security

3DES-Encrypt-Decrypt-Encrypt (3DES-EDE) The way 3DES encrypts plaintext.            

802.1X (aka: EAP over IEEE 802, EAP over LAN) IEEE Standard for Port-based Network Access Control (PNAC). It is part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a LAN or WLAN.   Wikipedia         

Acceptable Use Policy (AUP) Defines what users may or may not do with regard to the network, website or information system.   Wikipedia         

Accounting and auditing             

Active Threat Level Analysis System (ATLAS) Tool from Arbor Networks used to view network threats.   Website         

Advanced Encryption Standard (AES) (aka: Rijndael) A type a data encryption. More efficient than DES. Three key lengths; 128, 192, and 256 bits. Can be used by IPsec to encrypt data. Symmetric cryptosystem. First published in 1998.  Wikipedia         

Advanced Encryption Standard - Cipher Block Chaining (AES-CBC) Used with IPsec Encapsulating Security Payload (ESP). Published September 2003.  RFC 3602         

Advanced Inspection and Prevention (AIP) Adds IPS capabilities to a Cisco ASA.   Netacad         

Advanced Inspection and Prevention Security Services Card (AIP-SSC)    Netacad         

Advanced Inspection and Prevention Security Services Module (AIP-SSM)    Netacad         

AES-GCM (Galois/Counter Mode)             

Anomaly-based intrusion detection Detects unusual network traffic patterns based upon a baseline of normal network traffic.   Wikipedia         

antivirus software (aka: anti-virus software or AV software) Typically host-based. Used to detect and remove viruses from computers. Does not prevent viruses from entering a system or system.   Wikipedia  Netacad       

application firewall Filters Layers 3,4,5, and 7. Mostly done with software.            

ARP poisoning Introducing false entries into a host’s APR cache. Allows an attacker to hide behind a fake IP address.    Wikipedia         

ASLEAP Exploit to Lightweight Extensible Authentication Protocol (LEAP). Released by Joshua Wright in early 2004.  Wikipedia         

asymmetric cryptography (aka: public-key cryptography) Cryptographic system uses two separate keys; public and private. Public keys only encrypt and private keys only decrypt. Handles authentication and encryption. Mostly used for transmitting session keys. Typically slower than symmetric algorithms. 512-4096 bits. (RSA, ElGamal, elliptic curves, and DH)   Wikipedia         

attack Attack = Motive (Goal) + Method + Vulnerability.            

authentication Confirms the truth of an identification through credential validation. Passwords and PINs are simple forms of authentication. Ensures message is form who it claims to be from and that it was not forged.   Wikipedia         

Authentication Header (AH) (IP protocol 51) Member of the IPsec protocol suite. Provides connectionless data integrity, data authentication, and anti-Replay detection, but not data encryption. Supports HMAC-MD5 and HMAC-SHA-1. Can have problems with NAT.   Wikipedia         

Authentication Server (AS) (TACACS+ or RADIUS)   Wikipedia         

Authentication Service (AS) Part of Kerberos that provides the Ticket Granting Ticket (TGT).            

Authentication, Authorization and Accounting (AAA) Family of protocols which mediate network access. Two AAA protocols include RADIUS and TACACS+. Both RADIUS and TACACS+ provide auditing of log files.   Wikipedia         

Authentication, Authorization, and Accounting with Secure Transport (AAAA)    Wikipedia         

Authorization Specifies access rights. Elements include separation of duties, rights, permissions and privileges, and the principle of least privilege.   Wikipedia         

Automatic Certificate Management Environment (ACME) Protocol for automating interactions between certificate authorities and their users' web servers, allowing the automated deployment of public key infrastructure at very low cost.   Wikipedia         

Bellman-Ford algorithm Used by RIP. Based on two algorithms developed in 1958 and 1956 by Richard Bellman and Lester Ford, Jr.  Wikipedia         

biometrics Human characteristics used for authentication such as a thumbprint or retina scan.   Wikipedia         

BitLocker Full drive encryption built into Windows. First included with Windows Vista Ultimate and Enterprise editions.   Microsoft Virtual Academy  Wikipedia  TechNet     

Blackhole exploit kit    Wikipedia         

blacklisting Technique used by an administrator to restrict access to a specific list of applications.            

blanks Artificial data added to fill blocks in a block cipher.             

block cipher Deterministic algorithm operating on fixed-length groups of bits, called a block, with an unvarying transformation that is specified by a symmetric key.   Wikipedia         

Blowfish Symmetric block cipher. Designed by Bruce Schneier in 1993.  Wikipedia         

Bluebugging Most serious variation of Bluetooth attacks. Attacker tries to take control of or use a Bluetooth-enabled phone to make unauthorized phone calls.   Wikipedia         

Bluejacking Sending unsolicited messages of files to a Bluetooth-enabled device.   Wikipedia         

Bluesnarfing Unauthorized access to information on a Bluetooth-enabled device.   Wikipedia         

brute-force attack Attempting many combonations to guess a password.   Wikipedia         

buffer overflow (aka: buffer overrun) When the fixed-length buffer reaches its limit and tries to write more data. Takes advantage of programming flaws that occur when data overwrites a program’s allocated memory address and enables arbitrary code execution. Can allow viruses, worms, and Trojans to cause damage.   Wikipedia         

Caesar cipher Simple substitution cipher.   Wikipedia         

carving Process of data recovery where residual info does not exist for restoration.   Wikipedia         

Certificate Authority (CA)             

Certificate Revocation List (CRL) List of digital certificates that have been revoked by the issuing certificate authority (CA) before their scheduled expiration date and should no longer be trusted. Defined in RFC 5280 May 2008.  Wikipedia  RFC 5280       

Challenge Handshake Authentication Protocol (CHAP) Performs a one-way authentication for a remote access connection. Authentication is performed through a three-way handshake (challenge, response, acceptance message) between a server and a client, without sending credentials across the network. Specified in RFC 1994, August 1996.  Wikipedia  RFC 1334  RFC 1994     

Change on Write (COW)    Wikipedia         

checksum A redundancy check. Catches data transmition errors. Typically 32 or 64 bits.   Wikipedia         

Chief Information Security Officers (CISO)             

Chosen-Ciphertext Attack             

Chosen-Plaintext Attack             

Christmas Tree EXEC First widely disruptive computer worm. Discovered December 9, 1987.  Wikipedia  Malware Wiki       

cipher An algorithm for encrypting and decrypting. Methods include: Transposition, Substitution, One-time pad.   Wikipedia         

Cipher Block Chaining (CBC) DES block cipher. Most widely used mode of DES. Invented by Ehrsam, Meyer, Smith and Tuchman in 1976.  Wikipedia         

Cipher feedback (CFB)             

CipherShed Encryption replacement for the late TrueCrypt.   Wikipedia  Website       

ciphertext encrypted text.            

Cisco Adaptive Security Device Manager (ASDM) Browser-based, Java applet used to configure and monitor the software on a Cisco ASA.   Netacad         

Cisco Adaptive Wireless IPS Software             

Cisco AnyConnect Secure Mobility Solutions             

Cisco ASA 5505 Firewall made by Cisco. Released August 31, 2006. EoL announced July 18, 2012.  Website  Wikipedia       

Cisco ASA 5510 Firewall made by Cisco. Released May 4, 2005.  Website  Data Sheet       

Cisco AutoSecure Can automatically configure CBAC, security banner, and enable secret password.            

Cisco Encryption Technology (CET)             

Cisco IronPort             

Cisco IronPort Email Security Appliance             

Cisco IronPort Web Security Appliance             

Cisco NAC Agent (NAA)             

Cisco NAC appliance    Cisco         

Cisco NAC Appliance (formerly: Cisco Clean Access (CCA)) Network Admission Control (NAC) system developed by Cisco used to secure a computer network.   Wikipedia  Cisco       

Cisco NAC Manager (NAM)             

Cisco NAC Server (NAS)             

Cisco Network Admission Control (NAC) Allow access and enforces security policy            

Cisco Network Foundation Protection (NFP) framework

control plane Routes data correctly. Protects against DoS attacks and provides bandwidth control.
management plane Management traffic from Telnet, SSH, TFTP, FTP, NTP, AAA, SNMP, syslog, TACACS+, RADIUS, and NetFlow.
data (forwarding) plane Forwards data. typically user generated data.
            

Cisco ScanSafe Cloud Web Security             

Cisco Secure Access Control System             

Cisco SecureX architecture

Delivery Mechanisms
Next-generation Endpoint
Policy Management Consoles
PScanning Engines
Security Intelligence Operations (SIO) Cloud-based service that connects global threat information.
            

Cisco Talos One of the largest commercial threat intelligence teams in the world.   Website  Cisco       

Cjdns Network protocol.   Wikipedia  Website       

cleartext (plaintext)            

closed port Nmap port state that does not allow entry or access to a service. A closed port is accessible (it receives and responds to Nmap probe packets), but there is no application listening on it. Not vulnerable to an attack.   Website         

closed|filtered Nmap port state. This state is used when Nmap is unable to determine whether a port is closed or filtered. It is only used for the IP ID idle scan.   Nmap         

Code Red Computer worm. Released July 13, 2001. Isolation July 15, 2001.  Wikipedia.         

collision When two distinct pieces of data have the same hash value.   Wikipedia         

Common Vulnerabilities and Exposure (CVE) Database of security vulnerabilities.   Website  Wikipedia       

community strings Plaintext passwords. Two types; read-only (ro) and read-write (rw).            

CompTIA Cybersecurity Analyst (CSA+)  Released February 15, 2017.  Website         

CompTIA Security+  Released May 1, 2014.  Website         

Computer Emergency Response Team (CERT) [aka: Computer Emergency Readiness Team, Computer Security Incident Response Team (CSIRT)] Expert group that handles computer security incidents. USA CERT created by the Defense Advanced Research Projects Agency (DARPA) and run by the Software Engineering Institute (SEI) at the Carnegie Mellon University. CERT name first used in 1988 by the CERT Coordination Center (CERT-CC) at Carnegie Mellon University (CMU).  SEI Website  Wikipedia       

confidentiality (encryption) Message can't be read.            

containerization (aka: Operating-system-level virtualization) Used to isolate an application. Containers run a single program and all its dependencies.   Wikipedia         

Content Security and Control (CSC) Adds anti-malware capabilities to a Cisco ASA.   Website  Netacad       

Content Security and Control Security Services Module (CSC-SSM)    Netacad         

Context-Based Access Control (CBAC)             

corrective controls (after the event) Limit the extent of any damage caused by the incident e.g. by recovering the organization to normal working status as efficiently as possible.   Wikipedia         

Counter Mode CBC-MAC Protocol (CCMP)    Wikipedia         

Cross-Site Scripting (XSS) Security vulnerability typically found in web applications. Allows attackers to inject client-side scripts into web pages viewed by other users. May be used by attackers to bypass access controls such as the same-origin policy.   Wikipedia         

cryptanalysis Cracking code. Necessary to prove an algorithm is not vulnerable.   Netacad         

Crypto ACL             

Crypto Map             

cryptographic key symmetric keys, digital signatures, hash keys.            

cryptographic keys Several types of cryptographic keys can be generated including:

Symmetric keys Can be exchanged between two routers supporting a VPN
Asymmetric keys Used in HTTPS applications
Digital signatures Used when connecting to a secure website.
Hash keys Used in symmetric and asymmetric key generation, digital signatures
   Wikipedia         

cryptography    Wikipedia  Khan Academy       

CryptoLocker ransomware trojan   Wikipedia         

cryptology The science of making and breaking secret codes.   Wikipedia         

Cyclic Redundancy Check (CRC) Similar to a hash.   Wikipedia         

Data Encryption Standard (DES) Symmetric encryption algorithm, usually encrypted with a block cipher. The key is 64-bits long, but only 56 bits are used for encryption. Can be used by IPsec to encrypt data. Published as FIPS standard FIPS PUB 46 January 15, 1977.  Wikipedia  Netacad       

data integrity (checksum) Maintenance of, and the assurance of the accuracy and consistency of data over its entire life-cycle, and is a critical aspect to the design, implementation and usage of any system which stores, processes, or retrieves data. The term is broad in scope and may have widely different meanings depending on the specific context – even under the same general umbrella of computing.   Wikipedia         

Demilitarized Zone (DMZ) Section of a network containing servers that must connect to an external network, such as the internet.   Wikipedia  Netacad       

Denial of Service (DoS) A DoS attack works by continuously sending packets of unexpected size or unexpected data. This results in interruption of service to users.   Wikipedia  Netacad       

DESCHALL First group to publicly crack the Data Encryption Standard (DES).  Announced June 18, 1997.  Wikipedia  This Day in Tech History       

detective controls (during the event) Identify and characterize an incident in progress e.g. by sounding the intruder alarm and alerting the security guards or police.   Wikipedia         

Diameter protocol    Wikipedia         

Diffie–Hellman key Exchange (DHE) (aka: Diffie-Hellman (DH)) Key negotiation and agreement protocol used in public key cryptography. Asymmetric algorithm used to create shared keys. Does not provide encryption but is used to establish the secret key between two parties. First published by Whitfield Diffie and Martin Hellman in 1976.

DH1 (Legacy) 768 bit key.
DH2 (Legacy) 1024 bit key
DH5 (Legacy) 1536 bit key
DH7
DH14 2048 bit key
DH15 3072 bit key
DH16 4096 bit key
DH19 supports Elliptical Curve Cryptography
DH20 supports Elliptical Curve Cryptography
DH24 supports Elliptical Curve Cryptography
  Wikipedia  Netacad  Netacad  YouTube (Art of the Problem)   

digest Fixed length output "thumbprint" for the data being hashed.   Wikipedia         

digital certificate (aka: public key certificate) Includes the public key, digital signature, and verification from a third party.   Wikipedia  YouTube (itfreetraining)       

digital certificates Exchanged to authenticate peers            

digital signature (aka: hash) Mathematical method used to check the authenticity and integrity of a message, digital document, or software. Gives a recipient reason to believe that the data was created by a known sender (authentication), that the sender cannot deny having sent the data (non-repudiation), and that the data was not altered in transit (integrity). Used when connecting to a secure website. Can be used as an alternative to HMAC.   Wikipedia         

Digital Signature Algorithm (DSA) (authentication) Federal Information Processing Standard (FIPS) for digital signatures, based on the mathematical concept of modular exponentiation and the discrete logarithm problem. DSA is a variant of the Schnorr and ElGamal signature schemes. DSA signature generation is faster than DSA signature verification. Attributed to David W. Kravitz. Filed under U.S. Patent 5,231,668 July 26, 1991. Adopted by the U.S. government in 1993 with FIPS 186.  Wikipedia         

Digital Signature Standard (DSS)             

Dijkstra's algorithm Used in OSPF.            

Direct Memory Access (DMA) attack             

Dirty Change on Write (Dirty COW) (aka: CVE-2016-5195) Linux kernel vulnerability.   Linux.com  Red Hat       

Distributed Denial of Service (DDoS) A DDoS attack is similar to a DoS attack but originates from multiple sources.   Wikipedia  Network       

DNS poisoning (DNS spoofing) Attack that introduces erroneous or malicious entries into a DNS server’s zone file or a server’s hostname-to-IP address cache, intending to misdirect DNS resolution requests.   Wikipedia         

Dynamic ACL    Cisco         

Dynamic Multipoint VPN (DMVPN)    Wikipedia  Cisco (DMVPN)  Cisco (Configure DMVPN using GRE over IPSec between Multiple Routers)  YouTube (Keith Barker)   

EAP Flexible Authentication via Secure Tunneling (EAP-FAST) Designed to address the weaknesses of LEAP while preserving the "lightweight" implementation. Defined in RFC 4851 May 2007.  Wikipedia  RFC 4851       

EAP Pre-Shared Key (EAP-PSK) Uses pre-determined symmetric keys. Similar to WPA and WPA-2.   Wikipedia         

EAP Transport Layer Security (EAP-TLS) Can handle an entire TLS. Needs server and client certificates.   Wikipedia         

EAP Tunneled Transport Layer Security (EAP-TTLS) Uses the TLS exchange method. Only requires server certificates.   Wikipedia         

EAP-MD5 Takes passwords and hashes them into a MD5 hash. Basically MSCHAP.   Wikipedia         

Electronic CodeBook (ECB) (legacy) The simplest of the encryption modes. Message is divided into blocks, and each block is encrypted separately. Always has the same output. Used as a block cipher in DES.   Wikipedia         

elements of risk Threat actors initiate threats, which in turn exploit vulnerabilities.            

Elliptic Curve Digital Signature Algorithm (ECDSA)             

Elliptic-Curve Cryptography (ECC) Public key cryptography protocol used for encryption as well as digital signatures and key exchange. Reduces the time needed to generate keys. Often used on small mobile devices, due to its low power and computing requirements.   Wikipedia         

Email Security Appliance (ESA)             

Encapsulating Security Payload (ESP) Provides data authentication and data encryption.            

Encapsulation Security Protocol (ESP) Provides data authentication and data encryption in tunnel mode (adds a new IP header to the original encrypted header). Does not provide integrity and authentication for the entire IP packet in transport mode (keeps the original IP address).   Wikipedia         

Encrypting File System (EFS) Filesystem-level encryption used to incrypt individual files and folders. This does not encrypt the entire device like BitLocker.   Wikipedia         

encryption Scrambling data so it can't be read unless it is unencrypted.     Cisco       

Endpoint security Each device manages its own security.   Wikipedia  Texport Technologies       

ESP header Same header as HMAC but encrypted with DES, 3DES, or AES. [ AES { Authentication Header | TCP header | data | IP address }]   Wikipedia         

evil twin A fraudulent wireless access point that appears to be legitimate, set up to eavesdrop on wireless communications. Wireless LAN equivalent of the phishing scam.   Wikipedia         

extended ACL permit or deny traffic based on Layer 3 and Layer 4 (protocol type, source and destination ip, and source and destination TCP or UDP ports). Should be placed close to the source. Extended numbered ACLs can use numbers 100-199 and 2000-2699 (798 total).            

Extended TACACS (XTACACS) Proprietary extension to TACACS. Both TACACS and XTACACS allow a remote access server to communicate with an authentication server to determine if the user has access to the network. Introduced by Cisco Systems without backwards compatibility to the original protocol in 1990.  Wikipedia         

Extensible Authentication Protocol (EAP) Authentication framework created as a better authentication method to PPP. Proposed as a standard in RFC 2284, March 1998.  Wikipedia  RFC 3748  RFC 5247  RFC 7057  RFC 2284 

False Acceptance Rate (FAR) (aka: Type II error) Incorrectly granting access to an unauthorized user.            

False Rejection Rate (FRR) (aka: Type I error) Denying access to a legitimate authorized user.   Webopedia         

File Transfer Protocol Secure (FTPS) (aka: FTPES, FTP-SSL) Secure version of FTP that runs over SSL or TLS connections.    Wikipedia         

filtered port Nmap port state that might indicate that a firewall is being used. Nmap cannot determine whether the port is open because packet filtering prevents its probes from reaching the port.   Nmap         

firewall Separates protected areas from non-protected areas. Filters incoming and outgoing traffic. Software or hardware based. Different types include packet filtering, stateful, or application layer firewall.   Wikipedia         

first responder Responsible for:

Securing the scene
Notifying the incident response team
Determining the scope and impact
            

forward proxy Hides the clients from the server by forwarding the message to the server. Can be configured for caching content filtering, and firewall capability.   Wikipedia         

fping Ping sweep tool used to ping multiple IP addresses simultaneously. First published by Roland Schemers in 1992.  Website  Wikipedia       

FTP bounce attack Security attack that leverages the PORT command.            

fuzzing (aka: fuzz testing) Application vulnerability testing technique that sends invalid or unexpected data to the application, with the intent to see if any security vulnerabilities exist.   Wikipedia         

Global Data Protection Regulation (GDPR) Regulation in the European Union (EU) to strengthen and unify data protection. Adopted April 27, 2016. Enforceable May 25, 2018.  Wikipedia         

hash (aka: message digest) Function that can be used to map data of arbitrary size to data of fixed size. Essentially, a number generated from a string of text. A given input will always generate the same output (deterministic algorithm). In networking, it ensures messages did not change in transit. Similar to a Cycle Redundancy Check (CRC), only stronger. Hard to reverse (one-way hash) but is not encryption. Typically 128 bit or longer output. Examples include MD5 and SHA.   Wikipedia  Netacad       

Hash-Based Message Authentication Code (HMAC) (aka: Keyed-Hash Message Authentication Code [KHMAC]) Data integrity algorithm guaranteeing the integrity of a message. Adds a secret key to the hash function.   Wikipedia         

Heartbleed OpenSSL bug.   Wikipedia         

HMAC Header { Authentication Header | TCP header | data | IP address }   Wikipedia         

HMAC-Message Digest 5 (HMAC-MD5) (Legacy) 128-bit shared-secret key and hash.            

HMAC-Secure Hash Algorithm 1 (HMAC-SHA-1) 160-bit secret key and hash.            

Honeypot-based detection Decoy setup on the network to make a hacker think they get away with infecting a system or stealing information.   Wikipedia         

hping Command-line TCP/IP packet assembler/analyzer. Tool used by security testers to bypass filtering devices by injecting modified IP packets. Developed by Salvatore Sanfilippo.  Website  Wikipedia  sectools.org     

HTML attachment File often sent by email that can contain malicious code and can be downloaded and executed on a client’s computer. When a user clicks the attachment, it opens a browser session and could open a malicious web site.   Netcraft          

Hypertext Transfer Protocol Secure (HTTPS) (port 443) A more secure form of HTTP that encrypts data with either Transport Layer Security (TLS) or Secure Sockets Layer (SSL) protocols.   Wikipedia  EFF       

Identification Verify identity.            

IKE policy sets             

IMAP Secure (IMAPS) (port 993) Operates over SSL or TLS.   Wikipedia         

impact Harm caused by a threat. Can be measured in two ways: quantitative or qualitative.            

implicit deny Part of an ACL that will block any traffic that has not been allowed by the end of the list.            

Incident Response Life Cycle

Preparation
Detection and analysis
Containment, eradication, and recovery
Post-incident activity
   Rapid7         

Information Security (InfoSec) Integrity, availability, authentication, non-repudiation.   Wikipedia         

Information Security Operations Center (ISOC) (aka: SOC) Facility where Enterprise Information Systems (EIS) are monitored, assessed, and defended.   Wikipedia         

Initialization Vector (IV) Fixed-size input to a cryptographic primitive that is typically required to be random or pseudorandom. Involves attempting to break WEP keys by targeting their weak IV’s.   Wikipedia         

insurance Method of risk transference where the organization pays a premium for the insurance company to assume the risk. If a disaster event occurs, the organization is paid for its losses.            

International Data Encryption Algorithm (IDEA) [originally called Improved Proposed Encryption Standard (IPES)] Symmetric-key block cipher. Intended as a replacement for the Data Encryption Standard (DES). IDEA is a minor revision of an earlier cipher Proposed Encryption Standard (PES). Designed by James Massey of ETH Zurich and Xuejia Lai and was first described in 1991.  Wikipedia         

Internet Key Exchange (IKE) (UDP port 500, RFC 2409) Used to set up a security association (SA) in the IPsec protocol suite to authenticate users and devices. Builds on the Oakley protocol and ISAKMP. Uses X.509 certificates for authentication. Several types of authentication: username, password, one-time password, biometrics, PSK, and digital certificates. Originally defined by the IETF in RFC 2407, RFC 2408 and RFC 2409 November 1998.  Wikipedia  RFC 2407  RFC 2408  RFC 2409   

Internet Protocol Security (IPsec) Framework of open standards defining how a VPN can be configured and secured. Provides data integrity, peer authentication, data confidentiality (encryption). Not bound to any encryption, authentication, security algorithms, or keying technology. Uses Authentication Headers (AH), Encapsulating Security Payloads (ESP), and Security Associations (SA) as part of its security architecture. The Cisco IPsec implementation uses DES and 3DES in Cipher Block Chaining (CBC) mode. Works at the network layer (Layer 3) encapsulating IP packets. Uses a plaintext Layer 3 header to allow for routing compatibility. When configuring, a few basic parts must be provided: IPsec protocol, confidentiality, integrity, authentication, and secure key exchange.   Wikipedia         

Internet Protocol Security (IPsec) Confidentiality encrypts traffic so it can not be read. (encryption if ESP: DES, 3DES, AES, SEAL)            

Internet Protocol Security (IPsec) Configuration Steps: ACLs, ISAKMP (IKE) policy, IPsec transform set, crypto ACL, crypto map.

   Netacad (Configure Compatible ACLs)  Netacad (IKE Parameters for ISAKMP)  Neatcad (Pre-Shared Keys)  Netacad (Transform Sets)  Netacad (Crypto ACL)  Netacad (Crypto Map)

Internet Protocol Security (IPsec) Integrity Message is not intercepted. (MD5, SHA)            

Internet Protocol Security (IPsec) protocol (AH, ESP, ESP+AH)            

Internet Protocol Security (IPsec) Secure key exchange DH algorithm group            

Internet Security Association and Key Management Protocol (ISAKMP) Creates a Security Association (SA) between two hosts. Defined in RFC 2408 November 1998.  Wikipedia  RFC 2408       

IPS A set of rules that an IDS and an IPS use to detect typical intrusion activity, such as DoS attacks.    Cisco         

IPS Atomic Signature simplest type of IPS signature            

IPS Composite Signature             

IPsec transform sets IPsec security parameters. (AH or ESP plus the associated algorithm.)            

ISACA Risk IT Framework    Website         

jamming The act of intentionally interfering with the signal of a wireless network. Often part of a DoS attack.            

JSON Web Encryption (JWE) Encryption using JSON-based data structures. Published May 2015.  RFC 7516         

Kerberos Network authentication protocol used to authenticate to Windows domain controllers. Works on the basis of "tickets" to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner.   Wikipedia         

key Variable that is combined with an algorithm to transform data from plaintext to cipher text for encryption. Can also be used in other cryptographic algorithms, such as digital signature schemes and message authentication codes.   Wikipedia         

Key Distribution Center (KDC) Domain Controller with Kerberos. Two main parts; Authentication Service and the Ticket Granting Service. (TCP and UDP 88).   Wikipedia         

Key Reinstallation AttaACK (KRACK)    Website  Wikipedia       

Kismet Network detector, packet sniffer, and intrusion detection system for 802.11 wireless LANs. Can be expanded via plug-ins to handle other network types. Developed by Mike Kershaw (dragorn).  Website  Wikipedia       

L2TP/IPsec (UDP port 1701) Layer Two Tunneling Protocol (L2TP) running through an IPsec tunnel for security. Standardized in IETF RFC 3193 November 2001.  Wikipedia  RFC 3193       

Layer 2 Tunneling Protocol (L2TP) (UDP ports 500 and 4500) Tunneling protocol similar to PPTP used to support Virtual Private Networks (VPNs). L2TP does not provide confidentiality or strong authentication by itself but is often used with IPsec to provide encryption. The combination of these two protocols is generally known as L2TP/IPsec. Published as proposed standard RFC 2661 August 1999.  Wikipedia  RFC 2661  Cisco     

Layered Defense             

least privilege concept A process should never be given more privilege than necessary.            

Let's Encrypt Free, automated, and open Certificate Authority.   Website  Wikipedia       

Lightweight Extensible Authentication Protocol (LEAP) (deprecated) Basically EAP, with a password, in a TLS tunnel. Developed by Cisco Systems prior to the IEEE ratification of the 802.11i security standard. No longer used in favor of more secure protocols such as EAP-FAST, PEAP, or EAP-TLS.  Wikipedia         

likelihood Level of certainty that something will happen, typically measured over the course of a year. Can be measured in two ways: quantitative or qualitative.            

Local Area Network Denial (LAND) Type of DoS attack.   Wikipedia         

logic bomb    Wikipedia         

login local Uses a username and password from a local database to login.            

low risk May be accepted without mitigation or requires little mitigation.            

MAC address spoofing Technique for impersonating a different address then factory-assigned on a NIC. Since MAC addresses can be spoofed, examining MAC filtering logs may not provide any indication of an unauthorized host.   Wikipedia         

MafiaBoy Launched a series of DoS attacks.   Wikipedia         

main memory Typically RAM in modern computers.   Wikipedia         

malicious software (malware) Unwanted code with malicious intent.   Wikipedia         

Man in the Middle (MITM)             

masking Replaces sensitive information with nonsensitive information. After replacement, the nonsensitive version looks and acts like the original.            

maximum password age Requires a user to change their password after a certain amount of time.            

Melissa Mass-mailing macro virus. Not considered as a worm as it was not a standalone program. Released by David L. Smith sometime around March 26, 1999.  Wikipedia         

Meltdown Vulnerability in Intel and ARM processors. Reported January 3, 2018.  Website  Wikipedia  ZDNet  The Verge (Processor flaw exposes 20 years of devices to new attack)  The Verge (How to protect your PC against the major 'Meltdown' CPU security flaw) 

Message Authentication Code (MAC)    Wikipedia         

message digest (hashing algorithm)

MD2
MD4 Basis for MD5 and SHA-1.
MD5 Algorithm used by IPsec, EIGRP, RIPv2, EIGRP, OSPF, IS-IS, and BGP for authentication. Uses a 128-bit shared secret key.
MD6
 Developed by Ron Rivest.  Wikipedia - MD4  Wikipedia - MD5       

Message-Digest Algorithm 4 (MD4) Cryptographic hash function. Developed by Ronald Rivest in 1990. First full collision attack against MD4 was published in 1995.  Wikipedia         

Message-Digest Algorithm 5 (MD5) Widely used hash function producing a 128-bit hash value. Used as a checksum to verify data integrity, but only against unintentional corruption. Initially designed as a cryptographic hash function but its security has been compromised due to extensive vulnerabilities. Designed by Ronald Rivest in 1991 to MD4. Published in RFC 1321 April 1992.  Wikipedia         

minimum password age User must wait a certain amount of time before they are allowed to change passwords.            

minimum trust Access should not be granted unnecessarily or unconditionally.   Netacad         

monoalphabetic substitution cipher (Caesar cipher)   Wikipedia         

NAC Appliance Manager (NAM)             

NAC framework    Cisco         

NAT firewall Expands IP address range and hides addressing scheme. One of the first NAT filrewalls was the PIX firewall developed in 1994 and later bough by Cisco.  Wikipedia (Cisco PIX)         

network attack Can be unofficially categorized into three major categories:

Reconnaissance
Access
DoS
   Wikipedia         

Network Cloaking Hiding a network's Service Set Identifier (SSID) by disabling broadcasting. Not recommended as a way to secure a network.   Wikipedia         

Network Intrusion Detection System (NIDS) Type of Intrusion Detection System (IDS).   Wikipedia         

Next Generation Encryption (NGE)    Cisco         

Nimda Internet's fastest spreading worm.   Wikipedia         

NIST SP 800 30 framework Guide for conducting risk assessments. Rev. 1 published September 2012.  Website  Wikipedia       

NIST SP 800-37 Guide for applying the risk management framework.   Website         

NIST-approved digital signature algorithms NIST chooses approved algorithms based on public key techniques and ECC. The digital signature algorithms approved are DSA, RSA, and ECDSA.            

Nmap (Network Mapper) Free and open source port scanning utility used for network discovery and security auditing. Written by Gordon Lyon. Published September 1997.  Website  Wikipedia       

nonce    Wikipedia         

Null scan Nmap TCP scan with all the packet flags are turned off. Does not set any bits (TCP flag header is 0).   Nmap         

Object Group-Based ACL    Csico         

Offensive Security Certified Professional (OSCP)    Website  Wikipedia       

One-time pad    Wikipedia         

one-time password (OTP)    Wikipedia         

Online Certificate Status Protocol (OCSP) Used to obtain the revocation status of digital certificates in public keys. Alternative to Certificate Revocation Lists (CRL) that enables clients to request and receive the electronic status of digital certificates automatically in real-time. Described in RFC 6960 June 2013.  Wikipedia  RFC 6960       

open port Nmap port state that allows access to applications. An application is actively accepting TCP connections, UDP datagrams or SCTP associations on this port. Finding these is often the primary goal of port scanning.   Nmap         

OpenPGP Most widely used email encryption standard in the world. Created by Phil Zimmermann in 1991.  Website         

OpenVAS (Open Vulnerability Assessment System, originally known as GNessUs) Open Source vulnerability scanner and manager forked from Nessus. Functions much like a database server, performing complex queries while the client interfaces with the server to simplify reporting and configuration. Began under the name of GNessUs as a fork of Nessus October 2005.  Website  Wikipedia       

open|filtered Nmap port state. Nmap places ports in this state when it is unable to determine whether a port is open or filtered. This occurs for scan types in which open ports give no response.   Nmap         

packet filtering firewall Filters layer 3 and layer 4.   SearchNetworking         

packet monkey Derogatory term referring to people who copy code from knowledgeable programmers instead of creating the code themselves.            

Paralyze When actual damage is done to the system.            

password             

Password Authentication Protocol (PAP)    Wikipedia  RFC 1334       

Pattern-based detection             

pcAnywhere Suite of computer programs by Symantec for remote access. Operates on ports 65301, 22, 5631, and 5632. Originally developed by Dynamic Microprocessor Associates in 1986.  Wikipedia         

Penetrate Malicious code is sent to the host.             

penetration test (pen test) Authorized simulated attack on a computer system, performed to evaluate the security of the system.   Wikipedia         

Persist Ensures the malicious code is running even after reboot. May need to change system files to achieve this.            

Personal Information Number (PIN) Form of authentication.            

Petya (aka: NotPetya, GoldenEye) Malware. Seen as early as March 2016. Major attack targeting Ukraine occurred June 27, 2017.  Wikipedia         

phone freaking (phreaking) Faking the tones for long distance calls on an analog telephone network. Began in the United States during the 1950s.  Wikipedia  Netacad       

physical controls e.g. fences, doors, locks and fire extinguishers.   Wikipedia         

plaintext (cleartext)            

Point-to-Point Tunneling Protocol (PPTP) (TCP port 1723) Type of VPN protocol that uses PPP for the tunnel. No real form of authentication, just a password. Only very basic encryption. Oldest VPN protocol.  Wikipedia         

poison reverse    Wikipedia         

poisonous packet A type of DoS attack. An improperly formatted packet that causes the destination device to slow down or crash.            

port scan Method of finding out which services a host computer offers.   Wikipedia         

posture assessment             

Potentially Unwanted Program (PUP)             

Pre-Shared Keys (PSK) (shared secret) Authentication method used by IPsec   Wikipedia         

Pretty Good Privacy (PGP)             

preventive controls (before the event) intended to prevent an incident from occurring e.g. by locking out unauthorized intruders.   Wikipedia         

private key (aka: symmetric encryption)Anyone can encrypt a message with the receiver’s public key, but it can only be decrypted with the receiver’s private key. Effective security only requires keeping the private key private; the public key can be openly distributed without compromising security. Can be used for nonrepudiation to ensure only the person with the private key could have encrypted the message. Anyone who possesses the public key can then decrypt it.   Wikipedia         

privilege escalation    Wikipedia         

Probe Vulnerable computers are identified. ICMP is used to map the network. Passwords are obtained by social engineering, brute-force attacks, dictionary attacks, or packet sniffing.            

procedural controls e.g. incident response processes, management oversight, security awareness and training.   Wikipedia         

Propagate Sending the malicious code to other devices. This could be through email, FTP, IRC, or other ways of file sharing.            

Protected Extensible Authentication Protocol (PEAP) (aka: Protected EAP) Encapsulates the Extensible Authentication Protocol (EAP) within an encrypted and authenticated Transport Layer Security (TLS) tunnel. Uses TLS to authenticate the server to the client but not the client to the server.   Wikipedia  Quizlet       

proxy server Acts as an intermediary for requests from clients seeking resources from other servers. May reside on the user's local computer, or at various points between the user's computer.   Wikipedia         

Psyb0t (aka: Network Bluepill) Computer worm thought to be unique in that it can infect routers and high-speed modems. Discovered in January 2009.  Wikipedia         

public key Used in asymmetric cryptography to encrypt.   Wikipedia         

public key certificate             

Public Key Infrastructure (PKI) Manages digital certificates. Two major parts: certificate and certificate authority.   Wikipedia         

qualitative impact How will this impact the company image?            

qualitative likelihood Not easily measured. (i.e. customer satisfaction)            

quantitative impact How much will this cost in time and money by being down?            

quantitative likelihood (i.e. percentage chance of a power supply failing.)            

rabbit virus (fork bomb)   Wikipedia         

RACE Integrity Primitives Evaluation Message Digest (RIPEMD) (128, 160, 256, and 320-bit digests) Open standard family of cryptographic hash functions. Based on MD4 and is similar in performance to SHA-1. Not very common. Developed in Leuven, Belgium, by Hans Dobbertin, Antoon Bosselaers and Bart Preneel at the COSIC research group at the Katholieke Universiteit Leuven, and first published in 1996.  Wikipedia         

RADIUS client Gateway separating what is needed to be authenticated and those trying to authenticate.   Wikipedia         

RADIUS supplicant Person or device trying to be authenticated.   Wikipedia         

Rail fence cipher Words are spelled out as if they were a rail fence.   Wikipedia  Netacad       

RC Algorithms

RC1 Never published.
RC2 Variable key-size block cipher that was designed as a 'drop-in' replacement for DES.
RC3
RC4 World's most widely used stream cipher.
RC5
RC6
 Designed all or in part by Ronald Rivest.  Wikipedia  Netacad       

reconnaissance attack Gathers information about devices on the network and scans for access. This can include the use of packet sniffers and port scanners.   Netacad  Wikipedia       

Recovery Point Objective (RPO) Maximum allowable amount of data (measured in time) an organization can afford to lose in an incident. I.E. the RPO for XYZ Company may be 4 hours.   Wikipedia         

refactoring Process of restructuring existing computer code (changing the factoring) without changing its external behavior. A refactored file will work correctly but might also perform other malicious actions. Man in the Middle (MITM) might be the result of the refactor, but is not the threat itself.   Wikipedia         

Reflexive ACL Allow packets to be filtered based on upper-layer session information.   Csico         

Remote Access Trojan (RAT) Malicious software that is typically unknowingly installed which opens a back door for hackers. Notable examples include: Back Orifice, NetBus, iControl, PoisonIvy, Sub Seven, Beast Trojan, Bifrost, Blackshades, and DarkComet.   Wikipedia         

Remote Authentication Dial-In User Service (RADIUS) (UDP ports 1812, 1813,1645) Form of AAA used for authentication and network access. Does not handle authorization like TACACS+. Can use usernames and passwords from a variety of locations including on another server.   Wikipedia         

remote-access VPN Connects individual users to a corporate network. Dynamic   Wikipedia         

replay attack Reusing intercepted non-secure credentials to gain access to a system or network.            

residual risk What risk remains after all mitigation and reduction strategies have been implemented.            

reverse proxy Hides the server and can provide load balancing and caching for high activity pages.   Wikipedia         

Rijndael block cipher Developed by Joan Daemen and Vincent Rijmen.            

risk acceptance Risk response where the likelihood and the impact are less than the cost of mitigation. Level of risk the management authority chooses to accept with or without mitigations in place.            

risk assessment (aka: risk identification) Evaluating probability and impact. Consists of a vulnerability assessment and a threat assessment. Threats + Vulnerability = Risk.   Wikipedia         

risk avoidance Risk response where the likelihood and the impact are so high that it is not dealt with. (i.e. not collecting PII because if it leaked, you could no longer do business.)            

risk management framework

categorize
select
implement
assess
authorize
monitor
(repeat)
            

risk mitigation Risk response that reduces risk to a lower level.            

risk response Process of how to handle risks. The four parts are:

transference
mitigation
acceptance
avoidance
            

risk transference Type of risk response where some of the risk, likelihood, and impact is offloaded to a third-party. (i.e. cloud hosting.)            

Rivest Cipher 4 (RC4) (aka: Alleged RC4 (ARC4), ARCFOUR) (1 round, 40-2048 bit key) Stream cipher popularized by its speed and simplicity. Part of some commonly used encryption protocols and standards, such as WEP, WPA, SSL, and TLS. Designed by Ron Rivest in 1987. Initially a trade secret, but in September 1994 a description of it was anonymously posted to the Cypherpunks mailing list. Prohibited for all versions of TLS by RFC 7465 in 2015, due to the RC4 attacks weakening or breaking RC4 used in SSL/TLS.  Wikipedia         

Rivest-Shamir-Adleman (RSA) One of the most common asymmetric algorithms in public key cryptography. Typically used to generate digital signatures. Keys are usually 512 to 2048 bits. Acronym is the first letter from each surname of the developers; Ron Rivest, Adi Shamir, and Len Adleman. Published in 1977.  Wikipedia         

Rivest-Shamir-Adleman keys (RSA keys)    Wikipedia  Cisco Learning Network       

Rivest-Shamir-Adleman signatures (RSA signatures) Authentication method used by IPsec   Wikipedia         

Robust Security Network (RSN) Type of authentication.   Windows Hardware Dev Center         

Robust Security Network Association (RSNA) Type of authentication.   Windows Hardware Dev Center         

Robust security Network Association with Preshared Keys (RSNA-PSK) Type of authentication.   Windows Hardware Dev Center         

Rogue Access Point (Rogue AP) A wireless access point that has been installed on a network without explicit authorization from an administrator, whether added by a well-meaning employee or by a malicious attacker. Could be used by unauthorized individuals to bypass security controls such as firewalls. The potential of bypassing security controls is a good reason to perform a site survey of rogue access points.   Wikipedia         

Routed Mode Firewall mode on the Cisco ASA. Functions as a Layer 3 device.    Netacad         

RSA signature             

RSA-encrypted nonce    Wikipedia  Cisco Press       

SA database (SADB) Maintains security associations.   Netacad         

sandbox Security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. Isolated space where untested code and experimentation can safely occur separate from the production environment.   Wikipedia         

SANS Institute    Wikipedia  Website       

scytale Possibly one of the first transposition cipher tools.   Wikipedia         

Secure European System for Applications in a Multivendor Environment (SESAME) European-developed authentication protocol that can provide for single sign-on capability. It is not widely used and does not use tickets for authentication.            

Secure Hash Algorithm (SHA)

SHA-1 (Legacy) Uses a 160-bit secret key.
SHA-2 SHA-224, SHA-256, SHA-384, SHA-512
SHA-3
   Wikipedia (SHA-1)  Wikipedia (SHA-2)  Wikipedia (SHA-3)  Cisco  Netacad 

Secure Hash Algorithm 1 (SHA-1) Cryptographic hash function which produces a 160-bit hash value known as a message digest. part of several widely used security applications and protocols, including TLS and SSL, PGP, SSH, S/MIME, and IPsec. Can provide data integrity in a VPN. Designed by the United States National Security Agency (NSA). not been considered secure since 2005.  Wikipedia         

Secure Hash Standard (SHS)    Wikipedia         

Secure Sockets Layer (SSL) Can be used to established remote-access VPN connections. Initially published as SSL 2.0 February 1995.  Wikipedia  Instant SSL by Comodo       

Secure Sockets Layer Certificate (SSL Certificate)    YouTube         

secure software development model

Requirements Requirements for different security functions are determined.
Testing Software is measured or tested against security, functionality, and performance requirements. (secure code review, application fuzzing, vulnerability assessments, and penetration testing.)
Design Security functionality is designed into the application.
Implementation Security requirements are validated as implemented in the application.
            

security and functionality relationship As security increases, functionality decreases. As resources decrease, both functionality and security decrease.            

Security Assertion Markup Language (SAML) Used for web application login.   Wikipedia         

Security Association (SA) Part of the IPsec suite used to negotiate the cryptographic parameters between two devices in an ISAKMP session. Performed after AH or ESP has been selected. Maintained by a SADB.   Wikipedia  Netacad       

security authentication failure rate             

security controls Risk likelihood and impact should directly determine how much is budgeted for security controls. Can be classified by when the occur or according to their nature.

Security Functions:
deterrent
preventive
detective
compensating
corrective

Security Controls:
administrative
technical
physical

   Wikipedia         

Security Device Manager (SDM)    Cisco         

Security Event Manager (SEM) Real-time monitoring of logs and events generated by devices or software on the network.   Wikipedia         

Security Information and Event Management (SIEM) Combines Security Information Management (SIM) and Security Event Management (SEM) software products and services. Analyzes security alerts from networking equipment and software in real-time. Can aggregate and correlate data, allowing you to organize it into valuable information. Splunk is an example of SIEM. Coined by Mark Nicolett and Amrit Williams of Gartner in 2005.  Wikipedia         

Security Information Management (SIM) Central location for long-term storage analysis of log data.   Wikipedia         

security operations (SecOps)             

Security Operations Center (SOC)    Wikipedia         

Security Services Module (SSM)             

Service Level Agreement (SLA) Agreement between two parties that specifies the level of service and support. Can outline QoS parameters for packets going through a provider.   Wikipedia         

session cookies Typically created for a single web browsing session and are generally not carries across web sessions. Persistent cookies are saved and used between sessions.   Wikipedia         

session hijacking (aka: cookie hijacking) Intercepting and taking over an in-progress communications session between two hosts.   Wikipedia         

shared secret password or passphrase.   Wikipedia         

shoulder surfing Looking over someone's shoulder as they type in a password.            

Single Point Of Failure (SPOF) Where there is no redundancy. If the device fails, the rest of the system is affected.   Wikipedia         

site-to-site VPN An extension of a WAN. Connects entire networks together. Both ends of the connection know about the VPN in advance, but internal hosts are not aware of the tunnel. VPN gateway encapsulates and encrypts.   Wikipedia         

smurf attack Type DDoS attack where large amounts of ICMP packets are sent from a spoofed IP address on the network to the network broadcast address causing many replies. Originally written as smurf.c by Dan Moschuk, aka TFreak, in 1997.  Wikipedia  Hackepedia       

SoftEther VPN (Software Ethernet) First released January 4, 2014.  Website  Wikipedia       

software attack Probe,            

Spectre Breaks the isolation between different applications allowing an attacker to trick error-free programs. Reported January 3, 2018.  Website  Project Zero Blog  ZDNet  The Verge (Processor flaw exposes 20 years of devices to new attack)   

spoofing Masquerading as another entity, usually by spoofing an IP address, MAC address, or user.            

SQL injection Inserting lines of SQL code into a query, typically on a web site, with malicious intent such as to delete a database or to reveal its contents.   Wikipedia         

stateful firewall Filters traffic based on what is allowed to enter or exit an interface, without inspecting the traffic. Only packets matching a known active connection are allowed to pass the firewall. Monitors state of connection through SPI. Most common type of firewall. Developed by Bell Labs in 1989.  Wikipedia         

Stateful Packet Inspection (SPI) (aka: dynamic packet filtering)   Wikipedia         

stateless firewall Blocking is based on Access Control Lists (ACLs) and defined rules. Can block and unblock by difined IP address, port access, or URL address.            

steganography hiding data in plain view in pictures, graphics, or text.    Wikipedia         

stream cipher Symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream (keystream).   Wikipedia         

Substitution (Caesar cipher) Shifts the alphabet. Retains letter frequency.             

Supervisory Control and Data Acquisition (SCADA) Used to manage Heating, Ventilation, and Air-Conditioning (HVAC) and other types of industrial and environmental systems.   Wikipedia         

Symmetric Block Ciphers Encrypts in blocks, typically 64 bits for DES or 128 bits for AES. RSA has a variable block size. Output may be larger than the input to match the block size.   Netacad         

Symmetric DSL (SDSL)    Wikipedia         

symmetric encryption algorithm (secret keys) Uses a single key to encrypt and decrypt data. 80-256 bits. Most common because of shorter key length. Uses block ciphers and stream ciphers. (DES, 3DES, AES, IDEA, RC2/4/5/6, and Blowfish)   Wikipedia         

Symmetric Stream Ciphers Encrypts one bit at a time. Technically a block cipher with a bit size of one bit. Faster than block ciphers and generally don't increase message size. Examples include The Vigen   Netacad         

System Development Life Cycle (SDLC) Five phases: initiation, acquisition and development, implementation, operations and maintenance, and disposition.   Netacad         

TCP ACK scan -sA Nmap scan option that typically used to get past a firewall.   Nmap         

TCP connect scan -sU Nmap scanning mothod. Similar to the TCP SYN scan, except that it does complete the three-way handshake.   Nmap         

TCP SYN scan -sS Default and most popular Nmap scan option. Used to perform a TCP SYN stealth port scan.   Nmap         

technical controls e.g. user authentication (login) and logical access controls, antivirus software, firewalls.   Wikipedia         

Temporal Key Integrity Protocol (TKIP) Security protocol used in IEEE 802.11 as a temporary solution to WEP. Published October 31, 2002. Deprecated in 2012.  Wikipedia         

Terminal Access Controller Access-Control System (TACACS (TCP or UDP port 49) Family of related protocols handling remote authentication and related services for networked access control through a centralized server. Originally developed by BBN Technologies for administering MILNET in 1984.  Wikipedia         

Terminal Access Controller Access-Control System Plus (TACACS+) Protocol developed by Cisco. Although derived from TACACS, TACACS+ is a separate protocol that handles authentication, authorization, and accounting (AAA) services. Encrypts an entire authentication packet, rather than just the password. Released as an open standard beginning in 1993.  Wikipedia         

threat Event that exploits a vulnerability’s potential to do harm to an asset. Can be adversarial (i.e. hacking; individual cracker or a criminal organization), accidental (i.e. misconfiguration), structural (i.e. a computer malfunctioning), or environmental (i.e. natural disaster such as an earthquake, a fire, or a tornado).   Wikipedia         

threat agent (aka: threat actor) Person or entity that initiates a threat.   Wikipedia         

threat assessment Often done alongside a risk assessment.

adversarial
accidental
structural
environmental
            

Threefish Symmetric-key tweakable block cipher.   Wikipedia         

Ticket Granting Service (TGS) Part of Kerberos that generates a session key.            

Ticket Granting Ticket (TGT) (aka: Security Identifier (SID)) Part of Kerberos that is provided by the Authentication Service.            

Transport Layer Security (TLS) Successor to SSL. TLS 1.0 first defined in RFC 2246 January 1999.  Wikipedia  RFC 2246       

Transport Layer Security 1.1 (TLS 1.1)  Defined in RFC 4346 April 2006.  Website  Wikipedia       

Transport Layer Security 1.2 (TLS 1.2)  Defined in RFC 5246 August 2008.  Website  Wikipedia       

Transport Layer Security 1.3 (TLS 1.3)  Working draft as of July 2016.    Wikipedia       

Transport Mode Firewall mode on the Cisco ASA. Functions as a Layer 2 device. Protects only the packets payload. Works well with GRE.   Netacad         

transposition Characters are rearranged. Used in part by DES and 3DES.            

Triple Data Encryption Standard (3DES) (Legacy) Applying DES three times in a row to a plaintext block. Can be used by IPsec to encrypt data. Three 56-bit encryption keys per 64-bit block. Symmetric.   Wikipedia         

Trojan horse Software that appears to be useful but is actually malicious.

Classifications:
remote access
data sending
destructive
proxy
FTP
security software disabler
DoS
   Wikipedia  YouTube (TheCuriousEngineer)  Netacad     

Trusted Execution Environment (TEE) Isolated environment running alongside a mobile OS.   Wikipedia         

Trusted Platform Module (TPM) (aka: ISO/IEC 11889) Dedicated microcontroller that performs cryptographic functions, such as encrypting an entire hard drive.   Wikipedia         

Two-Factor Authentication (2FA) (aka: two-step verification)   Wikipedia         

Twofish Symmetric key block cipher. One of the five finalists of the AES contest, but was not standardized  Wikipedia         

unfiltered port Nmap port state where an ACK scan returns an RST packet on the scanned port. The unfiltered state means that a port is accessible, but Nmap is unable to determine whether it is open or closed.   Nmap         

Unicornscan Developed to assist security testers in conducting tests on large networks and to consolidate many of the tools needed for large-scale endeavors. Optimizes UDP scanning beyond the capabilities of any other port scanner.   Website  sectools.org       

Unified Threat Management (UTM)    Wikipedia         

Vigen Based on the Caesar cipher but uses a polyalphabetic key shift. Originally described by Giovan Battista Bellaso.   Wikipedia         

Virtual Private Network (VPN) IP tunnels that extend a private network across a public network, usually the internet. Enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Typically encrypted but does not need to be, such as in the case of GRE and Frame Relay. The encryption algorithm combines message text with a key to make the message unreadable by unauthorized receivers. Two kinds of VPNs: site-to-site and remote access. Can operate at OSI Layer 2 (Frame Relay, ATM, HDLC, PPP) or OSI Layer 3 (GRE, MPLS, IPsec).   Wikipedia         

virus Malicious software that hides in other files, generally executables (.exe). Commonly spread by email. Can lay dormant and activate after a specific action or time.   Wikipedia  YouTube (TheCuriousEngineer)  Netacad     

VLAN attack Takes advantage of how some switches will automatically form a trunk if the devices that connect to the port are in trunking mode. Can mitigate by using a dummy native VLAN and disabling DTP.   Wikipdedia         

VLAN Hopping VLAN attack that enables traffic to go between VLANs.            

Voice and Video Enabled VPN (V3PN)             

VPNFilter Malware designed to infect routers. The FBI believes that it was created by the Russian Fancy Bear group. Estimated to have infected approximately 500,000 routers worldwide as of May 24, 2018.  Wikipedia  Ars Technica       

vulnerability Weakness that allows an asset to be exploited.   Wikipedia         

wabbit (fork bomb)   Wikipedia         

WannaCry (aka: WannaCrypt) Ransomware worm that originated from leaked National Security Agency (NSA) tools. Attacked unpatched Windows computers in over 150 countries including computers in the National Health Service (NHS) on May 12, 2017.   NHS Digital  PC World  New York Times  Wikipedia   

wardialing Scanning for telephone numbers with a modem.   Wikipedia         

watering hole attack Where a hacker determines sites you may want to visit and then compromises those sites by planning viruses or malicious code on them. Once you visit the site(s) that you trust, you are infected with malware.   Wikipedia         

Web Application Firewall (WAF)  Detects how applications interact with the environment.Optimal for detecting SQL injections and XSS.           

web beacon (aka: web bug, tracking pixel) 1-pixel x 1-pixel image file referenced in an tag, and it usually works with a cookie.   Wikipedia         

web threat Any threat that uses the World Wide Web to facilitate cybercrime.   Wikipedia         

whitelisting Technique used by an administrator to allow access to only a specific approved list of applications.            

Wi-Fi deauthentication attack Type of DoS attack that targets communication between a wireless client and a wireless access point in hopes of causing them to deauthenticate with each other and disconnect.   Wikipedia         

Wi-Fi Protected Setup (WPS) (originally Wi-Fi Simple Config) Created by the Wi-Fi Alliance with the goal of giving users a push-button configuration to set up WPA, as well as making it easy to add new devices to an existing network without entering long passphrases. WPS PIN can be recovered by an attacker through a brute-force attack. Introduced in 2006. Major security flaw revealed in December 2011.  Wikipedia         

worm enabling vulnerability How the worm is installed. Usually through email attachments,            

worm mitigation Process used to isolate and attempt to remove a worm. Four phases of worm mitigation: Containment --> { inoculation } | { quarantine --> treatment }

containment phase:Limits the spread of the worm through compartmentalization and segmentation of the network to slow it down or stop it entirely. Requires the use of ACLs on routers and firewalls at control points.
inoculation phase:Infected systems are patched. Runs parallel to or subsequent to the containment phase.
quarantine phase:Identify infected machines. Isolates these systems for the treatment phase by disconnecting, blocking, or removing them. treatment phase: Disinfect systems of the worm by removing modified files or system settings. This can also include reinstalling the operating system.
treatment phase:Disinfect systems of the worm by removing modified files or system settings. This can also include reinstalling the operating system.
   Wikipedia  Netacad       

worm payload malicious code that is often used to create a backdoor.            

worm propagation mechanism how the worm replicates itself.            

Xmas scan -sXNmap scan option that sets the FIN, PSH, and URG flags, lighting the packet up like a Christmas tree.   Nmap         

XML injection Occurs when malicious XML code is inserted into an XML statement.   Wikipedia         

zero-day attack When   Wikipedia         

zero-hour attack Same concept as zero-day attack, only with less time to exploit.   Wikipedia         

Zone-Based Firewall (ZBF)  Introduced by Cisco in 2006.  Cisco         

Zone-Based Policy Firewall (ZPF)    Cisco