Security+ Acronyms Flashcards
NAT
Network Address Translation
APIPA
Automatic Private IP Addressing
VLAN
Virtual LAN
OSI
Open Systems Interconnect
Mbps
Megabits Per Second
UTP
Unshielded Twisted Pair
BNC
British Naval Connector
AUI
Adapter Unit Interface
STP
Shield Twisted Pair
ST
Straight-tip
SC
Subscriber Connector
TCP/IP
Transmission Control Protocol/Internet Protocol
DHCP
Dynamic Host Configuration Protocol
ACK
Acknowledgment
ISN
I
ISN
Initial Sequence Number
SYN
Sequence Number
SCP
Secure copy
802.1x
A port-based authentication protocol. Wireless can use 802.1x.
3DES
Triple Data Encryption Standard - A symmetric algorithm used to encrypt data and provide confidentiality. It is a block cipher that encrypts data in 64-bit blocks.
AAA
Authentication, Authorization, and Accounting -nAAA
ACE
Access Control Entry - Identifies a user or group that is granted permission to a resource. ACEs are contained with in DACL in NTFS.
ACK
Acknowledge - A packet in a TCP handshake. In a SYN flood attack, attackers send the SYN packet, but don’t complete the handshake after receiving the SYN/ACK packet.
ACL
Access Control List - Routers and packet- filtering firewalls perform basic filtering using and ACL to control traffic based on networks, subnets, IP addresses, ports, and some protocols.
In NTFS, a list of ACEs make up the ACL for a resource.
AES
Advanced Encryption Standard - A Symmetric algorithm used to encrypt data and provide confidentiality.
AES is a block cipher and it encrypts data in 128-bit blocks. It is quick, highly secure, and used in wide assortment of Cryptography schemes.
It includes key sizes of 128 bits, 192 bits, and 256 bits.
AES-256
Advanced Encryption Standard 256 bits.
AES sometimes includes the number of bits used in the encryption keys and AES-256 uses 256-bit encryption keys.
Blowfish is quicker than AES-256.
AH
Authentication Header - IPsec includes both AH and ESP. AH provides authentication and integrity using HMAC.
ESP provides confidentiality, integrity, and authentication using HMAC, and AES or 3DES.
AH is identified with Protocol ID number 51.
ALE
Annual Loss Expectancy - The ALE identifies the expected annual loss and is used to measure risk with ARO and SLE in a quantitative risk assessment.
SLE x ARO = ALE
AP
Access Point - short for wireless access point (WAP). Apps provide access to a wired network to wireless clients. Many APs support Isolation mode to segment wireless users from other wireless users.
API
Application Programming Interface - A software module or component that identifies inputs and outputs for an application.
APT
Advanced persistent threat - A group that has both the capability and intent to launch sophisticated and targeted attacks.
ARO
Annual rate of occurrence - The ARO identifies how many times a loss is expected to occur in a year and is used to measure risk with ALE and SLE in a quantitative risk assessment.
The calculation is SLE x ARO =ALE
ARP
Address Resolution Protocol - Resolves IPv4 addresses to MAC addresses.
ARP poisoning attacks can redirect traffic through an attacker’s system but sending false MAC address updates.
NDP is used with IPv6 instead of ARP.
ASCII
American Standard Code for Information Interchange. Code used to display characters.
ASP
Application Service Provider - Provides an application as a service over a network.
AUP
Acceptable Use Policy - An AUP defines proper system usage. It will often describe the purpose of computer systems and networks, how users can access them, and the responsibilities of users when accessing the systems.
BAC
Business Availability Center - An application that shows availability and performance of applications used or provided by a business.
BCP
Business Continuity Plan - A plan that helps an organization predict and plan for potential outages of critical services or functions. It includes disaster recovery element that provide the steps used to return critical functions to operations after an outage.
A BIA is part of a BCP and the BIA drives decisions to create redundancies such as failover clusters or alternate sites.
BIA
Business Impact Analysis- The BIA identifies systems and components that are essential to the organization’s success. It identifies various scenarios that can impact these systems and components, maximum downtime limits, and potential losses from an incident.
The BIA helps identify RTOs and RPOs.
BIND
Berkeley Internet Name Domain. BIND is DND software that runs on Linux and Unix servers. Most Internet-based DNS servers use BIND.
BIOS
Basic Input/Output System - A computer firmware used to manipulate different settings such as the date and time, boot drive, and access password.
UEFI is the designated replacement for BIOS.
BPA
Business Partner agreement - A written agreement that details the relationship between business partners, including their obligations towards the partnership.
BYOD
Bring Your Own Device - A policy allowing employees to connect personally owned devices to company networks.
Data security is often the concern with BYOD and organization often use VKANS to isolate mobile devices.
CA
Certificate Authority - An organization that manages, issues, and sign certificates and is part of a PKI. Certificates are an important part of asymmetric encryption. Certificates included public keys along with details on the owner of the certificate and on the CA that issued the certificate. Certificate owners share their public key by sharing a copy of their certificate.
CAC
Common access card - a specialized type of smart card used by the U.S. Department o Defense.
-Provides confidentiality, integrity, authentication, and Non-repudiation for the users. It is similar to a PIV.
CAN
Controller Area Network - A standard that allows microcontrollers and devices to communicate with each other without a host computer.
CAPTCHA
Completely Automated Public Turing test to tell Computers and Humans apart. Technique used to prevent automated tools from interacting with a web site. User must type in text, often from a slightly distorted image.
CAR
Corrective Action Report - A report used to document action taken to correct an event, incident, or outage.
CCMP
Counter Mode with Cipher Authenictes block Channing Message Authentication Code Protocol. It’ is more secure than TKIP, which used with original release of WPA.
CCTV
Closed-circuit Television. This is a detective control that provides video surveillance. Video surveillance provides reliable proof of a person’s location and activity.
It is also a physical security controls and it increase the safely of an organizations assets
CERT
Computer emergency Response Team. A computer of experts who respond to security incidents.
Also know as CIRT, SIRT, IRT
CHAP
Challenge Handshake Authentication Protocol.
Authentication mechanism where a server challenges a client. More secure then PAP and usesPPP> MS-CHAPv2 is an improvement CHAP and uses Mutual Authentication.
CIA
Confidentiality, Integrity, and Availability. These form the Security triad.
Confidentiality helps prevent the unauthorized disclosure of data.
Integrity provides assurances that the data has not been modified, tamper with, or corrupted.
Availability indicates that data and services are available when needed.
CIO
Chief Information Officer. - A “C” level executive position in some organizations. A CIO focuses on using methods within the organization to answer relevant questions and solve programs.
COOP
Continuity of operations planning - COOP sites provide an alternate location for operations after a critical outage.
Hot Site - includes personnel, equipment, software, and communication capabilities of the primary site with all the data up to date.
Cold Site - will have power and connectivity needed for COOP activation but little else.
Warm site - is a compromise between a hot site and a cold site. Mobile sites do not have dedicated location, but can provide temporary support during a disaster.
CP
Contingency Planning - Plans for contingencies in the event of a disaster to keep an organization operational.
CRC
Cyclical Redundancy Check - An error detection code used to detect accidental changes that can affect the integrity of data.
CRL
Certification Revocation list - A list of certificates that a CA has revoked. The CA that issued the certificate publishes a CRL, and a CRL is public.
CSR
Control Status Register. A register in a processor used for temporary storage of data.
CSR
Certificate signing request - A method of requesting a certificate from a CA. It starts by creating an RSA-based private/public key pair and then including the public key in the CSR.
CSU
Channel Service Unit - A line bridging device used with T1 and similar lines. It typically connects with a DSU as a CSU/DSU.
CTO
Chief Technology Officer. A “C” level executive position in some organizations. CTOs Focus on technology and evaluate new technologies.
CVE
Common Vulnerability and Exposures - a dictionary of publicly known security vulnerabilities and exposures.
DAC
Discretionary Access Control - An access control model where all objects have owners and owners can modify permissions for the objects (files and folders).
Microsoft NTFS uses the DAC model.
DACL
Discretionary Access Control List - List of access controls entries (ACEs in Microsoft NTFS. Each ACE includes a security identifier (SID) and a permission.
DBA
Database Administrator - A DBA administers databases on database servers.
DDoS
Distributed denial-of-service - An attack on a system launched from multiple sources intended to make a computer’s resources or services unavailable to users. DDoS attacks typically include sustained, abnormally high network traffic. Compared to DoS.
