.
.
Sunday, July 19, 2009
Cisco CCNA & CCSP study material - Networking, Cryptography & Information Security
A (address): - A type of DNS record that maps a host name to an IP address
1000BaseT: - 1,000 Mbps (1 Gbps) baseband Ethernet using twisted pair wire.
100BaseT: - 100 Mbps baseband Ethernet using twiested pair wire.
10Base5: - 10 Mbps Ethernet using coaxial cable (thicknet) rated to 500 meters.
10BaseF: - 10 Mbps baseband Ethernet using optical fiber.
10BaseT: - 802.3 IEEE Ethernet standard for 10 Mbps Ethernet using coaxial cable (thinnet) rated to 185 meters.
10BaseT: - 10 Mbps UTP Ethernet rated to 100 meters.
10Broad36: - 10 Mbps broadband Ethernet rated to 3,600 meters.
2.5G: - 2G cellular systems combined with GPRS are often described as 2.5G, that is, a technology between 2G & 3G.
3 composition theories related to security models: - 1. cascading; 2. feedback; & 3. hookup
3 Types of Intrusion Detection Systems
State anomoly, protocol retardation, pattern-matching system
3DES: Triple Data Encryption Standard encryp
3G:
3G is the third generation of tele standards and technology for mobile networking, superseding 2.5G. It is based on the International
Telecommunication Union (ITU) family of standards under the
IMT-2000: 3G networks enable network op's to offer wider range of more adv
serv's while prov more capacity through imprv'd spectral efficiency. Services include wide-area wireless voice telephony, video calls,
and broadband wireless data all in a mobile environment. Unlike IEEE 802.11 networks, aka Wi-Fi or WLAN networks, 3G networks are
wide-area cellular telephone networks that evolved to incorporate high-speed
Internet access and video telephony.
IEEE 802.11 networks are short range, high-bandwidth networks prim dev for data.
4 Kinds of Tokens?: - 1) Static password; 2) Synchronous dynamic password; 3) Asynchronous password; & 4) Challenge response
802.10: - IEEE standard that specifies security and privacy access methods for LANs.
802.11: IEEE standard that specifies 1 Mbps
and 2 Mbps wireless connectivity. Defines aspects of frequency hopping and direct-sequence spread spectrum (DSSS) systems for use in
the 2.4 MHz ISM (industrial,
scientific, medical) band. Also refers to teh IEEE committee responsible for setting wireless LAN
standards.
802.11a: - Specifies high-speed wireless connectivity in the 5 GHz band using orthogonal frequency division multiplexing (OFDM)
with data rates up to 54 Mbps.
802.11a: - Specifies high-speed wireless connectivity in the 5 GHz band using orthogonal frequency division multiplexing (OFDM)
with data rates of up to 54 Mbps.
802.11b: Specifies high-speed wireless connectivity in the 2.4 GHz ISM band up to 11 Mbps.
802.11b: - WLAN ad hoc and infrastructure modes.
802.11g: - In 2003 a 3rd wireless modulation standard was advanced. Op's at a near max of 54 Mbit/s. Suffers legacy issues from
802.11b. - Same 2.4 GHz band as microwv, Bluetooth, cordless phones, and baby monitors interference.
802.15: - Specification for Bluetooth LANs in the 2.4-2.5 GHz band.
802.1x: IEEE 802.1x is an IEEE Standard for port-based Network
Access Control (port: meaning a single point of attachment to the LAN infrastructure). It is the protocol used for most wireless
802.11 - access points and is based on the Extensible Authentication Protocol (EAP).
802.2: - Standard that specifies the LLC (logical link control).
802.3: - Ethernet bus topology using carrier sense medium access control/carrier detect (CSMA/CD) for 10 Mbps wired LANs. Currently,
it is the most popular LAN topology.
802.3: - IEEE 802.3 is a collection of IEEE standards defining the physical layer, and the media access control (MAC) sublayer of the
data link layer, of wired Ethernet. This is generally LAN technology with
some WAN applications. Physical connections are made
between nodes and/or infrastructure devices (hubs, switches, routers) by various types of copper or fiber cable.
802.4: - Specifies a token-passing bus access method for LANs.
802.5: Specifies a token-passing ring access method for LANs.
Access
modes: Mode set for a user on a volume: Read, write, none.
ACK: Acknowledgment; a short-return indication of the successful receipt of
a message.
ACK layer: - Acknowledgment of receipt
ACO:
Authenticated ciphering offset.
Active sniffing: - To elicit responses is active sniffing.
ActiveX: - Microsoft's component ojbect model (COM) technology used in web applications. ActiveX is implemented using any one
of a variety of languages, including Visual Basic, C, C++, and Java.
Advantages of network bridges? - 1. self-configuring; 2. primitive bridges are often inexpensive; 3. reduced size of collision
domain; 4. transparent protocols above the MAC layer; 5. allows the introduction of
management, perf info and access control
AES-128/256: - (AES) Rijndael - A sysmmetric block cipher with a lock size of 128 bits in which the key can be 128, 192, or 256
bits. The Advanced Encryption Standard replaces the Date Encryption Standard (DES) and was announced on Nov 26, 2001, as Federal
Information Processing Standard (FIPS PUB 197).
AES-CCMP: - Part of the WPA2 protocol and an optional part of the WPA protocol. CCMP replaced TKIP & WEP encryption protocols.
It's based on AES, obv. Name: Counter Mode with Cipher Block Chaining Message
Authentication Code protocol.
AH: - Authentication Header (AH): IPSec uses two protocols for security.
AIS - Automated information system: An assembly of computer hardware, software, and/or firmware that is configured to collect,
create, communicate, compute, disseminate, process, store, and/or control data or information.
ALE - annualized loss expectancy
Analog - Electrical signal with a variable amplitude
ANSI - American National Standards Institute
Application gateway? - A type of firewall that applies security mechanisms to specific applications, such as FTP and Telnet
servers. This is a very effective but can impose a performance degredation.
Application Layer The top layer of the OSI model, which
is concerned with application programs. It provides services such as file transfer and email to the network's end users.
Application level gateway - ALG: consists of a security component that augments a firewall or NAT employed in a comp network. It
allows special filters to be used to allow certain applications like
BitTorrent to access the internet under tight control.
Application-Gateway Firewall Like the Application-Proxy Firewall, the Application-Gateway Firewall operates on Layer 7 of the OSI
model. Application gateway firewalls exist only for a few network applications. A typ app gateway firewall is a sys in which you must
telnet to one sys in order to then telnet again to make a connect outside the network.
Application-level firewall - In comp networking, an app layer firewall is a firewall operating at the application layer of a
protocol stack. Generally it is a host using various forms of proxy servers to
proxy traffic instead of routing it. As it works on the
application layer, it may inspect the contents of the traffic, blocking what the firewall administrator views as inappropriate
content, such as websites,
viruses, att to exp known flaws in client software, etc. An application layer firewall does not route
traffic on the network layer.
Application-Proxy Firewall - In a proxying firewall, every packet is stopped at the firewall. The packet is then examined and
compared to the rules configured into the firewall. If the packet passes the exams, it is recreated and sent out. The drawback is that
a sep app-level firewall must be written for each app at the app layer: e.g., 1 for http, 1 for ftp, 1 for gopher.
App-level firewalls op on Layer 7 of the OSI model.
ARIN - The American Registry for Internet Numbers
aro - annualized rate of occurrence
ARP - Address Resolution Protocol (ARP): A TCP/IP protocol that binds logical (IP) addresses to physical addresses.
ARP cache - Address Resolution Protocol (ARP) is a subprotocol of the TCP/IP protocol suite that operates at the Network layer
(layer 3). ARP functions by broadcasting a request packet with the target IP
address. The system with the IP address in question will
repond with its associated MAC address.The discovered data is stored in a form known as ARP cache by ARP.
AS3 Adobe proprietary
format: ActionScript 3
ASCII - American Standard Code for Information Interchange (ASCII): a coding standard that can be used for enumerating English
letters from 0 to 127. ASCII's purpose is to convert letters to numbers to allow for faster data transmission, as processors can
handle & move the data faster. It is implemented as a character-encoding scheme based on the ordering of the English alphabet. ASCII
codes represent text in computers, communications equipment and other dev's that work with text. ASCII was dev in 1960's. Most
characters are non-printing.
ASP.NET Microsoft's Web server is called Internet Information Services, which is made up of a # of "sub-app's" and therefore highly
configurable. ASP.NET is one such app.
Asynchronous Transfer Mode - A cell-based connection-oriented data service offering high-speed data communications. ATM
integrates circuit and packet switching to handle both constant and burst information at rates up to 2.488 Gbps. aka: cell relay.
At present, the 3 pairs of aspects/features used to describe data storate? primary vs. secondary, volatile vs. nonvolatile, and
random vs. sequential.
ATM - asynchronous transfer mode (ATM): A cell-switching technology rather than a packet-switching technology like Frame Relay.
AUI - A 15-pin interface between an Ethernet Network Interface Card and a transceiver.
Authenticate - 1) To verify the identity of a user, device, or other entity in a computer system, often as a prerequisite to
allowing access to system resources; 2) To verify the integrity of data that have been stored, transmitted, or otherwise exposed to
possible unauthorized modification.
Authentication factor - 1) a piece of info; & 2) process to verify it
Authentication Token - A physical security device that serves to verify electronically one's identity. Several diff interfaces
exist. Some can transfer a gen key to a client system.
Bandwidth-depletion attack - Like a DoS attack, simply denial of service via bandwidth domination.
Banner grabbing - Banner grabbing is not detectible, it is therefore considered passive OS footprinting. Banner grabbing is a
technique that enables a hacker to identify the type of operating system or app running on a target server. A specific request for the
banner is often allowed through firewalls bc it uses legit connection requests such as Telnet.
Banner grabbing & OS identification:
synonym Figerprinting the TCP/IP stack
Basel II
Basel II - is the second of the Basel Accords (issued by the Basel Committee on Banking Supervision), init pub in 2004 as an
international standard on banking reserves.
Basic authentication In the context of an HTTP transaction, the basic access authentication
is a meth to allow a user on a web browser to authenticate. Before transmittion, the user name is appended with a
colon and concat
with the password. The result is encoded with Base64 algo.
Bastion host - A bastion host is a special purp computer designed to function as a roadblock against direct attacks. Firewalls &
routers can be considered such.
BAT files - In DOS, OS/2, and Microsoft Windows, a batch file is a text file containing a series of commands intended to be
executed by a single command. Flat files that enable one to automatically check-in, delete, or update many files at once.
baud rate The number of signal pulses that occur in one second.
The Bell-La Padula model is a state machine used by the DoD for enforcing access control in gov & mil applications. The model
is a formal state transition model of computer security policy that describes a set of access control rules that uses labels to
characterize objects and clearances to characterize subjects.
binaries
binary file - is a computer file which may contain any type of data, encoded in binary form for computer storage and processing
purposes.
Biometric authentication lk up: the act
biometrics In info tech., biometrics ref to methods for uniquely rec humans based
upon one or more intrinsic physical or behav traits.In info tech partic, biomet is a form of identity access management and access
control.
BIOS The Basic Input/Output System (BIOS): The BIOS is the first program to run when the computer is turned on. BIOS initializes
and tests the computer hardware, loads and runs the operating system, and manages setup for making changes in the computer.
Blowfish This is a keyed, symmetric block cipher, des in 1993. There has been no meaningful cryptanalysis exacted on Blowfish.
It is solid, however AES now receives more attention.
encryp
BOTs Secondary machines used in a DDoS attack.
Bound checks A check on code in question to assess its exploitability re buffer overflow.
Boyer-Moore theorem prover A method to mechanically check a kernel.
Bridge A network bridge connects multiple network segments at the data link layer (layer 2) of the OSI model, and the term layer 2
switch is very often used interchangeably with bridge.
Bridging is a forwarding technique used in packet-switched computer networks.
Unlike routing, bridging makes no assumptions about where in a network a particular address is located. Instead, it depends on
flooding and exam of source addresses in received packet headers to locate unknown devices. Once the device is found, it is stored in
a MAC address table.
Brute-force password attack To attempt to crack a password by trying every possible combo of letters, numbers and
characters.
CAM table Content Addressable Memory (CAM) table is a common term usually referring to the Dynamic Content Addressable Memory on
an Ethernet switch. The table provides the switch with addresses to
forward a recieved signal to, a hub does not - so they all get the
passed on or outbound signal.
Category 1 twisted pair wire Used for early analog telephone communications; not suitable for data.
Category 2 twisted pair wire Rated for 4 Mbps and used in 802.5 token ring networks.
Category 3 twisted pair wire Rated for 10
Mbps and used in 802.4 10Base-T Ethernet networks.
Category 4 twisted pair wire Rated for 16 Mbps and used in 802.5 token ring
networks.
Category 5 twisted pair wire Rated for 100 Mbps and used in 100BaseT Ethernet networks.
CC Common Criteria: a standard
for specifying and evaluating the features of computer products and systems.
CCMP Counter Mode with Cipher Block Chaining Message Authentication Code protocol (CCMP): A mandatory part of WPA2, but optional
for WPA.
CCMP replaced TKIP and is a required option for Robust Security
Network (RSN) Compliant networks.
CDDI Copper Data Distributed Interface: A version of FDDI specifying the use of unshielded twisted pair wiring.
CDMA Code Division Multiple Access, a cellular tech that competes with GSM tech for global domination.
CDPD Cellular Digital Packet Data (CDPD): A technology that never made it due to being relatively expensive. It was/is unique in
that it would harnessed unused but open frequencies of a band.
CER Crossover error rate
CERIAS The Center for Education and Research in Information Assurance and Security (CERIAS): a well-known leader in research in
computer, network, and information security and information assurance.
CGI Common gateway interface
Checksum Synonymous with message digest, hash, hash value, hash total, CRC, fingerprint, checksum, and digital ID.
Chipping (Chip) In digital communications, a chip is a pulse of direct-sequence spread spectrum (DSSS) code, such as a pseudonoise
code sequence used in direct-sequence code division multiple access (CDMA)
channel access techniques. The chip rate of a code is the
number pulses per second (chips per sec) at which the code is trans or rec.
Chosen plaintext This is a definition of a cryptanalysis attack. It has a couple key assumptions: 1) the attacker has the
ability to chose arb plaintexts to encrypt via same algo; & 2) s/he can also
obtain and analyze the corresponding output of applicable
encryption.
CIA triad? Availability, confidentiality, integrity
CIFS Common Internet file system
Cipher In cryptography, a cipher (or cypher) is an algorithm for performing encryption and decryption.
Circuit switched The application wherein a dedicated line is used to transmit information. Contrast this with 'packet
switched'.
Circuit-level firewall Synonymous with circuit-level gateway. Listen for TCP handshaking requests. can't filter traffic on the
Application Layer; less robust than application-level gateway.
Circuit-level gateway Similar to one time authentication. Work at the session layer of the OSI model, or as a "shim-layer" between
the application layer and the transport layer of the TCP/IP stack. They
monitor TCP handshaking between packets to determine whether a
requested session is legit. Info passed to a remote computer through a circuit-level gateway appears to have originated from the
gateway. This is useful for hiding info about protected networks. Circuit-lev gateways are rel inexp, however they do not monitor
indiv packets.
Circuit-switched The application of a network wherein a dedicated line is used to transmit information; contrast with 'packet-
switched.'
Class 1 Auth Class 1 authentication attached through Verisign to your verified email. Digital IDs for secure email. 1 year is
$19.95: Verisign Digital ID's. S/MIME compliant, can be used with Microsoft
Outlook, Mozilla, several other popular app's.
Class 2 Auth Class 2 authentication Digital ID issued to individuals representing organisations. They can be used for a # of secure
"communications functions", including; secure email S/MIME, authentication
to online services, and to add digital signatures to
Microsoft Office and other electronic doc's to protect the doc's integrity and prov auth of authorship to recipients.
Client-server interface - A software construction, ref to as a document, to "push" messages to the client browser written in a markup
language with its own method, apparatus, and computer program for generating the the electronic document.
CNAME - DNS Records: (canonical name) Provides additional names or aliases for the address record
Collission domain Aka - Shared
Ethernet hub. A component that provides Ethernet connections among multiple stations sharing a common collision domain.
COM - Common Object Model: A model that allows two software components to communicate with each other independent of their
platforms' operating systems and languages of implementation. As in the object-oriented paradigm, COM works with encapsulated objects.
Common & practical defenses against SQL injection 1. Perform input validation; 2. Limit account privileges.
Common Criteria Common Criteria (CC): is an international standard (ISO/IEC)
Companion files Supporting system files like DLL and INI files
COMSEC Communications Security: measures and controls taken to deny unauthorized persons information derived from telecommunications
and to ensure the authenticity thereby: cryptosecurity, transmission security, emission security, and physical security of COM-SEC
material and information.
connection table filled up during SYN flooding. Victim's table is filled transmission request signals from spoofed IPs:
straight lockdown.
cookie hijacking - Cookie hijacking or cookie snarfing entails modifying data stored in cookies and then used for the purpose of
impersonating the victim and poss obtain data.
Coring The microprocessor architecture on a chip.
COTS Commercial off-the-shelf
covert channel transferring information in a way that violates the system's security policy.
CRC A common error-detection process. A mathematical procedure applied to transmitted data that is performed upon receipt of the
data and cross checked; a mismatch indicates a high probabilty of transmission error.
CRL Certificate Revocation List (CRL).
cryptanalysis break the cipher
crypto-algorithm a well-defined procedure to produce a key stream.
CSMA/CA - Carrier sense multiple access/collision avoidance, commonly used in 802.11 Ethernet and LocalTalk.
CSMA/CA - In computer networking, CSMA/CA belongs to a class of protocols called multiple access methods. CSMA/CA stands for: Carrier
Sense Multiple Access with Collision Avoidance. In CSMA, a station wishing to
transmit has to first listen to the channel for a
predetermined amount of time so as to check for any activity on the channel. If the station is sensed "idle" then the station is
permitted to transmit. In
Ethernet 802.3, the station continues to wait for a time, and checks to see if the channel is still free. If
it is free, the station transmits, and waits for an acknowledgment signal that the packet was received. Collision avoidance is used on
WLAN's because it is not possible to listen while sending, so CA is used over CD.
CSMA/CD - Carrier sense multiple access/collission detection, used in 802.3 Ethernet.
CSR - Certificate Signing Request (CSR): An individual who submits a certificate to a
CSSM Cross Site Scripting (CSS?): M?
CSTVRP - Computer Security Technical Vulnerability Reporting Program: A program that concentrates on the technical vulnerabilities of
commercially available hardware, software, and firmware acquired by the DoD.
Goal is to provide corrective measures to findings.
CVE Common Vulnerabilities and Exposures database
DAA - Designated Approving Authority (DAA).
daemons - agent processes
Data storage - what are the 3 main aspects? 1) Primary vs secondary; 2) Volatile vs nonvolatile; & 3) random vs sequential
DB-9 A standard 9-pin connector commonly used with RS-232 serial interfaces on portable computers. The DB-9 connector does not
support all RS-232 functions.
DBMS Database Management System (DBMS) Architecture: a variety exists today, but the majority of current sys's implement a
technology known as relational database management systems (RDBMSs).
DCOM A distributed object model that is similar to the Common Object Request Broker Architecture (COBRA). DCOM is the distributed
version of COM that supports remote objects as if the objects reside in the client's address space. A COM client can access a COM
object through the use of a pointer to one of the object's interfaces and then invoke methods through that pointer.
denotational semantics model - an artificial intelligence process whereby a machine is equiped with some tools to attempt and
possibly succeed in carrying out a mathematical proof.
DES - A cipher for unclassified data, published in Federal Info Processing Standard (FIPS) 46. The DES, which was appr'd by the
NIST, is intended for public & gov use.
DES A cryptographic algorithm for the protection of unclassified data, published in
Federal Information Processing Standard (FIPS) 46. The DES, which was approved by the NIST, is intended for public and government use.
encryp
Detective access controls Used to discover unwanted or unauth activity
Device Computer hardware, peripheral - any device
attached to a computer that expands its functionality, device file - an interface for a device driver.
DHCP Dynamic Host
Configuration Protocol (DHCP).
DIACAP - -Successor to DITSCAP. DoD information technology security certification & accreditation process is a process adv. by DoD
for managing risk, i.e., automated information system that will maintain information assurance.
DICOM Dumper
DICOM Dumper is a simple utility for decoding and dumping the content of DICOM 3.0 files
Difference between network address and ip address - To determine what the network address is for any given IP address, you merely
have to convert both octal addresses into binary, and do a bitwise AND
operation. An example using an IP address of 156.154.81.56 used
with a network mask of 255.255.255.240 follows:
IP Address: 10011100.10011010.01010001.00111000
Subnet mask:
11111111.11111111.11111111.11110000
Bitwise AND -----------------------------------------------
Result:
10011100.10011010.01010001.00110000 - As you can see, the network address for the IP address and subnet mask in question is
156.154.81.48. To determine the how many hosts are possible to be on this same subnet, it is a simple operation. Count the number of
bits from the right until you get to the first "1" in the binary network address display. That number will be the power you raise 2 to
for the calculation of possible number of hosts.
Diffie-Hellman Key Exchange - Is a cryptographic protocol that allows two parties that have no prior knowledge of each other to
jointly establish a shared secret key over an insecure communication channel.
This can be used to est subseq symm key cipher. Syn:
Exponential key exchange. Est' 1976.
Digest authetication - Process whereby site process is to hash credentials and use a challenge-response model for authentication.
Digital certificate - serves to bind an individual to his/her public key
Direct-sequence spread spectrum - In telecom, direct-sequence spread spectrum (DSSS) is a modulation technique. As with other spread
spectrum tech's, the trans signal takes up more bandwidth than the information signal that is being modulated. The term 'spread
spectrum' comes from the fact that the carrier signals occur over the full bandwidth (spectrum) of a device's transmitting frequency.
Directory services An implementation of single sign-on technologies: SSO technology allows a subject to be authenticated only
once on a system and be able to access resources after resource unhindered by repeated authentication prompts. This convenience also
posses the danger of an intruder gaining full-control of a system with one successful authentication; this is usually addressed by
doubling up an app like
Kerberos with Directory Services, each an SSO. Directory services and Kerberos are examples of SSO mechanism.
Disk clusters - Contiguous groups of sectors of a circular drive - like a partial ring or washer shape on a series of concentric
circles.
Disk image - A bit-level copy, sector-by-sector of a disk, which provides the capability to examine slack space, undeleted
clusters, and possibly, deleted files.
DITSCAP - Defense Information Technology Systems Certification and Accreditation Process (DITSCAP).
DLC - Data Link Control (DLC)
DLL - The Data Link Layer is responsible for producing Ethernet frames from bytes and bytes from bits.
DLL Data Link Layer: The
OSI level that performs the assembly and transmission of data packets, including error control.
DMA - Direct Memory Access (DMA): is a feature of modern computers and microprocessors that allows certain hardware subsystems
within the computer to access system memory for reading and/or writing
independently of the CPU.
DNS - Domain Name Server (DNS).
domain - 1) A realm of trust or a collection of subjects and objects that share a common
security policy. Each domain’s access
control is maintained independently of other domains’
access control. This results in decentralized access control when multiple
domains are
involved.
DPL - Degausser Products List.
DQDB - In telecom, a distributed-queue dual-bus network (DQDB) is a distributed multi-access network that does the following: 1)
supports integrated communications using a dual bus and distributed queing; 2)
provides access to local or metropolitan area networks;
& 3) supports connectionless data transfer, connection-oriented data transfer, and isochronous communications, such as voice
communications.
DQDB - The IEEE 802.6 standard that provides full-duplex 155 Mbps operation between nodes in a metropolitan area network.
DSA - The Digital Signature Algorithm (DSA): is a U.S. Federal Government standard or FIPS for digital signatures. It was proposed
by the National Institute of Standards and Technology (NIST) in August of
1991 for use in their Digital Signature Standard (DSS),
specified in FIPS 186, adopted in 1993. This is patented and the owner is an ex-NSA employee. The patent was given to the U.S.A. and
the NIST has made this patent available world-wide royalty-free.
DSSS Direct-sequence spread spectrum: A method used in 802.11b to split the frequency into 14 channels, each with a frequency
range, by combining a data signal with a chipping sequence. Data rates of 1, 2, 5.5, and 11 Mbps are obtainable. DSSS spreads its
signal continuously over this wide-freqency band.
Dual-homed host - A dual-homed host is a firewall or can be a computer packing at least 2 transceivers. Basically, a makeshift
firewall.
E-mail tracking - Appending a domain name to The email address: A single-pixel graphic file that isn’t noticeable to the recipient is
attached to the e-mail. Then, when an
action is performed on the e-mail, this graphic file connects back to the server and notifies
the sender of the action.
EAL - Evaluation Assurance Level (EAL): In the Common Criteria, the degree of examination of the product to be tested. EALs range
from EA (functional testing) to EA7 (detailed testing and formal design verification).
EAP - Extensible Authentication Protocol (EAP). Cisco proprietary protocol for enhanced user authentication and wireless security
management.
EAP-TLS Extensible Authentication Protocol & Transport Layer Security (EAP-TLS): Cisco prop standard.
ECC - Elliptic curve cryptography
ECDSA - Elliptic curve digital signature algorithm.
Echelon - A cooperative, worldwide signal intellgience system that is run by the NSA of the US, the GCHQ of England, the CSE of
Canada, DSD of Australia, and the GCSB of New Zealand.
EDGE - Enhanced Data Rates for GSM Evolution (EDGE): '99 release. First generation.
EDI - Electronic Data Interchange: A service that provides ccommunications for business transactions. ANSI standard X.12 defines
the data format for EDI.
EIA - Electronic Industries Association (EIA).
Electric beacon - A radio beacon is a transmitter at a known location, which transmits a continuous or periodic radio signal with
limited information content, on a specified radio frequency. Occassionally the
beacon function is combined with some other
transmission, like telemetry data or meteorological information. Electric beacons are a kind of beacon used with direction finding
equipment to find ones relative bearing to a known location (the beacon). The term electric beacon includes radio, infrared and sonar
beacons.
erasure - 1) alternating current erasure, high-low alternation; 2) direct current erasure, media saturation by unidirectional magnetic
field.
ESMPT - Extended simple mail transfer protocol.
ESP - encapsulating security payload lookup more/better def
Ethernet - An industry-standard local area network media access method that uses a bus topology and CSMA/CD. IEEE 802.3 is a
standard that specifies Ethernet.
Ethernet frame - A measure of quantity. A standard Ethernet frame MTU is 1500 bytes. Adding the Ethernet header and cyclic redundancy
check (CRC) trailer brings the frame size to 1518. Which layer is
responsible for combining bits into bytes and bytes into frames?
Ethernet Layer aka? - MAC layer
Ethernet repeater - A component that provides Ethernet connections among multiple stations sharing a common collision domain.
Also referred to as a 'shared Ethernet hub.'
Ethernet switch - More intelligent than a hub, with the capability to connect the sending station directly to the receiving station.
Ethernet Switching - A Ethernet's switch's role is to copy bits (referred to as Ethernet frames) from one port to another port
quickly at layer two of the OSI model. The pres of a CAM table is one attribute that sep's a switch from a hub. The physical switch is
what stops a rebound to all other machines/devices connected to a switch that receives the signal.
exigent circumstances doctrine - Specifies that a warrantless search and seizure of evidence can be conducted if there is probable
cause to suspect criminal activity or destruction of evidence.
FBA - Forms Based Authentication (FBA): simply use a form to send encrypted authentication credentials via HTTPS.
FBM - File based metric
FCC Federal Communications Commission
FDDI - Fiber distributed data interface (FDDI) provides a standard for data transmission in a local area network that can extend in
range up to 200 kilometers. Alth, FDDI protocol is a token ring network, it
does not use the IEEE 802.5 token ring protocol as its
basis. FDDI-II adds the capability to add circuit-switched service to the network so that it can also handle voice and video signals.
FDDI Fiber-Distributed Data Interface (FDDI): An ANSI standard for token-passing networks. FDDI uses optical fiber and operates at
100 Mbps in dual, counter-rotating rings.
FDMA - Frequency division multiple access. A spectrum-sharing technique whereby the available spectrum is divided into a number of
individual radio channels.
FDMA - A digital radio technology that divides the available spectrum into separate radio channels. FDMA is generally used in
conjunction with time division multiple access (TDMA) or code division multiple
access (CDMA).
FDX Full-duplex.
FedCIRC - U.S. Federal Computer Incident Response Center: FedCIRC provides assistance and guidelines in incident response and provides
a centralized approach to incident handling across U.S. government agency boundaries.
fetch protection - A system-provided restriction to prevent a program from accessing data in another user's segment of storage.
FHMA - A system using frequency hopping spread spectrum (FHSS) to permit multiple, simultaneous conversations or data sessions by
assigning different hopping patterns to each.
FHSS - A method used to share the avail bandwidth in 802.11b WLANs. FHSS takes the data signal and modulates it with a carrier
signal that hops from frequency to frequency on a cyclical basis over a wide band of frequencies. FHSS in the 2.4 GHz frequency band
will hop between 2.4 GHz and 2.483 GHz. The receiver must be set to the same hopping code.
Fiestel cipher An iterated block
cipher that encrypts by breaking a plaintext block into two halves and, with a subkey, applying a "round" transformation to one of the
halves. The output of this transformation is then XOR'd with the remaining half. The round is completed by swapping the two halves.
File system journaling - A file system that logs changes to a journal (usu in a cicular log) before committing them to the main file
system. Such systems are less likely to become corrupted in the event of a system crash.
Filtered - Means 'Nmap' or other app is prevented from discovering whether a port is open. A firewall or network filter is
screening the port and preventing our utility from discovering whether a port in question is 'open'.
FIN Scan - A FIN scan is similar to an XMAS scan but sends a packet with just the FIN flag set. FIN scans receive the same
response and have the same limitations as XMAS scans.
FIPS - Federal Information Processing Standard.
FIPS-181 - Federal Information Processing Standards Publications (FIPS PUBS) are issued by the National Institute of Standards
and Technology after approval by the Sec of Comm. Basically, change pass ev 45 days & 1#, 1Symbol, 1 caps - min.
firewall - A network device that shields the trusted network from unauthorized users in the untrusted network by blocking
certain specific types of traffic. Many types of firewalls exist, including packet
filtering and stateful inspection.
firmware - Executable programs stored in nonvolatile memory.
FISA - Federal Intelligence Surveillance Act (FISA) of 1978: An act that limited wiretapping for national security purposes as a
result of the Nixon Administration's history of using illegal wiretaps.
flag - In a networking context: flag: An internet header field carrying various control flags: informational pieces of data.
Flag meaning: ACK? Acknowledge. This flag is used to indicate the sender of the ACK flag has established a connection, from
his/her own side of the connection.
Flag meaning: FIN? Finish. No more transmissions.
Flag meaning: PSH? Push. System is forwarding buffered data.
Flag meaning: RST? Reset. Resets the connection.
Flag meaning: SYN? Synchronize. This flag initiates a connection between hosts.
Flag meaning: URG? Urgent. Data in packets must be processed quickly.
FLEX - Cryptography and hashing libraries for encryption and security: AS3 libraries. This is a library for data processing and
FLEX is a particular library used for hashing & crypto.
Flex - Adobe Air Flex Encryption System is a collection of technologies released by Adobe Systems for the development and
deployment of cross-platform rich Internet applications based on the proprietary Adobe
Flash platform.
FM - frequency modulation (FM): A method of transmitting information over a radio wave by changing frequencies.
Footprinting - Gathering info & detecting network range
form data Data captured in an HTML or XHTML form, hence "form data.
"
Forms based authentication - Simply uses Web forms to authenticate by encrypting login that is then sent to host.
fractional T-1 - A 64 Kbps increment of a T1 frame.
frame relay - A packet-switching interface that operates at data rates of 56 Kbps to 2 Mbps. Frame relay is minus the error
control overhead of X.25, and it assumes that a higher-layer protocol will check
for transmission errors.
front-end security filter - A security filter that could be implemented in hardware or software, which is logically separated
from the remainder of the system in order to protect the system's integrity.
FSK - frequency shift keying (FSK): A modulation scheme for data communication using a limited number of discrete frequencies to
convey binary information.
FTLS - Formal Top-Level Specification (FTLS): A top-level specification that is written in a formal mathematical language to enable
theorems showing the correspondence of the system specification to its
formal requirements to be hypothesized and formally proven.
FTP - File Transfer Protocol (FTP): FTP is a network protocol used to transfer data from one computer to another through a - guess
what - network. A TCP/IP protocol for file transfer.
Full duplex - If transmit data and receive data are separate circuits, transmission can occur in a concurrent flow in both
directions: full duplex.
functional programming A programming method that uses only mathematical functions to perform computations and solve problems.
Gateway - Gateways work on all seven OSI layers. The main job of a gateway is to convert protocols among communications networks. A
router by itself transfers, accepts and relays packets only across networks using similar protocols. A gateway can accept a packet in
protocol A and convert it to B before forwarding it. A network component that provides interconnectivity at higher network layers.
gigabyte - GB or GByte: A unit of measure for memory or disk storage capacity; usually 1,073,741,824 bytes.
gigahertz
GHz - A measure of frequency; one billion hertz.
GLB - An act that removes Depression-era restrictions on banks that limited certain business activities, mergers, and
affiliations. Moves oversight of insurers & health-plan bus's to state authorities. It's
got properties similar to HIPAA.
Google hacking - examples? passwords, credit card numbers, medical records and other confidential information
GPG - GNU Privacy Guard: G(eneral Public License) Privacy Guard allows one to encrypt and sign one's data.
GPRS - General Packet Radio Service (GPRS): is a packet-oriented mobile data service available to users of the 2G systems (GSM), as
well as in the 3G systems.
granularity - An expression of the relative size of a data object; for example, protection at the file level is considered coarse
granularity, whereas protection at the field level is considered to be of a
finer granularity.
GSM - Global System for Mobile (GSM) communications: The most popular standard for mobile phones in the world. The GSM logo serves
to identify compatible devices. Both voice and data transmission is transmitted in the digital format. Global System for Mobile (GSM)
Communications: The wireless analog of the ISDN landline system.
guard - A processor that provides a filter between two disparate systems operating at different security levels or between a user
terminal and a database to prevent unauth access.
handshaking procedure A dialogue between two entities for the purpose of identifying
and authenticating one another.
Hash - Output of an algorithm used to verify data.
HDLC ?
HDX Half duplex.
Header - In information technology, header refers to supplemental data placed at the beginning of a block of data being stored or
transmitted, there are many types of headers: authentication header, email
header, block header, message header, header checksum, ...
Hertz Hertz (Hz): - A unit of frequency measurement; one cycle of a periodic event per second. Used to measure frequency.
high-level data link control - An ISO protocol for link synchronization and error control.
high-speed encryption chips - Self-evident. The U.S. fed government in '90 began using the services of Newbridge Networks for
their high-speed public key data encryption system (which was orig produced by
Calmos Microsystems, which Newbridge later acq).
HIPAA - Kausbaum-Kennedy - The Health Insurance Portability and Accountability Act
- Kassbaum Health Insurance Portability and
Accountability Act (HIPAA) of 1996: ?
HMAC - In cryptography, a keyed-Hash Message Authentication Code (HMAC or KHMAC), is a type of message auth code (MAC) calculated
using a specific algo involving a crypto hash function in combo with a secret key.
hotfixes - A hotfix was originally the term applied to software patches that were applied live, i.e., to still running
programs. Similar use the term can be seen in Hot Swappable Disk Drives. A patch: single, comprehensive file.
How can you stop a DoS or DDoS attack? - Use the same commands an attacker would use to stop the attack.
How do you prevent ARP spoofing? - To prevent ARP spoofing, permanently add the MAC address of the gateway to the ARP cache on
a system. You can do this on a Windows system by using the
ARP -s command at
the command line and appending the gateway’s IP and MAC
addresses.
How many types of packets? - Each logical network uses discrete data messages called packets. The logical network packet at the
generic level consists of information about the source, destination, and data payload.
Hping2
Hping - is a free packet generator and analyzer for the TCP/IP protocol.
HTML, purpose of A standard used on the Internet for defining hypertext links between documents.
HTTPS - Hypertext transfer protocol over secure shell
I&A - Identification and authentication.
IA - Information Assurance
IAC - Inquiry access code; used in inquiry procedures. The IAC can be one of two types: a dedicated IAC for specific devices or a
generic IAC for all devices.
IADS - Integrated Access Device (IAD): is a customer premises device that provides access to wide area networks and the Internet.
Specifically, it aggregates multiple channels of information including voice
and data across a single shared access link to a carrier
or service p PoP. The access link may be a T1 line, a DSL connection, a cable network, a broadband wireless link, or a metro-Ethernet
connection.
IANA - Manages a registry of media types and character encodings.
IAW - In accordance with
IBE - Identity-Based Encryption: The IBE concept proposes that any string can be used as an individual's public key, including his
or her email address.
ICANN The Internet Corporation for Assigned Names and Numbers Whois, DNslookup
ICMP - Internet control message protocol. A reporting protocol for the IP addressing. ICMP is a required element of IP
implementations. The TCP/IP protocol used to send control and error info regarding IP
data gram transmissions. When a data gram cannot
be deliv, an ICMP message may be sent.
ICP$ - Inter Process Communication share
IDEA - International Data Encryption Algorithm (IDEA): IDEA is a block cipher adv in 1991 to replace DES. It is licensed in all
countries where it is patented by MediaCrypt. type encryption
Identification professing user
ID
IDL - Interface Definition Language (IDL): A standard interface language that is used by clients to request services from objects.
IDLE scan - An IDLE scan uses a spoofed IP address to send a SYN packet to a target. Depending on the response, the port can be
determined to be open or closed. IDLE scans determine port scan response by
monitoring IP header sequence numbers.
IETF - Internet Engineering Task Force (IETF): develops and promotes Internet standards, cooperating closely with the W3C and
ISO/IEC standard bodies and dealing in particular with standards of the TCP/IP and
Internet protocol suite. It is an open standards
organization, with no formal membership or memb req's. All members are volunteers and the org's current financial sponsors are
VeriSign and the U.S. Gov's
N.S.A.
If you have an IP address of 156.154.81.56 and a subnet mask of 255.255.255.240, what is the network address, possible # of and range
of subnet hosts, and what is the broadcast address?
IP Address: 10011100.10011010.01010001.00111000
Subnet mask: 11111111.11111111.11111111.11110000
Bitwise AND
-----------------------------------------------
Result: 10011100.10011010.01010001.00110000
As you can see, the network address for the
IP address and subnet mask in question is 156.154.81.48. To determine the how many hosts are possible to be on this same subnet, it is
a simple operation. Count the number of bits from the right until you get to the first "1" in the binary network address display. That
number will be the power you raise 2 to for the calculation of possible number of hosts. You must also subtract two from the result
because one address is reserved for broadcast and network addresses. This leaves you with the final algorithm of 2^n-2. In this case
there are 4 bits of 0 in the network address, leaving you with 2^4-2 hosts possible, or 14 hosts. This means that your network address
is 156.54.81.48, that you have a range of addresses available to hosts from 156.154.81.49 - 156.154.81.62, and that the broadcast
address for this network is 156.154.81.63.
IIS Internet Information Server
IIS Exploits Internet Information Server (IIS) Unicode
exploits
IKE - Internet key exchange (IKE): is the protocol used to set up a security association in the IPSec protocol suite. IKE uses a
Diffie-Hellman key exchange to set up a shared session secret, from which
crypto keys are derived. IKE was orig est in '98.
IMAP - Internet Message Access Protocol
In MAC OS X, what kind of DNS record is created when you add an alias in Server Admin? CNAME
increment value size in bytes?
inference engine - A component of an artificial intelligence system that takes inputs and uses a knowledge base to infer new
facts and solve a problem.
information flow control - A procedure undertaken to ensure that information transfers within a system are not made from a
higher security level object to an object of a lower security level. Synonymous with 'data flow control' and 'flow control.'
INI files - The de facto standard for configuration files. INI files are simple text files with a basic structure. Windows
files.
internetwork - Amongst 2 or more networks.
Intrusion detection systems - 1) State anomaly; 2) Protocol retardation; & 3) pattern-matching system
IP - Internet Protocol (IP): ?
IP layer aka? Network layer
IPNA - Org that assigns port numbers?
IPSec - Secure Internet Protocol
IPv4 - Internet Protocol version 4 is the 4th iteration of the Internet Protocol and it is the first version of the protocol to be
widely used. This is the now currently used format - and it is 20 years old.
The current first version of IP, in which an IP address
has 2 parts. The 1st is the network ID and the 2nd is the host ID. IPv4 is a four byte, 32 bit IP address of the form:
255.255.255.255.
IPv6 - Internet Protocol version 6 is an Internet Layer protocol for packet-switched internetworks. It is des as the successor for
IPv4. IPv6 provides over sextillion addresses (theoretically). IPv6 is a
sixteen byte, 128 bit, IP that may be viewed as hexadecimal
numbers separated by semicolons.
IPX - A routing protocol. Routing protocols are located at the Network layer: layer 3.
IPX - Internetwork Packet Exchange (IPX): is the OSI-model Network layer protocol in the IPX/SPX protocol stack. IPX was a popular
predecessor to TCP/IP.
IR - infrared light (IR): light waves that range in length from about 0.75 to 1,000 microns; this is a lower frequency than the
spectral colors but a higher frequency than radio waves.
IRC - Internet Relay Channel (IRC): A chat sys fin in the late '80s. IRC technology was novel because it allowed for more than 2
people to chat. IRC is an app that one installs on one's computer and it sends
& rec's to/from an IRC server. It is a known security
liability.
IRQ - users of online services, such as sports scores, etc. look up better definition.
ISAPI asp is one ISAPI extension
ISAPI - ISAPI is a (Internet Server Application Program Interface) set of Windows program calls that lets you write a Web server
application that is an N-tier API of Internet Information Services (IIS),
Microsoft's collection of Windows-based Web server services.
IIS & ISAPI - are the two most prominent applications involved in Microsoft's Web server. Internet server application programming
interface. ASP is one kind. N-tier API of (Microsoft's IIS). Apachi can also run ISAPI.
ISDN - Integrated Services Digital Network (ISDN): is a digital end-to-end communications mechanism. ISDN was developed by
telephone companies to support high-speed digital communications over the same equipment and infrastructure that is used to carry
voice communications.
ISM - industrial, scientific, and medicine bands (ISM): Radio frequency bands authorized by the FCC for wireless LANs. The ISM
bands are located at 902 MHz, 2.400 GHz, and 5.7 GHz. The transmitted power is commonly less than 600mw. No FCC license is req to
send/receive in these bands.
ISN - Initial Sequence Number
isochronous transmission - Type of synchronization whereby information frames are sent at specific times.
ITU - International Telecommunication Union
ITV-T standard X.509 is an ITV-T standard for a public key infrastructure (PKI) for
single-sign on and privilege management.
IV - Initialization vector; for WEP encryption.
IVC - Integrity check value; In WEP encryption, the frame is run through an integrity algorithm, and the generated IVC is placed
at the end of the encrypted data in the frame.
Kerberos - A trusted, third-party authentication protocol that was developed under Project Athena at MIT. In Greek mythology,
Kerberos is a three-headed dog that guards the entrance to the underworld.
Using symmetric key cryptography, Kerberos authenticates
clients to other entities on a network of which a client requires services.
KHMAC - Keyed hash message authentication code
knowledge base Refers to the rules and facts of the particular problem domain in an
expert system.
Land - A DoS attack that consists of sending a special poison spoofed packet to a computer, causing it to lock up. ?same ip &
port: no idea what this is
LAP - Link Access Procedure (LAP)
LAPB - Link Access Procedure Balanced (LAPB): is a data link layer protocol in the x.25 protocol stack.
LAPB - is a bit-oriented protocol derived from HDLC that ensures that frames are error free and in the
right sequence. LAPB is
specified in ITU-T.
LDAP - Lightweight Directory Access Protocol (LDAP): most directory services are based on LDAP. A directory functions much like in
reality: It serves as a legend to find system resources.
LEAF - A key exchange mechanism known as the Law Enforcement Access Field (LEAF).
LEAP - An early alt to WEP was WiFi Protected Access (WPA). It is based on the LEAP and TKIP cryptosystem & emp a secr passphrase.
Unfortunately, the use of a single static passphrase is the downfall of WPA.
An attacker can just brute-force attack it to break it;
it's time prohibitive, but theoretically possible.
least privilege - The principle that requires each subject be granted the most restrictive set of privileges needed to perform
authorized tasks.
Lids - MIT Laboratory for Information and Decision Systems. This is an interdisciplinary research lab of MIT. Huge composite of
departments and LIDS has also hosted several luminaries of their respective fields.
link encryption - A low-level, first-line of defense against a hacker. This is also known as network-layer encryption.
list-oriented - A computer protection system in which each protected object has a list of all subjects that are authorized to access
it. Compare to 'ticket-oriented.'
LLC - Logical Link Control (LLC): the IEEE layer 2 protocol.
lock-and-key protection system req matching key/password with a
specific access req.
Logical access controls - Refers to the collection of policies, procedures, organizational structure and electronic access controls
designed to restrict access to computer software and data files.
LSASS - Local Security Authority Subsystem Service (LSASS), is a process in Microsoft Windows operating system that is responsible
for enforcing the security policy on the system. It verifies users logging on
to a server, handles password changes, and creates
access tokens. It also writes to the Windows Security Log.
LSB - Least significant bit.
MAC - Media Access Control
MAC - Message authenticated code
MAC Mandatory access control (MAC):?
MAN - Metropolitan area network.
MAPI - Microsoft's mail application programming interface.
MAU - Multi-station access unit
Mbps - Megabits per second (Mbps): One million bits per second.
MD.5 hash function - Message-Digest algorithm 5 (MD.5): widely used 128-bit hash function (serves as ''an Internet standard''-RFC
1321). Employed in a wide var of sec app's & also used as a file-integrity
checker. An MD5 hash is typically expressed as a 32 digit
hexadecimal number.
Medium access - The Data Link Layer (DLL) function that controls how devices access a shared medium.
The Metasploit Freeware
framework tool to penetration test operating systems & web server software.
MIB - Management Information Base: SMB databae of config variables
MIME - Multipurpose Internet Mail Extensions (MIME): Is an Internet standard that extends the format of e-mail to support text in
character sets other than ASCII, non-text attachments, message bodies with
multiple parts, header information in non-ASCII character
sets, more. MIME's use has grown beyond describing email to describing content type in general, including for the web.
MITM - Man-in-the-middle attack
modulation - The process of translating the baseband digital signal to a suitable analog form. Any of several techniques for
combining user information with a transmitter's carrier signal.
MOSS - MIME Object Security Services (MOSS): a standard for encrypted messages second to the S/MIME protocol.
Most common way to hijack a session? Send server a packet with RST or FIN flag set and then coordinate communication with client.
MSB - Most significant bit.
MTU - Maximum transmission unit
multilevel device - A device that is used in a manner that permits it to simultaneously process data of two or more security
levels without risk of compromise. To accomp this, sensitivity labels are normally stored on the same physical medium and in the same
form (for example, machine-readable or human-readable) as the data being processed.
multilevel secure - A class of system containing information with different sensitivities that simultaneously permets access by
users with different security clearances and needs-to-know but that prevents users from obtaining access to information for which they
lack authorization.
multipath - The signal variation caused when radio signals take multiple paths from transmitter to receiver.
multiplexer - A network component that combines multiple signals into one composite signal in a form suitable for transmission
over a long-haul connection, such as leased 56 Kbps or T1 circuits.
MUX - multiplexing (MUX): a process whereby multiple analog message signals or digital data streams are combined into one signal
over a shared medium.
mws3ptr - An exploitable DLL via printing...targets the ISAPI filter.
MX DNS Records: (mail exchange) Identifies the mail server for the domain
NACK or NAK - A flag option in the TCP/IP handshake.
Name of message in layer 1? - bits: by this point the data has been converted into bits for trans over the physical connection
medium.
Name of message in layer 2? - frame.
Name of message in layer 3? 'segment' transmitted by TCP protocol or 'datagram' if trans by UDP.
Name of message in layer 7? data stream.
Name the 4 main firewall techniques - 1. Packet filter; 2. Application gateway; 3. Circuit-level gateway; & 4. Proxy server
NCSC - Stands for National Computer Security Center, an initiative of the NSA focused on information security.
NetBIOS - Acronym for Network Basic Input/Output System. It provides services related to the session layer of the OSI model allowing
applications on separate computers to communicate over a local area network.
As strictly an API, NetBIOS is not a networking
protocol. In modern networks, NetBIOS normally runs over TCP/IP via the NetBIOS over TCP/IP (NBT) protocol. This results in each
computer in the network having
both a NetBIOS name and an IP address corresponding to a (possibly different) host name. NetBIOS
provides 3 basic services: 1) Name service for for name recog & resolution; 2) Session service for connection-oriented communication;
& 3) Datagram distribution service for connectionless communication. Note: SMB is an upper layer service that runs atop of the Session
Service and not a part of NetBIOS itself. It can run atop TCP with a small mod.
NetBT - NetBIOS over TCP/IP: is a networking protocol that allows legacy computer applications relying on the NetBIOS API to be used
on modern TCP/IP networks.
Netgate authentication - uses Kerberos
Network traffic filtering
One means of defense against DDoS & DoS attacks.
NIACAP - National Information Assurance Certification and Accreditation Process, a standardized process for information assurance
(IA) accreditation.
NIC - Network Interface Card (NIC): An electronic computer chip that can transmit and receive information in specified protocols
NIST - National Institute of Standards and Technology
Nmap - Free open-source tool that can quickly & efficiently ping sweep, port scan, service identification, IP address detection, OS
detection. Nmap can scan a large # of machines in a single session. It is
supported by many OS's: Unix, Windows, Linux, etc.
Nmap
Free security scanner for network exploration & security: downloads for Windows, UNIX, FreeBSD, Linux, Redhat, etc.
Nmap scan - TCP connect The attacker makes a full TCP connection to the target system.
Nmap scan: Ack scan - This type of scan is used to map out firewall rules. ACK scan only works on UNIX.
Nmap scan: Windows scan
This type of scan is similar to the ACK scan and can also detect open ports.
Noteworthy SMB attack - Win32CreateLocalAdminUser is a program that creates a new user with the username and password X and adds the
user to the local administrator’s group. This action is part of the
Metasploit Project and can be launched with the Metasploit
framework on Windows. Server message block. Designed to share file & printer.
NS - DNS Records: (name server) Identifies other name servers for the domain
NSDD 145 - National Security Decision Directive 145 (NSDD 145)
NT LAN Manager - Not to be confused with LAN Manager.
NTLM - (NT LAN Manager) is a Microsoft authentication protocol used with the SMB protocol.
ntdll.dll - The ntdll.dll is a file created by Microsoft that has a description of "NT Layer DLL" and is ''the file'' that
contains NT kernel functions. This file is a significant security risk if unpatched.
NTFS - NTFS (dev by Microsoft) file system replacement for FAT file systems: impr support for metadata, imp performance, allowance
of ACL's, journaling, etc.
NTLM - NTLM (NT LAN Manager), not to be conf with LAN Manager, is a Microsoft auth protocol used with the SMB protocol. The
protocol uses a challenge-response sequence iss'g 3 msg's bet client & server (node
req'ing auth). Uses tokens.
Null scan - This is an advanced scan that may be able to pass through firewalls undetected or modified. Null scan has all flags
off or not set. It only works on UNIX systems. It is similar to XMAS and FIN scans in its limitations and response.
OCX - OCX is a file format. This file format is a Windows file format and is easily infected with hazardous code. Object linking
and Embedding (OLE) Control Extension.
ODBC - Open Database Connectivity (ODBC) is a database (proxy like) feature that allows applications to communicate with other &
different databases without being programmed specifically to do so.
one-time pad In crypto, the one-time pad (OTP) is an encryption
algo where the plaintext is combined with a random key or "pad" that is as long as the plaintext and used only once. If the key
generated is
truly random, and kept abs confidential, never re-used, then it provides perfect secrecy.
OOB - Out-of-band
Open port - Open means that the target machine is accepting incoming requests on that port.
OSI model - The Open Systems Interconnection Reference Model (OSI Reference Model or OSI Model) is an abstract description for
layered communications and computer network protocol design. It was developed
as part of the Open Systems Interconnection (OSI)
initiative. In its most basic form, it divides network architecture into 7 layers. A layers is a collection of conceptually similar
functions that prov serv to the layer above it.
Output chaining - One characteristic, re X.509 Certificate authentication, to check. See that all certificates in the Output Chain are
legit.
PA-DSS - Payment Application Data Security Standard (PA-DSS)
Packet filter firewall - A packet filter firewall examines 5 characteristics of a packet: 1) Source ip address; 2) Source port; 3)
Destination ip address; 4) Destination port; 5) IP protocol (TCP or UDP). Based on the rules, a packet will either be accp'd, rej'd,
or drop'd. If firewall rejects the packet, it sends a flag back saying rej. If packet was dropped, firewall doesn't respond. Packet
filtering firewalls operate at level 3 of the OSI model, the Network Layer. Routers are a very common form of packet filtering
firewall.
packet switch - A packet switch is a node used to build a network that utilizes the packet switching paradigm for data
communication. Can op at a # of diff layers. One common class of contemp p switches: bridge, hub and router. Gen packet switches only
perf communication-rel functions.
Packet-level filtering firewall - One step below circuit-level filtering. A packet-level filter blocks or forwards a packet based
solely on its merits, without taking into account past history.
Parallell port - A parallel interface for connecting an external device such as a printer. Most personal computers have at least 1
serial port & 1 parallel port. On PCs, the parallel port uses a 25-pin
connector (type DB-25) and is used to connect printers. A newer
type of parallel port is known as: Enhanced Parallel Port (EPP) or Extended Capabilities Port (ECP).
Parser - Parsing is analysis of semantics at a fine granularity. The most common use of a parser is as a component of a compiler or
interpreter. This compiles the source code of a computer prog lang to craete some form of internal rep.
Passive sniffing -To capture only data that comes one's way is passive sniffing.
patch management - choosing how patches are to be installed and verified and testing those patches on a nonproduction network
prior to installation.
Patch management techniques - A process for testing, applying and logging patches to a system should be defined and followed.
Path - MTU discovery - (PMTUD) is a technique in computer networking for determining the maximum transmission unit (MTU) size on
the network path between 2 Internet Protocol (IP) hosts,
usually with the goal of avoiding IP fragmentation.
PCDP - Packet data convergence protocol one protocol in radio packet stack in UMTS.
PCI DSS - PCI DSS: stands for Payment Card Industry Data Security Standard, and is a worldwide security standard assembled by the
Payment Card Industry Security Standards Council (PCI SSC). PCI consists of
operational & technical standards to prevent fraud and
hacking.
PDC-P Packet Data Convergence Protocol (PDCP): It is one of the layers of the Radio Traffic Stack in UMTS and performs IP
header compression and decompression, transfer of user data and maintenance of
sequence numbers for Radio Bearers.
PEM - Privacy Enhanced Mail (PEM): an email encryption mechanism that provides authentication, integrity, confidentiality, and
nonrepudiation. PEM uses RSA, DES, and X.509. encryp
PEM function - An OpenSSL function
PGP - Pretty good protection, an encryption suite for mail and possibly other purposes.
PHP A language designed specifically
implemented specifically on the server side.
PHS - Psuedo-Hilbert Scan algorithm (PHS): This algo is used in digital image processing, image compression, and pattern
recognition.
PHY - Physical Layer (PHY):
Ping - Noun! - A utility used to troubleshoot a connection to test whether a particular IP address is accessible.
Ping tool
examples Pinger, Friendly Pinger, WS_Ping_Pro
PKCS
Public Key Cryptography Standards (PKCS): - A set of public key cryptography standards that supports algorithms such as Diffie-Hellman
and RSA, as well as algorithm-independent standards.
PKI - Public key infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage,
store, distribute, and revoke digital certificates. In cryptography, a PKI is
an arrangement that binds public keys with respective
user identities by means of a certificate authority. The binding may be done by software or in person, dep on the level of sec. The
PKI role that assures
this binding is called the Reg Authority (RA).
PMI - Privilege Management Infrastructures (PMI): are to authorization what Public Key Infrastructures (PKI) are to
authentication.
PMIs - have Sources of Authority (SOAs) and Attribute Authorities (AAs) that issue Attribute Certificates (ACs) to users, instead of
Certification Authorities (CAs) that issue PKCs to users.
Popular steganographic program and purpose? - The purpose of a steganographic program is to hide information within a bundle of
unhidden and seemingly normal data. You can hide info within MP3's, ASCII text files, etc.
Port Scanning vs Ping Sweeping - Port scanning generally
Port sweep scanning multiple hosts searching for a single specific port
Precomputation - Re Dictionary attack: Hashing out a bunch of dictionary entries prior to beginning an attack so as to expedite the
process.
PRNG - Pseudorandom number generator
Protocol standards - Official Internet Protocol Standards: NETBIOS, Protocol standard for a NetBIOS service on a TCP/UDP
transport.
protocols A set of rules and formats, semantic and syntactic, that permits entities to exchange information.
Protocols
that don't encrypt: name a few. HTTP, POP3, SNMP, FTP
Proxy firewall
Proxy server/firewall - serves as a go-between from client to server: 1) client is anonymous; 2) to speed up resource caching.
proxy
server A proxy server is a server (a computer system or an application program) that acts as a go-between for requests from clients
seeking resources from other servers.
pseudoflaw - An apparent loophole deliberately implanted in an operating system program as a trap for intruders.
PSTN - Public-switched telephone network; the general phone network.
PTR - DNS Records: (pointer) Maps IP addresses to host names
Purpose of a signed message - To verify sender's identity and ensure that the message wasn't tampered with in transit.
RADIUS - Remote Authentication Dial-In User Service
RC4 - Rivest Cipher 4 (RC4): RC4 is based on RSA. WEP employs RC4. WEP supports only one-way authentication: client ->access
point.
RC5 - RSA cipher is a patented symmetric algorithm. Conceived of by the founders of RSA.
RDBMS - relational database management systems (RDBMSs).
Relational database - A database that groups data using common attributes found in the set. The resulting "clumps" of data are
much easier for people to understand. Basically, this is a standard expectation
like searching a set of houses in a database for val >
250k & size > 5k sq. ft.
Linux BIND NXT
repeater - A network component that provides internetworking functionality at the Physical Layer of a network's
architecture. A repeater amplifies network signals, extending the distance they can travel.
RFC - Request for comment (RFC): In comp network engin, RFC is a memorandum published by the Internet Engineering Task Force
(IETF) describing methods, behaviors, research or innovations applicable to the
working of the Internet and Internet-connected
systems.
Rijndael - AES adv by these two Belgian cryptographers. The U.S. gov adopted this algo. It is also used extensively all over
the world. This algo was adv in 2001 and won a 5-year contest amongst contenders. guy who advanced encryp theorem?
ring protection scheme - A new technology introduced by ITU to reduce ARP cache spoofing. It sets up nodes so that IPs are
consistent.
ring topology - A topology in which a set of nodes are joined in a closed loop.
RIP - Routing Information Protocol (RIP): A common type of routing protocol. RIP bases its routing path on the distance (number of
hops) to the destination. RIP maintains optimum routing paths by sending out routing update messages if the network topology changes.
RISC - Reduced Instruction Set Computer (RISC): A computer architecture designed to reduce the number of cycles required to execute
an instruction. A RISC architecture uses simpler instructions but makes use of other features, such as optimizing compilers and large
numbers of general-purpose registers in the processor and data caches, to reduce the number of instructions required.
Roaming - A general term that ref to extending connectevity beyond the home location where the service was registered. The term
"roaming" originated from the GSM sphere (Global System for Mobile Communications) and the term can also be applied to CDMA.
ROM - Read-only memory (ROM).
router - A network component that provides internetworking at the Network Layer of a network's architecture by allowing individual
networks to become part of a WAN. A router works by using logical and physical addresses to connect two or more separate networks. It
determines the best path by which to send a packet of information.
RS-232 - In telecommunications, RS-232 (Recommended Standard 232) is a standard for serial binary data signals connecting between a
DTE (Data Terminal Equipment) and a DCE (Data Circuit-terminating Equipment). It is commonly used in computer serial ports. A similar
ITU-T standard is V.24. RS-232 is the major predecessor to USB for local communications. Comp 232, USB is faster, uses lower voltages
and has connectors that are simpler to connect and use.
RS-232 1) A serial communications interface; & 2) The ARS-232n EIA standard that specifies up to 20 Kbps, 50 foot, serial
transmissions between computers and peripheral devices. Serial communication standards are defined by the Electronic Industries
Association (EIA).
RS-232 (Recommended Standard 232) is a standard for serial binary data signals connecting between a DTE (Data Terminal Equipment) and
a DCE (Data Circuit-terminating Equipment). It is commonly used in computer serial ports. A similar ITU-T standard is V.24.
RS-422 - An EIA standard specifying electrical characteristics for balanced circuits (in other words, both transmit and return wires
are at the same voltage above ground). RS-422 is used in conjunction with
RS-449.
RS-423 An EIA standard specifying electrical
characteristics for unbalanced circuits (in other words, the return wire is tied to the ground).
RS-423 - is used in conjunction with RS-449.
RS-449 - An EIA standard specifying a 37-pin connector for high-speed transmission.
RS-485 - An EIA standard for multipoint communications lines.
RSA - RSA is an algorithm for public-key encryption.
RSA SecureID - Two-factor authentication includes hardware token authenticators, software authenticators, authentication agents as
a more secure authentication for a user to access a network resource.
RTS/CTS - Request-to-Send & Clear-to-Send (RTS/CTS): Optional protocols in the 802.11 standard. Expensive, but allows for fine tuning
of the WLAN.
S/MIME - A protocol that adds digital signatures and encryption to Internet MIME: Hence, S/MIME -> Secure MIME.
SACLs - Service access control lists are ACLs specific servers
Samba - A Mac application that allows for interaction with Microsoft Server Message Block (SMB) networking: file & printer sharing.
sandbox - An (ACL) mechanism. An access control-based protection mechanism. The sandbox is usually interpreted by a virtual machine
such as the Java Virtual Machine (JVM).
Sandboxing - In computer security, an (ACL) a sandbox is a sec mech for sep running prog's. In this context, sandboxing is a
specific example of virtualization.
Scalar processor - Represents the simplest class of processors and takes one data item at a time. Differences between scalar
and vector processors is analogous to vector and scalar arithmetic, as seen in calculus and other maths.
Scan - The act of actively connecting to a system to obtain a response.
Scanning - Sending an ICMP or ping
Screened subnet - In network security, a screened subnet firewall is a variation of the dual-homed gateway and screened host firewall.
It can be used to separate components of the firewall onto separate systems,
thereby achieving greater throughput and flexibility,
although at some cost to simplicity. A screened subnet firewall is often used to establish a "DMZ": demilitarized zone.
SCSI Port - A parallell port used by MAC. It is more flexible than traditional parallel ports.
SDLC - Synchronous data link control security kernel The hardware, firmware, and software elements of a Trusted Computer Base (TCB)
that implement the reference monitor concept.
Serial communications - Data transfer in which data is transferred 1 bit at a time. Most serial ports on personal computers conform
to the RS-232C or RS-422 standards. A serial port is a general-purpose interface that can be used for almost any type of device,
including modems, mice, and printers.
serial interface - An interface to provide serial communications service.
Server A server is a computer that provides services
used by other computers.
service packs - A service pack is a collection of updates, fixes and/or enhancements to a software program delivered in the form of
a single installable.
Session hijacking steps 1. identify an open session & predict the sequence number of the next packet; 2.
desynchronize the connection; & 3. packet injection
Session Layer - One of the seven OSI model layers. Establishes, manages, and terminates sessions between applications.
SET - Open protocol with the potential to 'set the standard.' It defines Secure Electronic Transactions
SFC - Stream file checker
SHA-1:5 - The successors to the Secure Hash Algorithm (SHA), SHA-1 and SHA-2, make up the gov STANDARD MESSAGE DIGEST FUNCTION.
shared key authentication - A type of authentication that assumes each station has received a secret key through a secure
channel, independent from an 802.11 network.
SID - Sound Interface Device (SID): a sound card. The Commodore 64 was one of the original machines carrying SID.
single user mode - An OS loaded without Security Front End.
SIV - System integrity verified
Skipjack - An algorithm that was approved for use by the U.S. government in Federal Information Processing Standard (FIPS) 185,
the Escrowed Encryption Standard (EES). Skipjack is unusual in that it
supports the escrow of encryption keys. In cryptography,
Skipjack is a block cipher — an algorithm for encryption — developed by the U.S. National Security Agency (NSA). Initially classified,
it was originally intended for use in the controversial Clipper chip. Subsequently, the algorithm was declassified and now provides a
unique insight into the cipher designs of a government intelligence agency.
SLIP - Serial Line Internet Protocol (SLIP): An Internet protocol used to run IP over serial lines and dial-up connections.
smart cards - A smart card, chip card, or integrated circuit card (ICC), is defined as any pocket-sized card with embedded
integrated circuits which can process data. This implies that it can receive input which is processed - by way of the ICC applications
- and delivered as an output. There are 2 broad categ's of ICC. 1) Memory cards contain only non-volatile mem storage components and
per some spec sec logic; & 2) Microprocessor cards that contain volatile memory and microprocessor components.
SMB - Server message block (SMB): In computer networking, SMB operates as an application-level network protocol mainly used to
provide shared access to files, printers, serial ports, and miscellaneous communications between nodes on a network. It also prov an
auth Inter-proc comm mech. Most usage of SMB involv comp running Windows, where it is known as "Microsoft Windows Network."
SMBSID - ?
SMDS Switched Multimegabit Digital Service (SMDS): A packet-switching connectionless data service for WANs.
SMP
Symmetric multiprocessor systems
SMTP - Simple Mail Transfer Protocol (SMTP): The Internet email protocol.
SN - Sequence number. TCP, connection-oriented protocol property used in reassembling data stream into correct order.
SNA - Systems Network Architecture (SNA): IBM's proprietary network architecture.
SNMP - Protocol Simple Network Management Protocol (SNMP): The network management protocol of choice for TCP/IP-based Internets.
Widely implemented with 10BASE-T Ethernet. A network management protocol that
defines information transfer among 'management
information bases (MIBs): 1. agent; 2. management station
SNR - Signal-to-noise ratio
SOA - DNS Records: (Start of Authority) Identifies the DNS server responsible for the domain information
SOCKS - SOCKS, also known as Authentication Firewall Transfer (AFT), is a protocol used in proxy servers and firewalls and for
virtual private networks (VPNs).
The SOCKS Firewall Another type of application-proxy firewall are SOCKS firewalls. SOCKS
firewalls require specially mod network clients. This means that you need to mod every sys on your internal network that needs to
communicate with the external network. On a Windows or OS/2 system, this can be as easy as swapping a few DLL's.
Some unencrypted
protocols? HTTP, FTP, POP3, SNMP
SONET - Synchronous Optical NETwork (SONET): A fiber-optic transmission system for high-speed digital traffic. SONET is part of the
B-ISDN standard.
Special specification language (proper noun):
SPKI - Simple Public Key Infrastructure: Does not deal with public authentication of public key information; this is known as SPKI.
Spoofing - Spoofing involves artificial identification of a packet's source address, where that IP address is often deduced
from sniffed network traffic.
SQL - Structured Query Language (SQL): An international standard for defining and accessing relational databases.
SQL injection - The process of an attacker inserting SQL statements into a query by exploiting vulnerability for the pupose of
sending commands to a web server database.
SRV - Service records
SRV - DNS Records: (Service) Identifies services such as directory services
SSDP - Simple Service Discovery Protocol: Simple Service Discovery Protocol (SSDP) is an expired IETF Internet draft by Microsoft
and Hewlett-Packard. SSDP is the basis of the discovery protocol of Universal plug-and-play.
SSDP provides a mechanism which network
clients can use to discover network services. Clients can use SSDP with little or no static configuration.
SSDP uses UDP unicast and
multicast packets to advertise their services.
SSH-1:2 .. SSH is an ecrypted Telnet.
SSID - Service Set Identifier.
SSL - Secure Sockets Layer (old, basically replaced by TLS): SSL can be used for HTTPS traffic.
SSL attacks: name some - prevention: install a proxy server & term SSL at the proxy; 2. install a hardware SSL accelerator & term
SSL at this layer.
ST connector - An optical fiber connector that uses a bayonet plug and socket.
star topology - A topology wherein each node is connected to a common central switch or hub.
Stateful inspection firewall - An improvement on the packet-filtering firewall. With this enhancement, the firewall ''remembers''
conv's bet systems. It is then nec to fully ex only the first packet of a conv.
Steganography - the process of hiding data in other types of data such as images or text files.
storage object - An object that supports both read and write access.
stream cipher - A symmetric key cipher where plaintext bits are combined with a pseudoramdom cipher bit stream. Stream ciphers are
faster and than block ciphers and have lighter hardware requirements.
subnet - A logical subdivision of the address space defined by a TCP/IP network ID. A physical network defined within an IP address.
A subnet is a logical collection of up to 127 nodes or devices within a domain. A working scheme that divides a single logical network
into smaller physical networks to simplify routing.
Subnet mask - A mask used to determine what subnet an IP address belongs to. An IP address has two components, the network
address
and the host address. For example, consider the IP address 150.215.017.009. Assuming this is part of a Class B network, the first two
numbers (150.215) represent the Class B network address, and the second two numbers (017.009) identify a particular host on this
network.
Subnetting enables the network administrator to further divide the host part of the address into two or more subnets. In this case, a
part of the host address is reserved to identify the particular subnet.
This is easier to see if we show the IP address in binary
format. The full address is:
The Class B network part is: 10010110.11010111
and the host address is
00010001.00001001
SV Stability
verifier
Symmetric key Serves only to keep data confidential. Large keys can prove very difficult to break. Not used for
authentication.
SYN (aka: stealth scan) This is also known as half-open scanning. The hacker sends a SYN packet and receives a SYN-ACK back from the
server. It's stealthy because a full TCP connection isn't opened. If a SYN/
ACK frame is received back, then it's assumed the target
would complete the connect & the port is listening. If recieve RST, then it's assumed the port isn't active or is closed. The adv of
the SYN stealth
scan is that most IDS systems don't log incomplete handshakes.
SYN cookies - SYN Cookies are the key element of a technigue used to guard against SYN flood attacks.
Syscolumns - An SQL database command that returns a row for each column of an object that has a column.
Sysobjects - Contains one row for each object created within a database.
System Memory - Free, wired, active, inactive, used
T1 - A standard specifying a time division-multiplexing scheme for point-to-point transmission of digital signals at 1.544 Mbps.
TCP Connection - A singular TCP data transmission is called a segment. Middle layer in the OSI model. One of the core protocols. TCP
operates at a higher level than IP. TCP stays at home while IP moves the data on its journey.
TCP Wrapper - A TCP Wrapper is a host-based networking ACL system used to filter work access to Internet Protocol servers on
(UNIX-like) operating systems like Linux or BSD. This is a program & "code" comes as a "tarball."
TCP/IP A de facto, industry-standard
protocol for interconnecting disparate networks. TCP/IP are standard protocols that define both the reliable full-duplex transport
level and the connectionless, best effort unit of information passed across an internetwork.
TCP/IP Layers - The Internet Protocol Suite (commonly known as TCP/IP) is the set of communications protocols used for the Internet
and other similar networks. It is named after 2 of the more important protocols that fall in its purview. TCP/IP were advanced in the
'60s. The TCP/IP Model consists of four layers: 1) the Application Layer; 2) the Transport Layer; 3) the Internet Layer; & 4) the Link
Layer.
TCP/UDP layer aka Transport layer
TDR - time-domain reflectometer (TDR):
Telenet - For the packet switched network.
Telnet Telecommunication: For the packet switching network. TELNET is a network
protocol used on the Internet or local area network connections. Conceived of 1969 and later standardized as IETF STD 8, one of the
first Internet standards. Commonly imp in a command-line interface. A virtual terminal protocol used in the Internet, enabling users
to log in to a remote host. TELNET is defined as part of the TCP/IP protocol suite.
Telnet and Secure Shell Intrusion is what kind of
attack? Web server
TFTP - Trivial File Transfer Protocol (TFTP): When updating access lists on a Cisco router, you will create your lists on a TFTP
server and then download them to your router. This way you can use a text editor to see your work easily.
Throughput: switch, hub
In communication networks, such as Ethernet or packet radio, throughput is the average rate of successful message delivery over a
communication channel.
TKIP/MIC - Temporal Key Integrity Protocol (TKIP): TKIP ensures that every data packet is sent with a unique encryption key.
TLS - Transport Layer Security (TLS):
TOE - Target of Evaluation (TOE): In the Common Criteria, TOE refers to the product to be tested.
Token passing ring
Networking, in a token passing ring, a token is passed around a network between nodes and the recipient node can communicate as long
as it is in possession of the token. The node must pass the token in order for another node to be in possession of it so the following
node can then communicate. Token passing is a method of avoiding communications transmission collisions. Examples of token passing
rings: 1) token ring; & 2) ARCNET. See contention vs channel access and collision avoidance.
top-level specification A
nonprocedural description of system behavior at the most abstract level; typically, a functional specification that omits all
implementation details.
topology - A description of the network's geographical layout of nodes and links.
Traceroute - Traceroute is a packet-tracking tool that works by sending an ICMP echo to each hop (router or gateway) along the
way to the destination
Traceroute - Software utility used to determine the path to a target computer.
Trailer - In information technology, trailor: refers to supplemental data placed at the end of a block of data being stored or
transmitted, which may contain information for the handling of the data block, or just mark its end.
tranquility - A security model rule stating that an object's security level cannot change while the object is being processed by
an AIS.
transceiver - A device for transmitting and receiving packets between the computer and the medium.
Transmission Control Protocol (TCP): A commonly used protocol for establishing and maintaining communications between applications
on different computers. TCP provides full-duplex, acknowledged, and flow-controlled service to upper-layer protocols and applications.
Transport Layer OSI model layer that provides mechanisms for the establishment, maintenance, and orderly termination of virtual
circuits while shielding the higher layers from the network implementation details.
TTF - TrueType file format - generally for fonts, Macintosh
TTL - Time to live
Tunneling - Protocol tunneling: the term is used to describe when one network protocol referred to as the payload protocol is
encapsulated within a different delivery protocol. Reasons to use tunneling include carrying a payload over an incompatible delivery
network, or to provide a secure path through an untrusted network.
twisted-pair wire Type of medium using metallic-type conductors
twisted together to provide a path for current flow. The wire in this medium is twisted in pairs to minimize the electromagnetic
interference between one pair and another.
Twofish - Twofish is a symmetric key block cipher with a block size of 128 bits adn key sizes up to 256 bits. It was one of five
finalists in the Advanced Encryption Standards contest. encryp
U.S. Patriot Act of October 26, 2001 - A law that permits the following: 1) Subpoena of electronic records; 2) Monitoring of
Internet communications; 3) Search and seizure of information on live systems (routers, servers, backups, etc); & 4) Reporting cash
wires of 10k+. Under the Patriot Act, gov can monitor Internet traffic, force cooperation of ISPs, and network operators. This
monitoring even extends to private businesses.
U.S. Uniform Computer Information - Transactions Act (UCITA) of 1999 - (UCITA) of 1999: A model act that is intended to apply
uniform legislation to software licensing.
UART - Universal asynchronous receiver transmitter. A device that either converts parallel data into serial data for transmission
or converts serial data into parallel data for receiving data.
UDP - User Datagram Protocol (UDP): User datagram protocol. Uses the underlying IP protocol to transport a message in an
unmanageable and directionless scheme: no acknowledgements, no feedback control.
UMTS - Universal Mobile Telecommunications System (UMTS): is one of the third-generation (3G) mobile telecommunications
technologies, which is also being developed into a 4G technology. UMTS uses W-CDMA,
which GSM does not use. Hence, it's slated to
succeed GSM.
UNC - Universal Naming Convention (UNC): Contains all network connections established using a UNC. It also includes Web sites that
bypass a proxy server or have names without periods (such as http://servername), provided these sites are not assigned ot another
zone.
Unfiltered Port - is determined to be closed. And no firewall or filter is interfering with the Nmap requests.
Unicode Character set - that converts chararacters of any language to a universal hex code specification.
Unicode exploit - Windows 2000 systems running IIs are susceptible to a directory traversal attack, also known as a Unicode exploit.
User Datagram Protocol - UDP uses the underlying Internet protocol (IP) to transport a message. This is an unreliable, connectionless
delivery scheme. It does not use acknowledgments to ensure that messages arrive and does not provide feedback to control the rate of
information flow. UDP messages can be lost, duplicated, or arrive out of order.
utility - An element of the DII providing information services to DoD users. Those services include Defense Information Systems Agency
Mega-Centers, information processing, and wide-area network communicationservices.
UTP - Unshielded twisted pair cabling is a form of wiring in which two conductors (the forward and return conductors of a single
circuit) are twisted together for the purpose of canceling out electromagnetic
interference (EMI) from external sources. Untwisted
shielded pair.
V.21 - An ITU standard for asynchronous 0-300 bps full-duplex modems.
V.21FAX - An ITU standard for facsimile operations at 300 bps.
V.34 - An ITU standard for 28,800 bps modems.
V.5 - Is a family of telephone network protocols defined by ETSI that allows communic between the telephone and the exchange.
Validation - Evaluation to assess if a specified criterion is met. Evaluation of a user, program, or OS to see if criteria are
met.
validation (in DITSCAP) - Determination of the correct implementation in the completed IT system with the security requirements and
approach agreed on by the users, acquisition authority, and DAA.
validation (in software engineering) To establish the fitness or
worth of a software product for its operational mission.
vaulting - Running mirrored data centers in separate locations.
Vector processor - Vector processor applies a single instruction to multiple data items simultaneously.
verification - The process of determining compliance of the evolving IT system specification, design, or code with the security
requirements and approach agreed on by the users, acquisition authority, and the
DAA.
very-long-instruction word (VLIW) processor - A processor in which multiple, concurrent operations are performed in a single
instruction. The number of instructions is reduced relative those in a scalar processor. However, for this approach to be feasible,
the operations in each VLIW instruction must be independent of each other.
VLAN - Allows, at minimum, a pair of computers to communicate with each other as if they were on the same network switch.
WAE - Web Application Extension (WAE): Vulnerability.
WAN - wide area network (WAN): A network that interconnects users over a wide area, usually encompassing different metropolitan
areas.
WAP - Wireless Area Protection (WAP): ?. is this a/the correct abbreviation?
WAP - Wireless Application Protocol (WAP): A standard commonly used for the development of applications for wireless Internet
devices.
WBS - work breakdown structure (WBS): A diagram of the way a team will accomplish the project at hand by listng all tasks the team
must perform and the products they must deliver.
WDP - A file format that is susceptible to buffer overflow attacks. The DLL field of a WDP project file is the route to conduct
the overflow.
Web application threats name a few
-
Web interface, name a few: IRC (Internet Relay Chat), instant messaging
- Web server attacks,
ex's: Telnet & secure shell intrusions, web server extension & remote service intrusion, cookie capture and doctor
Web server authentication mechanisms: name a few. - HTTP basic, digest authentication, NTLM, tokens, and biometric
authentication are all methods of authenticating to a web server.
Web spider - Bot that crawls the web looking for data, usually email addresses for spammers.
WebDAV - WebDAV is a set of extensions to the HTTP that allows users to collaberatively edit and manage files on remote WWW servers.
WEP - Wired Equivalency Privacy (WEP): The algorithm of the 802.11 wireless LAN standard that is used to protect transmitted
information from disclosure. WEP generates secret shared encryption keys that both
source and destination stations use to alter frame
bits to avoid disclosure to eavesdroppers.
WEPII - Attempt to elongate WEP. Short lived. Aka TKIP.
What are flags? - Protocol notifications
What are the 3 types of scanning? - Port, network and vulnerability scanning.
What are the layers of the TCP/IP stack? 1) Physical; 2) Data Link; 3) Network; 4) Transport; 5) Session; 6) Presentation;
7) Application
What can you spoof? - TCP packets, MAC IDs, IPs, and ...
What do buffer overflow attacks exploit? - Buffer overflow attacks exploit a lack of bounds checking on the size of input being
stored in a buffer array.
What is and name protocols, respectively: flooding - DoS attacking: UDP, ICMP, TCP
What is a "service ticket," in regard to secure communications? - An authentication token, obtained from the Key Distribution Center
(KDC), that a client presents when accessing a kerberized service
What is a blacklist server? - A server that provides a list of known open relay servers.
What is a circuit-level gateway? - A type of firewall that applies security mechanisms when a TCP or UDP connection is
established. Once the connection has been made, packets can flow between the hosts
without further checking.
What is a packet filter? - A type of firewall that looks at each packet entering or leaving the network and accepts or rejects
on user-defined rules. Packet filtering is fairly effective and transparent
to users, but it is difficult to configure. Additionally,
it is susceptible to spoofing.
What is a proxy server? - A type of firewall that intercepts all messages entering and leaving the network. The proxy server
effectively hides the true network address.
What kind of protocol is TCP? - TCP is a connection-oriented protocol?
What port do Trinoo client bots listen from? 27665
Which one of the following is a layer of the ring protection scheme that is not normally imple-mented in practice? - Layers 1 and
2 contain device drivers but are not normally implemented in practice. Layer 0 always contains the security kernel. Layer 3 contains
user applications. Layer 4 does not exist.
Wi-Fi The Wi-Fi alliance, founded in 1999, as Wireless Ethernet Comp Alliance: WECA.
Wi-Fi - Wi-Fi is a trademark of the - Wi-Fi Alliance - founded 1999 - as Wireless Ethernet Compatibility Alliance (WECA), comprising
more than 300 companies, whose prod's are cert by the Wi-Fi Alliance, based on the IEEE 802.11 standards (aka: WLAN, Wireless LAN, and
Wi-Fi). This cert warrants interoperability between different wireless devices.
Win2k - Windows 2000 - a line of operating systems produced by Microsoft for use on business desktops, successor to Windows NT 4.0.
It was succeeded by Win XP for desktops in 2001 and Windows Server 2003 for servers in 2003. Microsoft touted it as the most robust
platform ever and as a result hackers gunned for it hard and prevailed.
wireless MAN - wireless metropolitan area network (wireless MAN): Provides communications links between buildings, avoiding the
costly installation of cabling or leasing fees and the downtime associated with
system failures.
WLAN - Wireless local area network: A wireless local area network that links two or more computers or dev using spread-spectrum or
OFDM modulation technology to enable communication between devices in a limited area.
WML - Wireless Markup Language, based on XML. A markup language intended for devices that implement the Wireless Application
Protocol (WAP) specification, such as mobile phones, and preceded the use of other markup languages now used with WAP, such as XHTML
and even standard HTML - these two latter markup lang's are increasing in pop as mobile device processing power is increasing.
Work Factor - An estimate of the effort or time needed by a potential intruder who has specified expertise and resources to
overcome a protective measure.
WPA - Wi-Fi Protected Access (WPA & WPA2): a certification program admin'd by the Wi-Fi Alliance to indicate compliance with the
security protocol Wi-Fi adv. WEP didn't cut it.
WPAII - Improvement on WPA, which uses inferior RC4 like WEP. WPA is only an implementation of a subset of 802.11i. WPA2 is a full
implementation.
WPA2 is aka RSN, Robust Security Network.
WSP Wireless Session Protocol. The session layer protocol fam in the WAP architecture is
called WSP. WSP provides the upper-level application layer of WAP with a consistent interface for two session services.
WTLS
Wireless Transport Layer Security (WTLS): a security protocol, part of the Wireless Application Protocol (WAP) stack. It sits between
the WTP and WDP layers in the WAP communications stack.
WTP - WTP is known as Eclipse: A multi-language software development platform written in Java and comprising an IDE and a plug-in
system to extend it. It is used to dev app's in Java, and through plug-ins, app's in C, C++, Python, Cobol, Perl, PHP, more. In its
default form, it is meant for Java developers and consists prim of Java Development Tools (JDT). Released under the Eclipse Public
License, Eclipse is free and open source.
X.12 or ASC X12 OR ANSI ASC X.12 - X.12 or ASC X12 is the official designation of the U.S. national standards body for the
development and maintenance of the Electronic Data Interchange (EDI) standards.
ASC X 12 has sponsored more than 315 X12-based EDI
standards and a growing collection of X12 XML schemas for health care, insurance, government, transportation, finance, more.
X.121
An ITU standard for international address numbering.
X.21 - An ITU standard for a circuit-switching network.
X.25 - An ITU standard for an interface between a terminal and a packet-switching network. X.25 was the first public packet-
switching technology, developed by the CCITT and offered as a service during the
1970s. It is still avail today, but a bit slow for
some high-speed app's.
X.400 - An ITU standard for OSI messaging.
X.500 - An ITU standard for OSI directory services.
X.509 - Cryptography - In crypto, X.509 is an ITV-T standard for a public key infrastructure (PKI) for a single sign on and
Privilege Management Infrastructure (PMI).
X.509 v3 - Version 3 of X.509 includes more flexibility than X.509, allowing the use of other topologies like bridges and
meshes.
X.75 - An ITU standard for packet switching between public networks.
XMAS scan - The attacker checks for TCP services by sending XMAS-tree packets, which are named as such because all the "lights"
are on meaning FIN, URG, and PSH flags are set. XMAS scans send a packet with the FIN, URG, and PSH flags set. If the port is open,
there is no response; but if the post is closed, the target responds with a RST/ACK packet. XMAS scans work only on target systems
that follow the RFC 793 implementation of TCP/IP and don’t work against any version of Windows.
XML-RPC server is a remote procedure
call protocol which uses XML to encode its calls and HTTP as a transport mechanism.
XMPP Extensible Messaging and Presence Protocol:
iChat uses this
XSS Cross site scripting (XSS): abbrev for a security vulnerability whereby a client can code and transmit to a
remote server for remote execution of poss logic bomb.
zombies secondary machines used in a DDoS attack.
Zone transfer Stands for DNS
zone transfer: one type of database replication mechanism used by a second server. It updates its database from the primary database.
Subscribe to:
Posts (Atom)