13:05 ET Dow -154.48 at 10309.92, Nasdaq -37.61 at 2138.44, S&P -19.130 1 100001 0 1 0 1 1 0 1 0 00 0 1 1 1 0 1 100001 0 1 1 100001 0 1 100001 0 1 0 1 1 0 1 0 00 0 1 1 1 0 1 100001 0 1 1 100001 0 1 100001 0 1 0 1 1 0 1 0 00 0 1 1 1 0 1 100001 0 1 1 100001 0 1 100001 0 1 0 1 1 0 1 0 00 0 1 1 1 0 1 100001 0 1 1 100001 0 1 100001 0 1 0 1 1 0 1 0 00 0 1 1 1 0 1 100001 0 1 1 100001 0 1 100001 0 1 0 1 1 0 1 0 00 0 1 1 1 0 1 100001 0 1 1 100001 0 1 100001 0 1 0 1 1 0 1 0 00 0 1 1 1 0 1 100001 0 1 1 100001 0 1 100001 0 1 0 1 1 0 1 0 00 0 1 1 1 0 1 100001 0 1 1 100001 0 1 100001 0 1 0 1 1 0 1 0 00 0 1 1 1 0 1 100001 0 1 1 100001 0 1 100001 0 1 0 1 1 0 1 0 00 0 1 1 1 0 1 100001 0 1 1 100001 0 1 100001 0 1 0 1 1 0 1 0 00 0 1 1 1 0 1 100001 0 1 1 100001 0 1 100001 0 1 0 1 1 0 1 0 00 0 1 1 1 0 1 100001 0 1 1 100001 0 1 100001 0 1 0 1 1 0 1 0 00 0 1 1 1 0 1 100001 0 1 1 100001 0 1 100001 0 1 0 1 1 0 1 0 00 0 1 1 1 0 1 100001 0 1 1 100001 13:05 ET Dow -154.48 at 10309.92, Nasdaq -37.61 at 2138.44, S&P -19.1313:05 ET Dow -154.48 at 10309.92, Nasdaq -37.61 at 2138.44, S&P -19.13

.

.

Sunday, July 19, 2009

Cisco CCNA & CCSP study material - Networking, Cryptography & Information Security





A (address): - A type of DNS record that maps a host name to an IP address



1000BaseT: - 1,000 Mbps (1 Gbps) baseband Ethernet using twisted pair wire.



100BaseT: - 100 Mbps baseband Ethernet using twiested pair wire.



10Base5: - 10 Mbps Ethernet using coaxial cable (thicknet) rated to 500 meters.



10BaseF: - 10 Mbps baseband Ethernet using optical fiber.



10BaseT: - 802.3 IEEE Ethernet standard for 10 Mbps Ethernet using coaxial cable (thinnet) rated to 185 meters.



10BaseT: - 10 Mbps UTP Ethernet rated to 100 meters.



10Broad36: - 10 Mbps broadband Ethernet rated to 3,600 meters.



2.5G: - 2G cellular systems combined with GPRS are often described as 2.5G, that is, a technology between 2G & 3G.



3 composition theories related to security models: - 1. cascading; 2. feedback; & 3. hookup

3 Types of Intrusion Detection Systems

State anomoly, protocol retardation, pattern-matching system

3DES: Triple Data Encryption Standard encryp

3G:

3G is the third generation of tele standards and technology for mobile networking, superseding 2.5G. It is based on the International

Telecommunication Union (ITU) family of standards under the

IMT-2000: 3G networks enable network op's to offer wider range of more adv

serv's while prov more capacity through imprv'd spectral efficiency. Services include wide-area wireless voice telephony, video calls,

and broadband wireless data all in a mobile environment. Unlike IEEE 802.11 networks, aka Wi-Fi or WLAN networks, 3G networks are

wide-area cellular telephone networks that evolved to incorporate high-speed

Internet access and video telephony.

IEEE 802.11 networks are short range, high-bandwidth networks prim dev for data.



4 Kinds of Tokens?: - 1) Static password; 2) Synchronous dynamic password; 3) Asynchronous password; & 4) Challenge response



802.10: - IEEE standard that specifies security and privacy access methods for LANs.

802.11: IEEE standard that specifies 1 Mbps

and 2 Mbps wireless connectivity. Defines aspects of frequency hopping and direct-sequence spread spectrum (DSSS) systems for use in

the 2.4 MHz ISM (industrial,
scientific, medical) band. Also refers to teh IEEE committee responsible for setting wireless LAN

standards.



802.11a: - Specifies high-speed wireless connectivity in the 5 GHz band using orthogonal frequency division multiplexing (OFDM)

with data rates up to 54 Mbps.



802.11a: - Specifies high-speed wireless connectivity in the 5 GHz band using orthogonal frequency division multiplexing (OFDM)

with data rates of up to 54 Mbps.

802.11b: Specifies high-speed wireless connectivity in the 2.4 GHz ISM band up to 11 Mbps.



802.11b: - WLAN ad hoc and infrastructure modes.



802.11g: - In 2003 a 3rd wireless modulation standard was advanced. Op's at a near max of 54 Mbit/s. Suffers legacy issues from

802.11b. - Same 2.4 GHz band as microwv, Bluetooth, cordless phones, and baby monitors interference.



802.15: - Specification for Bluetooth LANs in the 2.4-2.5 GHz band.

802.1x: IEEE 802.1x is an IEEE Standard for port-based Network

Access Control (port: meaning a single point of attachment to the LAN infrastructure). It is the protocol used for most wireless

802.11 - access points and is based on the Extensible Authentication Protocol (EAP).



802.2: - Standard that specifies the LLC (logical link control).



802.3: - Ethernet bus topology using carrier sense medium access control/carrier detect (CSMA/CD) for 10 Mbps wired LANs. Currently,

it is the most popular LAN topology.



802.3: - IEEE 802.3 is a collection of IEEE standards defining the physical layer, and the media access control (MAC) sublayer of the

data link layer, of wired Ethernet. This is generally LAN technology with
some WAN applications. Physical connections are made

between nodes and/or infrastructure devices (hubs, switches, routers) by various types of copper or fiber cable.



802.4: - Specifies a token-passing bus access method for LANs.

802.5: Specifies a token-passing ring access method for LANs.

Access

modes: Mode set for a user on a volume: Read, write, none.

ACK: Acknowledgment; a short-return indication of the successful receipt of

a message.



ACK layer: - Acknowledgment of receipt

ACO:

Authenticated ciphering offset.



Active sniffing: - To elicit responses is active sniffing.



ActiveX: - Microsoft's component ojbect model (COM) technology used in web applications. ActiveX is implemented using any one

of a variety of languages, including Visual Basic, C, C++, and Java.



Advantages of network bridges? - 1. self-configuring; 2. primitive bridges are often inexpensive; 3. reduced size of collision

domain; 4. transparent protocols above the MAC layer; 5. allows the introduction of
management, perf info and access control



AES-128/256: - (AES) Rijndael - A sysmmetric block cipher with a lock size of 128 bits in which the key can be 128, 192, or 256

bits. The Advanced Encryption Standard replaces the Date Encryption Standard (DES) and was announced on Nov 26, 2001, as Federal

Information Processing Standard (FIPS PUB 197).



AES-CCMP: - Part of the WPA2 protocol and an optional part of the WPA protocol. CCMP replaced TKIP & WEP encryption protocols.

It's based on AES, obv. Name: Counter Mode with Cipher Block Chaining Message

Authentication Code protocol.



AH: - Authentication Header (AH): IPSec uses two protocols for security.



AIS - Automated information system: An assembly of computer hardware, software, and/or firmware that is configured to collect,

create, communicate, compute, disseminate, process, store, and/or control data or information.



ALE - annualized loss expectancy



Analog - Electrical signal with a variable amplitude



ANSI - American National Standards Institute



Application gateway? - A type of firewall that applies security mechanisms to specific applications, such as FTP and Telnet

servers. This is a very effective but can impose a performance degredation.

Application Layer The top layer of the OSI model, which

is concerned with application programs. It provides services such as file transfer and email to the network's end users.



Application level gateway - ALG: consists of a security component that augments a firewall or NAT employed in a comp network. It

allows special filters to be used to allow certain applications like

BitTorrent to access the internet under tight control.


Application-Gateway Firewall Like the Application-Proxy Firewall, the Application-Gateway Firewall operates on Layer 7 of the OSI

model. Application gateway firewalls exist only for a few network applications. A typ app gateway firewall is a sys in which you must

telnet to one sys in order to then telnet again to make a connect outside the network.



Application-level firewall - In comp networking, an app layer firewall is a firewall operating at the application layer of a

protocol stack. Generally it is a host using various forms of proxy servers to

proxy traffic instead of routing it. As it works on the

application layer, it may inspect the contents of the traffic, blocking what the firewall administrator views as inappropriate

content, such as websites,
viruses, att to exp known flaws in client software, etc. An application layer firewall does not route

traffic on the network layer.



Application-Proxy Firewall - In a proxying firewall, every packet is stopped at the firewall. The packet is then examined and

compared to the rules configured into the firewall. If the packet passes the exams, it is recreated and sent out. The drawback is that

a sep app-level firewall must be written for each app at the app layer: e.g., 1 for http, 1 for ftp, 1 for gopher.

App-level firewalls op on Layer 7 of the OSI model.



ARIN - The American Registry for Internet Numbers



aro - annualized rate of occurrence



ARP - Address Resolution Protocol (ARP): A TCP/IP protocol that binds logical (IP) addresses to physical addresses.



ARP cache - Address Resolution Protocol (ARP) is a subprotocol of the TCP/IP protocol suite that operates at the Network layer

(layer 3). ARP functions by broadcasting a request packet with the target IP
address. The system with the IP address in question will

repond with its associated MAC address.The discovered data is stored in a form known as ARP cache by ARP.

AS3 Adobe proprietary

format: ActionScript 3



ASCII - American Standard Code for Information Interchange (ASCII): a coding standard that can be used for enumerating English

letters from 0 to 127. ASCII's purpose is to convert letters to numbers to allow for faster data transmission, as processors can

handle & move the data faster. It is implemented as a character-encoding scheme based on the ordering of the English alphabet. ASCII

codes represent text in computers, communications equipment and other dev's that work with text. ASCII was dev in 1960's. Most

characters are non-printing.



ASP.NET Microsoft's Web server is called Internet Information Services, which is made up of a # of "sub-app's" and therefore highly

configurable. ASP.NET is one such app.



Asynchronous Transfer Mode - A cell-based connection-oriented data service offering high-speed data communications. ATM

integrates circuit and packet switching to handle both constant and burst information at rates up to 2.488 Gbps. aka: cell relay.



At present, the 3 pairs of aspects/features used to describe data storate? primary vs. secondary, volatile vs. nonvolatile, and

random vs. sequential.



ATM - asynchronous transfer mode (ATM): A cell-switching technology rather than a packet-switching technology like Frame Relay.



AUI - A 15-pin interface between an Ethernet Network Interface Card and a transceiver.



Authenticate - 1) To verify the identity of a user, device, or other entity in a computer system, often as a prerequisite to

allowing access to system resources; 2) To verify the integrity of data that have been stored, transmitted, or otherwise exposed to

possible unauthorized modification.



Authentication factor - 1) a piece of info; & 2) process to verify it



Authentication Token - A physical security device that serves to verify electronically one's identity. Several diff interfaces

exist. Some can transfer a gen key to a client system.



Bandwidth-depletion attack - Like a DoS attack, simply denial of service via bandwidth domination.



Banner grabbing - Banner grabbing is not detectible, it is therefore considered passive OS footprinting. Banner grabbing is a

technique that enables a hacker to identify the type of operating system or app running on a target server. A specific request for the

banner is often allowed through firewalls bc it uses legit connection requests such as Telnet.

Banner grabbing & OS identification:

synonym Figerprinting the TCP/IP stack

Basel II

Basel II - is the second of the Basel Accords (issued by the Basel Committee on Banking Supervision), init pub in 2004 as an

international standard on banking reserves.

Basic authentication In the context of an HTTP transaction, the basic access authentication

is a meth to allow a user on a web browser to authenticate. Before transmittion, the user name is appended with a
colon and concat

with the password. The result is encoded with Base64 algo.



Bastion host - A bastion host is a special purp computer designed to function as a roadblock against direct attacks. Firewalls &

routers can be considered such.



BAT files - In DOS, OS/2, and Microsoft Windows, a batch file is a text file containing a series of commands intended to be

executed by a single command. Flat files that enable one to automatically check-in, delete, or update many files at once.


baud rate The number of signal pulses that occur in one second.



The Bell-La Padula model is a state machine used by the DoD for enforcing access control in gov & mil applications. The model

is a formal state transition model of computer security policy that describes a set of access control rules that uses labels to

characterize objects and clearances to characterize subjects.
binaries

binary file - is a computer file which may contain any type of data, encoded in binary form for computer storage and processing

purposes.



Biometric authentication lk up: the act
biometrics In info tech., biometrics ref to methods for uniquely rec humans based

upon one or more intrinsic physical or behav traits.In info tech partic, biomet is a form of identity access management and access

control.



BIOS The Basic Input/Output System (BIOS): The BIOS is the first program to run when the computer is turned on. BIOS initializes

and tests the computer hardware, loads and runs the operating system, and manages setup for making changes in the computer.



Blowfish This is a keyed, symmetric block cipher, des in 1993. There has been no meaningful cryptanalysis exacted on Blowfish.

It is solid, however AES now receives more attention.

encryp

BOTs Secondary machines used in a DDoS attack.



Bound checks A check on code in question to assess its exploitability re buffer overflow.



Boyer-Moore theorem prover A method to mechanically check a kernel.



Bridge A network bridge connects multiple network segments at the data link layer (layer 2) of the OSI model, and the term layer 2

switch is very often used interchangeably with bridge.

Bridging is a forwarding technique used in packet-switched computer networks.

Unlike routing, bridging makes no assumptions about where in a network a particular address is located. Instead, it depends on

flooding and exam of source addresses in received packet headers to locate unknown devices. Once the device is found, it is stored in

a MAC address table.

Brute-force password attack To attempt to crack a password by trying every possible combo of letters, numbers and

characters.



CAM table Content Addressable Memory (CAM) table is a common term usually referring to the Dynamic Content Addressable Memory on

an Ethernet switch. The table provides the switch with addresses to
forward a recieved signal to, a hub does not - so they all get the

passed on or outbound signal.

Category 1 twisted pair wire Used for early analog telephone communications; not suitable for data.



Category 2 twisted pair wire Rated for 4 Mbps and used in 802.5 token ring networks.

Category 3 twisted pair wire Rated for 10

Mbps and used in 802.4 10Base-T Ethernet networks.

Category 4 twisted pair wire Rated for 16 Mbps and used in 802.5 token ring

networks.

Category 5 twisted pair wire Rated for 100 Mbps and used in 100BaseT Ethernet networks.

CC Common Criteria: a standard

for specifying and evaluating the features of computer products and systems.



CCMP Counter Mode with Cipher Block Chaining Message Authentication Code protocol (CCMP): A mandatory part of WPA2, but optional

for WPA.

CCMP replaced TKIP and is a required option for Robust Security

Network (RSN) Compliant networks.



CDDI Copper Data Distributed Interface: A version of FDDI specifying the use of unshielded twisted pair wiring.



CDMA Code Division Multiple Access, a cellular tech that competes with GSM tech for global domination.



CDPD Cellular Digital Packet Data (CDPD): A technology that never made it due to being relatively expensive. It was/is unique in

that it would harnessed unused but open frequencies of a band.



CER Crossover error rate



CERIAS The Center for Education and Research in Information Assurance and Security (CERIAS): a well-known leader in research in

computer, network, and information security and information assurance.



CGI Common gateway interface



Checksum Synonymous with message digest, hash, hash value, hash total, CRC, fingerprint, checksum, and digital ID.



Chipping (Chip) In digital communications, a chip is a pulse of direct-sequence spread spectrum (DSSS) code, such as a pseudonoise

code sequence used in direct-sequence code division multiple access (CDMA)
channel access techniques. The chip rate of a code is the

number pulses per second (chips per sec) at which the code is trans or rec.



Chosen plaintext This is a definition of a cryptanalysis attack. It has a couple key assumptions: 1) the attacker has the

ability to chose arb plaintexts to encrypt via same algo; & 2) s/he can also
obtain and analyze the corresponding output of applicable

encryption.



CIA triad? Availability, confidentiality, integrity



CIFS Common Internet file system



Cipher In cryptography, a cipher (or cypher) is an algorithm for performing encryption and decryption.



Circuit switched The application wherein a dedicated line is used to transmit information. Contrast this with 'packet

switched'.



Circuit-level firewall Synonymous with circuit-level gateway. Listen for TCP handshaking requests. can't filter traffic on the

Application Layer; less robust than application-level gateway.



Circuit-level gateway Similar to one time authentication. Work at the session layer of the OSI model, or as a "shim-layer" between

the application layer and the transport layer of the TCP/IP stack. They
monitor TCP handshaking between packets to determine whether a

requested session is legit. Info passed to a remote computer through a circuit-level gateway appears to have originated from the

gateway. This is useful for hiding info about protected networks. Circuit-lev gateways are rel inexp, however they do not monitor

indiv packets.



Circuit-switched The application of a network wherein a dedicated line is used to transmit information; contrast with 'packet-

switched.'



Class 1 Auth Class 1 authentication attached through Verisign to your verified email. Digital IDs for secure email. 1 year is

$19.95: Verisign Digital ID's. S/MIME compliant, can be used with Microsoft
Outlook, Mozilla, several other popular app's.



Class 2 Auth Class 2 authentication Digital ID issued to individuals representing organisations. They can be used for a # of secure

"communications functions", including; secure email S/MIME, authentication
to online services, and to add digital signatures to

Microsoft Office and other electronic doc's to protect the doc's integrity and prov auth of authorship to recipients.



Client-server interface - A software construction, ref to as a document, to "push" messages to the client browser written in a markup

language with its own method, apparatus, and computer program for generating the the electronic document.



CNAME - DNS Records: (canonical name) Provides additional names or aliases for the address record

Collission domain Aka - Shared

Ethernet hub. A component that provides Ethernet connections among multiple stations sharing a common collision domain.



COM - Common Object Model: A model that allows two software components to communicate with each other independent of their

platforms' operating systems and languages of implementation. As in the object-oriented paradigm, COM works with encapsulated objects.

Common & practical defenses against SQL injection 1. Perform input validation; 2. Limit account privileges.



Common Criteria Common Criteria (CC): is an international standard (ISO/IEC)



Companion files Supporting system files like DLL and INI files



COMSEC Communications Security: measures and controls taken to deny unauthorized persons information derived from telecommunications

and to ensure the authenticity thereby: cryptosecurity, transmission security, emission security, and physical security of COM-SEC

material and information.


connection table filled up during SYN flooding. Victim's table is filled transmission request signals from spoofed IPs:

straight lockdown.



cookie hijacking - Cookie hijacking or cookie snarfing entails modifying data stored in cookies and then used for the purpose of

impersonating the victim and poss obtain data.



Coring The microprocessor architecture on a chip.



COTS Commercial off-the-shelf


covert channel transferring information in a way that violates the system's security policy.



CRC A common error-detection process. A mathematical procedure applied to transmitted data that is performed upon receipt of the

data and cross checked; a mismatch indicates a high probabilty of transmission error.



CRL Certificate Revocation List (CRL).



cryptanalysis break the cipher



crypto-algorithm a well-defined procedure to produce a key stream.



CSMA/CA - Carrier sense multiple access/collision avoidance, commonly used in 802.11 Ethernet and LocalTalk.



CSMA/CA - In computer networking, CSMA/CA belongs to a class of protocols called multiple access methods. CSMA/CA stands for: Carrier

Sense Multiple Access with Collision Avoidance. In CSMA, a station wishing to
transmit has to first listen to the channel for a

predetermined amount of time so as to check for any activity on the channel. If the station is sensed "idle" then the station is

permitted to transmit. In

Ethernet 802.3, the station continues to wait for a time, and checks to see if the channel is still free. If

it is free, the station transmits, and waits for an acknowledgment signal that the packet was received. Collision avoidance is used on

WLAN's because it is not possible to listen while sending, so CA is used over CD.



CSMA/CD - Carrier sense multiple access/collission detection, used in 802.3 Ethernet.



CSR - Certificate Signing Request (CSR): An individual who submits a certificate to a

CSSM Cross Site Scripting (CSS?): M?



CSTVRP - Computer Security Technical Vulnerability Reporting Program: A program that concentrates on the technical vulnerabilities of

commercially available hardware, software, and firmware acquired by the DoD.
Goal is to provide corrective measures to findings.



CVE Common Vulnerabilities and Exposures database



DAA - Designated Approving Authority (DAA).


daemons - agent processes



Data storage - what are the 3 main aspects? 1) Primary vs secondary; 2) Volatile vs nonvolatile; & 3) random vs sequential



DB-9 A standard 9-pin connector commonly used with RS-232 serial interfaces on portable computers. The DB-9 connector does not

support all RS-232 functions.



DBMS Database Management System (DBMS) Architecture: a variety exists today, but the majority of current sys's implement a

technology known as relational database management systems (RDBMSs).



DCOM A distributed object model that is similar to the Common Object Request Broker Architecture (COBRA). DCOM is the distributed

version of COM that supports remote objects as if the objects reside in the client's address space. A COM client can access a COM

object through the use of a pointer to one of the object's interfaces and then invoke methods through that pointer.



denotational semantics model - an artificial intelligence process whereby a machine is equiped with some tools to attempt and

possibly succeed in carrying out a mathematical proof.



DES - A cipher for unclassified data, published in Federal Info Processing Standard (FIPS) 46. The DES, which was appr'd by the

NIST, is intended for public & gov use.

DES A cryptographic algorithm for the protection of unclassified data, published in

Federal Information Processing Standard (FIPS) 46. The DES, which was approved by the NIST, is intended for public and government use.

encryp

Detective access controls Used to discover unwanted or unauth activity

Device Computer hardware, peripheral - any device

attached to a computer that expands its functionality, device file - an interface for a device driver.

DHCP Dynamic Host

Configuration Protocol (DHCP).



DIACAP - -Successor to DITSCAP. DoD information technology security certification & accreditation process is a process adv. by DoD

for managing risk, i.e., automated information system that will maintain information assurance.

DICOM Dumper

DICOM Dumper is a simple utility for decoding and dumping the content of DICOM 3.0 files



Difference between network address and ip address - To determine what the network address is for any given IP address, you merely

have to convert both octal addresses into binary, and do a bitwise AND
operation. An example using an IP address of 156.154.81.56 used

with a network mask of 255.255.255.240 follows:

IP Address: 10011100.10011010.01010001.00111000

Subnet mask:

11111111.11111111.11111111.11110000

Bitwise AND -----------------------------------------------

Result:

10011100.10011010.01010001.00110000 - As you can see, the network address for the IP address and subnet mask in question is

156.154.81.48. To determine the how many hosts are possible to be on this same subnet, it is a simple operation. Count the number of

bits from the right until you get to the first "1" in the binary network address display. That number will be the power you raise 2 to

for the calculation of possible number of hosts.



Diffie-Hellman Key Exchange - Is a cryptographic protocol that allows two parties that have no prior knowledge of each other to

jointly establish a shared secret key over an insecure communication channel.
This can be used to est subseq symm key cipher. Syn:

Exponential key exchange. Est' 1976.



Digest authetication - Process whereby site process is to hash credentials and use a challenge-response model for authentication.



Digital certificate - serves to bind an individual to his/her public key



Direct-sequence spread spectrum - In telecom, direct-sequence spread spectrum (DSSS) is a modulation technique. As with other spread

spectrum tech's, the trans signal takes up more bandwidth than the information signal that is being modulated. The term 'spread

spectrum' comes from the fact that the carrier signals occur over the full bandwidth (spectrum) of a device's transmitting frequency.


Directory services An implementation of single sign-on technologies: SSO technology allows a subject to be authenticated only

once on a system and be able to access resources after resource unhindered by repeated authentication prompts. This convenience also

posses the danger of an intruder gaining full-control of a system with one successful authentication; this is usually addressed by

doubling up an app like

Kerberos with Directory Services, each an SSO. Directory services and Kerberos are examples of SSO mechanism.


Disk clusters - Contiguous groups of sectors of a circular drive - like a partial ring or washer shape on a series of concentric

circles.



Disk image - A bit-level copy, sector-by-sector of a disk, which provides the capability to examine slack space, undeleted

clusters, and possibly, deleted files.



DITSCAP - Defense Information Technology Systems Certification and Accreditation Process (DITSCAP).



DLC - Data Link Control (DLC)


DLL - The Data Link Layer is responsible for producing Ethernet frames from bytes and bytes from bits.

DLL Data Link Layer: The

OSI level that performs the assembly and transmission of data packets, including error control.



DMA - Direct Memory Access (DMA): is a feature of modern computers and microprocessors that allows certain hardware subsystems

within the computer to access system memory for reading and/or writing
independently of the CPU.



DNS - Domain Name Server (DNS).


domain - 1) A realm of trust or a collection of subjects and objects that share a common
security policy. Each domain’s access

control is maintained independently of other domains’
access control. This results in decentralized access control when multiple

domains are
involved.



DPL - Degausser Products List.



DQDB - In telecom, a distributed-queue dual-bus network (DQDB) is a distributed multi-access network that does the following: 1)

supports integrated communications using a dual bus and distributed queing; 2)
provides access to local or metropolitan area networks;

& 3) supports connectionless data transfer, connection-oriented data transfer, and isochronous communications, such as voice

communications.



DQDB - The IEEE 802.6 standard that provides full-duplex 155 Mbps operation between nodes in a metropolitan area network.



DSA - The Digital Signature Algorithm (DSA): is a U.S. Federal Government standard or FIPS for digital signatures. It was proposed

by the National Institute of Standards and Technology (NIST) in August of
1991 for use in their Digital Signature Standard (DSS),

specified in FIPS 186, adopted in 1993. This is patented and the owner is an ex-NSA employee. The patent was given to the U.S.A. and

the NIST has made this patent available world-wide royalty-free.



DSSS Direct-sequence spread spectrum: A method used in 802.11b to split the frequency into 14 channels, each with a frequency

range, by combining a data signal with a chipping sequence. Data rates of 1, 2, 5.5, and 11 Mbps are obtainable. DSSS spreads its

signal continuously over this wide-freqency band.



Dual-homed host - A dual-homed host is a firewall or can be a computer packing at least 2 transceivers. Basically, a makeshift

firewall.



E-mail tracking - Appending a domain name to The email address: A single-pixel graphic file that isn’t noticeable to the recipient is

attached to the e-mail. Then, when an
action is performed on the e-mail, this graphic file connects back to the server and notifies
the sender of the action.



EAL - Evaluation Assurance Level (EAL): In the Common Criteria, the degree of examination of the product to be tested. EALs range

from EA (functional testing) to EA7 (detailed testing and formal design verification).



EAP - Extensible Authentication Protocol (EAP). Cisco proprietary protocol for enhanced user authentication and wireless security

management.

EAP-TLS Extensible Authentication Protocol & Transport Layer Security (EAP-TLS): Cisco prop standard.


ECC - Elliptic curve cryptography



ECDSA - Elliptic curve digital signature algorithm.



Echelon - A cooperative, worldwide signal intellgience system that is run by the NSA of the US, the GCHQ of England, the CSE of

Canada, DSD of Australia, and the GCSB of New Zealand.



EDGE - Enhanced Data Rates for GSM Evolution (EDGE): '99 release. First generation.



EDI - Electronic Data Interchange: A service that provides ccommunications for business transactions. ANSI standard X.12 defines

the data format for EDI.



EIA - Electronic Industries Association (EIA).



Electric beacon - A radio beacon is a transmitter at a known location, which transmits a continuous or periodic radio signal with

limited information content, on a specified radio frequency. Occassionally the
beacon function is combined with some other

transmission, like telemetry data or meteorological information. Electric beacons are a kind of beacon used with direction finding

equipment to find ones relative bearing to a known location (the beacon). The term electric beacon includes radio, infrared and sonar

beacons.


erasure - 1) alternating current erasure, high-low alternation; 2) direct current erasure, media saturation by unidirectional magnetic

field.



ESMPT - Extended simple mail transfer protocol.



ESP - encapsulating security payload lookup more/better def



Ethernet - An industry-standard local area network media access method that uses a bus topology and CSMA/CD. IEEE 802.3 is a

standard that specifies Ethernet.



Ethernet frame - A measure of quantity. A standard Ethernet frame MTU is 1500 bytes. Adding the Ethernet header and cyclic redundancy

check (CRC) trailer brings the frame size to 1518. Which layer is
responsible for combining bits into bytes and bytes into frames?


Ethernet Layer aka? - MAC layer



Ethernet repeater - A component that provides Ethernet connections among multiple stations sharing a common collision domain.

Also referred to as a 'shared Ethernet hub.'



Ethernet switch - More intelligent than a hub, with the capability to connect the sending station directly to the receiving station.


Ethernet Switching - A Ethernet's switch's role is to copy bits (referred to as Ethernet frames) from one port to another port

quickly at layer two of the OSI model. The pres of a CAM table is one attribute that sep's a switch from a hub. The physical switch is

what stops a rebound to all other machines/devices connected to a switch that receives the signal.


exigent circumstances doctrine - Specifies that a warrantless search and seizure of evidence can be conducted if there is probable

cause to suspect criminal activity or destruction of evidence.



FBA - Forms Based Authentication (FBA): simply use a form to send encrypted authentication credentials via HTTPS.



FBM - File based metric

FCC Federal Communications Commission



FDDI - Fiber distributed data interface (FDDI) provides a standard for data transmission in a local area network that can extend in

range up to 200 kilometers. Alth, FDDI protocol is a token ring network, it
does not use the IEEE 802.5 token ring protocol as its

basis. FDDI-II adds the capability to add circuit-switched service to the network so that it can also handle voice and video signals.


FDDI Fiber-Distributed Data Interface (FDDI): An ANSI standard for token-passing networks. FDDI uses optical fiber and operates at

100 Mbps in dual, counter-rotating rings.



FDMA - Frequency division multiple access. A spectrum-sharing technique whereby the available spectrum is divided into a number of

individual radio channels.



FDMA - A digital radio technology that divides the available spectrum into separate radio channels. FDMA is generally used in

conjunction with time division multiple access (TDMA) or code division multiple
access (CDMA).



FDX Full-duplex.



FedCIRC - U.S. Federal Computer Incident Response Center: FedCIRC provides assistance and guidelines in incident response and provides

a centralized approach to incident handling across U.S. government agency boundaries.


fetch protection - A system-provided restriction to prevent a program from accessing data in another user's segment of storage.


FHMA - A system using frequency hopping spread spectrum (FHSS) to permit multiple, simultaneous conversations or data sessions by

assigning different hopping patterns to each.



FHSS - A method used to share the avail bandwidth in 802.11b WLANs. FHSS takes the data signal and modulates it with a carrier

signal that hops from frequency to frequency on a cyclical basis over a wide band of frequencies. FHSS in the 2.4 GHz frequency band

will hop between 2.4 GHz and 2.483 GHz. The receiver must be set to the same hopping code.
Fiestel cipher An iterated block

cipher that encrypts by breaking a plaintext block into two halves and, with a subkey, applying a "round" transformation to one of the

halves. The output of this transformation is then XOR'd with the remaining half. The round is completed by swapping the two halves.


File system journaling - A file system that logs changes to a journal (usu in a cicular log) before committing them to the main file

system. Such systems are less likely to become corrupted in the event of a system crash.



Filtered - Means 'Nmap' or other app is prevented from discovering whether a port is open. A firewall or network filter is

screening the port and preventing our utility from discovering whether a port in question is 'open'.



FIN Scan - A FIN scan is similar to an XMAS scan but sends a packet with just the FIN flag set. FIN scans receive the same

response and have the same limitations as XMAS scans.



FIPS - Federal Information Processing Standard.



FIPS-181 - Federal Information Processing Standards Publications (FIPS PUBS) are issued by the National Institute of Standards

and Technology after approval by the Sec of Comm. Basically, change pass ev 45 days & 1#, 1Symbol, 1 caps - min.



firewall - A network device that shields the trusted network from unauthorized users in the untrusted network by blocking

certain specific types of traffic. Many types of firewalls exist, including packet
filtering and stateful inspection.



firmware - Executable programs stored in nonvolatile memory.



FISA - Federal Intelligence Surveillance Act (FISA) of 1978: An act that limited wiretapping for national security purposes as a

result of the Nixon Administration's history of using illegal wiretaps.



flag - In a networking context: flag: An internet header field carrying various control flags: informational pieces of data.



Flag meaning: ACK? Acknowledge. This flag is used to indicate the sender of the ACK flag has established a connection, from

his/her own side of the connection.



Flag meaning: FIN? Finish. No more transmissions.



Flag meaning: PSH? Push. System is forwarding buffered data.



Flag meaning: RST? Reset. Resets the connection.



Flag meaning: SYN? Synchronize. This flag initiates a connection between hosts.



Flag meaning: URG? Urgent. Data in packets must be processed quickly.



FLEX - Cryptography and hashing libraries for encryption and security: AS3 libraries. This is a library for data processing and

FLEX is a particular library used for hashing & crypto.



Flex - Adobe Air Flex Encryption System is a collection of technologies released by Adobe Systems for the development and

deployment of cross-platform rich Internet applications based on the proprietary Adobe
Flash platform.



FM - frequency modulation (FM): A method of transmitting information over a radio wave by changing frequencies.



Footprinting - Gathering info & detecting network range

form data Data captured in an HTML or XHTML form, hence "form data.

"

Forms based authentication - Simply uses Web forms to authenticate by encrypting login that is then sent to host.



fractional T-1 - A 64 Kbps increment of a T1 frame.



frame relay - A packet-switching interface that operates at data rates of 56 Kbps to 2 Mbps. Frame relay is minus the error

control overhead of X.25, and it assumes that a higher-layer protocol will check
for transmission errors.



front-end security filter - A security filter that could be implemented in hardware or software, which is logically separated

from the remainder of the system in order to protect the system's integrity.



FSK - frequency shift keying (FSK): A modulation scheme for data communication using a limited number of discrete frequencies to

convey binary information.



FTLS - Formal Top-Level Specification (FTLS): A top-level specification that is written in a formal mathematical language to enable

theorems showing the correspondence of the system specification to its
formal requirements to be hypothesized and formally proven.



FTP - File Transfer Protocol (FTP): FTP is a network protocol used to transfer data from one computer to another through a - guess

what - network. A TCP/IP protocol for file transfer.



Full duplex - If transmit data and receive data are separate circuits, transmission can occur in a concurrent flow in both

directions: full duplex.



functional programming A programming method that uses only mathematical functions to perform computations and solve problems.



Gateway - Gateways work on all seven OSI layers. The main job of a gateway is to convert protocols among communications networks. A

router by itself transfers, accepts and relays packets only across networks using similar protocols. A gateway can accept a packet in

protocol A and convert it to B before forwarding it. A network component that provides interconnectivity at higher network layers.



gigabyte - GB or GByte: A unit of measure for memory or disk storage capacity; usually 1,073,741,824 bytes.

gigahertz

GHz - A measure of frequency; one billion hertz.



GLB - An act that removes Depression-era restrictions on banks that limited certain business activities, mergers, and

affiliations. Moves oversight of insurers & health-plan bus's to state authorities. It's
got properties similar to HIPAA.



Google hacking - examples? passwords, credit card numbers, medical records and other confidential information



GPG - GNU Privacy Guard: G(eneral Public License) Privacy Guard allows one to encrypt and sign one's data.



GPRS - General Packet Radio Service (GPRS): is a packet-oriented mobile data service available to users of the 2G systems (GSM), as

well as in the 3G systems.



granularity - An expression of the relative size of a data object; for example, protection at the file level is considered coarse

granularity, whereas protection at the field level is considered to be of a
finer granularity.



GSM - Global System for Mobile (GSM) communications: The most popular standard for mobile phones in the world. The GSM logo serves

to identify compatible devices. Both voice and data transmission is transmitted in the digital format. Global System for Mobile (GSM)

Communications: The wireless analog of the ISDN landline system.



guard - A processor that provides a filter between two disparate systems operating at different security levels or between a user

terminal and a database to prevent unauth access.

handshaking procedure A dialogue between two entities for the purpose of identifying

and authenticating one another.



Hash - Output of an algorithm used to verify data.



HDLC ?

HDX Half duplex.



Header - In information technology, header refers to supplemental data placed at the beginning of a block of data being stored or

transmitted, there are many types of headers: authentication header, email
header, block header, message header, header checksum, ...


Hertz Hertz (Hz): - A unit of frequency measurement; one cycle of a periodic event per second. Used to measure frequency.



high-level data link control - An ISO protocol for link synchronization and error control.



high-speed encryption chips - Self-evident. The U.S. fed government in '90 began using the services of Newbridge Networks for

their high-speed public key data encryption system (which was orig produced by

Calmos Microsystems, which Newbridge later acq).



HIPAA - Kausbaum-Kennedy - The Health Insurance Portability and Accountability Act
- Kassbaum Health Insurance Portability and

Accountability Act (HIPAA) of 1996: ?



HMAC - In cryptography, a keyed-Hash Message Authentication Code (HMAC or KHMAC), is a type of message auth code (MAC) calculated

using a specific algo involving a crypto hash function in combo with a secret key.



hotfixes - A hotfix was originally the term applied to software patches that were applied live, i.e., to still running

programs. Similar use the term can be seen in Hot Swappable Disk Drives. A patch: single, comprehensive file.



How can you stop a DoS or DDoS attack? - Use the same commands an attacker would use to stop the attack.



How do you prevent ARP spoofing? - To prevent ARP spoofing, permanently add the MAC address of the gateway to the ARP cache on

a system. You can do this on a Windows system by using the
ARP -s command at
the command line and appending the gateway’s IP and MAC

addresses.



How many types of packets? - Each logical network uses discrete data messages called packets. The logical network packet at the

generic level consists of information about the source, destination, and data payload.

Hping2

Hping - is a free packet generator and analyzer for the TCP/IP protocol.



HTML, purpose of A standard used on the Internet for defining hypertext links between documents.



HTTPS - Hypertext transfer protocol over secure shell



I&A - Identification and authentication.



IA - Information Assurance



IAC - Inquiry access code; used in inquiry procedures. The IAC can be one of two types: a dedicated IAC for specific devices or a

generic IAC for all devices.



IADS - Integrated Access Device (IAD): is a customer premises device that provides access to wide area networks and the Internet.

Specifically, it aggregates multiple channels of information including voice
and data across a single shared access link to a carrier

or service p PoP. The access link may be a T1 line, a DSL connection, a cable network, a broadband wireless link, or a metro-Ethernet

connection.



IANA - Manages a registry of media types and character encodings.



IAW - In accordance with



IBE - Identity-Based Encryption: The IBE concept proposes that any string can be used as an individual's public key, including his

or her email address.

ICANN The Internet Corporation for Assigned Names and Numbers Whois, DNslookup



ICMP - Internet control message protocol. A reporting protocol for the IP addressing. ICMP is a required element of IP

implementations. The TCP/IP protocol used to send control and error info regarding IP
data gram transmissions. When a data gram cannot

be deliv, an ICMP message may be sent.



ICP$ - Inter Process Communication share



IDEA - International Data Encryption Algorithm (IDEA): IDEA is a block cipher adv in 1991 to replace DES. It is licensed in all

countries where it is patented by MediaCrypt. type encryption

Identification professing user

ID

IDL - Interface Definition Language (IDL): A standard interface language that is used by clients to request services from objects.



IDLE scan - An IDLE scan uses a spoofed IP address to send a SYN packet to a target. Depending on the response, the port can be

determined to be open or closed. IDLE scans determine port scan response by
monitoring IP header sequence numbers.



IETF - Internet Engineering Task Force (IETF): develops and promotes Internet standards, cooperating closely with the W3C and

ISO/IEC standard bodies and dealing in particular with standards of the TCP/IP and

Internet protocol suite. It is an open standards

organization, with no formal membership or memb req's. All members are volunteers and the org's current financial sponsors are

VeriSign and the U.S. Gov's

N.S.A.



If you have an IP address of 156.154.81.56 and a subnet mask of 255.255.255.240, what is the network address, possible # of and range

of subnet hosts, and what is the broadcast address?

IP Address: 10011100.10011010.01010001.00111000

Subnet mask: 11111111.11111111.11111111.11110000

Bitwise AND

-----------------------------------------------

Result: 10011100.10011010.01010001.00110000

As you can see, the network address for the

IP address and subnet mask in question is 156.154.81.48. To determine the how many hosts are possible to be on this same subnet, it is

a simple operation. Count the number of bits from the right until you get to the first "1" in the binary network address display. That

number will be the power you raise 2 to for the calculation of possible number of hosts. You must also subtract two from the result

because one address is reserved for broadcast and network addresses. This leaves you with the final algorithm of 2^n-2. In this case

there are 4 bits of 0 in the network address, leaving you with 2^4-2 hosts possible, or 14 hosts. This means that your network address

is 156.54.81.48, that you have a range of addresses available to hosts from 156.154.81.49 - 156.154.81.62, and that the broadcast

address for this network is 156.154.81.63.

IIS Internet Information Server

IIS Exploits Internet Information Server (IIS) Unicode

exploits



IKE - Internet key exchange (IKE): is the protocol used to set up a security association in the IPSec protocol suite. IKE uses a

Diffie-Hellman key exchange to set up a shared session secret, from which
crypto keys are derived. IKE was orig est in '98.



IMAP - Internet Message Access Protocol



In MAC OS X, what kind of DNS record is created when you add an alias in Server Admin? CNAME


increment value size in bytes?



inference engine - A component of an artificial intelligence system that takes inputs and uses a knowledge base to infer new

facts and solve a problem.



information flow control - A procedure undertaken to ensure that information transfers within a system are not made from a

higher security level object to an object of a lower security level. Synonymous with 'data flow control' and 'flow control.'



INI files - The de facto standard for configuration files. INI files are simple text files with a basic structure. Windows

files.



internetwork - Amongst 2 or more networks.



Intrusion detection systems - 1) State anomaly; 2) Protocol retardation; & 3) pattern-matching system



IP - Internet Protocol (IP): ?

IP layer aka? Network layer



IPNA - Org that assigns port numbers?



IPSec - Secure Internet Protocol



IPv4 - Internet Protocol version 4 is the 4th iteration of the Internet Protocol and it is the first version of the protocol to be

widely used. This is the now currently used format - and it is 20 years old.

The current first version of IP, in which an IP address

has 2 parts. The 1st is the network ID and the 2nd is the host ID. IPv4 is a four byte, 32 bit IP address of the form:

255.255.255.255.



IPv6 - Internet Protocol version 6 is an Internet Layer protocol for packet-switched internetworks. It is des as the successor for

IPv4. IPv6 provides over sextillion addresses (theoretically). IPv6 is a
sixteen byte, 128 bit, IP that may be viewed as hexadecimal

numbers separated by semicolons.



IPX - A routing protocol. Routing protocols are located at the Network layer: layer 3.



IPX - Internetwork Packet Exchange (IPX): is the OSI-model Network layer protocol in the IPX/SPX protocol stack. IPX was a popular

predecessor to TCP/IP.



IR - infrared light (IR): light waves that range in length from about 0.75 to 1,000 microns; this is a lower frequency than the

spectral colors but a higher frequency than radio waves.



IRC - Internet Relay Channel (IRC): A chat sys fin in the late '80s. IRC technology was novel because it allowed for more than 2

people to chat. IRC is an app that one installs on one's computer and it sends
& rec's to/from an IRC server. It is a known security

liability.



IRQ - users of online services, such as sports scores, etc. look up better definition.

ISAPI asp is one ISAPI extension



ISAPI - ISAPI is a (Internet Server Application Program Interface) set of Windows program calls that lets you write a Web server

application that is an N-tier API of Internet Information Services (IIS),
Microsoft's collection of Windows-based Web server services.
IIS & ISAPI - are the two most prominent applications involved in Microsoft's Web server. Internet server application programming

interface. ASP is one kind. N-tier API of (Microsoft's IIS). Apachi can also run ISAPI.



ISDN - Integrated Services Digital Network (ISDN): is a digital end-to-end communications mechanism. ISDN was developed by

telephone companies to support high-speed digital communications over the same equipment and infrastructure that is used to carry

voice communications.



ISM - industrial, scientific, and medicine bands (ISM): Radio frequency bands authorized by the FCC for wireless LANs. The ISM

bands are located at 902 MHz, 2.400 GHz, and 5.7 GHz. The transmitted power is commonly less than 600mw. No FCC license is req to

send/receive in these bands.



ISN - Initial Sequence Number


isochronous transmission - Type of synchronization whereby information frames are sent at specific times.



ITU - International Telecommunication Union

ITV-T standard X.509 is an ITV-T standard for a public key infrastructure (PKI) for

single-sign on and privilege management.



IV - Initialization vector; for WEP encryption.



IVC - Integrity check value; In WEP encryption, the frame is run through an integrity algorithm, and the generated IVC is placed

at the end of the encrypted data in the frame.



Kerberos - A trusted, third-party authentication protocol that was developed under Project Athena at MIT. In Greek mythology,

Kerberos is a three-headed dog that guards the entrance to the underworld.

Using symmetric key cryptography, Kerberos authenticates

clients to other entities on a network of which a client requires services.



KHMAC - Keyed hash message authentication code

knowledge base Refers to the rules and facts of the particular problem domain in an

expert system.



Land - A DoS attack that consists of sending a special poison spoofed packet to a computer, causing it to lock up. ?same ip &

port: no idea what this is



LAP - Link Access Procedure (LAP)

LAPB - Link Access Procedure Balanced (LAPB): is a data link layer protocol in the x.25 protocol stack.

LAPB - is a bit-oriented protocol derived from HDLC that ensures that frames are error free and in the
right sequence. LAPB is

specified in ITU-T.



LDAP - Lightweight Directory Access Protocol (LDAP): most directory services are based on LDAP. A directory functions much like in

reality: It serves as a legend to find system resources.



LEAF - A key exchange mechanism known as the Law Enforcement Access Field (LEAF).



LEAP - An early alt to WEP was WiFi Protected Access (WPA). It is based on the LEAP and TKIP cryptosystem & emp a secr passphrase.

Unfortunately, the use of a single static passphrase is the downfall of WPA.

An attacker can just brute-force attack it to break it;

it's time prohibitive, but theoretically possible.



least privilege - The principle that requires each subject be granted the most restrictive set of privileges needed to perform

authorized tasks.



Lids - MIT Laboratory for Information and Decision Systems. This is an interdisciplinary research lab of MIT. Huge composite of

departments and LIDS has also hosted several luminaries of their respective fields.



link encryption - A low-level, first-line of defense against a hacker. This is also known as network-layer encryption.



list-oriented - A computer protection system in which each protected object has a list of all subjects that are authorized to access

it. Compare to 'ticket-oriented.'



LLC - Logical Link Control (LLC): the IEEE layer 2 protocol.

lock-and-key protection system req matching key/password with a

specific access req.



Logical access controls - Refers to the collection of policies, procedures, organizational structure and electronic access controls

designed to restrict access to computer software and data files.



LSASS - Local Security Authority Subsystem Service (LSASS), is a process in Microsoft Windows operating system that is responsible

for enforcing the security policy on the system. It verifies users logging on
to a server, handles password changes, and creates

access tokens. It also writes to the Windows Security Log.



LSB - Least significant bit.



MAC - Media Access Control



MAC - Message authenticated code

MAC Mandatory access control (MAC):?



MAN - Metropolitan area network.



MAPI - Microsoft's mail application programming interface.



MAU - Multi-station access unit



Mbps - Megabits per second (Mbps): One million bits per second.



MD.5 hash function - Message-Digest algorithm 5 (MD.5): widely used 128-bit hash function (serves as ''an Internet standard''-RFC

1321). Employed in a wide var of sec app's & also used as a file-integrity
checker. An MD5 hash is typically expressed as a 32 digit

hexadecimal number.




Medium access - The Data Link Layer (DLL) function that controls how devices access a shared medium.

The Metasploit Freeware

framework tool to penetration test operating systems & web server software.



MIB - Management Information Base: SMB databae of config variables



MIME - Multipurpose Internet Mail Extensions (MIME): Is an Internet standard that extends the format of e-mail to support text in

character sets other than ASCII, non-text attachments, message bodies with
multiple parts, header information in non-ASCII character

sets, more. MIME's use has grown beyond describing email to describing content type in general, including for the web.



MITM - Man-in-the-middle attack



modulation - The process of translating the baseband digital signal to a suitable analog form. Any of several techniques for

combining user information with a transmitter's carrier signal.



MOSS - MIME Object Security Services (MOSS): a standard for encrypted messages second to the S/MIME protocol.



Most common way to hijack a session? Send server a packet with RST or FIN flag set and then coordinate communication with client.


MSB - Most significant bit.



MTU - Maximum transmission unit



multilevel device - A device that is used in a manner that permits it to simultaneously process data of two or more security

levels without risk of compromise. To accomp this, sensitivity labels are normally stored on the same physical medium and in the same

form (for example, machine-readable or human-readable) as the data being processed.



multilevel secure - A class of system containing information with different sensitivities that simultaneously permets access by

users with different security clearances and needs-to-know but that prevents users from obtaining access to information for which they

lack authorization.



multipath - The signal variation caused when radio signals take multiple paths from transmitter to receiver.



multiplexer - A network component that combines multiple signals into one composite signal in a form suitable for transmission

over a long-haul connection, such as leased 56 Kbps or T1 circuits.



MUX - multiplexing (MUX): a process whereby multiple analog message signals or digital data streams are combined into one signal

over a shared medium.



mws3ptr - An exploitable DLL via printing...targets the ISAPI filter.



MX DNS Records: (mail exchange) Identifies the mail server for the domain



NACK or NAK - A flag option in the TCP/IP handshake.



Name of message in layer 1? - bits: by this point the data has been converted into bits for trans over the physical connection

medium.



Name of message in layer 2? - frame.



Name of message in layer 3? 'segment' transmitted by TCP protocol or 'datagram' if trans by UDP.



Name of message in layer 7? data stream.



Name the 4 main firewall techniques - 1. Packet filter; 2. Application gateway; 3. Circuit-level gateway; & 4. Proxy server



NCSC - Stands for National Computer Security Center, an initiative of the NSA focused on information security.



NetBIOS - Acronym for Network Basic Input/Output System. It provides services related to the session layer of the OSI model allowing

applications on separate computers to communicate over a local area network.

As strictly an API, NetBIOS is not a networking

protocol. In modern networks, NetBIOS normally runs over TCP/IP via the NetBIOS over TCP/IP (NBT) protocol. This results in each

computer in the network having
both a NetBIOS name and an IP address corresponding to a (possibly different) host name. NetBIOS

provides 3 basic services: 1) Name service for for name recog & resolution; 2) Session service for connection-oriented communication;

& 3) Datagram distribution service for connectionless communication. Note: SMB is an upper layer service that runs atop of the Session

Service and not a part of NetBIOS itself. It can run atop TCP with a small mod.



NetBT - NetBIOS over TCP/IP: is a networking protocol that allows legacy computer applications relying on the NetBIOS API to be used

on modern TCP/IP networks.



Netgate authentication - uses Kerberos

Network traffic filtering

One means of defense against DDoS & DoS attacks.



NIACAP - National Information Assurance Certification and Accreditation Process, a standardized process for information assurance

(IA) accreditation.



NIC - Network Interface Card (NIC): An electronic computer chip that can transmit and receive information in specified protocols


NIST - National Institute of Standards and Technology



Nmap - Free open-source tool that can quickly & efficiently ping sweep, port scan, service identification, IP address detection, OS

detection. Nmap can scan a large # of machines in a single session. It is
supported by many OS's: Unix, Windows, Linux, etc.

Nmap

Free security scanner for network exploration & security: downloads for Windows, UNIX, FreeBSD, Linux, Redhat, etc.



Nmap scan - TCP connect The attacker makes a full TCP connection to the target system.



Nmap scan: Ack scan - This type of scan is used to map out firewall rules. ACK scan only works on UNIX.

Nmap scan: Windows scan

This type of scan is similar to the ACK scan and can also detect open ports.



Noteworthy SMB attack - Win32CreateLocalAdminUser is a program that creates a new user with the username and password X and adds the

user to the local administrator’s group. This action is part of the

Metasploit Project and can be launched with the Metasploit

framework on Windows. Server message block. Designed to share file & printer.



NS - DNS Records: (name server) Identifies other name servers for the domain



NSDD 145 - National Security Decision Directive 145 (NSDD 145)

NT LAN Manager - Not to be confused with LAN Manager.

NTLM - (NT LAN Manager) is a Microsoft authentication protocol used with the SMB protocol.



ntdll.dll - The ntdll.dll is a file created by Microsoft that has a description of "NT Layer DLL" and is ''the file'' that

contains NT kernel functions. This file is a significant security risk if unpatched.



NTFS - NTFS (dev by Microsoft) file system replacement for FAT file systems: impr support for metadata, imp performance, allowance

of ACL's, journaling, etc.



NTLM - NTLM (NT LAN Manager), not to be conf with LAN Manager, is a Microsoft auth protocol used with the SMB protocol. The

protocol uses a challenge-response sequence iss'g 3 msg's bet client & server (node
req'ing auth). Uses tokens.



Null scan - This is an advanced scan that may be able to pass through firewalls undetected or modified. Null scan has all flags

off or not set. It only works on UNIX systems. It is similar to XMAS and FIN scans in its limitations and response.



OCX - OCX is a file format. This file format is a Windows file format and is easily infected with hazardous code. Object linking

and Embedding (OLE) Control Extension.



ODBC - Open Database Connectivity (ODBC) is a database (proxy like) feature that allows applications to communicate with other &

different databases without being programmed specifically to do so.
one-time pad In crypto, the one-time pad (OTP) is an encryption

algo where the plaintext is combined with a random key or "pad" that is as long as the plaintext and used only once. If the key

generated is
truly random, and kept abs confidential, never re-used, then it provides perfect secrecy.



OOB - Out-of-band



Open port - Open means that the target machine is accepting incoming requests on that port.



OSI model - The Open Systems Interconnection Reference Model (OSI Reference Model or OSI Model) is an abstract description for

layered communications and computer network protocol design. It was developed
as part of the Open Systems Interconnection (OSI)

initiative. In its most basic form, it divides network architecture into 7 layers. A layers is a collection of conceptually similar

functions that prov serv to the layer above it.



Output chaining - One characteristic, re X.509 Certificate authentication, to check. See that all certificates in the Output Chain are

legit.



PA-DSS - Payment Application Data Security Standard (PA-DSS)



Packet filter firewall - A packet filter firewall examines 5 characteristics of a packet: 1) Source ip address; 2) Source port; 3)

Destination ip address; 4) Destination port; 5) IP protocol (TCP or UDP). Based on the rules, a packet will either be accp'd, rej'd,

or drop'd. If firewall rejects the packet, it sends a flag back saying rej. If packet was dropped, firewall doesn't respond. Packet

filtering firewalls operate at level 3 of the OSI model, the Network Layer. Routers are a very common form of packet filtering

firewall.



packet switch - A packet switch is a node used to build a network that utilizes the packet switching paradigm for data

communication. Can op at a # of diff layers. One common class of contemp p switches: bridge, hub and router. Gen packet switches only

perf communication-rel functions.



Packet-level filtering firewall - One step below circuit-level filtering. A packet-level filter blocks or forwards a packet based

solely on its merits, without taking into account past history.



Parallell port - A parallel interface for connecting an external device such as a printer. Most personal computers have at least 1

serial port & 1 parallel port. On PCs, the parallel port uses a 25-pin

connector (type DB-25) and is used to connect printers. A newer

type of parallel port is known as: Enhanced Parallel Port (EPP) or Extended Capabilities Port (ECP).



Parser - Parsing is analysis of semantics at a fine granularity. The most common use of a parser is as a component of a compiler or

interpreter. This compiles the source code of a computer prog lang to craete some form of internal rep.



Passive sniffing -To capture only data that comes one's way is passive sniffing.



patch management - choosing how patches are to be installed and verified and testing those patches on a nonproduction network

prior to installation.



Patch management techniques - A process for testing, applying and logging patches to a system should be defined and followed.



Path - MTU discovery - (PMTUD) is a technique in computer networking for determining the maximum transmission unit (MTU) size on

the network path between 2 Internet Protocol (IP) hosts,
usually with the goal of avoiding IP fragmentation.



PCDP - Packet data convergence protocol one protocol in radio packet stack in UMTS.



PCI DSS - PCI DSS: stands for Payment Card Industry Data Security Standard, and is a worldwide security standard assembled by the

Payment Card Industry Security Standards Council (PCI SSC). PCI consists of
operational & technical standards to prevent fraud and

hacking.

PDC-P Packet Data Convergence Protocol (PDCP): It is one of the layers of the Radio Traffic Stack in UMTS and performs IP

header compression and decompression, transfer of user data and maintenance of
sequence numbers for Radio Bearers.



PEM - Privacy Enhanced Mail (PEM): an email encryption mechanism that provides authentication, integrity, confidentiality, and

nonrepudiation. PEM uses RSA, DES, and X.509. encryp



PEM function - An OpenSSL function



PGP - Pretty good protection, an encryption suite for mail and possibly other purposes.

PHP A language designed specifically

implemented specifically on the server side.



PHS - Psuedo-Hilbert Scan algorithm (PHS): This algo is used in digital image processing, image compression, and pattern

recognition.



PHY - Physical Layer (PHY):



Ping - Noun! - A utility used to troubleshoot a connection to test whether a particular IP address is accessible.

Ping tool

examples Pinger, Friendly Pinger, WS_Ping_Pro

PKCS

Public Key Cryptography Standards (PKCS): - A set of public key cryptography standards that supports algorithms such as Diffie-Hellman

and RSA, as well as algorithm-independent standards.



PKI - Public key infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage,

store, distribute, and revoke digital certificates. In cryptography, a PKI is
an arrangement that binds public keys with respective

user identities by means of a certificate authority. The binding may be done by software or in person, dep on the level of sec. The

PKI role that assures
this binding is called the Reg Authority (RA).



PMI - Privilege Management Infrastructures (PMI): are to authorization what Public Key Infrastructures (PKI) are to

authentication.

PMIs - have Sources of Authority (SOAs) and Attribute Authorities (AAs) that issue Attribute Certificates (ACs) to users, instead of

Certification Authorities (CAs) that issue PKCs to users.



Popular steganographic program and purpose? - The purpose of a steganographic program is to hide information within a bundle of

unhidden and seemingly normal data. You can hide info within MP3's, ASCII text files, etc.



Port Scanning vs Ping Sweeping - Port scanning generally

Port sweep scanning multiple hosts searching for a single specific port


Precomputation - Re Dictionary attack: Hashing out a bunch of dictionary entries prior to beginning an attack so as to expedite the

process.



PRNG - Pseudorandom number generator



Protocol standards - Official Internet Protocol Standards: NETBIOS, Protocol standard for a NetBIOS service on a TCP/UDP

transport.

protocols A set of rules and formats, semantic and syntactic, that permits entities to exchange information.

Protocols

that don't encrypt: name a few. HTTP, POP3, SNMP, FTP

Proxy firewall

Proxy server/firewall - serves as a go-between from client to server: 1) client is anonymous; 2) to speed up resource caching.

proxy

server A proxy server is a server (a computer system or an application program) that acts as a go-between for requests from clients

seeking resources from other servers.



pseudoflaw - An apparent loophole deliberately implanted in an operating system program as a trap for intruders.



PSTN - Public-switched telephone network; the general phone network.



PTR - DNS Records: (pointer) Maps IP addresses to host names



Purpose of a signed message - To verify sender's identity and ensure that the message wasn't tampered with in transit.



RADIUS - Remote Authentication Dial-In User Service



RC4 - Rivest Cipher 4 (RC4): RC4 is based on RSA. WEP employs RC4. WEP supports only one-way authentication: client ->access

point.



RC5 - RSA cipher is a patented symmetric algorithm. Conceived of by the founders of RSA.



RDBMS - relational database management systems (RDBMSs).



Relational database - A database that groups data using common attributes found in the set. The resulting "clumps" of data are

much easier for people to understand. Basically, this is a standard expectation
like searching a set of houses in a database for val >

250k & size > 5k sq. ft.



Linux BIND NXT

repeater - A network component that provides internetworking functionality at the Physical Layer of a network's

architecture. A repeater amplifies network signals, extending the distance they can travel.



RFC - Request for comment (RFC): In comp network engin, RFC is a memorandum published by the Internet Engineering Task Force

(IETF) describing methods, behaviors, research or innovations applicable to the
working of the Internet and Internet-connected

systems.



Rijndael - AES adv by these two Belgian cryptographers. The U.S. gov adopted this algo. It is also used extensively all over

the world. This algo was adv in 2001 and won a 5-year contest amongst contenders. guy who advanced encryp theorem?


ring protection scheme - A new technology introduced by ITU to reduce ARP cache spoofing. It sets up nodes so that IPs are

consistent.



ring topology - A topology in which a set of nodes are joined in a closed loop.



RIP - Routing Information Protocol (RIP): A common type of routing protocol. RIP bases its routing path on the distance (number of

hops) to the destination. RIP maintains optimum routing paths by sending out routing update messages if the network topology changes.


RISC - Reduced Instruction Set Computer (RISC): A computer architecture designed to reduce the number of cycles required to execute

an instruction. A RISC architecture uses simpler instructions but makes use of other features, such as optimizing compilers and large

numbers of general-purpose registers in the processor and data caches, to reduce the number of instructions required.



Roaming - A general term that ref to extending connectevity beyond the home location where the service was registered. The term

"roaming" originated from the GSM sphere (Global System for Mobile Communications) and the term can also be applied to CDMA.



ROM - Read-only memory (ROM).



router - A network component that provides internetworking at the Network Layer of a network's architecture by allowing individual

networks to become part of a WAN. A router works by using logical and physical addresses to connect two or more separate networks. It

determines the best path by which to send a packet of information.



RS-232 - In telecommunications, RS-232 (Recommended Standard 232) is a standard for serial binary data signals connecting between a

DTE (Data Terminal Equipment) and a DCE (Data Circuit-terminating Equipment). It is commonly used in computer serial ports. A similar

ITU-T standard is V.24. RS-232 is the major predecessor to USB for local communications. Comp 232, USB is faster, uses lower voltages

and has connectors that are simpler to connect and use.



RS-232 1) A serial communications interface; & 2) The ARS-232n EIA standard that specifies up to 20 Kbps, 50 foot, serial

transmissions between computers and peripheral devices. Serial communication standards are defined by the Electronic Industries

Association (EIA).


RS-232 (Recommended Standard 232) is a standard for serial binary data signals connecting between a DTE (Data Terminal Equipment) and

a DCE (Data Circuit-terminating Equipment). It is commonly used in computer serial ports. A similar ITU-T standard is V.24.



RS-422 - An EIA standard specifying electrical characteristics for balanced circuits (in other words, both transmit and return wires

are at the same voltage above ground). RS-422 is used in conjunction with

RS-449.

RS-423 An EIA standard specifying electrical

characteristics for unbalanced circuits (in other words, the return wire is tied to the ground).

RS-423 - is used in conjunction with RS-449.



RS-449 - An EIA standard specifying a 37-pin connector for high-speed transmission.



RS-485 - An EIA standard for multipoint communications lines.



RSA - RSA is an algorithm for public-key encryption.



RSA SecureID - Two-factor authentication includes hardware token authenticators, software authenticators, authentication agents as

a more secure authentication for a user to access a network resource.



RTS/CTS - Request-to-Send & Clear-to-Send (RTS/CTS): Optional protocols in the 802.11 standard. Expensive, but allows for fine tuning

of the WLAN.



S/MIME - A protocol that adds digital signatures and encryption to Internet MIME: Hence, S/MIME -> Secure MIME.



SACLs - Service access control lists are ACLs specific servers



Samba - A Mac application that allows for interaction with Microsoft Server Message Block (SMB) networking: file & printer sharing.


sandbox - An (ACL) mechanism. An access control-based protection mechanism. The sandbox is usually interpreted by a virtual machine

such as the Java Virtual Machine (JVM).



Sandboxing - In computer security, an (ACL) a sandbox is a sec mech for sep running prog's. In this context, sandboxing is a

specific example of virtualization.



Scalar processor - Represents the simplest class of processors and takes one data item at a time. Differences between scalar

and vector processors is analogous to vector and scalar arithmetic, as seen in calculus and other maths.

Scan - The act of actively connecting to a system to obtain a response.



Scanning - Sending an ICMP or ping



Screened subnet - In network security, a screened subnet firewall is a variation of the dual-homed gateway and screened host firewall.

It can be used to separate components of the firewall onto separate systems,
thereby achieving greater throughput and flexibility,

although at some cost to simplicity. A screened subnet firewall is often used to establish a "DMZ": demilitarized zone.



SCSI Port - A parallell port used by MAC. It is more flexible than traditional parallel ports.



SDLC - Synchronous data link control security kernel The hardware, firmware, and software elements of a Trusted Computer Base (TCB)

that implement the reference monitor concept.



Serial communications - Data transfer in which data is transferred 1 bit at a time. Most serial ports on personal computers conform

to the RS-232C or RS-422 standards. A serial port is a general-purpose interface that can be used for almost any type of device,

including modems, mice, and printers.



serial interface - An interface to provide serial communications service.

Server A server is a computer that provides services

used by other computers.



service packs - A service pack is a collection of updates, fixes and/or enhancements to a software program delivered in the form of

a single installable.

Session hijacking steps 1. identify an open session & predict the sequence number of the next packet; 2.

desynchronize the connection; & 3. packet injection



Session Layer - One of the seven OSI model layers. Establishes, manages, and terminates sessions between applications.



SET - Open protocol with the potential to 'set the standard.' It defines Secure Electronic Transactions



SFC - Stream file checker



SHA-1:5 - The successors to the Secure Hash Algorithm (SHA), SHA-1 and SHA-2, make up the gov STANDARD MESSAGE DIGEST FUNCTION.



shared key authentication - A type of authentication that assumes each station has received a secret key through a secure

channel, independent from an 802.11 network.



SID - Sound Interface Device (SID): a sound card. The Commodore 64 was one of the original machines carrying SID.



single user mode - An OS loaded without Security Front End.



SIV - System integrity verified



Skipjack - An algorithm that was approved for use by the U.S. government in Federal Information Processing Standard (FIPS) 185,

the Escrowed Encryption Standard (EES). Skipjack is unusual in that it
supports the escrow of encryption keys. In cryptography,

Skipjack is a block cipher — an algorithm for encryption — developed by the U.S. National Security Agency (NSA). Initially classified,

it was originally intended for use in the controversial Clipper chip. Subsequently, the algorithm was declassified and now provides a

unique insight into the cipher designs of a government intelligence agency.



SLIP - Serial Line Internet Protocol (SLIP): An Internet protocol used to run IP over serial lines and dial-up connections.



smart cards - A smart card, chip card, or integrated circuit card (ICC), is defined as any pocket-sized card with embedded

integrated circuits which can process data. This implies that it can receive input which is processed - by way of the ICC applications

- and delivered as an output. There are 2 broad categ's of ICC. 1) Memory cards contain only non-volatile mem storage components and

per some spec sec logic; & 2) Microprocessor cards that contain volatile memory and microprocessor components.



SMB - Server message block (SMB): In computer networking, SMB operates as an application-level network protocol mainly used to

provide shared access to files, printers, serial ports, and miscellaneous communications between nodes on a network. It also prov an

auth Inter-proc comm mech. Most usage of SMB involv comp running Windows, where it is known as "Microsoft Windows Network."



SMBSID - ?

SMDS Switched Multimegabit Digital Service (SMDS): A packet-switching connectionless data service for WANs.

SMP

Symmetric multiprocessor systems



SMTP - Simple Mail Transfer Protocol (SMTP): The Internet email protocol.



SN - Sequence number. TCP, connection-oriented protocol property used in reassembling data stream into correct order.



SNA - Systems Network Architecture (SNA): IBM's proprietary network architecture.



SNMP - Protocol Simple Network Management Protocol (SNMP): The network management protocol of choice for TCP/IP-based Internets.

Widely implemented with 10BASE-T Ethernet. A network management protocol that
defines information transfer among 'management

information bases (MIBs): 1. agent; 2. management station



SNR - Signal-to-noise ratio



SOA - DNS Records: (Start of Authority) Identifies the DNS server responsible for the domain information



SOCKS - SOCKS, also known as Authentication Firewall Transfer (AFT), is a protocol used in proxy servers and firewalls and for

virtual private networks (VPNs).
The SOCKS Firewall Another type of application-proxy firewall are SOCKS firewalls. SOCKS

firewalls require specially mod network clients. This means that you need to mod every sys on your internal network that needs to

communicate with the external network. On a Windows or OS/2 system, this can be as easy as swapping a few DLL's.
Some unencrypted

protocols? HTTP, FTP, POP3, SNMP



SONET - Synchronous Optical NETwork (SONET): A fiber-optic transmission system for high-speed digital traffic. SONET is part of the

B-ISDN standard.

Special specification language (proper noun):


SPKI - Simple Public Key Infrastructure: Does not deal with public authentication of public key information; this is known as SPKI.



Spoofing - Spoofing involves artificial identification of a packet's source address, where that IP address is often deduced

from sniffed network traffic.



SQL - Structured Query Language (SQL): An international standard for defining and accessing relational databases.



SQL injection - The process of an attacker inserting SQL statements into a query by exploiting vulnerability for the pupose of

sending commands to a web server database.



SRV - Service records



SRV - DNS Records: (Service) Identifies services such as directory services



SSDP - Simple Service Discovery Protocol: Simple Service Discovery Protocol (SSDP) is an expired IETF Internet draft by Microsoft

and Hewlett-Packard. SSDP is the basis of the discovery protocol of Universal plug-and-play.

SSDP provides a mechanism which network

clients can use to discover network services. Clients can use SSDP with little or no static configuration.

SSDP uses UDP unicast and

multicast packets to advertise their services.



SSH-1:2 .. SSH is an ecrypted Telnet.



SSID - Service Set Identifier.



SSL - Secure Sockets Layer (old, basically replaced by TLS): SSL can be used for HTTPS traffic.



SSL attacks: name some - prevention: install a proxy server & term SSL at the proxy; 2. install a hardware SSL accelerator & term

SSL at this layer.



ST connector - An optical fiber connector that uses a bayonet plug and socket.



star topology - A topology wherein each node is connected to a common central switch or hub.


Stateful inspection firewall - An improvement on the packet-filtering firewall. With this enhancement, the firewall ''remembers''

conv's bet systems. It is then nec to fully ex only the first packet of a conv.



Steganography - the process of hiding data in other types of data such as images or text files.



storage object - An object that supports both read and write access.



stream cipher - A symmetric key cipher where plaintext bits are combined with a pseudoramdom cipher bit stream. Stream ciphers are

faster and than block ciphers and have lighter hardware requirements.



subnet - A logical subdivision of the address space defined by a TCP/IP network ID. A physical network defined within an IP address.

A subnet is a logical collection of up to 127 nodes or devices within a domain. A working scheme that divides a single logical network

into smaller physical networks to simplify routing.



Subnet mask - A mask used to determine what subnet an IP address belongs to. An IP address has two components, the network
address

and the host address. For example, consider the IP address 150.215.017.009. Assuming this is part of a Class B network, the first two

numbers (150.215) represent the Class B network address, and the second two numbers (017.009) identify a particular host on this

network.



Subnetting enables the network administrator to further divide the host part of the address into two or more subnets. In this case, a

part of the host address is reserved to identify the particular subnet.
This is easier to see if we show the IP address in binary

format. The full address is:
The Class B network part is: 10010110.11010111

and the host address is

00010001.00001001

SV Stability

verifier

Symmetric key Serves only to keep data confidential. Large keys can prove very difficult to break. Not used for

authentication.



SYN (aka: stealth scan) This is also known as half-open scanning. The hacker sends a SYN packet and receives a SYN-ACK back from the

server. It's stealthy because a full TCP connection isn't opened. If a SYN/
ACK frame is received back, then it's assumed the target

would complete the connect & the port is listening. If recieve RST, then it's assumed the port isn't active or is closed. The adv of

the SYN stealth

scan is that most IDS systems don't log incomplete handshakes.



SYN cookies - SYN Cookies are the key element of a technigue used to guard against SYN flood attacks.



Syscolumns - An SQL database command that returns a row for each column of an object that has a column.



Sysobjects - Contains one row for each object created within a database.



System Memory - Free, wired, active, inactive, used



T1 - A standard specifying a time division-multiplexing scheme for point-to-point transmission of digital signals at 1.544 Mbps.


TCP Connection - A singular TCP data transmission is called a segment. Middle layer in the OSI model. One of the core protocols. TCP

operates at a higher level than IP. TCP stays at home while IP moves the data on its journey.



TCP Wrapper - A TCP Wrapper is a host-based networking ACL system used to filter work access to Internet Protocol servers on

(UNIX-like) operating systems like Linux or BSD. This is a program & "code" comes as a "tarball."

TCP/IP A de facto, industry-standard

protocol for interconnecting disparate networks. TCP/IP are standard protocols that define both the reliable full-duplex transport

level and the connectionless, best effort unit of information passed across an internetwork.



TCP/IP Layers - The Internet Protocol Suite (commonly known as TCP/IP) is the set of communications protocols used for the Internet

and other similar networks. It is named after 2 of the more important protocols that fall in its purview. TCP/IP were advanced in the

'60s. The TCP/IP Model consists of four layers: 1) the Application Layer; 2) the Transport Layer; 3) the Internet Layer; & 4) the Link

Layer.

TCP/UDP layer aka Transport layer



TDR - time-domain reflectometer (TDR):


Telenet - For the packet switched network.

Telnet Telecommunication: For the packet switching network. TELNET is a network

protocol used on the Internet or local area network connections. Conceived of 1969 and later standardized as IETF STD 8, one of the

first Internet standards. Commonly imp in a command-line interface. A virtual terminal protocol used in the Internet, enabling users

to log in to a remote host. TELNET is defined as part of the TCP/IP protocol suite.

Telnet and Secure Shell Intrusion is what kind of

attack? Web server



TFTP - Trivial File Transfer Protocol (TFTP): When updating access lists on a Cisco router, you will create your lists on a TFTP

server and then download them to your router. This way you can use a text editor to see your work easily.

Throughput: switch, hub

In communication networks, such as Ethernet or packet radio, throughput is the average rate of successful message delivery over a

communication channel.



TKIP/MIC - Temporal Key Integrity Protocol (TKIP): TKIP ensures that every data packet is sent with a unique encryption key.



TLS - Transport Layer Security (TLS):



TOE - Target of Evaluation (TOE): In the Common Criteria, TOE refers to the product to be tested.

Token passing ring

Networking, in a token passing ring, a token is passed around a network between nodes and the recipient node can communicate as long

as it is in possession of the token. The node must pass the token in order for another node to be in possession of it so the following

node can then communicate. Token passing is a method of avoiding communications transmission collisions. Examples of token passing

rings: 1) token ring; & 2) ARCNET. See contention vs channel access and collision avoidance.

top-level specification A

nonprocedural description of system behavior at the most abstract level; typically, a functional specification that omits all

implementation details.



topology - A description of the network's geographical layout of nodes and links.



Traceroute - Traceroute is a packet-tracking tool that works by sending an ICMP echo to each hop (router or gateway) along the

way to the destination



Traceroute - Software utility used to determine the path to a target computer.



Trailer - In information technology, trailor: refers to supplemental data placed at the end of a block of data being stored or

transmitted, which may contain information for the handling of the data block, or just mark its end.



tranquility - A security model rule stating that an object's security level cannot change while the object is being processed by

an AIS.



transceiver - A device for transmitting and receiving packets between the computer and the medium.



Transmission Control Protocol (TCP): A commonly used protocol for establishing and maintaining communications between applications

on different computers. TCP provides full-duplex, acknowledged, and flow-controlled service to upper-layer protocols and applications.

Transport Layer OSI model layer that provides mechanisms for the establishment, maintenance, and orderly termination of virtual

circuits while shielding the higher layers from the network implementation details.



TTF - TrueType file format - generally for fonts, Macintosh



TTL - Time to live



Tunneling - Protocol tunneling: the term is used to describe when one network protocol referred to as the payload protocol is

encapsulated within a different delivery protocol. Reasons to use tunneling include carrying a payload over an incompatible delivery

network, or to provide a secure path through an untrusted network.

twisted-pair wire Type of medium using metallic-type conductors

twisted together to provide a path for current flow. The wire in this medium is twisted in pairs to minimize the electromagnetic

interference between one pair and another.



Twofish - Twofish is a symmetric key block cipher with a block size of 128 bits adn key sizes up to 256 bits. It was one of five

finalists in the Advanced Encryption Standards contest. encryp



U.S. Patriot Act of October 26, 2001 - A law that permits the following: 1) Subpoena of electronic records; 2) Monitoring of

Internet communications; 3) Search and seizure of information on live systems (routers, servers, backups, etc); & 4) Reporting cash

wires of 10k+. Under the Patriot Act, gov can monitor Internet traffic, force cooperation of ISPs, and network operators. This

monitoring even extends to private businesses.



U.S. Uniform Computer Information - Transactions Act (UCITA) of 1999 - (UCITA) of 1999: A model act that is intended to apply

uniform legislation to software licensing.



UART - Universal asynchronous receiver transmitter. A device that either converts parallel data into serial data for transmission

or converts serial data into parallel data for receiving data.



UDP - User Datagram Protocol (UDP): User datagram protocol. Uses the underlying IP protocol to transport a message in an

unmanageable and directionless scheme: no acknowledgements, no feedback control.



UMTS - Universal Mobile Telecommunications System (UMTS): is one of the third-generation (3G) mobile telecommunications

technologies, which is also being developed into a 4G technology. UMTS uses W-CDMA,
which GSM does not use. Hence, it's slated to

succeed GSM.



UNC - Universal Naming Convention (UNC): Contains all network connections established using a UNC. It also includes Web sites that

bypass a proxy server or have names without periods (such as http://servername), provided these sites are not assigned ot another

zone.



Unfiltered Port - is determined to be closed. And no firewall or filter is interfering with the Nmap requests.



Unicode Character set - that converts chararacters of any language to a universal hex code specification.



Unicode exploit - Windows 2000 systems running IIs are susceptible to a directory traversal attack, also known as a Unicode exploit.


User Datagram Protocol - UDP uses the underlying Internet protocol (IP) to transport a message. This is an unreliable, connectionless

delivery scheme. It does not use acknowledgments to ensure that messages arrive and does not provide feedback to control the rate of

information flow. UDP messages can be lost, duplicated, or arrive out of order.



utility - An element of the DII providing information services to DoD users. Those services include Defense Information Systems Agency

Mega-Centers, information processing, and wide-area network communicationservices.



UTP - Unshielded twisted pair cabling is a form of wiring in which two conductors (the forward and return conductors of a single

circuit) are twisted together for the purpose of canceling out electromagnetic
interference (EMI) from external sources. Untwisted

shielded pair.



V.21 - An ITU standard for asynchronous 0-300 bps full-duplex modems.



V.21FAX - An ITU standard for facsimile operations at 300 bps.



V.34 - An ITU standard for 28,800 bps modems.



V.5 - Is a family of telephone network protocols defined by ETSI that allows communic between the telephone and the exchange.


Validation - Evaluation to assess if a specified criterion is met. Evaluation of a user, program, or OS to see if criteria are

met.



validation (in DITSCAP) - Determination of the correct implementation in the completed IT system with the security requirements and

approach agreed on by the users, acquisition authority, and DAA.

validation (in software engineering) To establish the fitness or

worth of a software product for its operational mission.



vaulting - Running mirrored data centers in separate locations.



Vector processor - Vector processor applies a single instruction to multiple data items simultaneously.



verification - The process of determining compliance of the evolving IT system specification, design, or code with the security

requirements and approach agreed on by the users, acquisition authority, and the
DAA.



very-long-instruction word (VLIW) processor - A processor in which multiple, concurrent operations are performed in a single

instruction. The number of instructions is reduced relative those in a scalar processor. However, for this approach to be feasible,

the operations in each VLIW instruction must be independent of each other.



VLAN - Allows, at minimum, a pair of computers to communicate with each other as if they were on the same network switch.



WAE - Web Application Extension (WAE): Vulnerability.



WAN - wide area network (WAN): A network that interconnects users over a wide area, usually encompassing different metropolitan

areas.



WAP - Wireless Area Protection (WAP): ?. is this a/the correct abbreviation?



WAP - Wireless Application Protocol (WAP): A standard commonly used for the development of applications for wireless Internet

devices.



WBS - work breakdown structure (WBS): A diagram of the way a team will accomplish the project at hand by listng all tasks the team

must perform and the products they must deliver.



WDP - A file format that is susceptible to buffer overflow attacks. The DLL field of a WDP project file is the route to conduct

the overflow.



Web application threats name a few
-
Web interface, name a few: IRC (Internet Relay Chat), instant messaging

- Web server attacks,

ex's: Telnet & secure shell intrusions, web server extension & remote service intrusion, cookie capture and doctor



Web server authentication mechanisms: name a few. - HTTP basic, digest authentication, NTLM, tokens, and biometric

authentication are all methods of authenticating to a web server.



Web spider - Bot that crawls the web looking for data, usually email addresses for spammers.



WebDAV - WebDAV is a set of extensions to the HTTP that allows users to collaberatively edit and manage files on remote WWW servers.



WEP - Wired Equivalency Privacy (WEP): The algorithm of the 802.11 wireless LAN standard that is used to protect transmitted

information from disclosure. WEP generates secret shared encryption keys that both
source and destination stations use to alter frame

bits to avoid disclosure to eavesdroppers.



WEPII - Attempt to elongate WEP. Short lived. Aka TKIP.



What are flags? - Protocol notifications



What are the 3 types of scanning? - Port, network and vulnerability scanning.



What are the layers of the TCP/IP stack? 1) Physical; 2) Data Link; 3) Network; 4) Transport; 5) Session; 6) Presentation;
7) Application



What can you spoof? - TCP packets, MAC IDs, IPs, and ...



What do buffer overflow attacks exploit? - Buffer overflow attacks exploit a lack of bounds checking on the size of input being

stored in a buffer array.



What is and name protocols, respectively: flooding - DoS attacking: UDP, ICMP, TCP



What is a "service ticket," in regard to secure communications? - An authentication token, obtained from the Key Distribution Center

(KDC), that a client presents when accessing a kerberized service



What is a blacklist server? - A server that provides a list of known open relay servers.



What is a circuit-level gateway? - A type of firewall that applies security mechanisms when a TCP or UDP connection is

established. Once the connection has been made, packets can flow between the hosts
without further checking.



What is a packet filter? - A type of firewall that looks at each packet entering or leaving the network and accepts or rejects

on user-defined rules. Packet filtering is fairly effective and transparent
to users, but it is difficult to configure. Additionally,

it is susceptible to spoofing.



What is a proxy server? - A type of firewall that intercepts all messages entering and leaving the network. The proxy server

effectively hides the true network address.



What kind of protocol is TCP? - TCP is a connection-oriented protocol?



What port do Trinoo client bots listen from? 27665



Which one of the following is a layer of the ring protection scheme that is not normally imple-mented in practice? - Layers 1 and

2 contain device drivers but are not normally implemented in practice. Layer 0 always contains the security kernel. Layer 3 contains

user applications. Layer 4 does not exist.

Wi-Fi The Wi-Fi alliance, founded in 1999, as Wireless Ethernet Comp Alliance: WECA.



Wi-Fi - Wi-Fi is a trademark of the - Wi-Fi Alliance - founded 1999 - as Wireless Ethernet Compatibility Alliance (WECA), comprising

more than 300 companies, whose prod's are cert by the Wi-Fi Alliance, based on the IEEE 802.11 standards (aka: WLAN, Wireless LAN, and

Wi-Fi). This cert warrants interoperability between different wireless devices.



Win2k - Windows 2000 - a line of operating systems produced by Microsoft for use on business desktops, successor to Windows NT 4.0.

It was succeeded by Win XP for desktops in 2001 and Windows Server 2003 for servers in 2003. Microsoft touted it as the most robust

platform ever and as a result hackers gunned for it hard and prevailed.



wireless MAN - wireless metropolitan area network (wireless MAN): Provides communications links between buildings, avoiding the

costly installation of cabling or leasing fees and the downtime associated with
system failures.



WLAN - Wireless local area network: A wireless local area network that links two or more computers or dev using spread-spectrum or

OFDM modulation technology to enable communication between devices in a limited area.



WML - Wireless Markup Language, based on XML. A markup language intended for devices that implement the Wireless Application

Protocol (WAP) specification, such as mobile phones, and preceded the use of other markup languages now used with WAP, such as XHTML

and even standard HTML - these two latter markup lang's are increasing in pop as mobile device processing power is increasing.



Work Factor - An estimate of the effort or time needed by a potential intruder who has specified expertise and resources to

overcome a protective measure.



WPA - Wi-Fi Protected Access (WPA & WPA2): a certification program admin'd by the Wi-Fi Alliance to indicate compliance with the

security protocol Wi-Fi adv. WEP didn't cut it.



WPAII - Improvement on WPA, which uses inferior RC4 like WEP. WPA is only an implementation of a subset of 802.11i. WPA2 is a full

implementation.

WPA2 is aka RSN, Robust Security Network.

WSP Wireless Session Protocol. The session layer protocol fam in the WAP architecture is

called WSP. WSP provides the upper-level application layer of WAP with a consistent interface for two session services.

WTLS

Wireless Transport Layer Security (WTLS): a security protocol, part of the Wireless Application Protocol (WAP) stack. It sits between

the WTP and WDP layers in the WAP communications stack.



WTP - WTP is known as Eclipse: A multi-language software development platform written in Java and comprising an IDE and a plug-in

system to extend it. It is used to dev app's in Java, and through plug-ins, app's in C, C++, Python, Cobol, Perl, PHP, more. In its

default form, it is meant for Java developers and consists prim of Java Development Tools (JDT). Released under the Eclipse Public

License, Eclipse is free and open source.



X.12 or ASC X12 OR ANSI ASC X.12 - X.12 or ASC X12 is the official designation of the U.S. national standards body for the

development and maintenance of the Electronic Data Interchange (EDI) standards.

ASC X 12 has sponsored more than 315 X12-based EDI

standards and a growing collection of X12 XML schemas for health care, insurance, government, transportation, finance, more.

X.121

An ITU standard for international address numbering.



X.21 - An ITU standard for a circuit-switching network.



X.25 - An ITU standard for an interface between a terminal and a packet-switching network. X.25 was the first public packet-

switching technology, developed by the CCITT and offered as a service during the
1970s. It is still avail today, but a bit slow for

some high-speed app's.



X.400 - An ITU standard for OSI messaging.



X.500 - An ITU standard for OSI directory services.



X.509 - Cryptography - In crypto, X.509 is an ITV-T standard for a public key infrastructure (PKI) for a single sign on and

Privilege Management Infrastructure (PMI).



X.509 v3 - Version 3 of X.509 includes more flexibility than X.509, allowing the use of other topologies like bridges and

meshes.



X.75 - An ITU standard for packet switching between public networks.



XMAS scan - The attacker checks for TCP services by sending XMAS-tree packets, which are named as such because all the "lights"

are on meaning FIN, URG, and PSH flags are set. XMAS scans send a packet with the FIN, URG, and PSH flags set. If the port is open,
there is no response; but if the post is closed, the target responds with a RST/ACK packet. XMAS scans work only on target systems

that follow the RFC 793 implementation of TCP/IP and don’t work against any version of Windows.

XML-RPC server is a remote procedure

call protocol which uses XML to encode its calls and HTTP as a transport mechanism.

XMPP Extensible Messaging and Presence Protocol:

iChat uses this

XSS Cross site scripting (XSS): abbrev for a security vulnerability whereby a client can code and transmit to a

remote server for remote execution of poss logic bomb.

zombies secondary machines used in a DDoS attack.

Zone transfer Stands for DNS

zone transfer: one type of database replication mechanism used by a second server. It updates its database from the primary database.