A (address): - A type of DNS record that maps a host name to an IP address

1000BaseT: - 1,000 Mbps (1 Gbps) baseband Ethernet using twisted pair wire.

100BaseT: - 100 Mbps baseband Ethernet using twiested pair wire.

10Base5: - 10 Mbps Ethernet using coaxial cable (thicknet) rated to 500 meters.

10BaseF: - 10 Mbps baseband Ethernet using optical fiber.

10BaseT: - 802.3 IEEE Ethernet standard for 10 Mbps Ethernet using coaxial cable
(thinnet) rated to 185 meters.

10BaseT: - 10 Mbps UTP Ethernet rated to 100 meters.

10Broad36: - 10 Mbps broadband Ethernet rated to 3,600 meters.

2.5G: - 2G cellular systems combined with GPRS are often described as 2.5G, that
is, a technology between 2G & 3G.

3 composition theories related to security models: - 1. cascading; 2. feedback;

& 3. hookup

3 Types of Intrusion Detection Systems State anomoly, protocol retardation,

pattern-matching system

3DES: Triple Data Encryption Standard encryp

3G:

3G is the third generation of tele standards and technology for mobile networking,
superseding 2.5G. It is based on the International Telecommunication Union (ITU)
family of standards under the

IMT-2000: 3G networks enable network op's to offer wider range of more adv serv's
while prov more capacity through imprv'd spectral efficiency. Services include
wide-area wireless voice telephony, video calls, and broadband wireless data all
in a mobile environment. Unlike IEEE 802.11 networks, aka Wi-Fi or WLAN networks,
3G networks are wide-area cellular telephone networks that evolved to incorporate
high-speed
Internet access and video telephony.

IEEE 802.11 networks are short range, high-bandwidth networks prim dev for data.

4 Kinds of Tokens?: - 1) Static password; 2) Synchronous dynamic password; 3)

Asynchronous password; & 4) Challenge response

802.10: - IEEE standard that specifies security and privacy access methods for
LANs.

802.11: IEEE standard that specifies 1 Mbps and 2 Mbps wireless connectivity.
Defines aspects of frequency hopping and direct-sequence spread spectrum (DSSS)
systems for use in the 2.4 MHz ISM (industrial,
scientific, medical) band. Also refers to teh IEEE committee responsible for
setting wireless LAN standards.

802.11a: - Specifies high-speed wireless connectivity in the 5 GHz band using

orthogonal frequency division multiplexing (OFDM) with data rates up to 54 Mbps.

802.11a: - Specifies high-speed wireless connectivity in the 5 GHz band using

orthogonal frequency division multiplexing (OFDM) with data rates of up to 54
Mbps.

802.11b: Specifies high-speed wireless connectivity in the 2.4 GHz ISM band up
to 11 Mbps.

802.11b: - WLAN ad hoc and infrastructure modes.

802.11g: - In 2003 a 3rd wireless modulation standard was advanced. Op's at a

near max of 54 Mbit/s. Suffers legacy issues from

802.11b. - Same 2.4 GHz band as microwv, Bluetooth, cordless phones, and baby
monitors interference.

802.15: - Specification for Bluetooth LANs in the 2.4-2.5 GHz band.

802.1x: IEEE 802.1x is an IEEE Standard for port-based Network Access Control
(port: meaning a single point of attachment to the LAN infrastructure). It is the
protocol used for most wireless

802.11 - access points and is based on the Extensible Authentication Protocol

(EAP).
802.2: - Standard that specifies the LLC (logical link control).

802.3: - Ethernet bus topology using carrier sense medium access

control/carrier detect (CSMA/CD) for 10 Mbps wired LANs. Currently, it is the most
popular LAN topology.

802.3: - IEEE 802.3 is a collection of IEEE standards defining the physical

layer, and the media access control (MAC) sublayer of the data link layer, of
wired Ethernet. This is generally LAN technology with
some WAN applications. Physical connections are made between nodes and/or
infrastructure devices (hubs, switches, routers) by various types of copper or
fiber cable.

802.4: - Specifies a token-passing bus access method for LANs.

802.5: Specifies a token-passing ring access method for LANs.

Access modes: Mode set for a user on a volume: Read, write, none.

ACK: Acknowledgment; a short-return indication of the successful receipt of a

message.

ACK layer: - Acknowledgment of receipt

ACO:

Authenticated ciphering offset.

Active sniffing: - To elicit responses is active sniffing.

ActiveX: - Microsoft's component ojbect model (COM) technology used in web

applications. ActiveX is implemented using any one of a variety of languages,
including Visual Basic, C, C++, and Java.

Advantages of network bridges? - 1. self-configuring; 2. primitive bridges are

often inexpensive; 3. reduced size of collision domain; 4. transparent protocols
above the MAC layer; 5. allows the introduction of
management, perf info and access control

AES-128/256: - (AES) Rijndael - A sysmmetric block cipher with a lock size of

128 bits in which the key can be 128, 192, or 256 bits. The Advanced Encryption
Standard replaces the Date Encryption Standard (DES) and was announced on Nov 26,
2001, as Federal Information Processing Standard (FIPS PUB 197).

AES-CCMP: - Part of the WPA2 protocol and an optional part of the WPA protocol.
CCMP replaced TKIP & WEP encryption protocols. It's based on AES, obv. Name:
Counter Mode with Cipher Block Chaining Message

Authentication Code protocol.

AH: - Authentication Header (AH): IPSec uses two protocols for security.

AIS - Automated information system: An assembly of computer hardware, software,

and/or firmware that is configured to collect, create, communicate, compute,
disseminate, process, store, and/or control data or information.

ALE - annualized loss expectancy

Analog - Electrical signal with a variable amplitude

ANSI - American National Standards Institute

Application gateway? - A type of firewall that applies security mechanisms to

specific applications, such as FTP and Telnet servers. This is a very effective
but can impose a performance degredation.

Application Layer The top layer of the OSI model, which is concerned with
application programs. It provides services such as file transfer and email to the
network's end users.

Application level gateway - ALG: consists of a security component that augments

a firewall or NAT employed in a comp network. It allows special filters to be used
to allow certain applications like

BitTorrent to access the internet under tight control.

Application-Gateway Firewall Like the Application-Proxy Firewall, the Application-

Gateway Firewall operates on Layer 7 of the OSI model. Application gateway
firewalls exist only for a few network applications. A typ app gateway firewall is
a sys in which you must telnet to one sys in order to then telnet again to make a
connect outside the network.
Application-level firewall - In comp networking, an app layer firewall is a
firewall operating at the application layer of a protocol stack. Generally it is a
host using various forms of proxy servers to

proxy traffic instead of routing it. As it works on the application layer, it may
inspect the contents of the traffic, blocking what the firewall administrator
views as inappropriate content, such as websites,
viruses, att to exp known flaws in client software, etc. An application layer
firewall does not route traffic on the network layer.

Application-Proxy Firewall - In a proxying firewall, every packet is stopped at

the firewall. The packet is then examined and compared to the rules configured
into the firewall. If the packet passes the exams, it is recreated and sent out.
The drawback is that a sep app-level firewall must be written for each app at the
app layer: e.g., 1 for http, 1 for ftp, 1 for gopher.

App-level firewalls op on Layer 7 of the OSI model.

ARIN - The American Registry for Internet Numbers

aro - annualized rate of occurrence

ARP - Address Resolution Protocol (ARP): A TCP/IP protocol that binds logical
(IP) addresses to physical addresses.

ARP cache - Address Resolution Protocol (ARP) is a subprotocol of the TCP/IP

protocol suite that operates at the Network layer (layer 3). ARP functions by
broadcasting a request packet with the target IP
address. The system with the IP address in question will repond with its
associated MAC address.The discovered data is stored in a form known as ARP cache
by ARP.

AS3 Adobe proprietary format: ActionScript 3

ASCII - American Standard Code for Information Interchange (ASCII): a coding

standard that can be used for enumerating English letters from 0 to 127. ASCII's
purpose is to convert letters to numbers to allow for faster data transmission, as
processors can handle & move the data faster. It is implemented as a character-
encoding scheme based on the ordering of the English alphabet. ASCII codes
represent text in computers, communications equipment and other dev's that work
with text. ASCII was dev in 1960's. Most characters are non-printing.
ASP.NET Microsoft's Web server is called Internet Information Services, which
is made up of a # of "sub-app's" and therefore highly configurable. ASP.NET is one
such app.

Asynchronous Transfer Mode - A cell-based connection-oriented data service

offering high-speed data communications. ATM integrates circuit and packet
switching to handle both constant and burst information at rates up to 2.488 Gbps.
aka: cell relay.

At present, the 3 pairs of aspects/features used to describe data storate?

primary vs. secondary, volatile vs. nonvolatile, and random vs. sequential.

ATM - asynchronous transfer mode (ATM): A cell-switching technology rather than

a packet-switching technology like Frame Relay.

AUI - A 15-pin interface between an Ethernet Network Interface Card and a

transceiver.

Authenticate - 1) To verify the identity of a user, device, or other entity in

a computer system, often as a prerequisite to allowing access to system resources;
2) To verify the integrity of data that have been stored, transmitted, or
otherwise exposed to possible unauthorized modification.

Authentication factor - 1) a piece of info; & 2) process to verify it

Authentication Token - A physical security device that serves to verify

electronically one's identity. Several diff interfaces exist. Some can transfer a
gen key to a client system.

Bandwidth-depletion attack - Like a DoS attack, simply denial of service via

bandwidth domination.

Banner grabbing - Banner grabbing is not detectible, it is therefore

considered passive OS footprinting. Banner grabbing is a technique that enables a
hacker to identify the type of operating system or app running on a target server.
A specific request for the banner is often allowed through firewalls bc it uses
legit connection requests such as Telnet.

Banner grabbing & OS identification: synonym Figerprinting the TCP/IP stack

Basel II

Basel II - is the second of the Basel Accords (issued by the Basel Committee on
Banking Supervision), init pub in 2004 as an international standard on banking
reserves.

Basic authentication In the context of an HTTP transaction, the basic access

authentication is a meth to allow a user on a web browser to authenticate. Before
transmittion, the user name is appended with a
colon and concat with the password. The result is encoded with Base64 algo.

Bastion host - A bastion host is a special purp computer designed to function as

a roadblock against direct attacks. Firewalls & routers can be considered such.

BAT files - In DOS, OS/2, and Microsoft Windows, a batch file is a text file
containing a series of commands intended to be executed by a single command. Flat
files that enable one to automatically check-in, delete, or update many files at
once.

baud rate The number of signal pulses that occur in one second.

The Bell-La Padula model is a state machine used by the DoD for enforcing
access control in gov & mil applications. The model is a formal state transition
model of computer security policy that describes a set of access control rules
that uses labels to characterize objects and clearances to characterize subjects.
binaries

binary file - is a computer file which may contain any type of data, encoded in
binary form for computer storage and processing purposes.

Biometric authentication lk up: the act

biometrics In info tech., biometrics ref to methods for uniquely rec humans based
upon one or more intrinsic physical or behav traits.In info tech partic, biomet is
a form of identity access management and access control.

BIOS The Basic Input/Output System (BIOS): The BIOS is the first program to run
when the computer is turned on. BIOS initializes and tests the computer hardware,
loads and runs the operating system, and manages setup for making changes in the
computer.

Blowfish This is a keyed, symmetric block cipher, des in 1993. There has been no
meaningful cryptanalysis exacted on Blowfish. It is solid, however AES now
receives more attention.
encryp

BOTs Secondary machines used in a DDoS attack.

Bound checks A check on code in question to assess its exploitability re

buffer overflow.

Boyer-Moore theorem prover A method to mechanically check a kernel.

Bridge A network bridge connects multiple network segments at the data link
layer (layer 2) of the OSI model, and the term layer 2 switch is very often used
interchangeably with bridge.

Bridging is a forwarding technique used in packet-switched computer networks.

Unlike routing, bridging makes no assumptions about where in a network a
particular address is located. Instead, it depends on flooding and exam of source
addresses in received packet headers to locate unknown devices. Once the device is
found, it is stored in a MAC address table.

Brute-force password attack To attempt to crack a password by trying every

possible combo of letters, numbers and characters.

CAM table Content Addressable Memory (CAM) table is a common term usually
referring to the Dynamic Content Addressable Memory on an Ethernet switch. The
table provides the switch with addresses to
forward a recieved signal to, a hub does not - so they all get the passed on or
outbound signal.

Category 1 twisted pair wire Used for early analog telephone communications; not
suitable for data.

Category 2 twisted pair wire Rated for 4 Mbps and used in 802.5 token ring
networks.

Category 3 twisted pair wire Rated for 10 Mbps and used in 802.4 10Base-T Ethernet
networks.

Category 4 twisted pair wire Rated for 16 Mbps and used in 802.5 token ring
networks.

Category 5 twisted pair wire Rated for 100 Mbps and used in 100BaseT Ethernet
networks.

CC Common Criteria: a standard for specifying and evaluating the features of

computer products and systems.
CCMP Counter Mode with Cipher Block Chaining Message Authentication Code protocol
(CCMP): A mandatory part of WPA2, but optional for WPA.

CCMP replaced TKIP and is a required option for Robust Security

Network (RSN) Compliant networks.

CDDI Copper Data Distributed Interface: A version of FDDI specifying the use of
unshielded twisted pair wiring.

CDMA Code Division Multiple Access, a cellular tech that competes with GSM tech
for global domination.

CDPD Cellular Digital Packet Data (CDPD): A technology that never made it due to
being relatively expensive. It was/is unique in that it would harnessed unused but
open frequencies of a band.

CER Crossover error rate

CERIAS The Center for Education and Research in Information Assurance and
Security (CERIAS): a well-known leader in research in computer, network, and
information security and information assurance.

CGI Common gateway interface

Checksum Synonymous with message digest, hash, hash value, hash total, CRC,
fingerprint, checksum, and digital ID.

Chipping (Chip) In digital communications, a chip is a pulse of direct-sequence

spread spectrum (DSSS) code, such as a pseudonoise code sequence used in direct-
sequence code division multiple access (CDMA)
channel access techniques. The chip rate of a code is the number pulses per second
(chips per sec) at which the code is trans or rec.

Chosen plaintext This is a definition of a cryptanalysis attack. It has a couple

key assumptions: 1) the attacker has the ability to chose arb plaintexts to
encrypt via same algo; & 2) s/he can also
obtain and analyze the corresponding output of applicable encryption.
CIA triad? Availability, confidentiality, integrity

CIFS Common Internet file system

Cipher In cryptography, a cipher (or cypher) is an algorithm for performing

encryption and decryption.

Circuit switched The application wherein a dedicated line is used to transmit

information. Contrast this with 'packet switched'.

Circuit-level firewall Synonymous with circuit-level gateway. Listen for TCP

handshaking requests. can't filter traffic on the Application Layer; less robust
than application-level gateway.

Circuit-level gateway Similar to one time authentication. Work at the session

layer of the OSI model, or as a "shim-layer" between the application layer and the
transport layer of the TCP/IP stack. They
monitor TCP handshaking between packets to determine whether a requested session
is legit. Info passed to a remote computer through a circuit-level gateway appears
to have originated from the gateway. This is useful for hiding info about
protected networks. Circuit-lev gateways are rel inexp, however they do not
monitor indiv packets.

Circuit-switched The application of a network wherein a dedicated line is used to

transmit information; contrast with 'packet-switched.'

Class 1 Auth Class 1 authentication attached through Verisign to your verified

email. Digital IDs for secure email. 1 year is $19.95: Verisign Digital ID's.
S/MIME compliant, can be used with Microsoft
Outlook, Mozilla, several other popular app's.

Class 2 Auth Class 2 authentication Digital ID issued to individuals

representing organisations. They can be used for a # of secure "communications
functions", including; secure email S/MIME, authentication
to online services, and to add digital signatures to Microsoft Office and other
electronic doc's to protect the doc's integrity and prov auth of authorship to
recipients.

Client-server interface - A software construction, ref to as a document, to "push"

messages to the client browser written in a markup language with its own method,
apparatus, and computer program for generating the the electronic document.

CNAME - DNS Records: (canonical name) Provides additional names or aliases for the
address record

Collission domain Aka - Shared Ethernet hub. A component that provides Ethernet
connections among multiple stations sharing a common collision domain.

COM - Common Object Model: A model that allows two software components to
communicate with each other independent of their platforms' operating systems and
languages of implementation. As in the object-oriented paradigm, COM works with
encapsulated objects.

Common & practical defenses against SQL injection 1. Perform input validation;
2. Limit account privileges.

Common Criteria Common Criteria (CC): is an international standard (ISO/IEC)

Companion files Supporting system files like DLL and INI files

COMSEC Communications Security: measures and controls taken to deny

unauthorized persons information derived from telecommunications and to ensure the
authenticity thereby: cryptosecurity, transmission security, emission security,
and physical security of COM-SEC material and information.

connection table filled up during SYN flooding. Victim's table is filled

transmission request signals from spoofed IPs: straight lockdown.

cookie hijacking - Cookie hijacking or cookie snarfing entails modifying data

stored in cookies and then used for the purpose of impersonating the victim and
poss obtain data.

Coring The microprocessor architecture on a chip.

COTS Commercial off-the-shelf

covert channel transferring information in a way that violates the system's

security policy.
CRC A common error-detection process. A mathematical procedure applied to
transmitted data that is performed upon receipt of the data and cross checked; a
mismatch indicates a high probabilty of transmission error.

CRL Certificate Revocation List (CRL).

cryptanalysis break the cipher

crypto-algorithm a well-defined procedure to produce a key stream.

CSMA/CA - Carrier sense multiple access/collision avoidance, commonly used in

802.11 Ethernet and LocalTalk.

CSMA/CA - In computer networking, CSMA/CA belongs to a class of protocols

called multiple access methods. CSMA/CA stands for: Carrier Sense Multiple Access
with Collision Avoidance. In CSMA, a station wishing to
transmit has to first listen to the channel for a predetermined amount of time so
as to check for any activity on the channel. If the station is sensed "idle" then
the station is permitted to transmit. In

Ethernet 802.3, the station continues to wait for a time, and checks to see if the
channel is still free. If it is free, the station transmits, and waits for an
acknowledgment signal that the packet was received. Collision avoidance is used on
WLAN's because it is not possible to listen while sending, so CA is used over CD.

CSMA/CD - Carrier sense multiple access/collission detection, used in 802.3

Ethernet.

CSR - Certificate Signing Request (CSR): An individual who submits a certificate

to a

CSSM Cross Site Scripting (CSS?): M?

CSTVRP - Computer Security Technical Vulnerability Reporting Program: A

program that concentrates on the technical vulnerabilities of commercially
available hardware, software, and firmware acquired by the DoD.
Goal is to provide corrective measures to findings.
CVE Common Vulnerabilities and Exposures database

DAA - Designated Approving Authority (DAA).

daemons - agent processes

Data storage - what are the 3 main aspects? 1) Primary vs secondary; 2)

Volatile vs nonvolatile; & 3) random vs sequential

DB-9 A standard 9-pin connector commonly used with RS-232 serial interfaces on
portable computers. The DB-9 connector does not support all RS-232 functions.

DBMS Database Management System (DBMS) Architecture: a variety exists today, but
the majority of current sys's implement a technology known as relational database
management systems (RDBMSs).

DCOM A distributed object model that is similar to the Common Object Request
Broker Architecture (COBRA). DCOM is the distributed version of COM that supports
remote objects as if the objects reside in the client's address space. A COM
client can access a COM object through the use of a pointer to one of the object's
interfaces and then invoke methods through that pointer.

denotational semantics model - an artificial intelligence process whereby a

machine is equiped with some tools to attempt and possibly succeed in carrying out
a mathematical proof.

DES - A cipher for unclassified data, published in Federal Info Processing

Standard (FIPS) 46. The DES, which was appr'd by the NIST, is intended for public
& gov use.

DES A cryptographic algorithm for the protection of unclassified data, published

in Federal Information Processing Standard (FIPS) 46. The DES, which was approved
by the NIST, is intended for public and government use. encryp

Detective access controls Used to discover unwanted or unauth activity

Device Computer hardware, peripheral - any device attached to a computer that

expands its functionality, device file - an interface for a device driver.

DHCP Dynamic Host Configuration Protocol (DHCP).

DIACAP - -Successor to DITSCAP. DoD information technology security
certification & accreditation process is a process adv. by DoD for managing risk,
i.e., automated information system that will maintain information assurance.

DICOM Dumper

DICOM Dumper is a simple utility for decoding and dumping the content of DICOM 3.0
files

Difference between network address and ip address - To determine what the network
address is for any given IP address, you merely have to convert both octal
addresses into binary, and do a bitwise AND
operation. An example using an IP address of 156.154.81.56 used with a network
mask of 255.255.255.240 follows:

IP Address: 10011100.10011010.01010001.00111000

Subnet mask: 11111111.11111111.11111111.11110000

Bitwise AND -----------------------------------------------

Result: 10011100.10011010.01010001.00110000 - As you can see, the network

address for the IP address and subnet mask in question is 156.154.81.48. To
determine the how many hosts are possible to be on this same subnet, it is a
simple operation. Count the number of bits from the right until you get to the
first "1" in the binary network address display. That number will be the power you
raise 2 to for the calculation of possible number of hosts.

Diffie-Hellman Key Exchange - Is a cryptographic protocol that allows two parties

that have no prior knowledge of each other to jointly establish a shared secret
key over an insecure communication channel.
This can be used to est subseq symm key cipher. Syn: Exponential key exchange.
Est' 1976.

Digest authetication - Process whereby site process is to hash credentials and

use a challenge-response model for authentication.

Digital certificate - serves to bind an individual to his/her public key

Direct-sequence spread spectrum - In telecom, direct-sequence spread spectrum

(DSSS) is a modulation technique. As with other spread spectrum tech's, the trans
signal takes up more bandwidth than the information signal that is being
modulated. The term 'spread spectrum' comes from the fact that the carrier signals
occur over the full bandwidth (spectrum) of a device's transmitting frequency.

Directory services An implementation of single sign-on technologies: SSO

technology allows a subject to be authenticated only once on a system and be able
to access resources after resource unhindered by repeated authentication prompts.
This convenience also posses the danger of an intruder gaining full-control of a
system with one successful authentication; this is usually addressed by doubling
up an app like

Kerberos with Directory Services, each an SSO. Directory services and Kerberos are
examples of SSO mechanism.

Disk clusters - Contiguous groups of sectors of a circular drive - like a

partial ring or washer shape on a series of concentric circles.

Disk image - A bit-level copy, sector-by-sector of a disk, which provides the

capability to examine slack space, undeleted clusters, and possibly, deleted
files.

DITSCAP - Defense Information Technology Systems Certification and

Accreditation Process (DITSCAP).

DLC - Data Link Control (DLC)

DLL - The Data Link Layer is responsible for producing Ethernet frames from
bytes and bytes from bits.

DLL Data Link Layer: The OSI level that performs the assembly and transmission
of data packets, including error control.

DMA - Direct Memory Access (DMA): is a feature of modern computers and

microprocessors that allows certain hardware subsystems within the computer to
access system memory for reading and/or writing
independently of the CPU.

DNS - Domain Name Server (DNS).

domain - 1) A realm of trust or a collection of subjects and objects that

share a common
security policy. Each domain’s access control is maintained independently of other
domains’
access control. This results in decentralized access control when multiple domains
are
involved.

DPL - Degausser Products List.

DQDB - In telecom, a distributed-queue dual-bus network (DQDB) is a distributed
multi-access network that does the following: 1) supports integrated
communications using a dual bus and distributed queing; 2)
provides access to local or metropolitan area networks; & 3) supports
connectionless data transfer, connection-oriented data transfer, and isochronous
communications, such as voice communications.

DQDB - The IEEE 802.6 standard that provides full-duplex 155 Mbps operation
between nodes in a metropolitan area network.

DSA - The Digital Signature Algorithm (DSA): is a U.S. Federal Government

standard or FIPS for digital signatures. It was proposed by the National Institute
of Standards and Technology (NIST) in August of
1991 for use in their Digital Signature Standard (DSS), specified in FIPS 186,
adopted in 1993. This is patented and the owner is an ex-NSA employee. The patent
was given to the U.S.A. and the NIST has made this patent available world-wide
royalty-free.

DSSS Direct-sequence spread spectrum: A method used in 802.11b to split the

frequency into 14 channels, each with a frequency range, by combining a data
signal with a chipping sequence. Data rates of 1, 2, 5.5, and 11 Mbps are
obtainable. DSSS spreads its signal continuously over this wide-freqency band.

Dual-homed host - A dual-homed host is a firewall or can be a computer packing at

least 2 transceivers. Basically, a makeshift firewall.

E-mail tracking - Appending a domain name to The email address: A single-pixel

graphic file that isn’t noticeable to the recipient is attached to the e-mail.
Then, when an
action is performed on the e-mail, this graphic file connects back to the server
and notifies
the sender of the action.

EAL - Evaluation Assurance Level (EAL): In the Common Criteria, the degree of
examination of the product to be tested. EALs range from EA (functional testing)
to EA7 (detailed testing and formal design verification).

EAP - Extensible Authentication Protocol (EAP). Cisco proprietary protocol for

enhanced user authentication and wireless security management.

EAP-TLS Extensible Authentication Protocol & Transport Layer Security (EAP-

TLS): Cisco prop standard.
ECC - Elliptic curve cryptography

ECDSA - Elliptic curve digital signature algorithm.

Echelon - A cooperative, worldwide signal intellgience system that is run by

the NSA of the US, the GCHQ of England, the CSE of Canada, DSD of Australia, and
the GCSB of New Zealand.

EDGE - Enhanced Data Rates for GSM Evolution (EDGE): '99 release. First
generation.

EDI - Electronic Data Interchange: A service that provides ccommunications for

business transactions. ANSI standard X.12 defines the data format for EDI.

EIA - Electronic Industries Association (EIA).

Electric beacon - A radio beacon is a transmitter at a known location, which

transmits a continuous or periodic radio signal with limited information content,
on a specified radio frequency. Occassionally the
beacon function is combined with some other transmission, like telemetry data or
meteorological information. Electric beacons are a kind of beacon used with
direction finding equipment to find ones relative bearing to a known location (the
beacon). The term electric beacon includes radio, infrared and sonar beacons.

erasure - 1) alternating current erasure, high-low alternation; 2) direct

current erasure, media saturation by unidirectional magnetic field.

ESMPT - Extended simple mail transfer protocol.

ESP - encapsulating security payload lookup more/better def

Ethernet - An industry-standard local area network media access method that uses
a bus topology and CSMA/CD. IEEE 802.3 is a standard that specifies Ethernet.

Ethernet frame - A measure of quantity. A standard Ethernet frame MTU is 1500

bytes. Adding the Ethernet header and cyclic redundancy check (CRC) trailer brings
the frame size to 1518. Which layer is
responsible for combining bits into bytes and bytes into frames?

Ethernet Layer aka? - MAC layer

Ethernet repeater - A component that provides Ethernet connections among multiple

stations sharing a common collision domain. Also referred to as a 'shared Ethernet
hub.'

Ethernet switch - More intelligent than a hub, with the capability to connect the
sending station directly to the receiving station.

Ethernet Switching - A Ethernet's switch's role is to copy bits (referred to

as Ethernet frames) from one port to another port quickly at layer two of the OSI
model. The pres of a CAM table is one attribute that sep's a switch from a hub.
The physical switch is what stops a rebound to all other machines/devices
connected to a switch that receives the signal.

exigent circumstances doctrine - Specifies that a warrantless search and

seizure of evidence can be conducted if there is probable cause to suspect
criminal activity or destruction of evidence.

FBA - Forms Based Authentication (FBA): simply use a form to send encrypted
authentication credentials via HTTPS.

FBM - File based metric

FCC Federal Communications Commission

FDDI - Fiber distributed data interface (FDDI) provides a standard for data
transmission in a local area network that can extend in range up to 200
kilometers. Alth, FDDI protocol is a token ring network, it
does not use the IEEE 802.5 token ring protocol as its basis. FDDI-II adds the
capability to add circuit-switched service to the network so that it can also
handle voice and video signals.

FDDI Fiber-Distributed Data Interface (FDDI): An ANSI standard for token-passing

networks. FDDI uses optical fiber and operates at 100 Mbps in dual, counter-
rotating rings.

FDMA - Frequency division multiple access. A spectrum-sharing technique whereby

the available spectrum is divided into a number of individual radio channels.

FDMA - A digital radio technology that divides the available spectrum into
separate radio channels. FDMA is generally used in conjunction with time division
multiple access (TDMA) or code division multiple
access (CDMA).

FDX Full-duplex.

FedCIRC - U.S. Federal Computer Incident Response Center: FedCIRC provides

assistance and guidelines in incident response and provides a centralized approach
to incident handling across U.S. government agency boundaries.

fetch protection - A system-provided restriction to prevent a program from

accessing data in another user's segment of storage.

FHMA - A system using frequency hopping spread spectrum (FHSS) to permit

multiple, simultaneous conversations or data sessions by assigning different
hopping patterns to each.

FHSS - A method used to share the avail bandwidth in 802.11b WLANs. FHSS takes
the data signal and modulates it with a carrier signal that hops from frequency to
frequency on a cyclical basis over a wide band of frequencies. FHSS in the 2.4 GHz
frequency band will hop between 2.4 GHz and 2.483 GHz. The receiver must be set to
the same hopping code.
Fiestel cipher An iterated block cipher that encrypts by breaking a plaintext
block into two halves and, with a subkey, applying a "round" transformation to one
of the halves. The output of this transformation is then XOR'd with the remaining
half. The round is completed by swapping the two halves.

File system journaling - A file system that logs changes to a journal (usu in a
cicular log) before committing them to the main file system. Such systems are less
likely to become corrupted in the event of a system crash.

Filtered - Means 'Nmap' or other app is prevented from discovering whether a

port is open. A firewall or network filter is screening the port and preventing
our utility from discovering whether a port in question is 'open'.

FIN Scan - A FIN scan is similar to an XMAS scan but sends a packet with just
the FIN flag set. FIN scans receive the same response and have the same
limitations as XMAS scans.
FIPS - Federal Information Processing Standard.

FIPS-181 - Federal Information Processing Standards Publications (FIPS PUBS) are

issued by the National Institute of Standards and Technology after approval by the
Sec of Comm. Basically, change pass ev 45 days & 1#, 1Symbol, 1 caps - min.

firewall - A network device that shields the trusted network from unauthorized
users in the untrusted network by blocking certain specific types of traffic. Many
types of firewalls exist, including packet
filtering and stateful inspection.

firmware - Executable programs stored in nonvolatile memory.

FISA - Federal Intelligence Surveillance Act (FISA) of 1978: An act that limited
wiretapping for national security purposes as a result of the Nixon
Administration's history of using illegal wiretaps.

flag - In a networking context: flag: An internet header field carrying various

control flags: informational pieces of data.

Flag meaning: ACK? Acknowledge. This flag is used to indicate the sender of
the ACK flag has established a connection, from his/her own side of the
connection.

Flag meaning: FIN? Finish. No more transmissions.

Flag meaning: PSH? Push. System is forwarding buffered data.

Flag meaning: RST? Reset. Resets the connection.

Flag meaning: SYN? Synchronize. This flag initiates a connection between

hosts.

Flag meaning: URG? Urgent. Data in packets must be processed quickly.

FLEX - Cryptography and hashing libraries for encryption and security: AS3
libraries. This is a library for data processing and FLEX is a particular library
used for hashing & crypto.

Flex - Adobe Air Flex Encryption System is a collection of technologies released

by Adobe Systems for the development and deployment of cross-platform rich
Internet applications based on the proprietary Adobe
Flash platform.

FM - frequency modulation (FM): A method of transmitting information over a

radio wave by changing frequencies.

Footprinting - Gathering info & detecting network range

form data Data captured in an HTML or XHTML form, hence "form data.

"

Forms based authentication - Simply uses Web forms to authenticate by encrypting

login that is then sent to host.

fractional T-1 - A 64 Kbps increment of a T1 frame.

frame relay - A packet-switching interface that operates at data rates of 56 Kbps

to 2 Mbps. Frame relay is minus the error control overhead of X.25, and it assumes
that a higher-layer protocol will check
for transmission errors.

front-end security filter - A security filter that could be implemented in

hardware or software, which is logically separated from the remainder of the
system in order to protect the system's integrity.

FSK - frequency shift keying (FSK): A modulation scheme for data communication
using a limited number of discrete frequencies to convey binary information.

FTLS - Formal Top-Level Specification (FTLS): A top-level specification that is

written in a formal mathematical language to enable theorems showing the
correspondence of the system specification to its
formal requirements to be hypothesized and formally proven.
FTP - File Transfer Protocol (FTP): FTP is a network protocol used to transfer
data from one computer to another through a - guess what - network. A TCP/IP
protocol for file transfer.

Full duplex - If transmit data and receive data are separate circuits, transmission
can occur in a concurrent flow in both directions: full duplex.

functional programming A programming method that uses only mathematical functions

to perform computations and solve problems.

Gateway - Gateways work on all seven OSI layers. The main job of a gateway is
to convert protocols among communications networks. A router by itself transfers,
accepts and relays packets only across networks using similar protocols. A gateway
can accept a packet in protocol A and convert it to B before forwarding it. A
network component that provides interconnectivity at higher network layers.

gigabyte - GB or GByte: A unit of measure for memory or disk storage capacity;

usually 1,073,741,824 bytes.

gigahertz

GHz - A measure of frequency; one billion hertz.

GLB - An act that removes Depression-era restrictions on banks that limited

certain business activities, mergers, and affiliations. Moves oversight of
insurers & health-plan bus's to state authorities. It's
got properties similar to HIPAA.

Google hacking - examples? passwords, credit card numbers, medical records and
other confidential information

GPG - GNU Privacy Guard: G(eneral Public License) Privacy Guard allows one to
encrypt and sign one's data.

GPRS - General Packet Radio Service (GPRS): is a packet-oriented mobile data

service available to users of the 2G systems (GSM), as well as in the 3G systems.

granularity - An expression of the relative size of a data object; for example,

protection at the file level is considered coarse granularity, whereas protection
at the field level is considered to be of a
finer granularity.

GSM - Global System for Mobile (GSM) communications: The most popular standard
for mobile phones in the world. The GSM logo serves to identify compatible
devices. Both voice and data transmission is transmitted in the digital format.
Global System for Mobile (GSM) Communications: The wireless analog of the ISDN
landline system.

guard - A processor that provides a filter between two disparate systems operating
at different security levels or between a user terminal and a database to prevent
unauth access.

handshaking procedure A dialogue between two entities for the purpose of

identifying and authenticating one another.

Hash - Output of an algorithm used to verify data.

HDLC ?

HDX Half duplex.

Header - In information technology, header refers to supplemental data placed

at the beginning of a block of data being stored or transmitted, there are many
types of headers: authentication header, email
header, block header, message header, header checksum, ...

Hertz Hertz (Hz): - A unit of frequency measurement; one cycle of a periodic

event per second. Used to measure frequency.

high-level data link control - An ISO protocol for link synchronization and error
control.

high-speed encryption chips - Self-evident. The U.S. fed government in '90 began
using the services of Newbridge Networks for their high-speed public key data
encryption system (which was orig produced by

Calmos Microsystems, which Newbridge later acq).

HIPAA - Kausbaum-Kennedy - The Health Insurance Portability and Accountability Act

 - Kassbaum Health Insurance Portability and Accountability Act (HIPAA) of 1996: ?

HMAC - In cryptography, a keyed-Hash Message Authentication Code (HMAC or KHMAC),

is a type of message auth code (MAC) calculated using a specific algo involving a
crypto hash function in combo with a secret key.

hotfixes - A hotfix was originally the term applied to software patches that
were applied live, i.e., to still running programs. Similar use the term can be
seen in Hot Swappable Disk Drives. A patch: single, comprehensive file.

How can you stop a DoS or DDoS attack? - Use the same commands an attacker would
use to stop the attack.

How do you prevent ARP spoofing? - To prevent ARP spoofing, permanently add the
MAC address of the gateway to the ARP cache on a system. You can do this on a
Windows system by using the
ARP -s command at
the command line and appending the gateway’s IP and MAC addresses.

How many types of packets? - Each logical network uses discrete data messages
called packets. The logical network packet at the generic level consists of
information about the source, destination, and data payload.

Hping2

Hping - is a free packet generator and analyzer for the TCP/IP protocol.

HTML, purpose of A standard used on the Internet for defining hypertext links
between documents.

HTTPS - Hypertext transfer protocol over secure shell

I&A - Identification and authentication.

IA - Information Assurance

IAC - Inquiry access code; used in inquiry procedures. The IAC can be one of two
types: a dedicated IAC for specific devices or a generic IAC for all devices.
IADS - Integrated Access Device (IAD): is a customer premises device that
provides access to wide area networks and the Internet. Specifically, it
aggregates multiple channels of information including voice
and data across a single shared access link to a carrier or service p PoP. The
access link may be a T1 line, a DSL connection, a cable network, a broadband
wireless link, or a metro-Ethernet connection.

IANA - Manages a registry of media types and character encodings.

IAW - In accordance with

IBE - Identity-Based Encryption: The IBE concept proposes that any string can be
used as an individual's public key, including his or her email address.

ICANN The Internet Corporation for Assigned Names and Numbers Whois, DNslookup

ICMP - Internet control message protocol. A reporting protocol for the IP

addressing. ICMP is a required element of IP implementations. The TCP/IP protocol
used to send control and error info regarding IP
data gram transmissions. When a data gram cannot be deliv, an ICMP message may be
sent.

ICP$ - Inter Process Communication share

IDEA - International Data Encryption Algorithm (IDEA): IDEA is a block cipher adv
in 1991 to replace DES. It is licensed in all countries where it is patented by
MediaCrypt. type encryption

Identification professing user

ID

IDL - Interface Definition Language (IDL): A standard interface language that is

used by clients to request services from objects.

IDLE scan - An IDLE scan uses a spoofed IP address to send a SYN packet to a
target. Depending on the response, the port can be determined to be open or
closed. IDLE scans determine port scan response by
monitoring IP header sequence numbers.
IETF - Internet Engineering Task Force (IETF): develops and promotes Internet
standards, cooperating closely with the W3C and ISO/IEC standard bodies and
dealing in particular with standards of the TCP/IP and

Internet protocol suite. It is an open standards organization, with no formal

membership or memb req's. All members are volunteers and the org's current
financial sponsors are VeriSign and the U.S. Gov's

N.S.A.

If you have an IP address of 156.154.81.56 and a subnet mask of 255.255.255.240,

what is the network address, possible # of and range of subnet hosts, and what is
the broadcast address?

IP Address: 10011100.10011010.01010001.00111000

Subnet mask: 11111111.11111111.11111111.11110000

Bitwise AND -----------------------------------------------

Result: 10011100.10011010.01010001.00110000

As you can see, the network address for the IP address and subnet mask in question
is 156.154.81.48. To determine the how many hosts are possible to be on this same
subnet, it is a simple operation. Count the number of bits from the right until
you get to the first "1" in the binary network address display. That number will
be the power you raise 2 to for the calculation of possible number of hosts. You
must also subtract two from the result because one address is reserved for
broadcast and network addresses. This leaves you with the final algorithm of 2^n-
2. In this case there are 4 bits of 0 in the network address, leaving you with
2^4-2 hosts possible, or 14 hosts. This means that your network address is
156.54.81.48, that you have a range of addresses available to hosts from
156.154.81.49 - 156.154.81.62, and that the broadcast address for this network is
156.154.81.63.

IIS Internet Information Server

IIS Exploits Internet Information Server (IIS) Unicode exploits

IKE - Internet key exchange (IKE): is the protocol used to set up a security
association in the IPSec protocol suite. IKE uses a Diffie-Hellman key exchange to
set up a shared session secret, from which
crypto keys are derived. IKE was orig est in '98.

IMAP - Internet Message Access Protocol

In MAC OS X, what kind of DNS record is created when you add an alias in Server
Admin? CNAME
increment value size in bytes?

inference engine - A component of an artificial intelligence system that takes

inputs and uses a knowledge base to infer new facts and solve a problem.

information flow control - A procedure undertaken to ensure that information

transfers within a system are not made from a higher security level object to an
object of a lower security level. Synonymous with 'data flow control' and 'flow
control.'

INI files - The de facto standard for configuration files. INI files are simple
text files with a basic structure. Windows files.

internetwork - Amongst 2 or more networks.

Intrusion detection systems - 1) State anomaly; 2) Protocol retardation; & 3)

pattern-matching system

IP - Internet Protocol (IP): ?

IP layer aka? Network layer

IPNA - Org that assigns port numbers?

IPSec - Secure Internet Protocol

IPv4 - Internet Protocol version 4 is the 4th iteration of the Internet Protocol
and it is the first version of the protocol to be widely used. This is the now
currently used format - and it is 20 years old.

The current first version of IP, in which an IP address has 2 parts. The 1st is
the network ID and the 2nd is the host ID. IPv4 is a four byte, 32 bit IP address
of the form: 255.255.255.255.

IPv6 - Internet Protocol version 6 is an Internet Layer protocol for packet-

switched internetworks. It is des as the successor for IPv4. IPv6 provides over
sextillion addresses (theoretically). IPv6 is a
sixteen byte, 128 bit, IP that may be viewed as hexadecimal numbers separated by
semicolons.

IPX - A routing protocol. Routing protocols are located at the Network layer:
layer 3.

IPX - Internetwork Packet Exchange (IPX): is the OSI-model Network layer

protocol in the IPX/SPX protocol stack. IPX was a popular predecessor to TCP/IP.

IR - infrared light (IR): light waves that range in length from about 0.75 to
1,000 microns; this is a lower frequency than the spectral colors but a higher
frequency than radio waves.

IRC - Internet Relay Channel (IRC): A chat sys fin in the late '80s. IRC
technology was novel because it allowed for more than 2 people to chat. IRC is an
app that one installs on one's computer and it sends
& rec's to/from an IRC server. It is a known security liability.

IRQ - users of online services, such as sports scores, etc. look up better
definition.

ISAPI asp is one ISAPI extension

ISAPI - ISAPI is a (Internet Server Application Program Interface) set of Windows

program calls that lets you write a Web server application that is an N-tier API
of Internet Information Services (IIS),
Microsoft's collection of Windows-based Web server services.
IIS & ISAPI - are the two most prominent applications involved in Microsoft's Web
server. Internet server application programming interface. ASP is one kind. N-tier
API of (Microsoft's IIS). Apachi can also run ISAPI.

ISDN - Integrated Services Digital Network (ISDN): is a digital end-to-end

communications mechanism. ISDN was developed by telephone companies to support
high-speed digital communications over the same equipment and infrastructure that
is used to carry voice communications.

ISM - industrial, scientific, and medicine bands (ISM): Radio frequency bands
authorized by the FCC for wireless LANs. The ISM bands are located at 902 MHz,
2.400 GHz, and 5.7 GHz. The transmitted power is commonly less than 600mw. No FCC
license is req to send/receive in these bands.
ISN - Initial Sequence Number

isochronous transmission - Type of synchronization whereby information frames

are sent at specific times.

ITU - International Telecommunication Union

ITV-T standard X.509 is an ITV-T standard for a public key infrastructure (PKI)
for single-sign on and privilege management.

IV - Initialization vector; for WEP encryption.

IVC - Integrity check value; In WEP encryption, the frame is run through an
integrity algorithm, and the generated IVC is placed at the end of the encrypted
data in the frame.

Kerberos - A trusted, third-party authentication protocol that was developed

under Project Athena at MIT. In Greek mythology, Kerberos is a three-headed dog
that guards the entrance to the underworld.

Using symmetric key cryptography, Kerberos authenticates clients to other entities

on a network of which a client requires services.

KHMAC - Keyed hash message authentication code

knowledge base Refers to the rules and facts of the particular problem domain in
an expert system.

Land - A DoS attack that consists of sending a special poison spoofed packet to a
computer, causing it to lock up. ?same ip & port: no idea what this is

LAP - Link Access Procedure (LAP)

LAPB - Link Access Procedure Balanced (LAPB): is a data link layer protocol in
the x.25 protocol stack.

LAPB - is a bit-oriented protocol derived from HDLC that ensures that frames are
error free and in the
right sequence. LAPB is specified in ITU-T.
LDAP - Lightweight Directory Access Protocol (LDAP): most directory services are
based on LDAP. A directory functions much like in reality: It serves as a legend
to find system resources.

LEAF - A key exchange mechanism known as the Law Enforcement Access Field (LEAF).

LEAP - An early alt to WEP was WiFi Protected Access (WPA). It is based on the
LEAP and TKIP cryptosystem & emp a secr passphrase. Unfortunately, the use of a
single static passphrase is the downfall of WPA.

An attacker can just brute-force attack it to break it; it's time prohibitive, but
theoretically possible.

least privilege - The principle that requires each subject be granted the most
restrictive set of privileges needed to perform authorized tasks.

Lids - MIT Laboratory for Information and Decision Systems. This is an

interdisciplinary research lab of MIT. Huge composite of departments and LIDS has
also hosted several luminaries of their respective fields.

link encryption - A low-level, first-line of defense against a hacker. This is

also known as network-layer encryption.

list-oriented - A computer protection system in which each protected object has

a list of all subjects that are authorized to access it. Compare to 'ticket-
oriented.'

LLC - Logical Link Control (LLC): the IEEE layer 2 protocol.

lock-and-key protection system req matching key/password with a specific

access req.

Logical access controls - Refers to the collection of policies, procedures,

organizational structure and electronic access controls designed to restrict
access to computer software and data files.

LSASS - Local Security Authority Subsystem Service (LSASS), is a process in

Microsoft Windows operating system that is responsible for enforcing the security
policy on the system. It verifies users logging on
to a server, handles password changes, and creates access tokens. It also writes
to the Windows Security Log.

LSB - Least significant bit.

MAC - Media Access Control

MAC - Message authenticated code

MAC Mandatory access control (MAC):?

MAN - Metropolitan area network.

MAPI - Microsoft's mail application programming interface.

MAU - Multi-station access unit

Mbps - Megabits per second (Mbps): One million bits per second.

MD.5 hash function - Message-Digest algorithm 5 (MD.5): widely used 128-bit

hash function (serves as ''an Internet standard''-RFC 1321). Employed in a wide
var of sec app's & also used as a file-integrity
checker. An MD5 hash is typically expressed as a 32 digit hexadecimal number.

Medium access - The Data Link Layer (DLL) function that controls how devices
access a shared medium.

The Metasploit Freeware framework tool to penetration test operating systems &
web server software.

MIB - Management Information Base: SMB databae of config variables

MIME - Multipurpose Internet Mail Extensions (MIME): Is an Internet standard that

extends the format of e-mail to support text in character sets other than ASCII,
non-text attachments, message bodies with
multiple parts, header information in non-ASCII character sets, more. MIME's use
has grown beyond describing email to describing content type in general, including
for the web.

MITM - Man-in-the-middle attack

modulation - The process of translating the baseband digital signal to a suitable

analog form. Any of several techniques for combining user information with a
transmitter's carrier signal.

MOSS - MIME Object Security Services (MOSS): a standard for encrypted messages
second to the S/MIME protocol.

Most common way to hijack a session? Send server a packet with RST or FIN flag
set and then coordinate communication with client.

MSB - Most significant bit.

MTU - Maximum transmission unit

multilevel device - A device that is used in a manner that permits it to

simultaneously process data of two or more security levels without risk of
compromise. To accomp this, sensitivity labels are normally stored on the same
physical medium and in the same form (for example, machine-readable or human-
readable) as the data being processed.

multilevel secure - A class of system containing information with different

sensitivities that simultaneously permets access by users with different security
clearances and needs-to-know but that prevents users from obtaining access to
information for which they lack authorization.

multipath - The signal variation caused when radio signals take multiple paths
from transmitter to receiver.

multiplexer - A network component that combines multiple signals into one composite
signal in a form suitable for transmission over a long-haul connection, such as
leased 56 Kbps or T1 circuits.
MUX - multiplexing (MUX): a process whereby multiple analog message signals or
digital data streams are combined into one signal over a shared medium.

mws3ptr - An exploitable DLL via printing...targets the ISAPI filter.

MX DNS Records: (mail exchange) Identifies the mail server for the domain

NACK or NAK - A flag option in the TCP/IP handshake.

Name of message in layer 1? - bits: by this point the data has been converted
into bits for trans over the physical connection medium.

Name of message in layer 2? - frame.

Name of message in layer 3? 'segment' transmitted by TCP protocol or 'datagram'

if trans by UDP.

Name of message in layer 7? data stream.

Name the 4 main firewall techniques - 1. Packet filter; 2. Application gateway; 3.

Circuit-level gateway; & 4. Proxy server

NCSC - Stands for National Computer Security Center, an initiative of the NSA
focused on information security.

NetBIOS - Acronym for Network Basic Input/Output System. It provides services

related to the session layer of the OSI model allowing applications on separate
computers to communicate over a local area network.

As strictly an API, NetBIOS is not a networking protocol. In modern networks,

NetBIOS normally runs over TCP/IP via the NetBIOS over TCP/IP (NBT) protocol.
This results in each computer in the network having
both a NetBIOS name and an IP address corresponding to a (possibly different) host
name. NetBIOS provides 3 basic services: 1) Name service for for name recog &
resolution; 2) Session service for connection-oriented communication; & 3)
Datagram distribution service for connectionless communication. Note: SMB is an
upper layer service that runs atop of the Session Service and not a part of
NetBIOS itself. It can run atop TCP with a small mod.
NetBT - NetBIOS over TCP/IP: is a networking protocol that allows legacy computer
applications relying on the NetBIOS API to be used on modern TCP/IP networks.

Netgate authentication - uses Kerberos

Network traffic filtering

One means of defense against DDoS & DoS attacks.

NIACAP - National Information Assurance Certification and Accreditation

Process, a standardized process for information assurance (IA) accreditation.

NIC - Network Interface Card (NIC): An electronic computer chip that can
transmit and receive information in specified protocols

NIST - National Institute of Standards and Technology

Nmap - Free open-source tool that can quickly & efficiently ping sweep, port
scan, service identification, IP address detection, OS detection. Nmap can scan a
large # of machines in a single session. It is
supported by many OS's: Unix, Windows, Linux, etc.

Nmap Free security scanner for network exploration & security: downloads for
Windows, UNIX, FreeBSD, Linux, Redhat, etc.

Nmap scan - TCP connect The attacker makes a full TCP connection to the target
system.

Nmap scan: Ack scan - This type of scan is used to map out firewall rules. ACK
scan only works on UNIX.

Nmap scan: Windows scan This type of scan is similar to the ACK scan and can
also detect open ports.

Noteworthy SMB attack - Win32CreateLocalAdminUser is a program that creates a new

user with the username and password X and adds the user to the local
administrator’s group. This action is part of the

Metasploit Project and can be launched with the Metasploit framework on Windows.
Server message block. Designed to share file & printer.
NS - DNS Records: (name server) Identifies other name servers for the domain

NSDD 145 - National Security Decision Directive 145 (NSDD 145)

NT LAN Manager - Not to be confused with LAN Manager.

NTLM - (NT LAN Manager) is a Microsoft authentication protocol used with the SMB
protocol.

ntdll.dll - The ntdll.dll is a file created by Microsoft that has a description

of "NT Layer DLL" and is ''the file'' that contains NT kernel functions. This file
is a significant security risk if unpatched.

NTFS - NTFS (dev by Microsoft) file system replacement for FAT file systems: impr
support for metadata, imp performance, allowance of ACL's, journaling, etc.

NTLM - NTLM (NT LAN Manager), not to be conf with LAN Manager, is a Microsoft
auth protocol used with the SMB protocol. The protocol uses a challenge-response
sequence iss'g 3 msg's bet client & server (node
req'ing auth). Uses tokens.

Null scan - This is an advanced scan that may be able to pass through firewalls
undetected or modified. Null scan has all flags off or not set. It only works on
UNIX systems. It is similar to XMAS and FIN scans in its limitations and response.

OCX - OCX is a file format. This file format is a Windows file format and is
easily infected with hazardous code. Object linking and Embedding (OLE) Control
Extension.

ODBC - Open Database Connectivity (ODBC) is a database (proxy like) feature that
allows applications to communicate with other & different databases without being
programmed specifically to do so.
one-time pad In crypto, the one-time pad (OTP) is an encryption algo where the
plaintext is combined with a random key or "pad" that is as long as the plaintext
and used only once. If the key generated is
truly random, and kept abs confidential, never re-used, then it provides perfect
secrecy.

OOB - Out-of-band
Open port - Open means that the target machine is accepting incoming requests on
that port.

OSI model - The Open Systems Interconnection Reference Model (OSI Reference Model
or OSI Model) is an abstract description for layered communications and computer
network protocol design. It was developed
as part of the Open Systems Interconnection (OSI) initiative. In its most basic
form, it divides network architecture into 7 layers. A layers is a collection of
conceptually similar functions that prov serv to the layer above it.

Output chaining - One characteristic, re X.509 Certificate authentication, to

check. See that all certificates in the Output Chain are legit.

PA-DSS - Payment Application Data Security Standard (PA-DSS)

Packet filter firewall - A packet filter firewall examines 5 characteristics of a

packet: 1) Source ip address; 2) Source port; 3) Destination ip address; 4)
Destination port; 5) IP protocol (TCP or UDP). Based on the rules, a packet will
either be accp'd, rej'd, or drop'd. If firewall rejects the packet, it sends a
flag back saying rej. If packet was dropped, firewall doesn't respond. Packet
filtering firewalls operate at level 3 of the OSI model, the Network Layer.
Routers are a very common form of packet filtering firewall.

packet switch - A packet switch is a node used to build a network that utilizes
the packet switching paradigm for data communication. Can op at a # of diff
layers. One common class of contemp p switches: bridge, hub and router. Gen packet
switches only perf communication-rel functions.

Packet-level filtering firewall - One step below circuit-level filtering. A

packet-level filter blocks or forwards a packet based solely on its merits,
without taking into account past history.

Parallell port - A parallel interface for connecting an external device such as

a printer. Most personal computers have at least 1 serial port & 1 parallel port.
On PCs, the parallel port uses a 25-pin

connector (type DB-25) and is used to connect printers. A newer type of parallel
port is known as: Enhanced Parallel Port (EPP) or Extended Capabilities Port
(ECP).
Parser - Parsing is analysis of semantics at a fine granularity. The most
common use of a parser is as a component of a compiler or interpreter. This
compiles the source code of a computer prog lang to craete some form of internal
rep.

Passive sniffing -To capture only data that comes one's way is passive sniffing.

patch management - choosing how patches are to be installed and verified and
testing those patches on a nonproduction network prior to installation.

Patch management techniques - A process for testing, applying and logging patches
to a system should be defined and followed.

Path - MTU discovery - (PMTUD) is a technique in computer networking for

determining the maximum transmission unit (MTU) size on the network path between 2
Internet Protocol (IP) hosts,
usually with the goal of avoiding IP fragmentation.

PCDP - Packet data convergence protocol one protocol in radio packet stack in
UMTS.

PCI DSS - PCI DSS: stands for Payment Card Industry Data Security Standard, and
is a worldwide security standard assembled by the Payment Card Industry Security
Standards Council (PCI SSC). PCI consists of
operational & technical standards to prevent fraud and hacking.

PDC-P Packet Data Convergence Protocol (PDCP): It is one of the layers of the
Radio Traffic Stack in UMTS and performs IP header compression and decompression,
transfer of user data and maintenance of
sequence numbers for Radio Bearers.

PEM - Privacy Enhanced Mail (PEM): an email encryption mechanism that provides
authentication, integrity, confidentiality, and nonrepudiation. PEM uses RSA, DES,
and X.509. encryp

PEM function - An OpenSSL function

PGP - Pretty good protection, an encryption suite for mail and possibly other
purposes.
PHP A language designed specifically implemented specifically on the server
side.

PHS - Psuedo-Hilbert Scan algorithm (PHS): This algo is used in digital image
processing, image compression, and pattern recognition.

PHY - Physical Layer (PHY):

Ping - Noun! - A utility used to troubleshoot a connection to test whether a

particular IP address is accessible.

Ping tool examples Pinger, Friendly Pinger, WS_Ping_Pro

PKCS

Public Key Cryptography Standards (PKCS): - A set of public key cryptography

standards that supports algorithms such as Diffie-Hellman and RSA, as well as
algorithm-independent standards.

PKI - Public key infrastructure (PKI) is a set of hardware, software, people,

policies, and procedures needed to create, manage, store, distribute, and revoke
digital certificates. In cryptography, a PKI is
an arrangement that binds public keys with respective user identities by means of
a certificate authority. The binding may be done by software or in person, dep on
the level of sec. The PKI role that assures
this binding is called the Reg Authority (RA).

PMI - Privilege Management Infrastructures (PMI): are to authorization what

Public Key Infrastructures (PKI) are to authentication.

PMIs - have Sources of Authority (SOAs) and Attribute Authorities (AAs) that issue
Attribute Certificates (ACs) to users, instead of Certification Authorities (CAs)
that issue PKCs to users.

Popular steganographic program and purpose? - The purpose of a steganographic

program is to hide information within a bundle of unhidden and seemingly normal
data. You can hide info within MP3's, ASCII text files, etc.

Port Scanning vs Ping Sweeping - Port scanning generally

Port sweep scanning multiple hosts searching for a single specific port
Precomputation - Re Dictionary attack: Hashing out a bunch of dictionary entries
prior to beginning an attack so as to expedite the process.

PRNG - Pseudorandom number generator

Protocol standards - Official Internet Protocol Standards: NETBIOS, Protocol

standard for a NetBIOS service on a TCP/UDP transport.

protocols A set of rules and formats, semantic and syntactic, that permits
entities to exchange information.

Protocols that don't encrypt: name a few. HTTP, POP3, SNMP, FTP

Proxy firewall

Proxy server/firewall - serves as a go-between from client to server: 1) client is

anonymous; 2) to speed up resource caching.

proxy server A proxy server is a server (a computer system or an application

program) that acts as a go-between for requests from clients seeking resources
from other servers.

pseudoflaw - An apparent loophole deliberately implanted in an operating system

program as a trap for intruders.

PSTN - Public-switched telephone network; the general phone network.

PTR - DNS Records: (pointer) Maps IP addresses to host names

Purpose of a signed message - To verify sender's identity and ensure that the
message wasn't tampered with in transit.

RADIUS - Remote Authentication Dial-In User Service

RC4 - Rivest Cipher 4 (RC4): RC4 is based on RSA. WEP employs RC4. WEP supports
only one-way authentication: client ->access point.

RC5 - RSA cipher is a patented symmetric algorithm. Conceived of by the founders

of RSA.
RDBMS - relational database management systems (RDBMSs).

Relational database - A database that groups data using common attributes found
in the set. The resulting "clumps" of data are much easier for people to
understand. Basically, this is a standard expectation
like searching a set of houses in a database for val > 250k & size > 5k sq. ft.

Linux BIND NXT

repeater - A network component that provides internetworking functionality at

the Physical Layer of a network's architecture. A repeater amplifies network
signals, extending the distance they can travel.

RFC - Request for comment (RFC): In comp network engin, RFC is a memorandum
published by the Internet Engineering Task Force (IETF) describing methods,
behaviors, research or innovations applicable to the
working of the Internet and Internet-connected systems.

Rijndael - AES adv by these two Belgian cryptographers. The U.S. gov adopted
this algo. It is also used extensively all over the world. This algo was adv in
2001 and won a 5-year contest amongst contenders. guy who advanced encryp
theorem?

ring protection scheme - A new technology introduced by ITU to reduce ARP cache
spoofing. It sets up nodes so that IPs are consistent.

ring topology - A topology in which a set of nodes are joined in a closed loop.

RIP - Routing Information Protocol (RIP): A common type of routing protocol. RIP
bases its routing path on the distance (number of hops) to the destination. RIP
maintains optimum routing paths by sending out routing update messages if the
network topology changes.

RISC - Reduced Instruction Set Computer (RISC): A computer architecture designed

to reduce the number of cycles required to execute an instruction. A RISC
architecture uses simpler instructions but makes use of other features, such as
optimizing compilers and large numbers of general-purpose registers in the
processor and data caches, to reduce the number of instructions required.

Roaming - A general term that ref to extending connectevity beyond the home
location where the service was registered. The term "roaming" originated from the
GSM sphere (Global System for Mobile Communications) and the term can also be
applied to CDMA.

ROM - Read-only memory (ROM).

router - A network component that provides internetworking at the Network

Layer of a network's architecture by allowing individual networks to become part
of a WAN. A router works by using logical and physical addresses to connect two or
more separate networks. It determines the best path by which to send a packet of
information.

RS-232 - In telecommunications, RS-232 (Recommended Standard 232) is a

standard for serial binary data signals connecting between a DTE (Data Terminal
Equipment) and a DCE (Data Circuit-terminating Equipment). It is commonly used in
computer serial ports. A similar ITU-T standard is V.24. RS-232 is the major
predecessor to USB for local communications. Comp 232, USB is faster, uses lower
voltages and has connectors that are simpler to connect and use.

RS-232 1) A serial communications interface; & 2) The ARS-232n EIA standard

that specifies up to 20 Kbps, 50 foot, serial transmissions between computers and
peripheral devices. Serial communication standards are defined by the Electronic
Industries Association (EIA).

RS-232 (Recommended Standard 232) is a standard for serial binary data signals
connecting between a DTE (Data Terminal Equipment) and a DCE (Data Circuit-
terminating Equipment). It is commonly used in computer serial ports. A similar
ITU-T standard is V.24.

RS-422 - An EIA standard specifying electrical characteristics for balanced

circuits (in other words, both transmit and return wires are at the same voltage
above ground). RS-422 is used in conjunction with

RS-449.

RS-423 An EIA standard specifying electrical characteristics for unbalanced

circuits (in other words, the return wire is tied to the ground).

RS-423 - is used in conjunction with RS-449.

RS-449 - An EIA standard specifying a 37-pin connector for high-speed

transmission.
RS-485 - An EIA standard for multipoint communications lines.

RSA - RSA is an algorithm for public-key encryption.

RSA SecureID - Two-factor authentication includes hardware token

authenticators, software authenticators, authentication agents as a more secure
authentication for a user to access a network resource.

RTS/CTS - Request-to-Send & Clear-to-Send (RTS/CTS): Optional protocols in the

802.11 standard. Expensive, but allows for fine tuning of the WLAN.

S/MIME - A protocol that adds digital signatures and encryption to Internet

MIME: Hence, S/MIME -> Secure MIME.

SACLs - Service access control lists are ACLs specific servers

Samba - A Mac application that allows for interaction with Microsoft Server
Message Block (SMB) networking: file & printer sharing.

sandbox - An (ACL) mechanism. An access control-based protection mechanism. The

sandbox is usually interpreted by a virtual machine such as the Java Virtual
Machine (JVM).

Sandboxing - In computer security, an (ACL) a sandbox is a sec mech for sep

running prog's. In this context, sandboxing is a specific example of
virtualization.

Scalar processor - Represents the simplest class of processors and takes one data
item at a time. Differences between scalar and vector processors is analogous to
vector and scalar arithmetic, as seen in calculus and other maths.

Scan - The act of actively connecting to a system to obtain a response.

Scanning - Sending an ICMP or ping

Screened subnet - In network security, a screened subnet firewall is a variation

of the dual-homed gateway and screened host firewall. It can be used to separate
components of the firewall onto separate systems,
thereby achieving greater throughput and flexibility, although at some cost to
simplicity. A screened subnet firewall is often used to establish a "DMZ":
demilitarized zone.

SCSI Port - A parallell port used by MAC. It is more flexible than traditional
parallel ports.

SDLC - Synchronous data link control security kernelThe hardware, firmware, and
software elements of a Trusted Computer Base (TCB) that implement the reference
monitor concept.

Serial communications - Data transfer in which data is transferred 1 bit at a

time. Most serial ports on personal computers conform to the RS-232C or RS-422
standards. A serial port is a general-purpose interface that can be used for
almost any type of device, including modems, mice, and printers.

serial interface - An interface to provide serial communications service.

Server A server is a computer that provides services used by other computers.

service packs - A service pack is a collection of updates, fixes and/or

enhancements to a software program delivered in the form of a single installable.

Session hijacking steps 1. identify an open session & predict the sequence number
of the next packet; 2. desynchronize the connection; & 3. packet injection

Session Layer - One of the seven OSI model layers. Establishes, manages, and
terminates sessions between applications.

SET - Open protocol with the potential to 'set the standard.' It defines Secure
Electronic Transactions

SFC - Stream file checker

SHA-1:5 - The successors to the Secure Hash Algorithm (SHA), SHA-1 and SHA-2,
make up the gov STANDARD MESSAGE DIGEST FUNCTION.
shared key authentication - A type of authentication that assumes each station
has received a secret key through a secure channel, independent from an 802.11
network.

SID - Sound Interface Device (SID): a sound card. The Commodore 64 was one of
the original machines carrying SID.

single user mode - An OS loaded without Security Front End.

SIV - System integrity verified

Skipjack - An algorithm that was approved for use by the U.S. government in
Federal Information Processing Standard (FIPS) 185, the Escrowed Encryption
Standard (EES). Skipjack is unusual in that it
supports the escrow of encryption keys. In cryptography, Skipjack is a block
cipher — an algorithm for encryption — developed by the U.S. National Security
Agency (NSA). Initially classified, it was originally intended for use in the
controversial Clipper chip. Subsequently, the algorithm was declassified and now
provides a unique insight into the cipher designs of a government intelligence
agency.

SLIP - Serial Line Internet Protocol (SLIP): An Internet protocol used to run IP
over serial lines and dial-up connections.

smart cards - A smart card, chip card, or integrated circuit card (ICC), is defined
as any pocket-sized card with embedded integrated circuits which can process data.
This implies that it can receive input which is processed - by way of the ICC
applications - and delivered as an output. There are 2 broad categ's of ICC. 1)
Memory cards contain only non-volatile mem storage components and per some spec
sec logic; & 2) Microprocessor cards that contain volatile memory and
microprocessor components.

SMB - Server message block (SMB): In computer networking, SMB operates as an

application-level network protocol mainly used to provide shared access to files,
printers, serial ports, and miscellaneous communications between nodes on a
network. It also prov an auth Inter-proc comm mech. Most usage of SMB involv comp
running Windows, where it is known as "Microsoft Windows Network."

SMBSID - ?

SMDS Switched Multimegabit Digital Service (SMDS): A packet-switching

connectionless data service for WANs.
SMP Symmetric multiprocessor systems

SMTP - Simple Mail Transfer Protocol (SMTP): The Internet email protocol.

SN - Sequence number. TCP, connection-oriented protocol property used in

reassembling data stream into correct order.

SNA - Systems Network Architecture (SNA): IBM's proprietary network

architecture.

SNMP - Protocol Simple Network Management Protocol (SNMP): The network management
protocol of choice for TCP/IP-based Internets. Widely implemented with 10BASE-T
Ethernet. A network management protocol that
defines information transfer among 'management information bases (MIBs): 1. agent;
2. management station

SNR - Signal-to-noise ratio

SOA - DNS Records: (Start of Authority) Identifies the DNS server responsible
for the domain information

SOCKS - SOCKS, also known as Authentication Firewall Transfer (AFT), is a protocol

used in proxy servers and firewalls and for virtual private networks (VPNs).
The SOCKS Firewall Another type of application-proxy firewall are SOCKS
firewalls. SOCKS firewalls require specially mod network clients. This means that
you need to mod every sys on your internal network that needs to communicate with
the external network. On a Windows or OS/2 system, this can be as easy as swapping
a few DLL's.
Some unencrypted protocols? HTTP, FTP, POP3, SNMP

SONET - Synchronous Optical NETwork (SONET): A fiber-optic transmission system for

high-speed digital traffic. SONET is part of the B-ISDN standard.

Special specification language (proper noun):

SPKI - Simple Public Key Infrastructure: Does not deal with public authentication
of public key information; this is known as SPKI.
Spoofing - Spoofing involves artificial identification of a packet's source
address, where that IP address is often deduced from sniffed network traffic.

SQL - Structured Query Language (SQL): An international standard for defining

and accessing relational databases.

SQL injection - The process of an attacker inserting SQL statements into a

query by exploiting vulnerability for the pupose of sending commands to a web
server database.

SRV - Service records

SRV - DNS Records: (Service) Identifies services such as directory services

SSDP - Simple Service Discovery Protocol: Simple Service Discovery Protocol

(SSDP) is an expired IETF Internet draft by Microsoft and Hewlett-Packard. SSDP is
the basis of the discovery protocol of Universal plug-and-play.

SSDP provides a mechanism which network clients can use to discover network
services. Clients can use SSDP with little or no static configuration.

SSDP uses UDP unicast and multicast packets to advertise their services.

SSH-1:2 .. SSH is an ecrypted Telnet.

SSID - Service Set Identifier.

SSL - Secure Sockets Layer (old, basically replaced by TLS): SSL can be used for
HTTPS traffic.

SSL attacks: name some - prevention: install a proxy server & term SSL at the
proxy; 2. install a hardware SSL accelerator & term SSL at this layer.

ST connector - An optical fiber connector that uses a bayonet plug and socket.

star topology - A topology wherein each node is connected to a common central

switch or hub.

Stateful inspection firewall - An improvement on the packet-filtering firewall.

With this enhancement, the firewall ''remembers'' conv's bet systems. It is then
nec to fully ex only the first packet of a conv.

Steganography - the process of hiding data in other types of data such as

images or text files.

storage object - An object that supports both read and write access.

stream cipher - A symmetric key cipher where plaintext bits are combined with a
pseudoramdom cipher bit stream. Stream ciphers are faster and than block ciphers
and have lighter hardware requirements.

subnet - A logical subdivision of the address space defined by a TCP/IP

network ID. A physical network defined within an IP address. A subnet is a logical
collection of up to 127 nodes or devices within a domain. A working scheme that
divides a single logical network into smaller physical networks to simplify
routing.

Subnet mask - A mask used to determine what subnet an IP address belongs to. An IP
address has two components, the network
address and the host address. For example, consider the IP address
150.215.017.009. Assuming this is part of a Class B network, the first two numbers
(150.215) represent the Class B network address, and the second two numbers
(017.009) identify a particular host on this network.

Subnetting enables the network administrator to further divide the host part of
the address into two or more subnets. In this case, a part of the host address is
reserved to identify the particular subnet.
This is easier to see if we show the IP address in binary format. The full address
is:
The Class B network part is: 10010110.11010111

and the host address is

00010001.00001001

SV Stability verifier

Symmetric key Serves only to keep data confidential. Large keys can prove very
difficult to break. Not used for authentication.
SYN (aka: stealth scan) This is also known as half-open scanning. The hacker sends
a SYN packet and receives a SYN-ACK back from the server. It's stealthy because a
full TCP connection isn't opened. If a SYN/
ACK frame is received back, then it's assumed the target would complete the
connect & the port is listening. If recieve RST, then it's assumed the port isn't
active or is closed. The adv of the SYN stealth

scan is that most IDS systems don't log incomplete handshakes.

SYN cookies - SYN Cookies are the key element of a technigue used to guard against
SYN flood attacks.

Syscolumns - An SQL database command that returns a row for each column of an
object that has a column.

Sysobjects - Contains one row for each object created within a database.

System Memory - Free, wired, active, inactive, used

T1 - A standard specifying a time division-multiplexing scheme for point-to-

point transmission of digital signals at 1.544 Mbps.

TCP Connection - A singular TCP data transmission is called a segment. Middle

layer in the OSI model. One of the core protocols. TCP operates at a higher level
than IP. TCP stays at home while IP moves the data on its journey.

TCP Wrapper - A TCP Wrapper is a host-based networking ACL system used to filter
work access to Internet Protocol servers on (UNIX-like) operating systems like
Linux or BSD. This is a program & "code" comes as a "tarball."

TCP/IP A de facto, industry-standard protocol for interconnecting disparate

networks. TCP/IP are standard protocols that define both the reliable full-duplex
transport level and the connectionless, best effort unit of information passed
across an internetwork.

TCP/IP Layers - The Internet Protocol Suite (commonly known as TCP/IP) is the
set of communications protocols used for the Internet and other similar networks.
It is named after 2 of the more important protocols that fall in its purview.
TCP/IP were advanced in the '60s. The TCP/IP Model consists of four layers: 1) the
Application Layer; 2) the Transport Layer; 3) the Internet Layer; & 4) the Link
Layer.
TCP/UDP layer aka Transport layer

TDR - time-domain reflectometer (TDR):

Telenet - For the packet switched network.

Telnet Telecommunication: For the packet switching network. TELNET is a

network protocol used on the Internet or local area network connections. Conceived
of 1969 and later standardized as IETF STD 8, one of the first Internet standards.
Commonly imp in a command-line interface. A virtual terminal protocol used in the
Internet, enabling users to log in to a remote host. TELNET is defined as part of
the TCP/IP protocol suite.

Telnet and Secure Shell Intrusion is what kind of attack? Web server

TFTP - Trivial File Transfer Protocol (TFTP): When updating access lists on a
Cisco router, you will create your lists on a TFTP server and then download them
to your router. This way you can use a text editor to see your work easily.

Throughput: switch, hub In communication networks, such as Ethernet or packet

radio, throughput is the average rate of successful message delivery over a
communication channel.

TKIP/MIC - Temporal Key Integrity Protocol (TKIP): TKIP ensures that every data
packet is sent with a unique encryption key.

TLS - Transport Layer Security (TLS):

TOE - Target of Evaluation (TOE): In the Common Criteria, TOE refers to the
product to be tested.

Token passing ring Networking, in a token passing ring, a token is passed

around a network between nodes and the recipient node can communicate as long as
it is in possession of the token. The node must pass the token in order for
another node to be in possession of it so the following node can then communicate.
Token passing is a method of avoiding communications transmission collisions.
Examples of token passing rings: 1) token ring; & 2) ARCNET. See contention vs
channel access and collision avoidance.

top-level specification A nonprocedural description of system behavior at the most

abstract level; typically, a functional specification that omits all
implementation details.

topology - A description of the network's geographical layout of nodes and

links.
Traceroute - Traceroute is a packet-tracking tool that works by sending an ICMP
echo to each hop (router or gateway) along the way to the destination

Traceroute - Software utility used to determine the path to a target computer.

Trailer - In information technology, trailor: refers to supplemental data

placed at the end of a block of data being stored or transmitted, which may
contain information for the handling of the data block, or just mark its end.

tranquility - A security model rule stating that an object's security level cannot
change while the object is being processed by an AIS.

transceiver - A device for transmitting and receiving packets between the computer
and the medium.

Transmission Control Protocol (TCP): A commonly used protocol for establishing and
maintaining communications between applications on different computers. TCP
provides full-duplex, acknowledged, and flow-controlled service to upper-layer
protocols and applications.

Transport Layer OSI model layer that provides mechanisms for the establishment,
maintenance, and orderly termination of virtual circuits while shielding the
higher layers from the network implementation details.

TTF - TrueType file format - generally for fonts, Macintosh

TTL - Time to live

Tunneling - Protocol tunneling: the term is used to describe when one network
protocol referred to as the payload protocol is encapsulated within a different
delivery protocol. Reasons to use tunneling include carrying a payload over an
incompatible delivery network, or to provide a secure path through an untrusted
network.

twisted-pair wire Type of medium using metallic-type conductors twisted together to

provide a path for current flow. The wire in this medium is twisted in pairs to
minimize the electromagnetic interference between one pair and another.
Twofish - Twofish is a symmetric key block cipher with a block size of 128 bits
adn key sizes up to 256 bits. It was one of five finalists in the Advanced
Encryption Standards contest. encryp

U.S. Patriot Act of October 26, 2001 - A law that permits the following: 1)
Subpoena of electronic records; 2) Monitoring of Internet communications; 3)
Search and seizure of information on live systems (routers, servers, backups,
etc); & 4) Reporting cash wires of 10k+. Under the Patriot Act, gov can monitor
Internet traffic, force cooperation of ISPs, and network operators. This
monitoring even extends to private businesses.

U.S. Uniform Computer Information - Transactions Act (UCITA) of 1999 - (UCITA)

of 1999: A model act that is intended to apply uniform legislation to software
licensing.

UART - Universal asynchronous receiver transmitter. A device that either converts

parallel data into serial data for transmission or converts serial data into
parallel data for receiving data.

UDP - User Datagram Protocol (UDP): User datagram protocol. Uses the underlying
IP protocol to transport a message in an unmanageable and directionless scheme: no
acknowledgements, no feedback control.

UMTS - Universal Mobile Telecommunications System (UMTS): is one of the third-

generation (3G) mobile telecommunications technologies, which is also being
developed into a 4G technology. UMTS uses W-CDMA,
which GSM does not use. Hence, it's slated to succeed GSM.

UNC - Universal Naming Convention (UNC): Contains all network connections

established using a UNC. It also includes Web sites that bypass a proxy server or
have names without periods (such as http://servername), provided these sites are
not assigned ot another zone.

Unfiltered Port - is determined to be closed. And no firewall or filter is

interfering with the Nmap requests.

Unicode Character set - that converts chararacters of any language to a

universal hex code specification.
Unicode exploit - Windows 2000 systems running IIs are susceptible to a directory
traversal attack, also known as a Unicode exploit.

User Datagram Protocol - UDP uses the underlying Internet protocol (IP) to
transport a message. This is an unreliable, connectionless delivery scheme. It
does not use acknowledgments to ensure that messages arrive and does not provide
feedback to control the rate of information flow. UDP messages can be lost,
duplicated, or arrive out of order.

utility - An element of the DII providing information services to DoD users.

Those services include Defense Information Systems Agency Mega-Centers,
information processing, and wide-area network communicationservices.

UTP - Unshielded twisted pair cabling is a form of wiring in which two

conductors (the forward and return conductors of a single circuit) are twisted
together for the purpose of canceling out electromagnetic
interference (EMI) from external sources. Untwisted shielded pair.

V.21 - An ITU standard for asynchronous 0-300 bps full-duplex modems.

V.21FAX - An ITU standard for facsimile operations at 300 bps.

V.34 - An ITU standard for 28,800 bps modems.

V.5 - Is a family of telephone network protocols defined by ETSI that allows

communic between the telephone and the exchange.

Validation - Evaluation to assess if a specified criterion is met. Evaluation of a

user, program, or OS to see if criteria are met.

validation (in DITSCAP) - Determination of the correct implementation in the

completed IT system with the security requirements and approach agreed on by the
users, acquisition authority, and DAA.

validation (in software engineering) To establish the fitness or worth of a

software product for its operational mission.

vaulting - Running mirrored data centers in separate locations.

Vector processor - Vector processor applies a single instruction to multiple data
items simultaneously.

verification - The process of determining compliance of the evolving IT system

specification, design, or code with the security requirements and approach agreed
on by the users, acquisition authority, and the
DAA.

very-long-instruction word (VLIW) processor - A processor in which multiple,

concurrent operations are performed in a single instruction. The number of
instructions is reduced relative those in a scalar processor. However, for this
approach to be feasible, the operations in each VLIW instruction must be
independent of each other.

VLAN - Allows, at minimum, a pair of computers to communicate with each other as

if they were on the same network switch.

WAE - Web Application Extension (WAE): Vulnerability.

WAN - wide area network (WAN): A network that interconnects users over a wide
area, usually encompassing different metropolitan areas.

WAP - Wireless Area Protection (WAP): ?. is this a/the correct abbreviation?

WAP - Wireless Application Protocol (WAP): A standard commonly used for the
development of applications for wireless Internet devices.

WBS - work breakdown structure (WBS): A diagram of the way a team will
accomplish the project at hand by listng all tasks the team must perform and the
products they must deliver.

WDP - A file format that is susceptible to buffer overflow attacks. The DLL
field of a WDP project file is the route to conduct the overflow.

Web application threats name a few

-
Web interface, name a few: IRC (Internet Relay Chat), instant messaging
 - Web server attacks, ex's: Telnet & secure shell intrusions, web server
extension & remote service intrusion, cookie capture and doctor

Web server authentication mechanisms: name a few. - HTTP basic, digest

authentication, NTLM, tokens, and biometric authentication are all methods of
authenticating to a web server.

Web spider - Bot that crawls the web looking for data, usually email addresses for
spammers.

WebDAV - WebDAV is a set of extensions to the HTTP that allows users to

collaberatively edit and manage files on remote WWW servers.

WEP - Wired Equivalency Privacy (WEP): The
standard that is used to protect transmitted
generates secret shared encryption keys that
source and destination stations use to alter
eavesdroppers.
algorithm of the 802.11 wireless LAN
information from disclosure. WEP
both
frame bits to avoid disclosure to

WEPII - Attempt to elongate WEP. Short lived. Aka TKIP.

What are flags? - Protocol notifications

What are the 3 types of scanning? - Port, network and vulnerability scanning.

What are the layers of the TCP/IP stack? 1) Physical; 2) Data Link; 3) Network; 4)
Transport; 5) Session; 6) Presentation;
7) Application

What can you spoof? - TCP packets, MAC IDs, IPs, and ...

What do buffer overflow attacks exploit? - Buffer overflow attacks exploit a lack
of bounds checking on the size of input being stored in a buffer array.

What is and name protocols, respectively: flooding - DoS attacking: UDP, ICMP,
TCP

What is a "service ticket," in regard to secure communications? - An

authentication token, obtained from the Key Distribution Center (KDC), that a
client presents when accessing a kerberized service

What is a blacklist server? - A server that provides a list of known open relay
servers.

What is a circuit-level gateway? - A type of firewall that applies security

mechanisms when a TCP or UDP connection is established. Once the connection has
been made, packets can flow between the hosts
without further checking.

What is a packet filter? - A type of firewall that looks at each packet

entering or leaving the network and accepts or rejects on user-defined rules.
Packet filtering is fairly effective and transparent
to users, but it is difficult to configure. Additionally, it is susceptible to
spoofing.

What is a proxy server? - A type of firewall that intercepts all messages entering
and leaving the network. The proxy server effectively hides the true network
address.

What kind of protocol is TCP? - TCP is a connection-oriented protocol?

What port do Trinoo client bots listen from? 27665

Which one of the following is a layer of the ring protection scheme that is not
normally imple-mented in practice? - Layers 1 and 2 contain device drivers but are
not normally implemented in practice. Layer 0 always contains the security kernel.
Layer 3 contains user applications. Layer 4 does not exist.

Wi-Fi The Wi-Fi alliance, founded in 1999, as Wireless Ethernet Comp Alliance:
WECA.

Wi-Fi - Wi-Fi is a trademark of the - Wi-Fi Alliance - founded 1999 - as Wireless

Ethernet Compatibility Alliance (WECA), comprising more than 300 companies, whose
prod's are cert by the Wi-Fi Alliance, based on the IEEE 802.11 standards (aka:
WLAN, Wireless LAN, and Wi-Fi). This cert warrants interoperability between
different wireless devices.

Win2k - Windows 2000 - a line of operating systems produced by Microsoft for use
on business desktops, successor to Windows NT 4.0. It was succeeded by Win XP for
desktops in 2001 and Windows Server 2003 for servers in 2003. Microsoft touted it
as the most robust platform ever and as a result hackers gunned for it hard and
prevailed.

wireless MAN - wireless metropolitan area network (wireless MAN): Provides

communications links between buildings, avoiding the costly installation of
cabling or leasing fees and the downtime associated with
system failures.

WLAN - Wireless local area network: A wireless local area network that links two
or more computers or dev using spread-spectrum or OFDM modulation technology to
enable communication between devices in a limited area.

WML - Wireless Markup Language, based on XML. A markup language intended for
devices that implement the Wireless Application Protocol (WAP) specification, such
as mobile phones, and preceded the use of other markup languages now used with
WAP, such as XHTML and even standard HTML - these two latter markup lang's are
increasing in pop as mobile device processing power is increasing.

Work Factor - An estimate of the effort or time needed by a potential intruder who
has specified expertise and resources to overcome a protective measure.

WPA - Wi-Fi Protected Access (WPA & WPA2): a certification program admin'd by
the Wi-Fi Alliance to indicate compliance with the security protocol Wi-Fi adv.
WEP didn't cut it.

WPAII - Improvement on WPA, which uses inferior RC4 like WEP. WPA is only an
implementation of a subset of 802.11i. WPA2 is a full implementation.

WPA2 is aka RSN, Robust Security Network.

WSP Wireless Session Protocol. The session layer protocol fam in the WAP
architecture is called WSP. WSP provides the upper-level application layer of WAP
with a consistent interface for two session services.

WTLS Wireless Transport Layer Security (WTLS): a security protocol, part of the
Wireless Application Protocol (WAP) stack. It sits between the WTP and WDP layers
in the WAP communications stack.
WTP - WTP is known as Eclipse: A multi-language software development platform
written in Java and comprising an IDE and a plug-in system to extend it. It is
used to dev app's in Java, and through plug-ins, app's in C, C++, Python, Cobol,
Perl, PHP, more. In its default form, it is meant for Java developers and consists
prim of Java Development Tools (JDT). Released under the Eclipse Public License,
Eclipse is free and open source.

X.12 or ASC X12 OR ANSI ASC X.12 - X.12 or ASC X12 is the official designation
of the U.S. national standards body for the development and maintenance of the
Electronic Data Interchange (EDI) standards.

ASC X 12 has sponsored more than 315 X12-based EDI standards and a growing
collection of X12 XML schemas for health care, insurance, government,
transportation, finance, more.

X.121 An ITU standard for international address numbering.

X.21 - An ITU standard for a circuit-switching network.

X.25 - An ITU standard for an interface between a terminal and a packet-switching

network. X.25 was the first public packet-switching technology, developed by the
CCITT and offered as a service during the
1970s. It is still avail today, but a bit slow for some high-speed app's.

X.400 - An ITU standard for OSI messaging.

X.500 - An ITU standard for OSI directory services.

X.509 - Cryptography - In crypto, X.509 is an ITV-T standard for a public key

infrastructure (PKI) for a single sign on and Privilege Management Infrastructure
(PMI).

X.509 v3 - Version 3 of X.509 includes more flexibility than X.509, allowing the
use of other topologies like bridges and meshes.

X.75 - An ITU standard for packet switching between public networks.

XMAS scan - The attacker checks for TCP services by sending XMAS-tree packets,
which are named as such because all the "lights" are on meaning FIN, URG, and PSH
flags are set. XMAS scans send a packet with the FIN, URG, and PSH flags set. If
the port is open,
there is no response; but if the post is closed, the target responds with a
RST/ACK packet. XMAS scans work only on target systems that follow the RFC 793
implementation of TCP/IP and don’t work against any version of Windows.

XML-RPC server is a remote procedure call protocol which uses XML to encode its
calls and HTTP as a transport mechanism.

XMPP Extensible Messaging and Presence Protocol: iChat uses this

XSS Cross site scripting (XSS): abbrev for a security vulnerability whereby a
client can code and transmit to a remote server for remote execution of poss logic
bomb.

zombies secondary machines used in a DDoS attack.

Zone transfer Stands for DNS zone transfer: one type of database replication
mechanism used by a second server. It updates its database from the primary
database.