Bookmark and Share

Front Back
The process of identifying WHAT a given user is allowed to do.
Back Door
access to a resource that bypasses normal AUTHENTICATION or Access Control methods.
Is AUTHENTICATION based on some part of the human anatomy.
** Block Cipher
Transforms a message from plain text to cipher-text (encrypted form) one piece or chunk at a time.
Describes long-term systems and services replacement and recovery strategy, designed for use when a complete loss of facilities occurs. Also prepares for automatic failover of critical services to redundant OFFSITE systems.
Describe a certificate.
AKA Digital Certificate; establish IDENTITY and CREDENTIALS of a user to enable the conducting of business tansaction.
What is the CEP (Certificate Enrollment Protocol)?
A PROPRIETARY Cisco protocol that allows Cisco IOS-based routers to communicate with Certificate Authorities.
What is the CMP (Certificate Management Protocol)?
A protocol used for advanced PKI managemnt functions such as; certificate issuance, exchange, invalidation, revocation, and key commission.
Certificate Practice Statement
A statement that defines the PRACTICES and PROCEDURES a CA uses to MANAGE the digital certificates is issues.
Certificate SUSPENSION is?
TEMPORARILY invalidating a certificate while its validiy is being verified.
** Describe CHAP
Challenge Handshake Authentication Protocol - the users password is hashed
Code escrow is
placing application source code in the care of some trusted third party.
A cold site has
electricity, plumbing, and heating installed ready for use.
Cross-certification is when
two or more CAs choose to trust each other and issue credentials on each other's behalf.
Degaussing is?
a method of removing recorded magnetic fields from magnetic storage media by applying strong cyclic magnetic pulses, thereby erasing tghe content and mikeing the media UNREADABLE.
Dictionary attack
software is used to compare hashed data, such as a password to a word in hashed dictionary. Repeated until matches are found in the hash. Find the hash you can then determine the password used to create the hash.
____________ Access Control
A distributed security method that allows users to set permissions on a per-object basis. The NTFS permission used in WinNT/2K/XP & .NET use DAC.
Dry-pipe fire suppression
A sprink,ler system with pressurized air in the pipes. If a fire starts, there is a slight delay as the pipes fill with water. The system is used in areas where wet-pipe systems might freeze..
Faraday cage
A metal enclosure used to conduct (carry) stray EMEs (electromagnetic emissions) to ground, thereby eliminating signal leakage and the ability of external monitors or detectors to "read" network or computer activity.
This can be a very small cage or encompassan entire building, and it is generally used only whenm security concerns are extremely high ( as in national defense, classified areas...)
Faraday cage
Federal Information Processing Standard: A standard created by the United States government for the evaluation of cryptographic modules. It consists of four levels that escalate in their requirement for higher security levels.
Hashing is?
A methodology used to calculate a short, secret value from a data set of any size. This secret valus is recalculated indepnedently on the receiving end and compared to the submitted value to verify the sender's identity.
A Hot-site
A site that is immediately available for occupation if an emergency arises. It typically has all the necessary hardware and software loaded and is available 24/7.
is any violation, or threatened violation of a security policy.
Involves a monitoring and managing system that performs integrity checks and protects systems from unauthorized modifications to data, systems, and application files.
Integrity (transmitted data)
When applied to messages or data in transit, integrity checks rely on calculating hash or digest values before and after transmission to ensure nothing changed between the time the data was sent and the time it was received.
** IPSEC is used to encrypt ______
TCP/IP traffic
A specific type of authentication developed at MIT
** Kerberos takes its name from the
three-headed beast that guards the gates of Hell in Greek mythology.
a policy in which the CA retains a copy of the private key it generates for the user for future use. Most often used to allow an org to access data that was encrypted by an employee using the private key.
Key escrow
Key exchange
a technique in which a pair of leys is generated and then exchanged between two systems (client & server) over a network connectio to allow a secure connection to be established between them.
A technology used with VPN to establish a communication tunnel between parties over unsecure media
** Describe in detail L2TP
L2TP is part of what protocol?
A TCP/IP protocal that allows client systems to asccess directory services and related data. th
Examples of services that work with LDAP include the
Windows 2000 AD & Novell NDS
LDAP works with any
_ . _ _ _ compliant directory service.
** Describe LDAP in more detail
** M of N Control
research what this is.
A centralized security method that doesn't allow users to change permissions on objects.
MAC (Mandatrory Access Control)
Mantrap is ?
A 2-door config in a bldg or office that can lock unwanted individuals in a secured area, preventing them from entering other areas or even from exiting wherever it is they're being held.
** Message Digest
The output of an encryption hash that's applied to some fixed-size chunk of data.
A TCP/IP technology that maps internal IP addresses to one or more external IP addresses through a  _ _ _ server of some type.
A TCP/IP technology usaed to create VPNs
generally regarded as less secure than L2TP and is used less frequthat reason.ently for
A shareware encryption technology for communications that utilizes both public and private encryuption technologies to speed up encryption without compromising security.
PGP stands for
Pretty Good Privacy
A piece of data generated by an asymmetric algorithm that's used by the host to encrypt data.
Private key
A telephone switch used on a company's or organization's premises to create a local telephone network.
x of y cards Next >|