Information Security Glossary

Information Security Glossary

If you’re studying information security for the Security+, CEH, CISSP or any of the varying information security certifications you’ve probably spent some time reviewing the wide array of acronyms for all the varying technologies. I’m going to attempt to put together a thorough information security glossary of terminology to assist with your journey into information security.

Access Control – Selective and restrictive access to resources or physical locations

Access Control List (ACL) – Specifies which systems or users are granted access to objects or resources

Active Directory – Directory services provided from Microsoft’s Windows Servers

Active IDS – Detects a security breach according to parameters it has been configured with, logs the activity, then takes appropriate action

AES – Symmetric 128-bit block cipher based on the Rijndael algorithm. Encryption adopted by the US Government as the standard to replace DES

Authentication Header Protocol – Protocol used by IPSec to provide data integrity through use of MD5 and SHA

Authentication Header Protocol – Takes an IP packet, hashes the IP header and payload with MD5 or SHA and adds its own header to the packet

Algorithm – The rule, system, or mechanism used to encrypt data

Anomaly-Based Analysis – IDS data analysis method that looks for network, host, or application changes as compared to preset parameters

Application Server – Network server that provides access to a particular application for network users

Application Based IDS – IDS software component that monitors a specific application on a host

Asymmetric Encryption – Two-way encryption scheme that uses paired private keys and public keys to perform encryption and decryption

Attacker – Another term for a user who gains unauthorized access to computers and networks for malicious purposes

Auditing – In security terms, the process of tracking and recording system activities and resource access

Authentication – In security terms, the process of uniquely identifying a particular individual or entity

Authorization – In security terms, The process of determining what rights and privileges a particular entity has

Availability – Fundamental security goal of ensuring that systems operate continuously and that authorized persons can access data they need

Backdoor – Mechanism for gaining access to a computer that bypasses or subverts the normal method of authorization

Business Continuity Plan (BCP) – Policy which defines how normal day-to-day business will be maintained in the event of a business disruption or crisis

Berkeley Internet Name Domain (BIND) – Popular Unix-based implementation of DNS

Biometrics – Authentication scheme based on an individual’s physical characteristics

Birthday Attack – Password attack; exploits weaknesses in mathematical algorithms used to encrypt passwords

Black Hat – Hacker who exposes vulnerabilities for financial gain or malicious purpose

Block Cipher – Symmetric encryption that encrypts data a block at a time, often in 64-bit blocks

Block Cipher – Usually more secure, but slower than other ciphers

Blowfish – Freely available 64-bit block cipher algorithm that uses variable key length

Broadcast Domain – Group of network hosts that will receive a network broadcast packet

Brute Force – Password attack where an attacker uses an application to exhaustively try every possible alphanumeric combination to crack passwords

Buffer Overflow – Exploits fixed data buffer sizes in a target piece of software by sending data that is too large for the buffer

Certificate Authority – Server that can issue digital certificates and the associated public/private key pairs

CA Hierarchy – Single CA or group of CAs that work together to issue digital certificates

CAST-128 – Symmetric encryption algorithm with a 128-bit key, named for its developers, Carlisle Adams and Stafford Tavares

Certificate Management System – System that provides the software tools to perform day to day functions of the PKI

Certificate Policy – Security policy that determines what information a digital certificate will contain and the parameters for that information

Certificate Practice Statement – A document that states how the CA will implement the certificate policy

Certificate Repository – A database containing digital certificates

Challenge Handshake Authentication Protocol (CHAP) – User name/password authentication scheme in which the user is authenticated by a series of challenge messages and the password itself is never sent across the network

Ciphertext – Data in encrypted form

Cleartext – Data in an unencrypted form

Coax – Coaxial cable nickname

Coaxial Cable – Copper cable that features a central conductor surrounded by braided or foil shielding

Cold Site – Predetermined alternate location where a network can be rebuilt after a disaster

Collision damage – Group of network hosts that must compete for access to the network media before making any type of network transmission

Confidentiality – Fundamental security goal of keeping information and communication private and protecting them from unauthorized access

Cracker – Term preferred by the hacker community for a user who gains unauthorized access to computers and network for malicious purposes

Certification Revocation List (CRL) – A list of certificates that are no longer valid

Discretionary Access Control (DAC) – Access is controlled based on a user’s identity, objects are configured with a list of users who are allowed access to them

Discretionary Access Control (DAC) – Administrator has discretion to place users on the list, if on the list, user is granted access, if not access is denied

Daemon – Unix or Linux term for a user-independent process

Database Server – Application server that hosts a database system for network users

Distributed Denial of Service Attack (DDoS) – Software attack in which an attacker hijacks or manipulates multiple computers on disparate networks to carry out a DoS attack often utilizing zombies systems

Default Security Attack – Attacker attempts to gain access to a computer by exploiting the security flaws that exist in the default configuration of the computer’s operating system

Data Encryption Standard (DES) – Symmetric encryption algorithm that encrypts data in 64 bit blocks using a 56 bit keyy with 8 bits for parity

Dynamic Host Configuration Protocol (DHCP) – Network service that provides automatic assignment of IP addresses and other TCP/IP configuration information

Dictionary Attack – Type of password attack that automates password guessing using a list of possible password values

Diffie-Hellmann – Cryptographic protocol that provides for secure key exchange

Digital Certificate – An electronic document that associates credentials with a public key

Digital Signature – An encrypted hash value that is appended to a message to identify the sender and message

Directory Service – Network service that stores information about all the objects in a particular network, including users, groups, servers, client computers, and printers

Demilitarized Zone – Small section of a private network that is located between two firewalls and made available for public access

Domain Name System (DNS) – The service that maps names to IP addresses on most TCP/IP networks, including the internet

Denial of Service Attack (DoS) – Software attack in which an attacker disables systems that provide network services by consuming a network link’s available bandwidth, consuming a single system’s available resources, or exploiting programming flaws in an application or operating system

Drone – Unauthorized software introduced on multiple computers to manipulate the computers into mounting a DDoS attack

Disaster Recovery Plan – Policy that defines how people and resources will be protected in the case of a natural or man-made disaster and how the organization will recover from the disaster

Dual Key Pair – Certificate that performs more than one function by combining services, such as encryption and digital signatures

Dumpster Diving – Attacker will gain valuable information from items that are improperly disposed of in the trash

Eavesdropping Attack – Software attack using special monitoring software to gain access to private communications on the network wire or across a wireless network

Eavesdropping Attack – Type of attack is used either to steal content of the communication itself or gain information that will help the attacker later gain access to you network and resources

eDirectory – Most current version of Novell’s NDS directory service

Elgamal – Public-key encryption algorithm developed by Taher Elgamal

Encryption – Security technique that converts data from plain, or cleartext form, into coded, or ciphertext form

Enumeration – Attacker will try to gain access to users and groups, network resources, shares, applications and banners, or valid user names and passwords. Can be obtained through social engineering, network sniffing, dumpster diving, or watching a user log in

Encapsulating Security Payload Protocol (ESP) – IPSec protocol that provides data integrity as well as data confidentiality using either DES or 3DES

Ethical Hacking – Planned attempts to penetrate the security defenses of a system in order to identify vulnerabilities

Extranet – Private network that employs Internet-style technologies to enable communications between two or more separate companies or organizations

Fault Tolerance – Ability of a network or system to withstand a foreseeable component failure and continue to provide an acceptable level of service

Firewall – Any software or hardware device that protects a system or network by blocking unwanted network traffic

Firmware – Rewritable computer chips that contain software instructions

Footprinting – Stage of hacking process in which the attacker chooses a target organization or network and begins to gather information that is publicly available

File Transfer Protocol (FTP) – A communications protocol that enables the transfer of files between a user’s workstation and a remote host

Guideline – Suggestion for meeting the policy standard or best practices

Hacker – User who uses their skills to gain access to computer systems through unauthorized or unapproved means

Hardening – Security technique in which the default security configuration of a system is altered to protect the system against attacks

Hardware Attack – An attack that targets a computer’s physical components and peripherals, including its hard disk, motherboard, keyboard, network cabling, or smart card reader

Hash – the value that results from hashing encryption

Hashing encryption – One-way encryption that transforms cleartext into a coded form that is never decrypted

Host based IDS (HIDS) – IDS system that primarily uses software installed on a specific system such as a web server

High Availability – Rating that expresses how closely systems approach the goal of providing data availability 100% of the time while maintaining a high level of performance

Hijacking Attack – A software attack where the attacker takes control of a TCP session to gain access to data or network resources using the identity of a legitimate network user

Honeypot – A security tool used to lure attackers away from the actual network components.

Hot Site – Fully configured alternate network that can be online quickly after a disaster

Hotfix – A patch that is often issued on an emergency basis to address a specific security flaw

Hypertext Markup Language (HTML) – Standard language that defines how web pages are formatted and displayed

Hypertext Transfer Protocol (HTTP) – Primary protocol that enables clients to connect and interact with websites

Hypertext Transfer Protocol Secure (HTTPS) – Version of the HTTP protocol that employs Secure Sockets Layer (SSL) to encrypt communications between web browsers and web servers

Intrusion Detection System (IDS) – Software and/or hardware system that scans, audits, and monitors the security infrastructure for signs of an attack in progress

Internet Key Exchange (IKE) – Used by IPSec to create a master key, which is in turn used to generate bulk encryption keys for encrypting data

Internet Mail Access Protocol v4 (IMAP4) – Email client protocol used to retrieve email from a web-enabled email sever by using a browser

Integrity – Fundamental security security goal of ensuring that electronic data is not altered or tampered with

Intranet – Private network that employs Internet-style technologies for internal communication

IP Spoofing Attack – Type of software attack where an attacker creates IP packets with a forged source IP address and uses those packets to gain access to a remote system

Internet Protocol Security (IPSec) – Set of open, non-proprietary standards that you can use to secure data as it travels across the network or the Internet through data authentication and encryption

IPSec Driver – Watches packets being sent and received to determine if the packets need to be signed and encrypted, based on Group Policy or local Registry settings

IPSec Policy – Set of security configuration settings that define how an IPSec enabled system will respond to IP network traffic

IPSec Policy Agent – Service that runs on each Windows 2000 Server, 2000 Professional, and XP Professional computer that’s used to transfer IPSec policy agent from Active Directory or the local Registry to the IPSec driver

Incident Response Policy (IRP) – The security policy that determines the actions that an organization will take following a confirmed or potential security breach

Key – A specific piece of information that is used in conjunction with an algorithm to perform encryption and decryption

Key Escrow – Method for backing up private keys to protect them while allowing trusted third parties to access the keys under certain conditions

Layer Two Tunneling Protocol (L2TP) – De facto standard VPN protocol for tunneling across a variety of network protocols such as IP, Frame Relay, or ATM

Lightweight Directory Access Protocol (LDAP) – Standard protocol that is used on TCP/IP networks to access a compliant directory service or directory database

Logic Bomb – Piece of code that sits dormant on a user’s computer until it’s triggered by a specific event, such as a specific dat

M of N scheme – A mathematical control that takes into account the total number of key recovery agents (N) along with the number of agents required to perform a key recovery (M)

Mandatory Access Control (MAC) – Objects (files and other resources) are assigned security labels of varying levels, depending on the object’s sensitivity.

Media Access Control (MAC) Address – A unique physical address assigned to each network adapter board at the time of manufacture

Malicious Code Attack – Type of software attack where an attacker inserts malicious software into a user’s system to disrupt or disable the operating system or an application

Malware – Malicious code, such as viruses, Trojans, or worms

Man-in-the-Middle Attack – Software attack where an attacker inserts himself between two hosts to gain access to their data transmissions

Message Digest 5 (MD5) – Hash algorithm, based on RFC 1321, produces a 128-bit hash value and is used in IPSec policies for data authentication

RFC 1321 – MD5 is based on this

Message Digest – A hash value generated from an electronic message

Misuse of Privilege attack – Attack in which a user uses legitimate administrative privileges to attack the system

Multi-factor Authentication – Any authentication scheme that requires validation of at least two of the possible authentication factors

Multiple Key Pairs – Multiple certificates issued to a single-entity, each performing a separate function

Mutual Authentication – Security mechanism that requires each party in a communication to verify its identity

Network Address Translation (NAT) – Simple form of Internet security that conceals internal addressing schemes from the public Internet by translating between a single public address on the external side of a router and private, non-routable addresses internally

Novell Directory Services (NDS) – Standards-based directory service from Novell, Inc that runs on Novell NetWare servers

Network-based IDS (NIDS) – IDS system that primarily uses passive hardware sensors to monitor traffic on a specific segment of the network

NetWare Loadable Module (NLM) – A Novell term for a user-independent process

Network News Transfer Protocol (NNTP) – Protocol used to post and retrieve messages from newsgroups, usually from the worldwide bulletin board system, called USENET

Non-Repudiation – Security goal of ensuring that the party that sent the transmission or created data remains associated with that data

Paillier Cryptosystem – Asymmetric encryption algorithm developed by Pascal Paillier

Passive IDS – An IDS that detects potential security breaches, logs the activity, and alerts security personnel

Password Attack – Type of attack in which the attacker attempts to obtain and make use of passwords illegitimately

Patch – Small unit of supplemental code meant to address either a security problem or a functionality flaw in a software package or operating system

Pretty Good Privacy (PGP) – Method of securing emails created to prevent attackers from intercepting and manipulating email and attachments by encrypting and digitally signing the contents of the email using public key cyrptography

Phishing – Type of email based social engineering attack, in which the attacker sends email from a spoofed source, such as a bank, to try to elicit private information from the victim

Ping Sweep – A scan of a range IP addresses to locate active hosts within the range

Public Key Cryptography Standards (PKCS) – A set of protocol standards developed by a consortium of vendors to send information over the Internet in a secure manner using a public key infrastructure (PKI)

Public Key Infrastructure (PKI) – System that is composed of a Certificate Authority (CA), certificates, software, services, and other cryptographic components, for the purpose of enabling authenticity and validation of data and/or entities

Privilege Management Infrastructure (PMI) – An implementation of a particular set of privilege management technologies

Policy Statement – An outline of the plan for the individiual security component

Post Office Protocol v3 (POP3) – One of the major protocols used by email clients to retrieve messages from an email server

Port Scanning Attack – Software attack where an attacker scans your systems to see which ports are listening

Point-to-Point Tunneling Protocol (PPTP) – Proprietary Microsoft VPN protocol

Private Root CA – Root CA that is created by a company for use primarily within the company itself

Privilege Management – Use of authentication and authorization mechanisms to provide an administrator with centralized or decentralized control of user and group role-based privilege management

Procedure – Instructions that detail specifically how to implement the policy

Profile-based Analysis – Same as Anomaly-based analysis

Profiling – Same as Footprinting

Public Root CA – Root CA created by a vendor

Public-key Encryption – Same as asymmetric encryption

Registration Authority (RA) – An authority in a network that processes requests for digital certificates from users

Remote Authentication Dial-in User Service (RADIUS) – A standard protocol for providing centralized authentication and authorization services for remote users

Remote Access Server (RAS) – Gateway system that provides remote clients with access to all or part of an internal network

Role Based Access Control (RBAC) – Access is controlled based on a user’s role

RC algorithms – Series of variable key length symmetric encryption algorithms developed by Ronald Rivest

Replay Attack – Type of software attack where an attacker captures network traffic and stores it for retransmission at a later time to gain unauthorized access to a network

Rollup – A collection of previously issued patches and hotfixes, usually meant to be applied to one component of a system, such as the web browser or particular service

Root CA – Top-most CA in the hierarchy and consequently, the most trusted authority in the hierarchy

Router – A networking device that connects multiple networks that use the same protocol

RSA – The first successful algorithm to be designed for public key encryption. Named for its designers, Rivest, Shamir, and Adelman

Secure Multipurpose Internet Mail Extensions (S/MIME) – Prevents attackers from intercepting and manipulating email and attachments by encrypting and digitally signing the contents of the email using public key cryptography

Security Association (SA) – Negotiated relationship between two computers using IPsec

Scanning – Attacker uses specific tools to determine an organization’s infrastructure and discover vulnerabilities

Schema – Set of rules in a directory service as to how objects are created and what their characteristics can be

Security Baseline – Collection of security configuration settings that are to be applied to a particular system in the enterprise

Security Policy – Formalized statement that defines how security will be implemented within a particular organization

Security Template – Predefined set of security configuration parameters that you can supply to a system to enforce security baseline rules

Service – Windows term for user-independent process

Service Pack – Collection of system updates that can include functionality enhancements, new features, and typically all patches, updates, and hotfixes issued up to the point of the release of the Service Pack

Secure FTP (SFTP) – Secure, SSH-encrypted version of the FTP protocol

Secure Hash Algorithm (SHA) – Modeled after MD5 and considered the stronger of the two because it produces a 160-bit hash value

Secure Hash Algorithm (SHA) – 160-bit hash value

Shared key encryption – Same as symmetric encryption

Signature based analysis – IDS data analysis method that looks for network, host, or application activity that compares signatures in the datastream with known attack signatures

Site Survey – Analysis technique that determines the coverage area of a wireless network, identifies any sources of interference, and establishes other characteristics of the coverage area

Skipjack – Block cipher algorithm designed by the US National Security Agency (NSA) for use in tamper proof hardware in conjunction with the Clipper Chip

Service Level Agreement (SLA) – Contractual agreement between a service provider and a customer that stipulates the precise services and support options the vendor must provide

Smart Card – Device similar to a credit card that can store authentication information, such as a user’s private key, on an embedded microchip

Sever Message Block (SMB) – A protocol that runs on top of protocols such as TCP/IP, IPX/SPX, and NetBEUI, and is used to access shared network resources, such as files and printers

Simple Mail Transfer Protocol (SMTP) – Communications protocol used to send email from a client to a server or between servers

Smurf Attack – Type of DoS attack in which a ping message is broadcast to an entire network on behalf of a victim computer, flooding the victim computer with responses

Sniffer Attack – Software attack that uses special monitoring software to gain access to private communications on the network wire or across a wireless network.

Social Engineering Attack – Goal is to obtain sensitive data, including user names and passwords, from network users through deception and trickery

Software Attack – Goal is to disrupt or disable the operating systems and applications running on a system

Software Exploitation Attack – Attacker attempts to gain access to a system or to sensitive data by exploiting a flaw or feature in an application

Spyware – Code that’s secretly installed on a user’s computer to gather data about the user and relay it to a third party

Secure Shell (SSH) – Protocol for secure remote logon and transfer of data

Secure Sockets Layer (SSL) – Security protocol that combines digital certificates for authentication with RSA public key encryption

Single Sign On (SSO) – An aspect of privilege management that provides users with one-time authentication to multiple resources, servers, or sites

Standard – Definition of how adherence to the policy will be measured

Stream Cipher – Relatively fast type of encryption that encrypts data one bit at a time

Subordinate CA – Any CA below the root in the hierarchy

Switch – Networking device with multiple network ports that combines multiple physical network segments into a single logical network

Symmetric Encryption – Two-way encryption scheme in which encryption and decryption are both performed by the same key

SYN Flood Attack – Type of DoS attack in which the attacker sends multiple SYN messages initializing TCP connections with a target host

TACACS/TACACS+ – Standard protocols for providing centralized authentication and authorization services for remote users

Takeover Attack – A type of software attack where an attacker gains access to a remote host and takes control of the system

Transport Layer Security (TLS) – Security protocol that uses certificates and public key cryptography for mutual authentication and data encryption over a TCP/IP conection

Token – Physical object that stores authentication information

Trojan Horse – Malicious code that masquerades as a harmless file

Trust Model – A CA hierarchy

Tunneling – A data-transport technique in which a data packet is transferred inside the frame or packet of another protocol, enabling the infrastructure of one network to be used to travel to another network

Twisted Pair – Includes pairs of wires twisted around each other enclosed in a plastic jacket

User-Independent Process – General term for any process or application that can run in the background on a computer system without a particular user being logged in

Virus – Sample of code that spreads from one computer to another by attaching itself to other files

Virtual LAN (VLAN) – A point to point physical network; created by grouping selected hosts together, regardless of physical location

Virtual Private Network (VPN) – A private network that is configured within a public network, such as the internet

VPN Protocol – Protocols that provide VPN functionality

Wireless Application Protocol (WAP) – Designed to transmit data such as web pages, email, and newsgroup postings to and from wireless devices over very long distances

Wardriving – A popular way to gain unauthorized access to a network; involves simply driving in a car with a laptop and a wireless NIC

Warez – Pirated software that’s illegally made available for download and general use

Warez Servers – Contain pirated software that’s illegally made available for download and general use

Warm Site – Location that is dormant or performs noncritical functions under normal conditions, but which can be rapidly converted to a key operations site if needed

Wired Equivalency Protocol (WEP) – Provides 64, 128, and 256-bit encryption using Rivest Cipher 4 (RC4) algorithm for wireless communication using the 802.11a and 802.11b protocols

White Hat – A hacker who exposes security flaws in applications and operating systems so manufacturers can fix them before they become widespread problems

Windows Security Policies – Configuration settings within Windows operating systems that control the overall security behavior of the system

Worm – Piece of code that spreads from one computer to another on its own, not by attaching itself to another file

Wireless Transport Layer Security – Security layer or WAP and the wireless equivalent of TLS in wired networks

Zombie – Unauthorized software introduced on multiple computers to manipulate the computers into mounting a DDoS attack

That brings this information security glossary to an end, however, if you would like to see anything added or have any corrections please leave a comment.