Cybersecurity and Networking Terms (ABC)

Terms you need to know

3-leg perimeter A type of DMZ where a firewall has three legs that connect to the LAN, the Internet, and the DMZ.

10 tape rotation A backup rotation scheme in which ten backup tapes are used over the course of two
weeks.

802.1X An authentication technology used to connect devices to a LAN or WLAN. It is an example of
port‐based network access control (NAC).

Acceptable use Often defined as a policy, acceptable use defines the rulesthat restrict how a computer,
network, or other system may be used.

Access control list (ACL) A list of permissions attached to an object. ACLsspecify whatlevel of access a user, users, or groups have to an object. When dealing with firewalls, an ACL is a set of rules that applies to a list of network names, IP addresses, and port numbers.

Access control model Specifies methodologies by which admission to physical areas and,more
importantly, computer systems, is managed and organized.

Access control mechanism Security safeguards designed to detect and deny unauthorized access and permit authorized access to an information system.

acceptable use policy (AUP) Identifies what users of a network are and are not allowed to do on that
network. For example, retrieving sports scores during working hours via an organization’s Internet
connection might be deemed inappropriate by an AUP. 

application layer (OSI model) Layer 7 of the OSI model, it provides application services to a network.
An important, and an often-misunderstood concept, is that end-user applications do not reside at the
application layer. Instead, the application layer supports services used by end-user applications. Another
function of the application layer is advertising available services.

application layer (TCP/ IP stack) Addresses concepts described by Layers 5, 6, and 7 (that is, the
session, presentation, and application layers) of the OSI model.

arp command Can be used in either the Microsoft Windows or the UNIX environment to see what a
Layer 2 MAC address corresponds to in a Layer 3 IP address.

asset management As related to networks, this is a formalized system of tracking network components
and managing the lifecycle of those components. 

Advanced Persistent Threat An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception). These objectives typically include establishing and extending footholds within the information technology infrastructure of the targeted organizations for purposes of exfiltrating information, undermining or impeding critical aspects of a mission, program, or organization; or positioning itself to carry out these objectives in the future. The advanced persistent threat: (i) pursues its objectives repeatedly over an extended period of time; (ii) adapts to defenders’ efforts to resist it; and (iii) is determined to maintain the level of interaction needed to execute its objectives.

Adversary Individual, group, organization, or government that conducts or has the intent to conduct detrimental activities.

Air gap An interface between two systems at which (a) they are not connected physically and (b) any
logical connection is not automated (i.e. data is transferred through the interface only manually,
under human control).

Alert Notification that a specific attack has been directed at an organization’s information systems.

Antivirus software A program that monitors a computer or network to identify all major types of malware and prevent or contain malware incidents.

Asset A major application, general support system, high impact program, physical plan, mission critical
system, personnel, equipment, or a logically related group of systems.

Attack An attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity, availability, or confidentiality.

Attack signature A specific sequence of events indicative of an unauthorized access attempt.

Attacker A party who acts with malicious intent to compromise an information system.

Audit Independent review and examination of records and activities to assess the adequacy of system controls, to ensure compliance with established policies and operational procedures, and to recommend necessary changes in controls, policies, or procedures.

Audit Log A chronological record of information system activities, including records of system accesses and operations performed in a given period.

Authority The aggregate of people, procedures, documentation, hardware, and/or software necessary to authorize and enable security-relevant functions

Availability Timely, reliable access to data and information services for authorized users.

Account expiration The date when a user’s account they use to log on to the network expires.

Accounting The tracking of data, computer usage, and network resources. Often it means logging,
auditing, and monitoring of the data and resources.

Active interception Normally refers to placing a computer between the sender and the receiver in an
effort to capture and possibly modify information.

Ad filtering Ways of blocking and filtering out unwanted advertisements; pop‐up blockers and content
filters are considered to be ad filtering methods.

Advanced Encryption Standard (AES) AnencryptionstandardusedwithWPAandWPA2.The
successor to DES/ 3DES and is another symmetric key encryption standard composed of three different
block ciphers: AES‐128, AES‐192, and AES‐256.

Adware Type of spyware that pops up advertisements based on what it has learned about the user.

Algorithms Well‐defined instructions that describe computations from their initial state to their final
state.

Anomaly-based monitoring Also known asstatistical anomaly‐basedmonitoring, establishes a
performance baseline based on a set of normal network traffic evaluations.

AP isolation Each client connected to the AP will not be able to communicate with each other, but they
can each still access the Internet.

Application black-listing A method of disallowing one or more applicationsfrom use.

Application firewall A firewallthat can controlthe traffic associated with specific applications. Works all the way up to the Application Layer of the OSI model.

application-level gateway (ALG) Applies security mechanisms to specific applications, such as FTP and/ or BitTorrent. It supports address and port translation and checks whether the type of application traffic is allowed.

application white-listing A method of restricting users to specific applications.

administrative distance (AD) A routing protocol’s index of believability. Routing protocols with a
smaller AD are considered more believable than routing protocols with a higher AD. 

Address Resolution Protocol (ARP) An ARP request is a broadcast asking for the MAC address
corresponding to a known IP address. An ARP reply contains the requested MAC address. 

ARP poisoning An attack that exploits Ethernet networks, and it may enable an attacker to sniff frames
of information, modify that information, or stop it from getting to its intended destination.
asymmetric key algorithm A type of cipher that uses a pair of different keys to encrypt and decrypt
data.

asymmetric encryption With asymmetric encryption, the sender and receiver of a packet use different
keys.

Asynchronous Transfer Mode (ATM) A Layer 2 WAN technology that interconnects sites using virtual circuits. These virtual circuits are identified by a pair of numbers, called the VPI/ VCI pair.

A virtual path identifier (VPI) identifies a logical path, which can contain multiple virtual circuits.

A virtual circuit identifier (VCI) identifies the unique logical circuit within a virtual path.
Authentication Header (AH) An IPsec protocol that provides authentication and integrity services.
However, it does not provide encryption services.

authentication server In a network using 802.1X user authentication, an authentication server
(typically, a RADIUS server) checks a supplicant’s credentials. If the credentials are acceptable, the
authentication server notifies the authenticator that the supplicant is allowed to communicate on a
network. The authentication server also gives the authenticator a key that can be used to securely
transmit data during the authenticator’s session with the supplicant. 

authenticator In a network using 802.1X user authentication, an authenticator forwards a supplicant’s
authentication request on to an authentication server. After the authentication server authenticates the
supplicant, the authenticator receives a key that is used to communicate securely during a session with
the supplicant.

Automatic Private IP Addressing (APIPA) Allows a networked device to self-assign an IP address from the 169.254.0.0/ 16 network. Note that this address is only usable on the device’s local subnet (meaning that the IP address is not routable). 

attack vector The path or means by which an attacker gains access to a computer.

audit trails Records or logs that show the tracked actions of users, regardless of whether the users
successfully completed the actions.

authentication When a person’s identity is confirmed. Authentication is the verification of a person’s
identity.

authorization When a user is granted access to specific resources after authentication is complete.
availability Data is obtainable regardless of how information is stored, accessed, or protected.

backdoors Used in computer programs to bypass normal authentication and other security
mechanisms in place.

back-to-back perimeter A type of DMZ where the DMZ islocated between the LAN and application‐
level gateway (ALG) Applies security mechanisms to specific applications, such as FTP and/ or BitTorrent. It supports address and port translation and checks whether the type of application traffic is allowed.

blackout When a total loss of power for a prolonged period occurs.

blanket purchase agreement (BPA) A service‐level agreement(SLA)that is reoccurring.

block cipher A type of algorithm that encrypts a number of bits as individual units known as blocks.
bluejacking The sending of unsolicited messages to Bluetooth‐enabled devices such as mobile phones
and tablets.

bluesnarfing The unauthorized access of information from a wireless device through a Bluetooth
connection.

Backups A copy of files and programs made to facilitate recovery if necessary.

Black-box testing A test methodology that assumes no knowledge of the internal structure and implementation detail of the assessment object. Also known as basic testing.

Blacklist A list of entities that are blocked or denied privileges or access.

Breach Compromise of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to protected information.

botnet A group of compromised computers used to distribute malware across the Internet; the
members are usually zombies.

broadcast storm When there is an accumulation of broadcast and multicast packet traffic on the LAN
coming from one or more network interfaces.

brownout When the voltage drops to such an extent that it typically causes the lights to dim and causes
computers to shut off.

baseline A collection of data portraying the characteristics of a network under normal operating
conditions. Data collected while troubleshooting can then be contrasted against baseline data.

Basic Rate Interface (BRI) A BRI circuit contains two 64-kbps B channels and one 16-Kbps D channel. Although such a circuit can carry two simultaneous voice conversations, the two B channels can be logically bonded together into a single virtual circuit (by using PPP’s multilink interface feature) to offer a 128-kbps data path.

basic service set (BSS) WLANs that have just one AP are called BSS WLANs. BSS WLANs are said to run in infrastructure mode because wireless clients connect to an AP, which is typically connected to a wired network infrastructure. A BSS network is often used in residential and SOHO locations, where the signal strength provided by a single AP is sufficient to service all of the WLAN’s wireless clients.

bit-error rate tester (BERT) When troubleshooting a link where you suspect a high bit-error rate (BER), you can use a piece of test equipment called a bit-error rate tester (BERT), which contains both a pattern generator (which can generate a variety of bit patterns) and an error detector (which is synchronized with the pattern generator and can determine the number of bit errors) and can calculate a BER for the tested transmission link.

black-hole router A router that drops packets that cannot be fragmented and are exceeding the MTU
size of an interface without notifying the sender.

block size The number of IP addresses in a subnet, including the subnet’s address and the subnet’s
directed broadcast address.

Bootstrap Protocol (BOOTP) A legacy broadcast-based protocol used by networked devices to obtain
IP address information.

Border Gateway Protocol (BGP) The only EGP in widespread use today. In fact, BGP is considered to
be the routing protocol that runs the Internet, which is an interconnection of multiple autonomous
systems. BGP is a path-vector routing protocol, meaning that it can use as its metric the number of
autonomous system hops that must be transited to reach a destination network, as opposed to the
number of required router hops.

borrowed bits Bits added to a classful subnet mask.

buffer overflow This attack occurs when an attacker leverages a vulnerability in an application, causing
data to be written to a memory area (that is, a buffer) that’s being used by a different application.

bus topology Typically, it uses a cable running through the area requiring connectivity, and devices to
be networked can tap into that cable.

butt set A piece of test equipment typically used by telephone technicians. The clips on a butt set can
connect to the tip and ring wires on a punch-down block (for example, a 66 block or a 110 block)
connecting to a telephone. This allows the technician to check the line (for example, to determine
whether a dial tone is present on the line and determine whether a call can be placed from the line). A device that looks similar to a phone but has a alligator clips that can connect to the various terminals used by phone equipment, enabling a person to listen in to a conversation

brute-force attack A password attack where every possible password is attempted.

business impact analysis The examination of critical versus noncritical functions, itis part of a business continuity plan (BCP).

CAM table The Content Addressable Memory table, a table that is in a switch’s memory that contains
ports  and  their  corresponding  MAC addresses.

CAPTCHA A type of challenge‐response mechanism used primarily in websitesto tell whether or not the user is human. Stands for Completely Automated Public Turing test to tell Computers and Humans
Apart.

certificate authority (CA) The entity (usually a server)thatissues digital certificatesto users.

certificate revocation list (CRL) A list of certificates no longer valid orthat have been revoked by the
issuer.

certificates Digitally signed electronic documents that bind a public key with a user identity.
chain of custody Documents who had custody of evidence allthe way up to litigation or a court trial (if
necessary) and verifies that the evidence has not been modified.

Challenge Handshake Authentication Protocol (CHAP) An authentication scheme used by the Point‐ to‐Point Protocol (PPP) that is the standard for dial‐up connections.

change management A structured way of changing the state of a computer system, network, or IT
procedure.

chromatic dispersion The refraction of light asin a rainbow. If light isrefracted in such a manner on
fiber‐optic cables, the signal cannot be read by the receiver.

cipher An algorithm that can perform encryption or decryption.

circuit-level gateway Works at the Session Layer of the OSI model and applies security mechanisms
when a TCP or UDP connection is established; acts as a go‐between for the Transport and Application
Layers in TCP/ IP.

closed-circuit television (CCTV) Avideosystem(oftenusedforsurveillance)thatmakesuseof
traditional coaxial‐based video components, but is used privately, within a building or campus.

cloud computing A way of offering on‐demand services that extend the capabilities of a person’s
computer or an organization’s network. 

Common Vulnerabilities and Exposures (CVE) A nomenclature and dictionary of security-related
software flaws.

Compromise A violation of the security policy of a system such that an unauthorized disclosure, modification, or destruction of sensitive information has occurred.

Confidentiality Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.

Continuous Monitoring Maintaining ongoing awareness to support organization risk decisions.

Critical infrastructure System and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.

Critical infrastructure Sector A logical collection of assets, systems, or networks that provide a common function to the economy, government, or society. 

Cryptography The use of mathematical techniques to provide security services such as confidentiality, data integrity, entity authentication, and data origin authentication

Cybersecurity Prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communications services, wirecommunication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and nonrepudiation.

cable certifier If you are working with existing cable and want to determine its category, or if you simply want to test the supported frequency range (and therefore data throughput) of the cable, you can 
use a cable certifier.

cable modem Attaches to the same coaxial cable (typically in a residence) that provides television
programming. A cable modem can use predetermined frequency ranges to transmit and receive data
over that coaxial cable.

cable tester A cable tester can test the conductors in an Ethernet cable. It contains two parts. By
connecting these parts of the cable tester to each end of a cable under test, you can check the wires in
the cable for continuity (that is, check to make sure that there are no opens, or breaks, in a conductor).
In addition, you can verify an RJ-45 connector’s pinouts (which are wires connected to the appropriate
pins on an RJ-45 connector).

campus-area network (CAN) An interconnection of networks located in nearby buildings (for example, buildings on a college campus).

carrier sense multiple access collision avoidance (CSMA/ CA) Just as CSMA/ CD is needed for half duplex Ethernet connections, CSMA/ CA is needed for WLAN connections because of their half-duplex operation. Similar to how an Ethernet device listens to an Ethernet segment to determine whether a frame exists on the segment, a WLAN device listens for a transmission on a wireless channel to determine whether it is safe to transmit. In addition, the collision-avoidance part of the CSMA/ CA
algorithm causes wireless devices to wait for a random backoff time before transmitting.

carrier sense multiple access collision detect (CSMA/ CD) Used on an Ethernet network to help
prevent a collision from occurring and to recover if a collision does occur. CSMA/ CD is only needed on half-duplex connections.

central office (CO) A building containing a telephone company’s telephone-switching equipment. COs
are categorized into five hierarchical classes. A Class 1 CO is a long-distance office serving a regional
area. A Class 2 CO is a second-level long-distance office; that is, it is subordinate to a Class 1 office. A
Class 3 CO is a third-level long-distance office. A Class 4 CO is a fourth-level long-distance office, which provides telephone subscribers access to a live operator. A Class 5 CO is at the bottom of the five-layer hierarchy and physically connects to customer devices in a local area. 

Challenge-Response Authentication Mechanism Message Digest 5 (CRAM-MD5) A common variant of HMAC frequently used in e-mail systems. Like CHAP, CRAM-MD5 only performs one-way
authentication (the server authenticates the client).

channel bonding With channel bonding, two wireless bands can be logically bonded together, forming a band with twice the bandwidth of an individual band. Some literature refers to channel bonding as 40-
MHz mode, which refers to the bonding of two adjacent 20-MHz bands into a 40-MHz band. 

DNSSEC: The Domain Name System Security Extensions (DNSSEC) is a feature of the Domain Name System (DNS) that authenticates responses to domain name lookups. It does not provide privacy protections for those lookups, but prevents attackers from manipulating or poisoning the responses to DNS requests.

To protect domains from spoofing and poisoning attacks, enable and configure DNSSEC in the following places:

The DNS zone. If you enable DNSSEC for a zone, Cloud DNS automatically manages the creation and rotation of DNSSEC keys (DNSKEY records) and the signing of zone data with resource record digital signature (RRSIG) records.

The top-level domain (TLD) registry (for example.com, this would be .com). In your TLD registry, you must have a DS record that authenticates a DNSKEY record in your zone. Do this by activating DNSSEC at your domain registrar.

The DNS resolver. For full DNSSEC protection, you must use a DNS resolver that validates signatures for DNSSEC-signed domains. You can enable validation for individual systems or your local caching resolvers if you administer your network's DNS services.

Provide the ability to validate DNS and denial of existence and provides data integrity for DNS. IT does not provide confidentiality or availability controls.

Question : User want to ensure that their internal DNS cannot be quires id by outside users. What DNS pattern user different internal and external DNS server to provide potentially different DNS responses to the users of these networks?

Answer: Split horizon DNS: This implementation deploys distinct DNS servers for two or more environments, ensuring that those environments receive DNS info appropriate to the DNS view that their clients should receive. 

Comments

Popular posts from this blog

Layered breakdown of major cybersecurity protections

Most Secure Backup Storage Technology for Data Integrity

The world of Hacking