Bookmark and Share

Front Back
A form of twisted-pair cable that supports 1000Mbps or 1Gbs throughput at 100 meter distances. Often called Gigabit Ethernet.
Another form of twisted-pair cable similar to 100Base-T.
A type of coaxial cable. Often used to connect systems to backbone trunks. 10Base2 has a maximum span of 185 meters with maximum throughput of 10Mpbs. Also called thinnet.
A type of coaxial cable. Often used as a network�s backbone. 10Base5 has a maximum span of 500 meters with maximum throughput of 10Mpbs. Also called thicknet.
A type of network cable that consists of four pairs of wires that are twisted around each other and then sheathed in a PVC insulator. Also called twisted-pair.
802.11i (WPA-2)
An amendment to the 802.11 standard that defines a new authentication and encryption technique that is similar to IPSec. To date. no real-world attack has compromised a properly configured WPA-2 wireless network.
A form of wireless authentication protection that requires all wireless clients to pass a gauntlet of RADIUS or TACACS services before network access is granted.
acceptance testing
A form of testing that attempts to verify that a system satisfies the stated criteria for functionality and possibly also for security capabilities of a product. It is used to determine whether end users or customers will accept the completed product.
The transfer of information from an object to a subject.
access control list (ACL)
The column of an access control matrix that specifies what level of access each subject has over an object.
access control matrix
A table of subjects and objects that indicates the actions or functions that each subject can perform on each object. Each column of the matrix is an ACL. Each row of the matrix is a capability list.
The formal declaration by the Designated Approving Authority (DAA) that an IT system is approved to operate in a particular security mode using a prescribed set of safeguards at an acceptable level of risk.
ACID model
The letters in ACID represent the four required characteristics of database transactions: atomicity. consistency. isolation. and durability.
Address Resolution Protocol (ARP)
A subprotocol of the TCP/IP protocol suite that operates at the Data Link layer (layer 2). ARP is used to discover the MAC address of a system by polling using its IP address.
The means by which a processor refers to various locations in memory.
administrative access controls
The policies and procedures defined by an organization�s security policy to implement and enforce overall access control. Examples of administrative access controls include hiring practices. background checks. data classification. security training. vacation history reviews. work supervision. personnel controls. and testing.
administrative law
Regulations that cover a range of topics from procedures to be used within a federal agency to immigration policies that will be used to enforce the laws passed by Congress. Administrative law is published in the Code of Federal Regulations (CFR).
administrative physical security controls
Security controls that include facility construction and selection. site management. personnel controls. awareness training. and emergency response and procedures.
admissible evidence
Evidence that is relevant to determining a fact. The fact that the evidence seeks to determine must be material (in other words. related) to the case. In addition. the evidence must be competent. meaning that it must have been obtained legally. Evidence that results from an illegal search would be inadmissible because it is not competent.
Advanced Encryption Standard (AES)
The encryption standard selected in October 2000 by the National Institute for Standards and Technology (NIST) that is based on the Rijndael cipher.
advisory policy
A policy that discusses behaviors and activities that are acceptable and defines consequences of violations. An advisory policy discusses the senior management�s desires for security and compliance within an organization. Most policies are advisory.
alarm triggers
Notifications sent to administrators when a specific event occurs.
analytic attack
An algebraic manipulation that attempts to reduce the complexity of a cryptographic algorithm. This attack focuses on the logic of the algorithm itself.
The operation (represented by the ^ symbol) that checks to see whether two values are both true.
annualized loss expectancy (ALE)
The possible yearly cost of all instances of a specific realized threat against a specific asset. The ALE is calculated using the formula ALE = single loss expectancy (SLE) * annualized rate of occurrence (ARO).
annualized rate of occurrence (ARO)
The expected frequency that a specific threat or risk will occur (in other words. become realized) within a single year.
Application layer
Layer 7 of the Open Systems Interconnection (OSI) model.
application-level gateway firewall
A firewall that filters traffic based on the Internet service (in other words. application) used to transmit or receive the data. Application-level gateways are known as second-generation firewalls.
asymmetric key
Public key cryptosystems that use a pair of keys (public and private) for each participant. Messages encrypted with one key from the pair can only be decrypted with the other key from the same pair.
asynchronous transfer mode (ATM)
A cell-switching technology rather than a packet-switching technology like Frame Relay. ATM uses virtual circuits much like Frame Relay. but because it uses fixed-size frames or cells. it can guarantee throughput. This makes ATM an excellent WAN technology for voice and video conferencing.
The exploitation of a vulnerability by a threat agent.
The loss of signal strength and integrity on a cable because of the length of the cable.
The process of verifying or testing that the identity claimed by a subject is valid.
Authentication Header (AH)
An IPSec protocol that provides authentication. integrity. and nonrepudiation.
authentication protocols
Protocol used to provide the transport mechanism for logon credentials.
Authentication Service (AS)
An element of the Kerberos Key Distribution Center (KDC). The AS verifies or rejects the authenticity and timeliness of tickets.
A process that ensures that the requested activity or object access is possible given the rights and privileges assigned to the authenticated identity (in other words. subject).
automatic private IP addressing (APIPA)
A feature of Windows that assigns an IP address to a system should DHCP address assignment fail.
auxiliary alarm system
An additional function that can be added to either local or centralized alarm systems. The purpose of an auxiliary alarm system is to notify local police or fire services when an alarm is triggered.
A communication medium that supports only a single communication signal at a time.
The minimum level of security that every system throughout the organization must meet.
Basic Rate Interface (BRI)
An ISDN service type that provides two B. or data. channels and one D. or management. channel. Each B channel offers 64Kbps. and the D channel offers 16Kbps.
behavior-based detection
An intrusion discovery mechanism used by IDS. Behavior-based detection finds out about the normal activities and events on your system through watching and learning. Once it has accumulated enough data about normal activity. it can detect abnormal and possible malicious activities and events. Also known as statistical intrusion detection. anomaly detection. and heuristics-based detection.
Bell-LaPadula model
A confidentiality-focused security model based on the state machine model and employing mandatory access controls and the lattice model.
best evidence rule
A rule that states that when a document is used as evidence in a court proceeding. the original document must be introduced. Copies will not be accepted as evidence unless certain exceptions to the rule apply.
Biba model
An integrity-focused security model based on the state machine model and employing mandatory access controls and the lattice model.
birthday attack
An attack in which the malicious individual seeks to substitute in a digitally signed communication with a different message that produces the same message digest. thereby maintaining the validity of the original digital signature. This is based on the statistical anomaly that in a room with 23 people. the probability of two of more people having the same birthday is greater than 50 percent.
block cipher
A cipher that applies the encryption algorithm to an entire message block at the same time. Transposition ciphers are examples of block ciphers.
A block cipher that operates on 64-bit blocks of text and uses variable-length keys ranging from a relatively insecure 32 bits to an extremely strong 448 bits.
x of y cards Next > >> >|