Security+ Glossary
0-9 | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z
example
example
0-9
3DES - Triple Data Encryption Standard
A symmetric algorithm used to encrypt data and provide confidentiality. It is a block cipher that encrypts data in 64-bit blocks. Designed to replace DES and is still used, often when hardware does not support AES
A
AAA - Authentication, Authorization, Accounting.
AAA protocols are used in remote access systems. For ecample TACACS+ is a AAA protocol using multipple challenges and responses during a session. Authentication verifies user identifity, authorization determines whether a user should have access, and accounting tracks user access via logs.
ABAC - Attribute-based Access Control
Access-control method, granting access to resources based on attributes assigned to subjects and objects. Compared to DAC, MAC, role-based access control, and rule-based access control.
ACE - Access Control Entry
Identifies a user or group that is granted permission to a resource. ACE (Access Control Entry) is contained in a DACL in NTFS
ACK - Acknowledge
A packet in a TCP handshake. In a SYN flood attack, attackers send the SYN packet, but don't complete the handshake after receiving the SYN/ACK packet
ACL - Access control list
List of rules used by routers and stateless firewalls. ACL is used to control traffic by network, subnet, IP address, port, and/or protocol
AD - Active Directory
AES - Advanced Encryption Standard
A symmetric algorithm used to encrypt data and provide confidentiality. AES is a block cipher, encrypting data in 128-bit blocks. AES is fast, secure, and used in many crypographic methods. Key sizes are 128 bits, 192 bits, or 256 bits.
AH - Authentication Header
An option in IPsec to provide authentication and integrity. IPsec uses HMAC. ESP provides confidentiality, integrity, and authenication w/ HMAC and AES or 3DES. AH protocol ID 51
AI - Artificial Intelligence CHAP
AIS - Automated Indicator Sharing
ALE - Annualized Loss Expectancy
Yearly expected loss. ALE identifies the expected annual loss and is used to measure risk w/ ARO and SLE in quantitative risk assessments. ALE = SLE x ARO
AP - Access Point
A device that connects wireless clients to a wireless network, often referred to as WAP (Wireless Access Point)
API - Application Programming Interface
APIs provide access to features or data in an application, service, or OS. APIs are common in web apps, IoT devices, and cloud services.
API Attacks
API attacks are attempts to discover and exploit API vulnerabilities
APT - Advanced Persistent Threat
An organization that has the capabilities and intent to launch sophisticated, targeted attacks. Often nation state or nation state sponsored group. Nation state refers to foreign governments with significant cyberwarfare resources.
ARO - Annual Rate of Occurrence
Number of times a loss is expected to occur in a year. ARO is used to measure risk with ALE and SLE during quantitative risk assessment. ALE = ARO x SLE or ARO = ALE / SLE
ARP - Address Resolution Protocol
Resolves IPv4 addresses to MAC address
ARP Poisoning
An attack that misleads a system about the actual MAC address of a system. ARP poisoning redirects traffic to an attacker's system by sending false MAC address updates.
ASCII - American Standard Code for Information Interchange
Code used to display standard characters
ASLR - Address Space Layout Randomization
ASP - Active Server Pages
ATT&CK - Adversarial Tactics, Techniques, and Common Knowledge
AUP - Acceptible Use Policy
Policy defining proper use of a system and expected behavior of employees. Describes the purpose and allowed activities on computer systems and networks.
AV - Antivirus
B
BASH - Bourne Again Shell
BCP - Business Continuity Planning
A plan used to help an organization predict and plan for outages of critical services or functions to operate after or during an outage.
BGP - Border Gateway Protocol
BIA - Business Impact Analysis
A process used to help organizations identify critical systems and components essential to operation and success. It is used to identify scenarios that may impact the critical systems anbd components, maximum downtime limits, and potential loss from incidents.
BIND - Berkeley Internet Name Domain
DNS software that runs on Linux and Unis servers. Most internet DNS servers use BIND.
BIOS - Basic Input/Output System
Computer firmware used to manipulate settings such as boot drive, access password, date/time, etc. UEFI is the replacement for BIOS
BPA - Business Partnership Agreement
BPDU Guard - Bridge Protocol Data Unit Guard
Technology that detects false BPDU messages. False BPDU messages can indicate switching loop problems and shut down switch ports. Used to detect false BPDU messages and block BPDU attacks.
BSSID - Basic Service Set Identifier
BYOD - Bring Your Own Device
Mobile device deployment model. BYOD models allow employees to connect personally owned devices such as smartphones, tablets, laptops, etc to a company network. Data security is a major concern w/ BYOD policies and shift to CYOD or COPE models.
C
example -
example
example -
example
example -
example
example -
example