AAA – Authentication, Authorization, and Accounting.

Acceptable Use Policy (AUP) – A common policy found in many businesses in the IT industry that defines the parameters of what users are allowed to do when working within the boundaries of the corporate network.

Access point  – A wireless LAN transceiver or "base station" that can connect a wired LAN to one or many wireless devices. Access points can also bridge to each other.

Access Control – Identifying the areas that specific users can access and determining what they can do with the resources available there.

Accounting – The means of ensuring that every action can be recorded and tied to a specific person on a specific date at a certain time to a specific resource.

ACL (Access Control List) – A list of resources on a server with an associated list of hosts that are able to access these resources.

ActiveX control – A special script that can be very powerful but can have far-reaching consequences if misused or corrupted.

Ad-Hoc mode – A client setting that provides independent peer-to-peer connectivity in a wireless LAN.

Advance Bandwidth – “Bandwidth” is a measure of the transmission capacity that is available on a network at any point in time.

AE – The Advanced Encryption Standard (AES) is an evolving encryption standard that provides high security.

AH (Authentication Header) – An IPsec security service that allows authentication of the user sending data.

Algorithm – A procedure that is followed to produce encrypted cipher text from clear text or vice versa.

Annual Loss Expectancy (ALE) – The potential amount of currency lost in one year based on the effects of a threat and the number of times it occurs.

APIPA (Automatic Public IP Addressing) – A feature of Microsoft Windows operating systems that assigns a computer with an IP address when no IP address has been assigned manually or dynamically through the use of the DHCP server.

Applet – A Java client-side script

AS (Authentication Server) – A server used in the Kerberos process that performs user authentication and provides session keys.

ASCII (American Standard Code for Information Interchange) – A standard that assigns numeric values to the English alphabet.

Asymmetric encryption algorithm – An encryption algorithm that uses the different keys for encrypting as decrypting.

Authentication – The process of proving the identity of the person that is attempting to access a resource.

Authorization – The process of permitting or denying access to resources to an authenticated user or other object.

Back to TopB

Base64 encoding – A method for converting non-standard characters to ASCII values.

Bastion Host Any computer or server that must be located outside of the firewall, say in the DMZ, to do its job.
For instance, a Web server could operate on a bastion host.

Block Cipher – An encryption algorithm that breaks incoming works on the text continuously.

Bluetooth – A wireless technology that is optimized for short-range, low-power voice and data communication.

Biometrics – The technology used to identify a person based on some physical trait like fingerprints, iris scan, or facial recognition.

Bridge – A wireless bridge connects separate pieces of a network using wireless techniques.

Broadcast Traffic – Traffic on a network sent to multiple devices. These devices can be on the same node or on multiple nodes in the network.

Business Continuity Planning (BCP) – The planning and analysis that can protect a business through many kinds of trouble. One of the goals is to set spending limits on preventative measures so that they line up with each threat.

Back to TopC

CA (Certificate Authority) – A business that issues digital identifications to individuals, other businesses, and resources to provide them a way to authenticate themselves on the Internet.

Callback – A way in which dial-up users can be authenticated. Once the user connects and is authenticated, the computer will hang up and call back the user with the registered number preventing unauthorized use of a user name or password.

Carrier protocol – The protocol that the network being utilized uses

CDR – A Compact Disc, Recordable is a CD-ROM which can be recorded, or “burned” on a users own machine.

Chain of Custody – A record to track all of the evidence during an investigation, including who handled each piece of evidence, how it was handled, and what measures are taken to prevent the evidence from being tampered with.

CHAP (Challenge-Handshake Authentication Protocol) – A protocol used by servers to authenticate the originator of a connection. CHAP uses a three-way handshake procedure to authenticate users.

Cipher text, cipher – The resulting output of an encryption algorithm.

Clear text – The unencrypted input top a cipher

Client – A computer that requires data or other services from another.

Client devices – Wi-Fi client devices include PC Cards that slide into laptop computers, mini-PCI modules embedded in laptop computers and mobile computing devices.

Client-side script – A script that executes, or runs, on the user’s browser.

Coax – A popular cable for video, cable TV, antennas, and at one point, networks. Each of the elements of a coax.

Cold Site – A place designed for disaster recovery where electricity and desks are available, but computers, software, and other specialized equipment must be provided. It may take days or weeks to make it operational.

Countermeasure – Any action performed to work against another action.

Context directory – A context directory can be used to locate desired resources based upon a user’s location relative to the resource.

Back to TopD

DAC (Discretionary Access Control) – An access control method where the user’s identity is use to permit or deny access to a resource.

Data Repository – A server dedicated to providing information, such as a directory server.

Degauss – A method used to demagnetize magnetic material. This removes all data stored on the media.

DHCP (Dynamic Host Control Protocol) – A protocol used to automate the assigning of IP addresses on a network.

Digital Certificate – A computer document used to attest to the authentication of a user, computer, or other object.

Disaster Recovery – The steps that can be taken to restart network operations and services. It is a list of resources, backups, alternatives, and procedures designed to restore order after a tragedy.

Disaster Recovery Planning (DRP) – The documentation that guides an organization’s actions in times of crisis.

Discretionary Access Controls (DAC) – A way of assigning access permissions in a system based on ownership of resources. The owner of a file is generally the user that created the file. The owners decide who or what has access to the resources that they own.

DMZ (Demilitarized Zone) – A buffer zone between an internal network and generally the Internet, although a DMZ can be implemented between internal networks as well.

Dynamic NAT – The automatic assignment of private IP addresses from a pool of usable addresses.

Back to TopE

E-mail viruses – A special variation of the virus travels in e-mail messages and attachments.

Encapsulate – Placing something within something else in an effort to hide the true nature of it.

Encapsulating protocol – A protocol used to encapsulate data.

Encryption – A method of protecting information by scrambling or transposing it.

ESP (Encapsulating Security Payload) – An IPsec service that allows the sender of data to be authenticated and also supports the encryption of data and integrity checking

Extranet – An Intranet that connects one or more companies to create a secure network, effectively expanding its Intranet to accommodate the users and resources of other businesses.

Back to TopF

False Positive – A false alarm caused when a signature setting is triggered even though no threat is present.

FDISK – A program that is used to format magnetic hard and floppy disks so that data can be stored on them.

Filter – A filter specifies attribute types, assertion values, and matching criteria for a query

Finger – An Internet software tool that locates people in other parts of the Internet, such as on different Internet sites

Firewall – A hardware device or software program that protects one network from another by examining incoming and outgoing data and determining if the data is detrimental to the network.

Forensic – Something that is admissible in a court of law to be used as evidence.

Frame – Data transmitted between nodes of a network where the data is “framed” by header and trailer information to tell the devices the beginning and end of the frame.


Back to TopH

Hashing – A way of determining the authenticity of data by applying a mathematical function to it. The resulting data is then used at a future time to determine if the original data has changed.

Header – The leading portion of a data packet that provides information about the packet to devices on the network in order to route and assemble the data correctly.

HMAC (Hashed Message Authentication Code) – A method for authenticating messages by creating a mathematical value for the message as a whole. If any part of the message is changed, the HMAC changes value, proving that the message has changed.

Honeypot – A computer, service, or software that emulates a computer, network segment, or an entire network and is specifically designed to respond positively to hacking attempts.

Hot Site – A place designed for disaster recovery where copies of required equipment and software are on hand and running, backups may be available, and operations can transfer within a few hours. This is a very expensive option.

HotSpot – A place where you can access Wi-Fi service. This can be for free or for a fee. HotSpots can be inside a coffeeshop, airport lounge, train station, convention center, hotel or any other public meeting area.

HTTP (Hypertext Transfer Protocol) – The protocol used to exchange data on the World Wide Web.

Hypertext Transfer Protocol (HTTP) – Protocol for clear text transfer of hypertext markup language (HTML) data used as part of Web pages.

Back to TopI

IEEE Institute of Electrical and Electronics Engineers, New York, www.ieee.org.

IEEE 802.11 – Earliest Wi-Fi standard, now rarely used. A specification for over-the-air interfacing between a wireless client and a base station or between two wireless clients

IEEE 802.11a – Wi-Fi standard that operates on the 5 GHz. band and can pass data at a maximum or 54 Mbps.

IEEE 802.11b – Wi-Fi standard that operates on the 2.4 GHz. band and can pass data at a maximum or 11 Mbps.

IEEE 802.11g – Wi-Fi standard that operates on the 2.4 GHz. band and can pass data at a maximum or 54 Mbps.

IEEE 802.11x – The name of the series of standards that defines Wireless LANs using Wi-Fi.

Intrusion Detection System (IDS) – An IDS detects anomalies inside the network and notifies administrators.

Infrastructure mode – Using an access point to connect to a network. (As compared to Ad-Hoc mode, whereby PCs communicate directly with each other)

IP (Internet Protocol) – The protocol used on the Internet to send data.

IP address – A number used to address computers and other network devices.

Intranet – An internal network of computers and resources for privileged information accessible locally and remotely by authorized users.

IPsec (IP Security) – A network layer protocol that ensures data security during transmission over an unsecure network.

ISP (Internet Service Provider) – Any company that provides a connection to the Internet to clients.

Back to TopJ

Job Rotation – Rotating workers to new assignments with or without notice to keep everybody busy forming relationships rather than conspiracies.

Back to TopK

KDC (Key Distribution Center) – The AS and the TGS in the Kerberos installation make up the KDC.

Kerberos – An authentication system developed by MIT that is based on symmetric key cryptography.

Back to TopL

L2TP (Layer 2 Tunneling Protocol) – Tunneling protocol formed by taking the best parts of Cisco Systems L2F and Microsoft PPTP. L2TP can pass secure traffic over Internet Protocol networks, as well as frame relay and ATM.

LAN A local area network is a system of connecting PCs and other devices within the same physical proximity for sharing resources. When Wi-Fi is used to connect the devices, the system is known as a wireless LAN or WLAN.

Lightweight Directory Access Protocol (LDAP) – The LDAP standard defines a network protocol for accessing information from a directory.

Logical topology – How computers and other network devices are connected on a network regardless of how they are physically connected.

Back to TopM

MAC (Mandatory Access Control) – An access control method where the users are assigned a security level and objects are assigned a security label. When access is requested, a comparison is made between the two.

MAC address This is a hexadecimal address that is burned in to the network card that is specific to a device, like the VIN number on a car or truck. It is useful for telling one device on a network from another. .

Man-in-the-middle attack – This is an attack where an attacker pretends to be the other party to each of the communicating parties in order to intercept communications between the two.

MIME (Multipurpose Internet Mail Extensions) – A protocol used to transfer non-ASCII files such as audio and video by re-encoding it into SMTP standard files.

Mutual Assistance Agreement – An agreement where the resources of one group are made available to another group in the event of an emergency. This provides standby capabilities at minimal cost, and is particularly effective when expensive, long-lead time devices are required.

Back to TopN

NAPT – Network Address Port Translation – See PAT.

NAT (Network Address Translation) – A service that allows the translation of public IP addresses to private IP addresses.

Network News Transport Protocol (NNTP) – The format used to the carry the system of messaging called “newsgroups”. Newsgroups resembles a bulletin board in that messages are posted to the group, sorted by category.

NIC (Network Interface Card) – A device used by a computer or network device that connects it to a network either physically or wirelessly.

NIDS (Network Intrusion Detection System) – A device or service on a network dedicated to detecting unauthorized hacker activity.

Node – A location on the network. A node can be any device connected to a network that must communicate with other devices.

Non-disclosure – A signed pledge acknowledging that work is being performed with privileged information and procedures, and agreeing to keep such information and procedures secret.

Back to TopO

One time password (OTP) – A scheme used to grant permission securely. The password generated can only be used once. Any attempt to re-use the password will result in a denial to access the resource.

OSI (Open System Interconnect) model – A seven-layer networking model where each layer communicates with the layer above and below it to allow for architectural changes at each layer that only affect the layer above and below it.

Back to TopP

Packet storm – An excess of packets on a network that can slow down or even debilitate communications on the network.

PAP (Password Authentication Protocol) – A protocol used by servers to authenticate the originator of a connection.
PAP uses a two-way handshake procedure to authenticate users.

Pass phrase – A string of words or characters used to authenticate a user. A passphrase is usually much longer than a password to increase the security of authentication.

Passenger protocol – The protocol used by the originating and destination network when using a tunneling protocol.

PAT (Port Address Translation) – A service used to translate multiple private IP addresses to a single public IP address by assigning each private IP address a unique port number for communications.

PC card – A removable, credit-card-sized memory or I/O device that fits into a PCMCIA standard slot in a PC, portable computer, PDA, or laptop.

PCI – A high-performance I/O computer bus used internally on most computers.

PCMCIA – Expansion cards now referred to as "PC Cards" were originally called "PCMCIA Cards".

Peer-to-peer network – A wireless or wired computer network that has no server or central hub or router. All the networked PCs are equally able to act as a network server or client.

PGP (Pretty Good Privacy) – A protocol used to authenticate and secure email messages and attachments, files, and folders using PKI, hashing, and encryption.

Physical topology – The actual physical layout of a network.

PKI (Public Key Infrastructure) – A system of authentication based on public key encryption using digital certificates to authenticate users and other objects.

Playback Attack – A type of hacking attempt where a communication between computers is recorded and played back at a later date to gain access to a system using the recorded communication.

Point and click interface – The style of interface used for Web browsers. Contrast this with the text interfaces of earlier systems such as Gopher and Archie.

Point of Contact – The person who coordinates the efforts of everyone involved with responding to an incident.

PPTP (Point-to Point Tunneling Protocol) – One of the most enduring tunneling protocols for moving information across insecure media.

Private address space – A pool of IP addresses set aside that can be used to address devices that will never go on the actual Internet.

Private Branch Exchange (PBX) – A device that serves two telecommunications purposes; one is to route calls, the second is to reroute calls from company users outside of the office made to other locations, in order to concentrate long distance charges and simplify accounting

Private key – An encryption key that is not meant to be shared.

Public key – An encryption key that is posted in an easily accessible place.

Punch down Block – A device in a wiring closet which forms a convenient place to cross-connect wires leading to various devices.


Back to TopR

RAID – Redundant Array of Inexpensive Disks or Redundant Array of Independent disks. One of several patterns by which hard drives can be combined to increase reliability.

RADIUS Remote Address Dial-in User Service – Authentication and authorization service that also provides accounting. Uses UDP for transport.

RBAC (Role-based Access Control) – An access control method where the users role is used to determine whether access is permitted or denied.

Redundancy – The duplication of critical hardware to protect a network, system, or device from failure and loss of data.

Remote Access Services (RAS) – The different methods that users can use to remotely connect to a network in order to access and shared resources.

Replication – Updates across the network to servers that provide the same service in order to ensure that all servers have the same information at approximately the same time.

Role Based Access Controls (RBAC) – A variation of the MAC control type where access privileges are gained through user configurations and membership in groups with permissions of their own based on job functions or roles.

Rootkit – A script with allows an attacker to establish a supervisory or root-level account. The rootkit may also provide a backdoor for reentry and may cover the tracks of an attacker.

Routers – Devices used to connect networks by forwarding packets to and from each as needed using the Network Layer of the OSI model.

RTGS (Remote Ticket Granting Server) – A TGS in a realm where resources need to be accessed from a different realm. This server issues the ticket that will be used by the requestor to access the remote resource.

Back to TopS

S-HTTP (Secure Hypertext Transfer Protocol) – A secure protocol that authenticates the client to the server for single messages. It does not create and maintain a secure connection between the client and the server.

S/MIME (Secure MIME) – A protocol for sending and receiving secure emails. S/MIME provides authentication and encryption for email messages.

SA (Security Associations) – A record established by the receiving host and referenced by the sending host to identify the protocols that will be used in an IPsec session

Scope – What to search when creating a query

Scope Creep – A progressive widening of the BCP to include non-essential services.

Secure – Secure hardware means that devices are protected from loss, theft or unauthorized use. Secure software means that a hacker or attacker cannot break into it and steal data.

Separation of Duties – Assigning different parts of a task to different people in such a way that to steal or defraud is difficult.

Server-side script – A script that executes, or runs, on the server. The result of a server-side script is often sent to the client via a Web page that was modified by the action of the script.

Servelet – A Java server-side script

Service Set Identifier (SSID) – A unique identifier that differentiates one WLAN from another, which is the means of allowing various users’ NICs to join a particular wireless LAN.

SH Secure Shell – One of the most popular tunneling protocols on the Internet. There are SSH versions for FreeBSD, for UNIX, for Linux, and for Windows (puTTY).

Signature Analysis – Looking for patterns in a data stream which may indicate that an attack is underway.

Simple Mail Transport Protocol (SMTP) – SMTP is the basis of today’s e-mail system. It is not secure, and is subject to snooping attacks, and also has allows spoofing so that misuses, such as spam, are difficult to strop. However, the format has been around a long time and has proved its worth.

Slurpd – A service used to propagate changes from one database to another using the LDAP protocol

Smashing the Stack – Forcing a buffer overrun, which may cause the execution of malicious code.

SMTP (Simple Mail Transport Protocol) – A server to server protocol used to transfer email messages generally over Ethernet.

Social Engineering – The art of convincing people to hand over pieces of information that will support an attack on the network.

SOHO – Small Office/ Home Office, A term generally used to describe an office or business with ten or fewer computers and/or employees.

SSL (Secure Sockets Layer) – A protocol used to establish secure client-server connections. SSL operates above the network layer and below the application layer of the OSI model.

Smartcard – A credit card size device that contains a user’s private key.

Software Token – A software application installed on the user’s machine or a small digital device used to generate a dynamic password that is event-synchronous with an access server.

Static NAT – The manual assigning of public IP addresses to private IP addresses when using the NAT service.

Stream cipher – An encryption algorithm that works on the incoming clear text in a continuous process.

Subnet – A section of a network that has the same address space.

Switch – A device that forwards packets between networks or network segments. Unlike routers, however, most switches operate on the data link layer of the OSI model, and they make their switching decisions based on the machine or device address (MAC address) rather than the network address.

Symmetric encryption algorithm – An encryption algorithm that uses the same key for encrypting as decrypting.

Back to TopT

TACACS+ Terminal Access Controller Access Control System – An updated version of a legacy authentication and authorization protocol. TACACS+ allows authentication exchanges of any length, meaning that any authentication protocol can be used. TACACS+ can flexibly assign tunnel resources using policies or access lists, and provides detailed accounting. TACACS+ uses TCP for transport.

TCP/IP (Transfer Control Protocol / Internet Protocol) – A suite of protocols used to transmit data on the Internet.
TCP/IP can also be used as a transmission protocol on a private network.

TGS (Ticket Granting Server) – A server that grants tickets used to access resources in the same realm by authenticated users.

TGT – A ticket granted by the AS to allow a user to access the TGS. This ticket proves the authenticity of the user.

TLS (Transport Layer Security) – A protocol based on SSL that provides additional security and functionality.
TLS is meant to replace SSL implementations.

Token – A device that is used to compute a key in response to a challenge from the server.

Trojan horses – A Trojan horse is simply a computer program.

Tunneling – A way to transmit data to and from a private network through a public network without public network hardware being able to distinguish this private traffic from normal network traffic.

Back to TopU

UDP (User Datagram Protocol) – A connectionless protocol used mostly for broadcasting data over a network.

Unicast traffic – Network communications between two devices.

USB (Universal Serial Bus) – A computer interface that is used for communication between the computer and peripheral devices.

Back to TopV

Viruses – A virus is a small code string that piggy backs on valid programs.

Virtual Private Network (VPN) – A point to point connection using security measures such as encryption to connect a user to another network through a public ISP. A VPN connection allows a user to access resources securely from a remote location as if the user were connected locally.

VLAN (Virtual LAN) – A group of network resources such as computers and workstations, servers, printers, and any other network devices, that can communicate as if they were physically connected to the same network segment, regardless of their physical location

VPN (Virtual Private Network) – A connection that allows a network to use the public telecommunications circuits to maintain privacy with tunneling protocols and security enhancements between two private networks.

Back to TopW

WAN – A communication system that spans a large local, regional, national or international geographic area, a Wide Area Network.

Warm Site – A place designed for disaster recovery where basic equipment and communications are set up.
Computers must be obtained and software must be installed. This takes longer than a hot site but is more cost effective.

WEP – Basic wireless security provided by Wi-Fi, the Wired Equivalent Privacy protocol. It is available in 40-bit (also called 64-bit), or in 108-bit (also called 128-bit) encryption modes.

Whistle blower is – An employee that sees a violation of law and reports it to authorities.

Whois – An Internet directory service, similar to finger, used to look up names of people on a remote server.
Most commonly, whois is used to look up domain ownerships and contact addresses for URLs

Wi-Fi – Wireless Fidelity, (Wi-Fi) is the name for 802.11 wireless network technology

Wi-Fi Alliance – A non for profit international association formed in 1999 to promote the IEEE 802.11 specification.

WLAN – Wireless LAN (See LAN).

Worms – A worm is a code snippet that exploits computer networks and security holes to reproduce itself.

WPA – Means Wi-Fi Protected Access, a security enhancements for wireless LAN Systems.

Back to TopX

X.500 – A standard for a directory architecture that is often used as the back end for LDAP systems.

X.509 – The certificate standard that fits in the same family as X.500.