widely used in the U.S. government. Secure Hypertext Transfer Protocol (S-HTTP): An alternative to HTTPS that was developed to support connectivity for banking transactions and other secure web communications. Secure/Multipurpose Internet Mail Extensions (S/MIME): An Internet protocol specified in RFC 2633 and used to secure email communications through encryption and digital signatures for authentication. It generally works with PKI to validate digital signatures and related digital certificates. Secure Shell (SSH): A protocol designed to support secure remote login, along with secure access to other services across an insecure network. SSH includes a secure transport layer protocol that provides server authentication, confidentiality (encryption), and integrity (message digest functions), along with a user authentication protocol and a connection protocol that runs on top of the user authentication protocol. Secure Sockets Layer (SSL): An Internet protocol that uses connection-oriented, end-to-end encryption to ensure that client/server communications are confidential (encrypted) and meet integrity constraints (message digests). Because SSL is independent of the application layer, any application protocol can work with SSL transparently. SSL can also work with a secure transport layer protocol, which is why the term SSL/TLS appears frequently. Security as a Service (SecaaS): A subscription-based cloud services model that implements security in an organization. Security Assertion Markup Language (SAML): An Extensible Markup Language (XML) standard that allows a user to use single sign-on for affiliated but separate websites. security baseline: A specific set of security-related modifications to patches and settings for systems and services that underpins the technical implementations of security. It is defined in an organization’s security policy. security information and event management (SIEM): A set of tools that collects, correlates, and displays data feeds that support response activities. security orchestration, automation, and response (SOAR): A set of tools that aggregates intelligence from internal and external sources to provide fusion analysis and advanced security analytics and operations. security through obscurity Reliance on secrecy to provide security to an organization. self-encrypting drive (SED): A hard disk that continually performs full disk encryption. sensor: A device (such as a network tap or a firewall log) that collects information about a network. service-level agreement (SLA): A contract between two companies or a company and an individual that specifies, by contract, a level of service to be provided. Supplying replacement equipment within 24 hours of loss is a simple example of something an SLA might specify. session hijacking: An attack in which session cookies are stolen so the attacker can gain access to the site the user is currently connected to. session key: A randomly generated key that performs both encryption and decryption during the communication of a session between two parties. Shibboleth: A SAML-based, open source federated identity solution that provides single sign-on capabilities and federated services. It is popular in research and educational institutions. shimming: A sophisticated hack that requires the installation of a piece of code between two components that is capable of intercepting calls and redirecting them elsewhere. shmishing: An SMS phishing attack that uses text messaging as the attack vector. Short Message Service (SMS): A text-based mobile communication system with a message size originally limited to 160 characters per message. shoulder surfing Looking over someone’s shoulder to obtain information. sideloading: A process in which a user goes around the approved vendor app marketplace and device settings to install unapproved apps. signature-based monitoring: A method of monitoring a network that is based on finding a pattern or signature match. Simple Network Management Protocol (SNMP): A UDP-based application layer Internet protocol used for network management. SNMP is specified in RFCs 2570 and 2574. In converting management information between management consoles (managers) and managed nodes (agents), SNMP implements configuration and event databases on managed nodes that can be configured to respond to interesting events by notifying network managers. single loss expectancy (SLE): The expected cost per instance arising from the occurrence of a risk.: The SLE is calculated as the product of the asset value and the risk’s exposure factor (a percentage of loss if a risk occurs). skimming: An attack that involves copying data from a physical card by using a specialized terminal. smart card: A credit card–size device that contains an embedded chip that can store various types of data, such as a driver’s license number, medical information, passwords and other authentication data, and bank account data. sn1per: An automated penetration testing scanner that enumerates and scans for vulnerabilities. snapshot: A picture that preserves the entire state and data of a virtual machine at the time it is taken. social engineering: The process of taking advantage of human behavior to attack a network or gain access to resources that would otherwise be inaccessible. Social engineering emphasizes the well-known fact that poorly or improperly trained individuals can be persuaded, tricked, or coerced into giving up passwords, phone numbers, or other data that can lead to unauthorized system access, even when strong technical security measures can otherwise prevent such access. Software as a Service (SaaS): A cloud computing model in which software applications are virtualized and provided by an outsourced service provider. software-defined networking (SDN): A method by which organizations can manage network services through a decoupled underlying infrastructure that allows for quick adjustments based on changing business requirements. software-defined visibility (SDV) Visualization combined with the capability to dynamically respond to events across software-defined networks. software development life cycle (SDLC): A process that outlines the steps for developing software. spam Unsolicited messages typically sent to a large number of recipients. spam over Internet messaging (SPIM): A type of unsolicited messaging that is specifically sent over instant messaging platforms. spear phishing: A targeted version of phishing. spyware Software that communicates information from a user’s system to another party without notifying the user. SSL stripping: A technique that involves removing the encryption between a client and a website. staging environment: An SDLC environment that is primarily used to unit test deployment of code before it is put into production. standard Specific mandatory controls based on policies. standard operating procedure (SOP): A prescriptive procedure that provides step-by-step instructions to ensure a standardized and repeatable method for performing a task. stealth virus: A memory-resident virus that uses techniques to avoid detection, such as temporarily removing itself from an infected file or masking a file’s size. steganography: A word of Greek origin meaning “hidden writing” that refers to hiding messages so that unintended recipients are not even aware that a message exists. stream cipher: A cipher in which plaintext bits are encrypted a single bit at a time and combined with a stream of pseudo-random characters. Structured Threat Information (STIX): A standardized and structured language that represents threat information in a flexible, automatable, and easy-to-use manner. supervisory control and data acquisition (SCADA): A subset of systems considered to be critical infrastructure systems. supply-chain attack: An attack that involves taking advantage of other vendors that an organization relies on. symmetric key: A single encryption key that is generated and used to encrypt data. This data is then passed across a network. After the data arrives at the recipient device, the same key used to encrypt the data is used to decrypt it.: A secure method for sharing keys is required because the sender and the receiver both use the same key (which is also called a shared secret because the key should be unknown to third parties). syslog: A system logging protocol used to send logs or messaging events to a server. system logging: The process of collecting system data to be used for monitoring and auditing purposes. system-on-a-chip (SoC) Integration between a microcontroller, an application, or a microprocessor and peripherals. T TACACS+: An authentication, access control, and accounting standard that relies on a central server to provide access over network resources, including services, file storage, and network routing hardware. tactics, techniques, and procedures (TTP) Attack methods and activities associated with specific threat actors. tail: A command-line file manipulation command that is used to display the tail end of a text file or a file fed to the command. tailgating: Following closely behind someone who has authorized physical access in an environment. tcpdump: A command-line packet analysis tool that captures packets sent and received on an interface. tcpreplay: A command-line tool used for replaying network traffic from saved files such as tcpdump. teaming Security team exercises conducted with teams with color names that represent different goals, such as attackers and defenders. Temporal Key Integrity Protocol (TKIP): A protocol based on RC4 that is designed to overcome many of the limitations of WEP. It offers great improvements in message integrity and confidentiality. tethering: The sharing of a device’s Internet connection with other devices through Wi-Fi, Bluetooth, or a USB cable. theharverster: A tool used to gather emails, domains, employee names, ports, and banners from varying sources. threat actor: An individual, a group, or an entity that contributes to an incident—or, more simply, a person or an entity that executes a given threat. threat hunting: A proactive approach to finding an attacker before alerts are triggered. time of check/time of use (TOCTOU): A race condition that takes advantage of the time delay between checking and use. TOTP (time-based one-time password): An algorithm that computes a one-time password from a shared secret key and the current time. transitive trust Trust in which any domain that trusts Domain: A also trusts all other domains that Domain: A trusts. Transport Layer Security (TLS): An end-to-end encryption protocol originally specified in ISO Standard 10736 that provides security services as part of the transport layer in a protocol stack. Trojan horse: A form of malware that appears to be useful software but has code hidden inside that attacks a system directly or allows the system to be infiltrated by the originator of the code when it is executed.: A Trojan horse is software hidden inside other software. It is commonly used to infect systems with viruses, worms, or remote-control software. Trusted Automated Exchange of Indicator Information (TAXII): A specification for machine-to-machine communication that allows organizations to share information with others, as desired. Trusted Platform Module (TPM): A standard for secure crypto-processor chips that are used to authenticate hardware devices such as PCs or laptops. Twofish: A block cipher that can encrypt using a chunk of data of any size. It is the successor to Blowfish. typo squatting: An attack that most commonly relies on typographic errors made by users on the Internet. Also known as URL hijacking. U Unified Extensible Firmware Interface (UEFI): An industry-wide standard managed by the Unified Extended Firmware Interface Forum that defines a standard interface between the OS, firmware, and external devices. unmanned aerial vehicle (UAV): An aerial device or drone, which may be used for military, agriculture, cartography, and other purposes. URL hijacking: A simple method used frequently for benign purposes but that can be easily used for more malicious attacks that most commonly relies on typographic errors made by users on the Internet. Also known as typo squatting. V virtual desktop environment (VDE): An environment similar in form to server virtualization but with some differences, specifically in usage and performance demands. virtual desktop infrastructure (VDI): The server-based virtualization technology that hosts and manages virtual desktops. virtual local area network (VLAN): A software technology that facilitates the grouping of network nodes connected to one or more network switches into a single logical network. By permitting logical aggregation of devices into virtual network segments, VLANs offer simplified user management and network resource access controls for switched networks. virtual private network (VPN): A popular technology that supports reasonably secure logical private network links across some insecure public network infrastructure, such as the Internet. VPNs are more secure than traditional remote access because they can be encrypted and because VPNs support tunneling (hiding numerous types of protocols and sessions within a single host-to-host connection). virtualization technology: A technology developed to allow a guest operating system to run along with a host operating system with one set of hardware. virus: A piece of malicious code that spreads to other computers by design, although some viruses also damage the systems on which they reside. Viruses can spread immediately upon being received or can implement other unwanted actions, or they can lie dormant until a trigger in their code causes them to become active.: The hidden code a virus executes is called its payload. vishing: An attack in which the attacker uses fake caller ID to appear as a trusted organization and attempts to get the individual to enter account details by phone. Also known as voice phishing. VM escape: A situation in which a virtual machine breaks out of or escapes from isolation and has the capability to interact with the host operating system. VM escape doesn’t affect bare-metal platforms. VM sprawl: A situation in which multiple underutilized virtualized servers take up more space and consume more resources than is justified by their workload. voice over IP (VoIP): The delivery of voice communications over the Internet, which is subject to the same attacks as other Internet communication methods. vulnerability scan: A scanning method that identifies vulnerabilities, misconfigurations, and lack of security controls. vulnerability scanner: A software utility that scans a range of IP addresses, testing for the presence of known vulnerabilities in software configuration and accessible services. W warm site: A backup site that has some of the equipment and infrastructure necessary for a business to begin operating at that location. Typically, companies or organizations bring their own computer systems and hardware to a warm site, and the site usually already includes a ready-to-use networking infrastructure. It also might include reliable power, climate controls, lighting, and Internet access points. Compare with hot and cold sites. Waterfall: A traditional SDLC model that starts with a defined set of requirements and a well-developed plan. Adjustments are confined to the current development stage. watering hole attack: An attack in which the attacker focuses on a site frequently visited by the target. Similar to spear phishing but does not use email. web application firewall: Software or a hardware appliance used to protect an organization’s web server from attack. wet-pipe fire suppression: A sprinkler system with pressurized water in the pipes. If a fire starts, the pipes release water immediately and offer the fastest and most effective means of water-based fire suppression. whaling: The use of spear phishing tactics against high-profile targets such as executives within a company. white box (known environment): A testing method in which the assessor has knowledge about the inner workings of the system or knowledge of the source code. Also called clear box or glass box testing. whois: A free and publicly accessible directory from which domain names can be queried to discover contact and technical information about registered domain names. Wi-Fi Alliance: A consortium of companies that has a major impact on wireless technologies.: The organization contributes to the standards process and is responsible for certifying wireless devices. Wi-Fi Protected Access (WPA): A wireless transport security service that uses TKIP 128-bit encryption in place of the weaker legacy WEP encryption standard. Wi-Fi Protected Access Version 2 (WPA2) WPA technology that replaced the original version. It improved the security of Wi-Fi connections by requiring the use of stronger wireless encryption than WPA required. Wi-Fi Protected Setup (WPS): An extension of wireless standards that enables end users to easily establish secure wireless home networks. Originally known as Wi-Fi Simple Config. Wired Equivalent Privacy (WEP): A security protocol used in IEEE 802.11 wireless networking that was designed to provide security equivalent to that found in regular wired networks. It uses basic symmetric encryption to protect data sent over wireless connections so that sniffing of wireless transmissions does not produce readable data. Drive-by attackers cannot access a wireless LAN without additional effort and attacks. WEP is no longer considered secure. Wireshark: A well-known packet analyzer that is similar to tcpdump. worm: A type of virus designed primarily to reproduce and replicate itself on as many computer systems as possible.: A worm does not normally alter files; instead, it remains resident in a computer’s memory. Worms typically rely on access to operating system capabilities that are invisible to users. WPA-Enterprise: Also known as WPA-802.1X mode, a form of WPA that requires security certificates and uses an authentication server from which the keys can be distributed. WPA-Personal: Also known as WPA-PSK (preshared key), a form of WPA that requires a password consisting of 8 to 63 characters; this same password must be used by all devices on the wireless network. X–Z X.509: A digital certificate that uniquely identifies a potential communications party or participant. An X.509 digital certificate includes a party’s name and public key, and it can also include organizational affiliation, service or access restrictions, and other access- and security-related information. XML injection: An injection technique that is used to manipulate the logic of an application in order to perform unauthorized activity or gain unauthorized access by inserting undesirable Extensible Markup Language (XML) content into an XML message. XOR: A type of streaming operation commonly used with advanced cryptographic algorithms in which pseudo-random numbers are used in place of a string of ones. zero-day: An attack that exploits a vulnerability that is unknown to others—possibly even to the software developer.
Join 4M+ learners. Unlock unlimited quizzes, wrong-answer tracking, flashcards + reminders, study guides, and 1-on-1 challenges.