security
3DES-Encrypt-Decrypt-Encrypt (3DES-EDE) The way 3DES encrypts plaintext.
802.1X (aka: EAP over IEEE 802, EAP over LAN) IEEE Standard for Port-based Network Access Control (PNAC). It is part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a LAN or WLAN. Wikipedia
Acceptable Use Policy (AUP) Defines what users may or may not do with regard to the network, website or information system. Wikipedia
Active Threat Level Analysis System (ATLAS) Tool from Arbor Networks used to view network threats. Website
Advanced Encryption Standard (AES) (aka: Rijndael) A type a data encryption. More efficient than DES. Three key lengths; 128, 192, and 256 bits. Can be used by IPsec to encrypt data. Symmetric cryptosystem. First published in 1998. Wikipedia
Advanced Encryption Standard - Cipher Block Chaining (AES-CBC) Used with IPsec Encapsulating Security Payload (ESP). Published September 2003. RFC 3602
Advanced Inspection and Prevention (AIP) Adds IPS capabilities to a Cisco ASA. Netacad
Advanced Inspection and Prevention Security Services Card (AIP-SSC) Netacad
Advanced Inspection and Prevention Security Services Module (AIP-SSM) Netacad
Anomaly-based intrusion detection Detects unusual network traffic patterns based upon a baseline of normal network traffic. Wikipedia
antivirus software (aka: anti-virus software or AV software) Typically host-based. Used to detect and remove viruses from computers. Does not prevent viruses from entering a system or system. Wikipedia Netacad
application firewall Filters Layers 3,4,5, and 7. Mostly done with software.
ARP poisoning Introducing false entries into a host’s APR cache. Allows an attacker to hide behind a fake IP address. Wikipedia
ASLEAP Exploit to Lightweight Extensible Authentication Protocol (LEAP). Released by Joshua Wright in early 2004. Wikipedia
asymmetric cryptography (aka: public-key cryptography) Cryptographic system uses two separate keys; public and private. Public keys only encrypt and private keys only decrypt. Handles authentication and encryption. Mostly used for transmitting session keys. Typically slower than symmetric algorithms. 512-4096 bits. (RSA, ElGamal, elliptic curves, and DH) Wikipedia
attack Attack = Motive (Goal) + Method + Vulnerability.
authentication Confirms the truth of an identification through credential validation. Passwords and PINs are simple forms of authentication. Ensures message is form who it claims to be from and that it was not forged. Wikipedia
Authentication Header (AH) (IP protocol 51) Member of the IPsec protocol suite. Provides connectionless data integrity, data authentication, and anti-Replay detection, but not data encryption. Supports HMAC-MD5 and HMAC-SHA-1. Can have problems with NAT. Wikipedia
Authentication Server (AS) (TACACS+ or RADIUS) Wikipedia
Authentication Service (AS) Part of Kerberos that provides the Ticket Granting Ticket (TGT).
Authentication, Authorization and Accounting (AAA) Family of protocols which mediate network access. Two AAA protocols include RADIUS and TACACS+. Both RADIUS and TACACS+ provide auditing of log files. Wikipedia
Authentication, Authorization, and Accounting with Secure Transport (AAAA) Wikipedia
Authorization Specifies access rights. Elements include separation of duties, rights, permissions and privileges, and the principle of least privilege. Wikipedia
Automatic Certificate Management Environment (ACME) Protocol for automating interactions between certificate authorities and their users' web servers, allowing the automated deployment of public key infrastructure at very low cost. Wikipedia
Bellman-Ford algorithm Used by RIP. Based on two algorithms developed in 1958 and 1956 by Richard Bellman and Lester Ford, Jr. Wikipedia
biometrics Human characteristics used for authentication such as a thumbprint or retina scan. Wikipedia
BitLocker Full drive encryption built into Windows. First included with Windows Vista Ultimate and Enterprise editions. Microsoft Virtual Academy Wikipedia TechNet
Blackhole exploit kit Wikipedia
blacklisting Technique used by an administrator to restrict access to a specific list of applications.
blanks Artificial data added to fill blocks in a block cipher.
block cipher Deterministic algorithm operating on fixed-length groups of bits, called a block, with an unvarying transformation that is specified by a symmetric key. Wikipedia
Blowfish Symmetric block cipher. Designed by Bruce Schneier in 1993. Wikipedia
Bluebugging Most serious variation of Bluetooth attacks. Attacker tries to take control of or use a Bluetooth-enabled phone to make unauthorized phone calls. Wikipedia
Bluejacking Sending unsolicited messages of files to a Bluetooth-enabled device. Wikipedia
Bluesnarfing Unauthorized access to information on a Bluetooth-enabled device. Wikipedia
brute-force attack Attempting many combonations to guess a password. Wikipedia
buffer overflow (aka: buffer overrun) When the fixed-length buffer reaches its limit and tries to write more data. Takes advantage of programming flaws that occur when data overwrites a program’s allocated memory address and enables arbitrary code execution. Can allow viruses, worms, and Trojans to cause damage. Wikipedia
Caesar cipher Simple substitution cipher. Wikipedia
carving Process of data recovery where residual info does not exist for restoration. Wikipedia
Certificate Revocation List (CRL) List of digital certificates that have been revoked by the issuing certificate authority (CA) before their scheduled expiration date and should no longer be trusted. Defined in RFC 5280 May 2008. Wikipedia RFC 5280
Challenge Handshake Authentication Protocol (CHAP) Performs a one-way authentication for a remote access connection. Authentication is performed through a three-way handshake (challenge, response, acceptance message) between a server and a client, without sending credentials across the network. Specified in RFC 1994, August 1996. Wikipedia RFC 1334 RFC 1994
Change on Write (COW) Wikipedia
checksum A redundancy check. Catches data transmition errors. Typically 32 or 64 bits. Wikipedia
Chief Information Security Officers (CISO)
Christmas Tree EXEC First widely disruptive computer worm. Discovered December 9, 1987. Wikipedia Malware Wiki
cipher An algorithm for encrypting and decrypting. Methods include: Transposition, Substitution, One-time pad. Wikipedia
Cipher Block Chaining (CBC) DES block cipher. Most widely used mode of DES. Invented by Ehrsam, Meyer, Smith and Tuchman in 1976. Wikipedia
CipherShed Encryption replacement for the late TrueCrypt. Wikipedia Website
Cisco Adaptive Security Device Manager (ASDM) Browser-based, Java applet used to configure and monitor the software on a Cisco ASA. Netacad
Cisco Adaptive Wireless IPS Software
Cisco AnyConnect Secure Mobility Solutions
Cisco ASA 5505 Firewall made by Cisco. Released August 31, 2006. EoL announced July 18, 2012. Website Wikipedia
Cisco ASA 5510 Firewall made by Cisco. Released May 4, 2005. Website Data Sheet
Cisco AutoSecure Can automatically configure CBAC, security banner, and enable secret password.
Cisco Encryption Technology (CET)
Cisco IronPort Email Security Appliance
Cisco IronPort Web Security Appliance
Cisco NAC appliance Cisco
Cisco NAC Appliance (formerly: Cisco Clean Access (CCA)) Network Admission Control (NAC) system developed by Cisco used to secure a computer network. Wikipedia Cisco
Cisco Network Admission Control (NAC) Allow access and enforces security policy
Cisco Network Foundation Protection (NFP) framework
| control plane | Routes data correctly. Protects against DoS attacks and provides bandwidth control. |
| management plane | Management traffic from Telnet, SSH, TFTP, FTP, NTP, AAA, SNMP, syslog, TACACS+, RADIUS, and NetFlow. |
| data (forwarding) plane | Forwards data. typically user generated data. |
Cisco ScanSafe Cloud Web Security
Cisco Secure Access Control System
Cisco SecureX architecture
| Delivery Mechanisms | |
| Next-generation Endpoint | |
| Policy Management Consoles | |
| PScanning Engines | |
| Security Intelligence Operations (SIO) | Cloud-based service that connects global threat information. |
Cisco Talos One of the largest commercial threat intelligence teams in the world. Website Cisco
Cjdns Network protocol. Wikipedia Website
closed port Nmap port state that does not allow entry or access to a service. A closed port is accessible (it receives and responds to Nmap probe packets), but there is no application listening on it. Not vulnerable to an attack. Website
closed|filtered Nmap port state. This state is used when Nmap is unable to determine whether a port is closed or filtered. It is only used for the IP ID idle scan. Nmap
Code Red Computer worm. Released July 13, 2001. Isolation July 15, 2001. Wikipedia.
collision When two distinct pieces of data have the same hash value. Wikipedia
Common Vulnerabilities and Exposure (CVE) Database of security vulnerabilities. Website Wikipedia
community strings Plaintext passwords. Two types; read-only (ro) and read-write (rw).
CompTIA Cybersecurity Analyst (CSA+) Released February 15, 2017. Website
CompTIA Security+ Released May 1, 2014. Website
Computer Emergency Response Team (CERT) [aka: Computer Emergency Readiness Team, Computer Security Incident Response Team (CSIRT)] Expert group that handles computer security incidents. USA CERT created by the Defense Advanced Research Projects Agency (DARPA) and run by the Software Engineering Institute (SEI) at the Carnegie Mellon University. CERT name first used in 1988 by the CERT Coordination Center (CERT-CC) at Carnegie Mellon University (CMU). SEI Website Wikipedia
confidentiality (encryption) Message can't be read.
containerization (aka: Operating-system-level virtualization) Used to isolate an application. Containers run a single program and all its dependencies. Wikipedia
Content Security and Control (CSC) Adds anti-malware capabilities to a Cisco ASA. Website Netacad
Content Security and Control Security Services Module (CSC-SSM) Netacad
Context-Based Access Control (CBAC)
corrective controls (after the event) Limit the extent of any damage caused by the incident e.g. by recovering the organization to normal working status as efficiently as possible. Wikipedia
Counter Mode CBC-MAC Protocol (CCMP) Wikipedia
Cross-Site Scripting (XSS) Security vulnerability typically found in web applications. Allows attackers to inject client-side scripts into web pages viewed by other users. May be used by attackers to bypass access controls such as the same-origin policy. Wikipedia
cryptanalysis Cracking code. Necessary to prove an algorithm is not vulnerable. Netacad
cryptographic key symmetric keys, digital signatures, hash keys.
cryptographic keys Several types of cryptographic keys can be generated including:
| Symmetric keys | Can be exchanged between two routers supporting a VPN |
| Asymmetric keys | Used in HTTPS applications |
| Digital signatures | Used when connecting to a secure website. |
| Hash keys | Used in symmetric and asymmetric key generation, digital signatures |
cryptography Wikipedia Khan Academy
CryptoLocker ransomware trojan Wikipedia
cryptology The science of making and breaking secret codes. Wikipedia
Cyclic Redundancy Check (CRC) Similar to a hash. Wikipedia
Data Encryption Standard (DES) Symmetric encryption algorithm, usually encrypted with a block cipher. The key is 64-bits long, but only 56 bits are used for encryption. Can be used by IPsec to encrypt data. Published as FIPS standard FIPS PUB 46 January 15, 1977. Wikipedia Netacad
data integrity (checksum) Maintenance of, and the assurance of the accuracy and consistency of data over its entire life-cycle, and is a critical aspect to the design, implementation and usage of any system which stores, processes, or retrieves data. The term is broad in scope and may have widely different meanings depending on the specific context – even under the same general umbrella of computing. Wikipedia
Demilitarized Zone (DMZ) Section of a network containing servers that must connect to an external network, such as the internet. Wikipedia Netacad
Denial of Service (DoS) A DoS attack works by continuously sending packets of unexpected size or unexpected data. This results in interruption of service to users. Wikipedia Netacad
DESCHALL First group to publicly crack the Data Encryption Standard (DES). Announced June 18, 1997. Wikipedia This Day in Tech History
detective controls (during the event) Identify and characterize an incident in progress e.g. by sounding the intruder alarm and alerting the security guards or police. Wikipedia
Diameter protocol Wikipedia
Diffie–Hellman key Exchange (DHE) (aka: Diffie-Hellman (DH)) Key negotiation and agreement protocol used in public key cryptography. Asymmetric algorithm used to create shared keys. Does not provide encryption but is used to establish the secret key between two parties. First published by Whitfield Diffie and Martin Hellman in 1976.
| DH1 | (Legacy) 768 bit key. |
| DH2 | (Legacy) 1024 bit key |
| DH5 | (Legacy) 1536 bit key |
| DH7 | |
| DH14 | 2048 bit key |
| DH15 | 3072 bit key |
| DH16 | 4096 bit key |
| DH19 | supports Elliptical Curve Cryptography |
| DH20 | supports Elliptical Curve Cryptography |
| DH24 | supports Elliptical Curve Cryptography |
digest Fixed length output "thumbprint" for the data being hashed. Wikipedia
digital certificate (aka: public key certificate) Includes the public key, digital signature, and verification from a third party. Wikipedia YouTube (itfreetraining)
digital certificates Exchanged to authenticate peers
digital signature (aka: hash) Mathematical method used to check the authenticity and integrity of a message, digital document, or software. Gives a recipient reason to believe that the data was created by a known sender (authentication), that the sender cannot deny having sent the data (non-repudiation), and that the data was not altered in transit (integrity). Used when connecting to a secure website. Can be used as an alternative to HMAC. Wikipedia
Digital Signature Algorithm (DSA) (authentication) Federal Information Processing Standard (FIPS) for digital signatures, based on the mathematical concept of modular exponentiation and the discrete logarithm problem. DSA is a variant of the Schnorr and ElGamal signature schemes. DSA signature generation is faster than DSA signature verification. Attributed to David W. Kravitz. Filed under U.S. Patent 5,231,668 July 26, 1991. Adopted by the U.S. government in 1993 with FIPS 186. Wikipedia
Digital Signature Standard (DSS)
Dijkstra's algorithm Used in OSPF.
Direct Memory Access (DMA) attack
Dirty Change on Write (Dirty COW) (aka: CVE-2016-5195) Linux kernel vulnerability. Linux.com Red Hat
Distributed Denial of Service (DDoS) A DDoS attack is similar to a DoS attack but originates from multiple sources. Wikipedia Network
DNS poisoning (DNS spoofing) Attack that introduces erroneous or malicious entries into a DNS server’s zone file or a server’s hostname-to-IP address cache, intending to misdirect DNS resolution requests. Wikipedia
Dynamic ACL Cisco
Dynamic Multipoint VPN (DMVPN) Wikipedia Cisco (DMVPN) Cisco (Configure DMVPN using GRE over IPSec between Multiple Routers) YouTube (Keith Barker)
EAP Flexible Authentication via Secure Tunneling (EAP-FAST) Designed to address the weaknesses of LEAP while preserving the "lightweight" implementation. Defined in RFC 4851 May 2007. Wikipedia RFC 4851
EAP Transport Layer Security (EAP-TLS) Can handle an entire TLS. Needs server and client certificates. Wikipedia
EAP Tunneled Transport Layer Security (EAP-TTLS) Uses the TLS exchange method. Only requires server certificates. Wikipedia
EAP-MD5 Takes passwords and hashes them into a MD5 hash. Basically MSCHAP. Wikipedia
Electronic CodeBook (ECB) (legacy) The simplest of the encryption modes. Message is divided into blocks, and each block is encrypted separately. Always has the same output. Used as a block cipher in DES. Wikipedia
elements of risk Threat actors initiate threats, which in turn exploit vulnerabilities.
Elliptic Curve Digital Signature Algorithm (ECDSA)
Elliptic-Curve Cryptography (ECC) Public key cryptography protocol used for encryption as well as digital signatures and key exchange. Reduces the time needed to generate keys. Often used on small mobile devices, due to its low power and computing requirements. Wikipedia
Email Security Appliance (ESA)
Encapsulating Security Payload (ESP) Provides data authentication and data encryption.
Encapsulation Security Protocol (ESP) Provides data authentication and data encryption in tunnel mode (adds a new IP header to the original encrypted header). Does not provide integrity and authentication for the entire IP packet in transport mode (keeps the original IP address). Wikipedia
Encrypting File System (EFS) Filesystem-level encryption used to incrypt individual files and folders. This does not encrypt the entire device like BitLocker. Wikipedia
encryption Scrambling data so it can't be read unless it is unencrypted. Cisco
Endpoint security Each device manages its own security. Wikipedia Texport Technologies
ESP header Same header as HMAC but encrypted with DES, 3DES, or AES. [ AES { Authentication Header | TCP header | data | IP address }] Wikipedia
evil twin A fraudulent wireless access point that appears to be legitimate, set up to eavesdrop on wireless communications. Wireless LAN equivalent of the phishing scam. Wikipedia
extended ACL permit or deny traffic based on Layer 3 and Layer 4 (protocol type, source and destination ip, and source and destination TCP or UDP ports). Should be placed close to the source. Extended numbered ACLs can use numbers 100-199 and 2000-2699 (798 total).
Extended TACACS (XTACACS) Proprietary extension to TACACS. Both TACACS and XTACACS allow a remote access server to communicate with an authentication server to determine if the user has access to the network. Introduced by Cisco Systems without backwards compatibility to the original protocol in 1990. Wikipedia
Extensible Authentication Protocol (EAP) Authentication framework created as a better authentication method to PPP. Proposed as a standard in RFC 2284, March 1998. Wikipedia RFC 3748 RFC 5247 RFC 7057 RFC 2284
False Acceptance Rate (FAR) (aka: Type II error) Incorrectly granting access to an unauthorized user.
False Rejection Rate (FRR) (aka: Type I error) Denying access to a legitimate authorized user. Webopedia
File Transfer Protocol Secure (FTPS) (aka: FTPES, FTP-SSL) Secure version of FTP that runs over SSL or TLS connections. Wikipedia
filtered port Nmap port state that might indicate that a firewall is being used. Nmap cannot determine whether the port is open because packet filtering prevents its probes from reaching the port. Nmap
firewall Separates protected areas from non-protected areas. Filters incoming and outgoing traffic. Software or hardware based. Different types include packet filtering, stateful, or application layer firewall. Wikipedia
first responder Responsible for:
| Securing the scene |
| Notifying the incident response team |
| Determining the scope and impact |
forward proxy Hides the clients from the server by forwarding the message to the server. Can be configured for caching content filtering, and firewall capability. Wikipedia
fping Ping sweep tool used to ping multiple IP addresses simultaneously. First published by Roland Schemers in 1992. Website Wikipedia
FTP bounce attack Security attack that leverages the PORT command.
fuzzing (aka: fuzz testing) Application vulnerability testing technique that sends invalid or unexpected data to the application, with the intent to see if any security vulnerabilities exist. Wikipedia
Global Data Protection Regulation (GDPR) Regulation in the European Union (EU) to strengthen and unify data protection. Adopted April 27, 2016. Enforceable May 25, 2018. Wikipedia
hash (aka: message digest) Function that can be used to map data of arbitrary size to data of fixed size. Essentially, a number generated from a string of text. A given input will always generate the same output (deterministic algorithm). In networking, it ensures messages did not change in transit. Similar to a Cycle Redundancy Check (CRC), only stronger. Hard to reverse (one-way hash) but is not encryption. Typically 128 bit or longer output. Examples include MD5 and SHA. Wikipedia Netacad
Hash-Based Message Authentication Code (HMAC) (aka: Keyed-Hash Message Authentication Code [KHMAC]) Data integrity algorithm guaranteeing the integrity of a message. Adds a secret key to the hash function. Wikipedia
Heartbleed OpenSSL bug. Wikipedia
HMAC Header { Authentication Header | TCP header | data | IP address } Wikipedia
HMAC-Message Digest 5 (HMAC-MD5) (Legacy) 128-bit shared-secret key and hash.
HMAC-Secure Hash Algorithm 1 (HMAC-SHA-1) 160-bit secret key and hash.
Honeypot-based detection Decoy setup on the network to make a hacker think they get away with infecting a system or stealing information. Wikipedia
hping Command-line TCP/IP packet assembler/analyzer. Tool used by security testers to bypass filtering devices by injecting modified IP packets. Developed by Salvatore Sanfilippo. Website Wikipedia sectools.org
HTML attachment File often sent by email that can contain malicious code and can be downloaded and executed on a client’s computer. When a user clicks the attachment, it opens a browser session and could open a malicious web site. Netcraft
Hypertext Transfer Protocol Secure (HTTPS) (port 443) A more secure form of HTTP that encrypts data with either Transport Layer Security (TLS) or Secure Sockets Layer (SSL) protocols. Wikipedia EFF
Identification Verify identity.
IMAP Secure (IMAPS) (port 993) Operates over SSL or TLS. Wikipedia
impact Harm caused by a threat. Can be measured in two ways: quantitative or qualitative.
implicit deny Part of an ACL that will block any traffic that has not been allowed by the end of the list.
Incident Response Life Cycle
| Preparation | |
| Detection and analysis | |
| Containment, eradication, and recovery | |
| Post-incident activity |
Information Security (InfoSec) Integrity, availability, authentication, non-repudiation. Wikipedia
Information Security Operations Center (ISOC) (aka: SOC) Facility where Enterprise Information Systems (EIS) are monitored, assessed, and defended. Wikipedia
Initialization Vector (IV) Fixed-size input to a cryptographic primitive that is typically required to be random or pseudorandom. Involves attempting to break WEP keys by targeting their weak IV’s. Wikipedia
insurance Method of risk transference where the organization pays a premium for the insurance company to assume the risk. If a disaster event occurs, the organization is paid for its losses.
International Data Encryption Algorithm (IDEA) [originally called Improved Proposed Encryption Standard (IPES)] Symmetric-key block cipher. Intended as a replacement for the Data Encryption Standard (DES). IDEA is a minor revision of an earlier cipher Proposed Encryption Standard (PES). Designed by James Massey of ETH Zurich and Xuejia Lai and was first described in 1991. Wikipedia
Internet Key Exchange (IKE) (UDP port 500, RFC 2409) Used to set up a security association (SA) in the IPsec protocol suite to authenticate users and devices. Builds on the Oakley protocol and ISAKMP. Uses X.509 certificates for authentication. Several types of authentication: username, password, one-time password, biometrics, PSK, and digital certificates. Originally defined by the IETF in RFC 2407, RFC 2408 and RFC 2409 November 1998. Wikipedia RFC 2407 RFC 2408 RFC 2409
Internet Protocol Security (IPsec) Framework of open standards defining how a VPN can be configured and secured. Provides data integrity, peer authentication, data confidentiality (encryption). Not bound to any encryption, authentication, security algorithms, or keying technology. Uses Authentication Headers (AH), Encapsulating Security Payloads (ESP), and Security Associations (SA) as part of its security architecture. The Cisco IPsec implementation uses DES and 3DES in Cipher Block Chaining (CBC) mode. Works at the network layer (Layer 3) encapsulating IP packets. Uses a plaintext Layer 3 header to allow for routing compatibility. When configuring, a few basic parts must be provided: IPsec protocol, confidentiality, integrity, authentication, and secure key exchange. Wikipedia
Internet Protocol Security (IPsec) Confidentiality encrypts traffic so it can not be read. (encryption if ESP: DES, 3DES, AES, SEAL)
Internet Protocol Security (IPsec) Configuration Steps: ACLs, ISAKMP (IKE) policy, IPsec transform set, crypto ACL, crypto map.
- //ACLs: permit AH, ESP, and ISAKMP on an IPsec interface while denying any other unnecessary traffic
- Router(config)#
access-list (acl) permit ahp (source) (wildcard) (destination) (wildcard) - Router(config)#
access-list (acl) permit esp (source) (wildcard) (destination) (wildcard) - Router(config)#
access-list (acl) permit udp (source) (wildcard) (destination) (wildcard) eq isakmp - Router(config)#
interface s0/0/0 - Router(config-if)#
ip access-group (acl) in
- //example IKE Policy
- Router(config)#
crypto isakmp policy integer 1-10,000/*1 = highest priority*/ - Router(config-isakmp)#
authentication pre-share - Router(config-isakmp)#
encryption des - Router(config-isakmp)#
group 1 - Router(config-isakmp)#
hash md5/*If hash is not specified, will use SHA*/ - Router(config-isakmp)#
lifetime 86400
- //Pre-Shared Keys
- Router(config)#
crypto isakmp key (keystring) address (peer-address) - Router(config)#
crypto isakmp key (keystring) hostname (hostname) - //example
- Router(config)#
crypto isakmp key cisco123 address 172.30.1.2 - Router(config)#
crypto isakmp key cisco123 address 172.30.2.2
- //IPsec Transform Set
- Router(config)#
crypto ipsec transform-set (transform-set-name) (tranform1) (transform2) (transform3) (transform4) - //example
- Router(config)#
crypto ipsec transform-set VPN-SET esp-aes 256 esp-sha-hmac
- //Crypto ACL
- Router(config)#
access-list (acl) {permit | deny} (protocol) (source) (source-wildcard) (destination) (destination-wildcard) - //example
- Router(config)#
access-list 110 permit tcp 10.0.1.0 0.0.0.255 10.0.2.0 0.0.0.255
- //Crypto Map
- Router(config)#
crypto map (map-name) (seq-num) ipsec-manual - Router(config)#
match address (access-list) - Router(config)#
set [peer | pfs | transform-set | security-association] - Router(config)#
interface (interface-id) - Router(config-if)#
crypto map MYMAP - //example
- Router(config)#
crypto map CMAP 10 ipsec-isakmp - Router(config-crypto-map)#
match address 110 - Router(config-crypto-map)#
set peer 172.30.2.2 default - Router(config-crypto-map)#
set peer 172.30.3.2 - Router(config-crypto-map)#
set pfs group1 - Router(config-crypto-map)#
set transform-set mine - Router(config-crypto-map)#
set security-association lifetime seconds 86400
Internet Protocol Security (IPsec) Integrity Message is not intercepted. (MD5, SHA)
Internet Protocol Security (IPsec) protocol (AH, ESP, ESP+AH)
Internet Protocol Security (IPsec) Secure key exchange DH algorithm group
Internet Security Association and Key Management Protocol (ISAKMP) Creates a Security Association (SA) between two hosts. Defined in RFC 2408 November 1998. Wikipedia RFC 2408
IPS A set of rules that an IDS and an IPS use to detect typical intrusion activity, such as DoS attacks. Cisco
IPS Atomic Signature simplest type of IPS signature
IPsec transform sets IPsec security parameters. (AH or ESP plus the associated algorithm.)
ISACA Risk IT Framework Website
jamming The act of intentionally interfering with the signal of a wireless network. Often part of a DoS attack.
JSON Web Encryption (JWE) Encryption using JSON-based data structures. Published May 2015. RFC 7516
Kerberos Network authentication protocol used to authenticate to Windows domain controllers. Works on the basis of "tickets" to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Wikipedia
key Variable that is combined with an algorithm to transform data from plaintext to cipher text for encryption. Can also be used in other cryptographic algorithms, such as digital signature schemes and message authentication codes. Wikipedia
Key Distribution Center (KDC) Domain Controller with Kerberos. Two main parts; Authentication Service and the Ticket Granting Service. (TCP and UDP 88). Wikipedia
Key Reinstallation AttaACK (KRACK) Website Wikipedia
Kismet Network detector, packet sniffer, and intrusion detection system for 802.11 wireless LANs. Can be expanded via plug-ins to handle other network types. Developed by Mike Kershaw (dragorn). Website Wikipedia
L2TP/IPsec (UDP port 1701) Layer Two Tunneling Protocol (L2TP) running through an IPsec tunnel for security. Standardized in IETF RFC 3193 November 2001. Wikipedia RFC 3193
Layer 2 Tunneling Protocol (L2TP) (UDP ports 500 and 4500) Tunneling protocol similar to PPTP used to support Virtual Private Networks (VPNs). L2TP does not provide confidentiality or strong authentication by itself but is often used with IPsec to provide encryption. The combination of these two protocols is generally known as L2TP/IPsec. Published as proposed standard RFC 2661 August 1999. Wikipedia RFC 2661 Cisco
least privilege concept A process should never be given more privilege than necessary.
legal and regulatory or compliance controls e.g. privacy laws, policies and clauses. Wikipedia
Let's Encrypt Free, automated, and open Certificate Authority. Website Wikipedia
Lightweight Extensible Authentication Protocol (LEAP) (deprecated) Basically EAP, with a password, in a TLS tunnel. Developed by Cisco Systems prior to the IEEE ratification of the 802.11i security standard. No longer used in favor of more secure protocols such as EAP-FAST, PEAP, or EAP-TLS. Wikipedia
likelihood Level of certainty that something will happen, typically measured over the course of a year. Can be measured in two ways: quantitative or qualitative.
Local Area Network Denial (LAND) Type of DoS attack. Wikipedia
logic bomb Wikipedia
login local Uses a username and password from a local database to login.
low risk May be accepted without mitigation or requires little mitigation.
MAC address spoofing Technique for impersonating a different address then factory-assigned on a NIC. Since MAC addresses can be spoofed, examining MAC filtering logs may not provide any indication of an unauthorized host. Wikipedia
MafiaBoy Launched a series of DoS attacks. Wikipedia
main memory Typically RAM in modern computers. Wikipedia
malicious software (malware) Unwanted code with malicious intent. Wikipedia
masking Replaces sensitive information with nonsensitive information. After replacement, the nonsensitive version looks and acts like the original.
maximum password age Requires a user to change their password after a certain amount of time.
Melissa Mass-mailing macro virus. Not considered as a worm as it was not a standalone program. Released by David L. Smith sometime around March 26, 1999. Wikipedia
Meltdown Vulnerability in Intel and ARM processors. Reported January 3, 2018. Website Wikipedia ZDNet The Verge (Processor flaw exposes 20 years of devices to new attack) The Verge (How to protect your PC against the major 'Meltdown' CPU security flaw)
Message Authentication Code (MAC) Wikipedia
message digest (hashing algorithm)
| MD2 | |
| MD4 | Basis for MD5 and SHA-1. |
| MD5 | Algorithm used by IPsec, EIGRP, RIPv2, EIGRP, OSPF, IS-IS, and BGP for authentication. Uses a 128-bit shared secret key. |
| MD6 |
Message-Digest Algorithm 4 (MD4) Cryptographic hash function. Developed by Ronald Rivest in 1990. First full collision attack against MD4 was published in 1995. Wikipedia
Message-Digest Algorithm 5 (MD5) Widely used hash function producing a 128-bit hash value. Used as a checksum to verify data integrity, but only against unintentional corruption. Initially designed as a cryptographic hash function but its security has been compromised due to extensive vulnerabilities. Designed by Ronald Rivest in 1991 to MD4. Published in RFC 1321 April 1992. Wikipedia
minimum password age User must wait a certain amount of time before they are allowed to change passwords.
minimum trust Access should not be granted unnecessarily or unconditionally. Netacad
monoalphabetic substitution cipher (Caesar cipher) Wikipedia
NAC framework Cisco
NAT firewall Expands IP address range and hides addressing scheme. One of the first NAT filrewalls was the PIX firewall developed in 1994 and later bough by Cisco. Wikipedia (Cisco PIX)
network attack Can be unofficially categorized into three major categories:
| Reconnaissance |
| Access |
| DoS |
Network Cloaking Hiding a network's Service Set Identifier (SSID) by disabling broadcasting. Not recommended as a way to secure a network. Wikipedia
Network Intrusion Detection System (NIDS) Type of Intrusion Detection System (IDS). Wikipedia
Next Generation Encryption (NGE) Cisco
Nimda Internet's fastest spreading worm. Wikipedia
NIST SP 800 30 framework Guide for conducting risk assessments. Rev. 1 published September 2012. Website Wikipedia
NIST SP 800-37 Guide for applying the risk management framework. Website
NIST-approved digital signature algorithms NIST chooses approved algorithms based on public key techniques and ECC. The digital signature algorithms approved are DSA, RSA, and ECDSA.
Nmap (Network Mapper) Free and open source port scanning utility used for network discovery and security auditing. Written by Gordon Lyon. Published September 1997. Website Wikipedia
nonce Wikipedia
Null scan Nmap TCP scan with all the packet flags are turned off. Does not set any bits (TCP flag header is 0). Nmap
Object Group-Based ACL Csico
Offensive Security Certified Professional (OSCP) Website Wikipedia
One-time pad Wikipedia
one-time password (OTP) Wikipedia
Online Certificate Status Protocol (OCSP) Used to obtain the revocation status of digital certificates in public keys. Alternative to Certificate Revocation Lists (CRL) that enables clients to request and receive the electronic status of digital certificates automatically in real-time. Described in RFC 6960 June 2013. Wikipedia RFC 6960
open port Nmap port state that allows access to applications. An application is actively accepting TCP connections, UDP datagrams or SCTP associations on this port. Finding these is often the primary goal of port scanning. Nmap
OpenPGP Most widely used email encryption standard in the world. Created by Phil Zimmermann in 1991. Website
OpenVAS (Open Vulnerability Assessment System, originally known as GNessUs) Open Source vulnerability scanner and manager forked from Nessus. Functions much like a database server, performing complex queries while the client interfaces with the server to simplify reporting and configuration. Began under the name of GNessUs as a fork of Nessus October 2005. Website Wikipedia
open|filtered Nmap port state. Nmap places ports in this state when it is unable to determine whether a port is open or filtered. This occurs for scan types in which open ports give no response. Nmap
packet filtering firewall Filters layer 3 and layer 4. SearchNetworking
packet monkey Derogatory term referring to people who copy code from knowledgeable programmers instead of creating the code themselves.
Paralyze When actual damage is done to the system.
Password Authentication Protocol (PAP) Wikipedia RFC 1334
pcAnywhere Suite of computer programs by Symantec for remote access. Operates on ports 65301, 22, 5631, and 5632. Originally developed by Dynamic Microprocessor Associates in 1986. Wikipedia
Penetrate Malicious code is sent to the host.
penetration test (pen test) Authorized simulated attack on a computer system, performed to evaluate the security of the system. Wikipedia
Persist Ensures the malicious code is running even after reboot. May need to change system files to achieve this.
Personal Information Number (PIN) Form of authentication.
Petya (aka: NotPetya, GoldenEye) Malware. Seen as early as March 2016. Major attack targeting Ukraine occurred June 27, 2017. Wikipedia
phone freaking (phreaking) Faking the tones for long distance calls on an analog telephone network. Began in the United States during the 1950s. Wikipedia Netacad
physical controls e.g. fences, doors, locks and fire extinguishers. Wikipedia
Point-to-Point Tunneling Protocol (PPTP) (TCP port 1723) Type of VPN protocol that uses PPP for the tunnel. No real form of authentication, just a password. Only very basic encryption. Oldest VPN protocol. Wikipedia
poison reverse Wikipedia
poisonous packet A type of DoS attack. An improperly formatted packet that causes the destination device to slow down or crash.
port scan Method of finding out which services a host computer offers. Wikipedia
Potentially Unwanted Program (PUP)
preventive controls (before the event) intended to prevent an incident from occurring e.g. by locking out unauthorized intruders. Wikipedia
private key (aka: symmetric encryption)Anyone can encrypt a message with the receiver’s public key, but it can only be decrypted with the receiver’s private key. Effective security only requires keeping the private key private; the public key can be openly distributed without compromising security. Can be used for nonrepudiation to ensure only the person with the private key could have encrypted the message. Anyone who possesses the public key can then decrypt it. Wikipedia
privilege escalation Wikipedia
Probe Vulnerable computers are identified. ICMP is used to map the network. Passwords are obtained by social engineering, brute-force attacks, dictionary attacks, or packet sniffing.
procedural controls e.g. incident response processes, management oversight, security awareness and training. Wikipedia
Propagate Sending the malicious code to other devices. This could be through email, FTP, IRC, or other ways of file sharing.
Protected Extensible Authentication Protocol (PEAP) (aka: Protected EAP) Encapsulates the Extensible Authentication Protocol (EAP) within an encrypted and authenticated Transport Layer Security (TLS) tunnel. Uses TLS to authenticate the server to the client but not the client to the server. Wikipedia Quizlet
proxy server Acts as an intermediary for requests from clients seeking resources from other servers. May reside on the user's local computer, or at various points between the user's computer. Wikipedia
Psyb0t (aka: Network Bluepill) Computer worm thought to be unique in that it can infect routers and high-speed modems. Discovered in January 2009. Wikipedia
public key Used in asymmetric cryptography to encrypt. Wikipedia
Public Key Infrastructure (PKI) Manages digital certificates. Two major parts: certificate and certificate authority. Wikipedia
qualitative impact How will this impact the company image?
qualitative likelihood Not easily measured. (i.e. customer satisfaction)
quantitative impact How much will this cost in time and money by being down?
quantitative likelihood (i.e. percentage chance of a power supply failing.)
rabbit virus (fork bomb) Wikipedia
RACE Integrity Primitives Evaluation Message Digest (RIPEMD) (128, 160, 256, and 320-bit digests) Open standard family of cryptographic hash functions. Based on MD4 and is similar in performance to SHA-1. Not very common. Developed in Leuven, Belgium, by Hans Dobbertin, Antoon Bosselaers and Bart Preneel at the COSIC research group at the Katholieke Universiteit Leuven, and first published in 1996. Wikipedia
RADIUS client Gateway separating what is needed to be authenticated and those trying to authenticate. Wikipedia
RADIUS supplicant Person or device trying to be authenticated. Wikipedia
Rail fence cipher Words are spelled out as if they were a rail fence. Wikipedia Netacad
RC Algorithms
| RC1 | Never published. |
| RC2 | Variable key-size block cipher that was designed as a 'drop-in' replacement for DES. |
| RC3 | |
| RC4 | World's most widely used stream cipher. |
| RC5 | |
| RC6 |
reconnaissance attack Gathers information about devices on the network and scans for access. This can include the use of packet sniffers and port scanners. Netacad Wikipedia
Recovery Point Objective (RPO) Maximum allowable amount of data (measured in time) an organization can afford to lose in an incident. I.E. the RPO for XYZ Company may be 4 hours. Wikipedia
refactoring Process of restructuring existing computer code (changing the factoring) without changing its external behavior. A refactored file will work correctly but might also perform other malicious actions. Man in the Middle (MITM) might be the result of the refactor, but is not the threat itself. Wikipedia
Reflexive ACL Allow packets to be filtered based on upper-layer session information. Csico
Remote Access Trojan (RAT) Malicious software that is typically unknowingly installed which opens a back door for hackers. Notable examples include: Back Orifice, NetBus, iControl, PoisonIvy, Sub Seven, Beast Trojan, Bifrost, Blackshades, and DarkComet. Wikipedia
Remote Authentication Dial-In User Service (RADIUS) (UDP ports 1812, 1813,1645) Form of AAA used for authentication and network access. Does not handle authorization like TACACS+. Can use usernames and passwords from a variety of locations including on another server. Wikipedia
remote-access VPN Connects individual users to a corporate network. Dynamic Wikipedia
replay attack Reusing intercepted non-secure credentials to gain access to a system or network.
residual risk What risk remains after all mitigation and reduction strategies have been implemented.
reverse proxy Hides the server and can provide load balancing and caching for high activity pages. Wikipedia
Rijndael block cipher Developed by Joan Daemen and Vincent Rijmen.
risk acceptance Risk response where the likelihood and the impact are less than the cost of mitigation. Level of risk the management authority chooses to accept with or without mitigations in place.
risk assessment (aka: risk identification) Evaluating probability and impact. Consists of a vulnerability assessment and a threat assessment. Threats + Vulnerability = Risk. Wikipedia
risk avoidance Risk response where the likelihood and the impact are so high that it is not dealt with. (i.e. not collecting PII because if it leaked, you could no longer do business.)
risk management framework
| categorize |
| select |
| implement |
| assess |
| authorize |
| monitor |
| (repeat) |
risk mitigation Risk response that reduces risk to a lower level.
risk response Process of how to handle risks. The four parts are:
| transference |
| mitigation |
| acceptance |
| avoidance |
risk transference Type of risk response where some of the risk, likelihood, and impact is offloaded to a third-party. (i.e. cloud hosting.)
Rivest Cipher 4 (RC4) (aka: Alleged RC4 (ARC4), ARCFOUR) (1 round, 40-2048 bit key) Stream cipher popularized by its speed and simplicity. Part of some commonly used encryption protocols and standards, such as WEP, WPA, SSL, and TLS. Designed by Ron Rivest in 1987. Initially a trade secret, but in September 1994 a description of it was anonymously posted to the Cypherpunks mailing list. Prohibited for all versions of TLS by RFC 7465 in 2015, due to the RC4 attacks weakening or breaking RC4 used in SSL/TLS. Wikipedia
Rivest-Shamir-Adleman (RSA) One of the most common asymmetric algorithms in public key cryptography. Typically used to generate digital signatures. Keys are usually 512 to 2048 bits. Acronym is the first letter from each surname of the developers; Ron Rivest, Adi Shamir, and Len Adleman. Published in 1977. Wikipedia
Rivest-Shamir-Adleman keys (RSA keys) Wikipedia Cisco Learning Network
Rivest-Shamir-Adleman signatures (RSA signatures) Authentication method used by IPsec Wikipedia
Robust Security Network (RSN) Type of authentication. Windows Hardware Dev Center
Robust Security Network Association (RSNA) Type of authentication. Windows Hardware Dev Center
Rogue Access Point (Rogue AP) A wireless access point that has been installed on a network without explicit authorization from an administrator, whether added by a well-meaning employee or by a malicious attacker. Could be used by unauthorized individuals to bypass security controls such as firewalls. The potential of bypassing security controls is a good reason to perform a site survey of rogue access points. Wikipedia
Routed Mode Firewall mode on the Cisco ASA. Functions as a Layer 3 device. Netacad
RSA-encrypted nonce Wikipedia Cisco Press
SA database (SADB) Maintains security associations. Netacad
sandbox Security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. Isolated space where untested code and experimentation can safely occur separate from the production environment. Wikipedia
SANS Institute Wikipedia Website
scytale Possibly one of the first transposition cipher tools. Wikipedia
Secure European System for Applications in a Multivendor Environment (SESAME) European-developed authentication protocol that can provide for single sign-on capability. It is not widely used and does not use tickets for authentication.
Secure Hash Algorithm (SHA)
| SHA-1 | (Legacy) Uses a 160-bit secret key. |
| SHA-2 | SHA-224, SHA-256, SHA-384, SHA-512 |
| SHA-3 |
Secure Hash Algorithm 1 (SHA-1) Cryptographic hash function which produces a 160-bit hash value known as a message digest. part of several widely used security applications and protocols, including TLS and SSL, PGP, SSH, S/MIME, and IPsec. Can provide data integrity in a VPN. Designed by the United States National Security Agency (NSA). not been considered secure since 2005. Wikipedia
Secure Hash Standard (SHS) Wikipedia
Secure Sockets Layer (SSL) Can be used to established remote-access VPN connections. Initially published as SSL 2.0 February 1995. Wikipedia Instant SSL by Comodo
Secure Sockets Layer Certificate (SSL Certificate) YouTube
secure software development model
| Requirements | Requirements for different security functions are determined. |
| Testing | Software is measured or tested against security, functionality, and performance requirements. (secure code review, application fuzzing, vulnerability assessments, and penetration testing.) |
| Design | Security functionality is designed into the application. |
| Implementation | Security requirements are validated as implemented in the application. |
security and functionality relationship As security increases, functionality decreases. As resources decrease, both functionality and security decrease.
Security Assertion Markup Language (SAML) Used for web application login. Wikipedia
Security Association (SA) Part of the IPsec suite used to negotiate the cryptographic parameters between two devices in an ISAKMP session. Performed after AH or ESP has been selected. Maintained by a SADB. Wikipedia Netacad
security authentication failure rate
security controls Risk likelihood and impact should directly determine how much is budgeted for security controls. Can be classified by when the occur or according to their nature.
| Security Functions: |
|---|
| deterrent |
| preventive |
| detective |
| compensating |
| corrective |
| Security Controls: |
|---|
| administrative |
| technical |
| physical |
Wikipedia
Security Device Manager (SDM) Cisco
Security Event Manager (SEM) Real-time monitoring of logs and events generated by devices or software on the network. Wikipedia
Security Information and Event Management (SIEM) Combines Security Information Management (SIM) and Security Event Management (SEM) software products and services. Analyzes security alerts from networking equipment and software in real-time. Can aggregate and correlate data, allowing you to organize it into valuable information. Splunk is an example of SIEM. Coined by Mark Nicolett and Amrit Williams of Gartner in 2005. Wikipedia
Security Information Management (SIM) Central location for long-term storage analysis of log data. Wikipedia
Security Operations Center (SOC) Wikipedia
Security Services Module (SSM)
Service Level Agreement (SLA) Agreement between two parties that specifies the level of service and support. Can outline QoS parameters for packets going through a provider. Wikipedia
session hijacking (aka: cookie hijacking) Intercepting and taking over an in-progress communications session between two hosts. Wikipedia
shoulder surfing Looking over someone's shoulder as they type in a password.
Single Point Of Failure (SPOF) Where there is no redundancy. If the device fails, the rest of the system is affected. Wikipedia
site-to-site VPN An extension of a WAN. Connects entire networks together. Both ends of the connection know about the VPN in advance, but internal hosts are not aware of the tunnel. VPN gateway encapsulates and encrypts. Wikipedia
smurf attack Type DDoS attack where large amounts of ICMP packets are sent from a spoofed IP address on the network to the network broadcast address causing many replies. Originally written as smurf.c by Dan Moschuk, aka TFreak, in 1997. Wikipedia Hackepedia
SoftEther VPN (Software Ethernet) First released January 4, 2014. Website Wikipedia
Spectre Breaks the isolation between different applications allowing an attacker to trick error-free programs. Reported January 3, 2018. Website Project Zero Blog ZDNet The Verge (Processor flaw exposes 20 years of devices to new attack)
spoofing Masquerading as another entity, usually by spoofing an IP address, MAC address, or user.
SQL injection Inserting lines of SQL code into a query, typically on a web site, with malicious intent such as to delete a database or to reveal its contents. Wikipedia
stateful firewall Filters traffic based on what is allowed to enter or exit an interface, without inspecting the traffic. Only packets matching a known active connection are allowed to pass the firewall. Monitors state of connection through SPI. Most common type of firewall. Developed by Bell Labs in 1989. Wikipedia
Stateful Packet Inspection (SPI) (aka: dynamic packet filtering) Wikipedia
stateless firewall Blocking is based on Access Control Lists (ACLs) and defined rules. Can block and unblock by difined IP address, port access, or URL address.
steganography hiding data in plain view in pictures, graphics, or text. Wikipedia
stream cipher Symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream (keystream). Wikipedia
Substitution (Caesar cipher) Shifts the alphabet. Retains letter frequency.
Supervisory Control and Data Acquisition (SCADA) Used to manage Heating, Ventilation, and Air-Conditioning (HVAC) and other types of industrial and environmental systems. Wikipedia
Symmetric Block Ciphers Encrypts in blocks, typically 64 bits for DES or 128 bits for AES. RSA has a variable block size. Output may be larger than the input to match the block size. Netacad
Symmetric DSL (SDSL) Wikipedia
symmetric encryption algorithm (secret keys) Uses a single key to encrypt and decrypt data. 80-256 bits. Most common because of shorter key length. Uses block ciphers and stream ciphers. (DES, 3DES, AES, IDEA, RC2/4/5/6, and Blowfish) Wikipedia
Symmetric Stream Ciphers Encrypts one bit at a time. Technically a block cipher with a bit size of one bit. Faster than block ciphers and generally don't increase message size. Examples include The Vigen Netacad
System Development Life Cycle (SDLC) Five phases: initiation, acquisition and development, implementation, operations and maintenance, and disposition. Netacad
TCP ACK scan -sA Nmap scan option that typically used to get past a firewall. Nmap
TCP connect scan -sU Nmap scanning mothod. Similar to the TCP SYN scan, except that it does complete the three-way handshake. Nmap
TCP SYN scan -sS Default and most popular Nmap scan option. Used to perform a TCP SYN stealth port scan. Nmap
technical controls e.g. user authentication (login) and logical access controls, antivirus software, firewalls. Wikipedia
Temporal Key Integrity Protocol (TKIP) Security protocol used in IEEE 802.11 as a temporary solution to WEP. Published October 31, 2002. Deprecated in 2012. Wikipedia
Terminal Access Controller Access-Control System (TACACS (TCP or UDP port 49) Family of related protocols handling remote authentication and related services for networked access control through a centralized server. Originally developed by BBN Technologies for administering MILNET in 1984. Wikipedia
Terminal Access Controller Access-Control System Plus (TACACS+) Protocol developed by Cisco. Although derived from TACACS, TACACS+ is a separate protocol that handles authentication, authorization, and accounting (AAA) services. Encrypts an entire authentication packet, rather than just the password. Released as an open standard beginning in 1993. Wikipedia
threat Event that exploits a vulnerability’s potential to do harm to an asset. Can be adversarial (i.e. hacking; individual cracker or a criminal organization), accidental (i.e. misconfiguration), structural (i.e. a computer malfunctioning), or environmental (i.e. natural disaster such as an earthquake, a fire, or a tornado). Wikipedia
threat agent (aka: threat actor) Person or entity that initiates a threat. Wikipedia
threat assessment Often done alongside a risk assessment.
| adversarial |
| accidental |
| structural |
| environmental |
Threefish Symmetric-key tweakable block cipher. Wikipedia
Ticket Granting Service (TGS) Part of Kerberos that generates a session key.
Ticket Granting Ticket (TGT) (aka: Security Identifier (SID)) Part of Kerberos that is provided by the Authentication Service.
Transport Layer Security (TLS) Successor to SSL. TLS 1.0 first defined in RFC 2246 January 1999. Wikipedia RFC 2246
Transport Layer Security 1.1 (TLS 1.1) Defined in RFC 4346 April 2006. Website Wikipedia
Transport Layer Security 1.2 (TLS 1.2) Defined in RFC 5246 August 2008. Website Wikipedia
Transport Layer Security 1.3 (TLS 1.3) Working draft as of July 2016. Wikipedia
Transport Mode Firewall mode on the Cisco ASA. Functions as a Layer 2 device. Protects only the packets payload. Works well with GRE. Netacad
transposition Characters are rearranged. Used in part by DES and 3DES.
Triple Data Encryption Standard (3DES) (Legacy) Applying DES three times in a row to a plaintext block. Can be used by IPsec to encrypt data. Three 56-bit encryption keys per 64-bit block. Symmetric. Wikipedia
Trojan horse Software that appears to be useful but is actually malicious.
| Classifications: |
|---|
| remote access |
| data sending |
| destructive |
| proxy |
| FTP |
| security software disabler |
| DoS |
Trusted Execution Environment (TEE) Isolated environment running alongside a mobile OS. Wikipedia
Trusted Platform Module (TPM) (aka: ISO/IEC 11889) Dedicated microcontroller that performs cryptographic functions, such as encrypting an entire hard drive. Wikipedia
Two-Factor Authentication (2FA) (aka: two-step verification) Wikipedia
Twofish Symmetric key block cipher. One of the five finalists of the AES contest, but was not standardized Wikipedia
unfiltered port Nmap port state where an ACK scan returns an RST packet on the scanned port. The unfiltered state means that a port is accessible, but Nmap is unable to determine whether it is open or closed. Nmap
Unicornscan Developed to assist security testers in conducting tests on large networks and to consolidate many of the tools needed for large-scale endeavors. Optimizes UDP scanning beyond the capabilities of any other port scanner. Website sectools.org
Unified Threat Management (UTM) Wikipedia
Vigen Based on the Caesar cipher but uses a polyalphabetic key shift. Originally described by Giovan Battista Bellaso. Wikipedia
Virtual Private Network (VPN) IP tunnels that extend a private network across a public network, usually the internet. Enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Typically encrypted but does not need to be, such as in the case of GRE and Frame Relay. The encryption algorithm combines message text with a key to make the message unreadable by unauthorized receivers. Two kinds of VPNs: site-to-site and remote access. Can operate at OSI Layer 2 (Frame Relay, ATM, HDLC, PPP) or OSI Layer 3 (GRE, MPLS, IPsec). Wikipedia
virus Malicious software that hides in other files, generally executables (.exe). Commonly spread by email. Can lay dormant and activate after a specific action or time. Wikipedia YouTube (TheCuriousEngineer) Netacad
VLAN attack Takes advantage of how some switches will automatically form a trunk if the devices that connect to the port are in trunking mode. Can mitigate by using a dummy native VLAN and disabling DTP. Wikipdedia
VLAN Hopping VLAN attack that enables traffic to go between VLANs.
Voice and Video Enabled VPN (V3PN)
VPNFilter Malware designed to infect routers. The FBI believes that it was created by the Russian Fancy Bear group. Estimated to have infected approximately 500,000 routers worldwide as of May 24, 2018. Wikipedia Ars Technica
vulnerability Weakness that allows an asset to be exploited. Wikipedia
wabbit (fork bomb) Wikipedia
WannaCry (aka: WannaCrypt) Ransomware worm that originated from leaked National Security Agency (NSA) tools. Attacked unpatched Windows computers in over 150 countries including computers in the National Health Service (NHS) on May 12, 2017. NHS Digital PC World New York Times Wikipedia
wardialing Scanning for telephone numbers with a modem. Wikipedia
watering hole attack Where a hacker determines sites you may want to visit and then compromises those sites by planning viruses or malicious code on them. Once you visit the site(s) that you trust, you are infected with malware. Wikipedia
Web Application Firewall (WAF) Detects how applications interact with the environment.Optimal for detecting SQL injections and XSS.
web beacon (aka: web bug, tracking pixel) 1-pixel x 1-pixel image file referenced in an tag, and it usually works with a cookie. Wikipedia
web threat Any threat that uses the World Wide Web to facilitate cybercrime. Wikipedia
whitelisting Technique used by an administrator to allow access to only a specific approved list of applications.
Wi-Fi deauthentication attack Type of DoS attack that targets communication between a wireless client and a wireless access point in hopes of causing them to deauthenticate with each other and disconnect. Wikipedia
Wi-Fi Protected Setup (WPS) (originally Wi-Fi Simple Config) Created by the Wi-Fi Alliance with the goal of giving users a push-button configuration to set up WPA, as well as making it easy to add new devices to an existing network without entering long passphrases. WPS PIN can be recovered by an attacker through a brute-force attack. Introduced in 2006. Major security flaw revealed in December 2011. Wikipedia
worm enabling vulnerability How the worm is installed. Usually through email attachments,
worm mitigation Process used to isolate and attempt to remove a worm. Four phases of worm mitigation: Containment --> { inoculation } | { quarantine --> treatment }
| containment phase: | Limits the spread of the worm through compartmentalization and segmentation of the network to slow it down or stop it entirely. Requires the use of ACLs on routers and firewalls at control points. |
| inoculation phase: | Infected systems are patched. Runs parallel to or subsequent to the containment phase. |
| quarantine phase: | Identify infected machines. Isolates these systems for the treatment phase by disconnecting, blocking, or removing them. treatment phase: Disinfect systems of the worm by removing modified files or system settings. This can also include reinstalling the operating system. |
| treatment phase: | Disinfect systems of the worm by removing modified files or system settings. This can also include reinstalling the operating system. |
worm payload malicious code that is often used to create a backdoor.
worm propagation mechanism how the worm replicates itself.
Xmas scan -sXNmap scan option that sets the FIN, PSH, and URG flags, lighting the packet up like a Christmas tree. Nmap
XML injection Occurs when malicious XML code is inserted into an XML statement. Wikipedia
zero-day attack When Wikipedia
zero-hour attack Same concept as zero-day attack, only with less time to exploit. Wikipedia
Zone-Based Firewall (ZBF) Introduced by Cisco in 2006. Cisco
Zone-Based Policy Firewall (ZPF) Cisco