Term
| ACE- access control entry |
|
Definition
| is each entry in the ACL table,it includes 4 items; a security identifierfor the user and group accounts, or logon sessions, an access mask that specifies the access rights controlled, a flag that indicates the type, a set of flags that determine whether objects can inherit permissions |
|
|
Term
|
Definition
| a standard that provides a predefined framework for hardware and software developers who need to implement access control in their devices or applications |
|
|
Term
|
Definition
| is an active directory domain services feature, prevents a logon after a set number of failed logon attempts within a specified period and can also specify the length of time that the lockout is in force |
|
|
Term
|
Definition
| a set of permissions that are attached to an object. Specifies which subjects are allowed to access the object and what operations they can perform on it |
|
|
Term
|
Definition
| checking the delivery persons credentials to be sure that they are authentic and not fabricated |
|
|
Term
|
Definition
| granting permission to take the action |
|
|
Term
|
Definition
| a reference set of data against which operational data is compared |
|
|
Term
|
Definition
| authenticates by normal actions that the user performs; keystroke dynamics, voice recognition, and computer foot printing |
|
|
Term
|
Definition
| an automated password cracking technique in which every possible combination of letters, numbers, and characters is used to create encrypted passwords that are matched with those in the stole file |
|
|
Term
| CHAP- Challenge handshake authentication protocol |
|
Definition
| authenticates a user or network host to an authenticating entity such as an Internet service provider, providing protection against replay attacks by the peer through the use of an incrementally changing identifier and of a variable challenge-value |
|
|
Term
|
Definition
| related to the perception, thought process, and understanding of the user. considered much easier for the user to remember because it is based on the users life experiences |
|
|
Term
|
Definition
| a Department of Defense smart card that is used for identification for active duty and reserve military personnel, along with civilian employees and special contractors |
|
|
Term
| DAC-discretionary access control |
|
Definition
| one of four access controls. the least restrictive access control model, in which the owner of the object has total control over it |
|
|
Term
|
Definition
| a database stored on the network itself that contains information about users and network devices |
|
|
Term
|
Definition
| functions as a separate network outside the secure network perimeter; untrusted outside users can access it but cannot enter the secure network |
|
|
Term
|
Definition
| a hiearchical or tree name system for matching computer names and numbers |
|
|
Term
|
Definition
| a small database maintained by a computers OS. it contains records of all recently accessed internet domains |
|
|
Term
|
Definition
| an attack that substitutes certain addresses so that a computer is automatically redirected to another device |
|
|
Term
|
Definition
| hardware or software that is designed to prevent malicious packets from entering or leaving computers or a network |
|
|
Term
| FTP- file transfer protocol |
|
Definition
| an unsecure TCP/IP protocol that is commonly used for data transfer |
|
|
Term
| HIDS- host intrusions detection system |
|
Definition
| software based application that runs on a local host computer that can detect an attack as it occurs |
|
|
Term
|
Definition
| a standard network device for connecting multiple Ethernet devices together to make them function as a single segment |
|
|
Term
|
Definition
| a variation of the dictionary attack, it will slightly alter dictionary words by adding numbers to the end af the password, spelling words backwards, slightly misspelling words, or including special characters |
|
|
Term
| ICMP-Internet control message protocol |
|
Definition
| a TCP/IP protocol that is used by devices to communicate updates or error information to other devices |
|
|
Term
|
Definition
| a numerical label assigned to each device participating in a computer network that uses the Internet protocol for communication. Serves 2 principle functions: host or network interface identification and location addressing |
|
|
Term
|
Definition
| instead of one person having sole resposibility for a function, individuals are periodically moved from one job responsibility to another |
|
|
Term
|
Definition
| an authentication system developed by MITand is used to verify the identity of networked users |
|
|
Term
|
Definition
| a device that can direct requests to different servers based on a variety of factors, such as the number of server connections, the servers processor utilization and overall performance |
|
|
Term
|
Definition
| a unique identifier assigned to network interfaces for communications on the physical network segment |
|
|
Term
|
Definition
| a technique that allows private IP addresses to be used on the public Internet |
|
|
Term
| NIDS- network intrusion detection system |
|
Definition
| a technology that watches for attacks on the network and reports back to a central device |
|
|
Term
| NIPS- network intrusion prevention system |
|
Definition
| a technology that monitors network traffic to immediately react to block a malicious attack |
|
|
Term
| PAT- port address translation |
|
Definition
| each packet is givin the same IP address but a different TCP port number allowing a single public address to be used by several users |
|
|
Term
| Personal Identity Verification (PIV) |
|
Definition
| a government standard for smart cards that covers all government employees |
|
|
Term
|
Definition
| a malformed ping using ICMP is sent to the victims computer that exceeds the size of an IP packet causing the host to crash |
|
|
Term
|
Definition
| a computer or an application program that intercepts a user request from the internal secure network and then processes that request on behalf of the user |
|
|
Term
|
Definition
| an industry standard authentication service with wide spread support across nearly all vendors of network equipment |
|
|
Term
|
Definition
| large pre-generated data sets of encrypted passwords used in password attacks |
|
|
Term
|
Definition
| a device that can forward packets across computer networks |
|
|
Term
|
Definition
| the practice of requiring that processes should be divided between two or more individuals |
|
|
Term
|
Definition
| an attack that broadcasts a ping request to all computers on a network yet changes the address from which it came, to that of the target, making it appear that the target computer is asking for a response from all computers- they respond overwhelming the target causing it to crash |
|
|
Term
| SNMP- simple network management protocol |
|
Definition
| a TCP/IP protocol that exchanges management information between networked devices and allows network administrators to remotely monitor, manage and configure devices on the network |
|
|
Term
|
Definition
| uses fingerprints or other unique physical characteristics of a persons face, hands, or eyes for authentication |
|
|
Term
| Stateful packet filtering |
|
Definition
| keeps a record of the state of a connection between an internal computer and an external device and then makes decisions based on the connection as well as the conditions |
|
|
Term
|
Definition
| a technique that uses IP addresses to divide a network into network, subnet, and host |
|
|
Term
|
Definition
| a device that connects network segments and forwards only frames intended for that specific device or frames sent to all devices |
|
|
Term
TACAS-
terminal access control access control system |
|
Definition
| an authentication service commonly used on UNIX devices that communicates by forwarding user authentication information to a centralized server |
|
|
Term
|
Definition
| tha most common protocol suite used today for local area networks and the internet |
|
|
Term
|
Definition
| a network protocol used on the internet or local area networksto provide a bidirectional interactive text-oriented communicatio facility using a virtual terminal connection |
|
|
Term
|
Definition
| a small device with a window display that shows a code to be used for authentication |
|
|
Term
| UDP- user datagram protocol |
|
Definition
| computer applications can send messages to other host on a Internet protocol network without prior communications to set up special transmission channels or data paths |
|
|
Term
|
Definition
| a technology that allows scattered users to be logically grouped together even thoughthey may be attached to different switches |
|
|
Term
| VPNvirtual private network |
|
Definition
| a technology to use an unsecured public network like a secure private network |
|
|
Term
|
Definition
|
|
Term
|
Definition
provides the user interface to allow network services
provides services for user applications:
Telnet, FTP, TFTP, SMTP, IMAP, POP, DNS |
|
|
Term
|
Definition
|
|
Term
|
Definition
is concerned with how the data is represented and formatted for the user
used for translation
compressed and encryption
HTTP |
|
|
Term
|
Definition
|
|
Term
|
Definition
has the resposibility of permitting the two parties on the network to hold ongoing communications across the network
allows devices to establish and manage sessions |
|
|
Term
|
Definition
|
|
Term
|
Definition
is responsible for ensuring that error free data is givin to the user
provides connection establishment, management, and termination as well as acknowledgments and retransmissions
TCP, UDP |
|
|
Term
|
Definition
|
|
Term
|
Definition
picks the route the packet is to take and handles the addressing of the for delivery
makes logical addressing, routing, fragmentation and reassembly available
IPv4/IPv6, ICMP, ARP |
|
|
Term
|
Definition
|
|
Term
|
Definition
is resposible for dividing the data into packets
error detection and correction
performs physical addressing, data framing, error detedtion, and handling
ARP, Frame relay, PPP, Token ring |
|
|
Term
|
Definition
|
|
Term
|
Definition
sends the signal to the network or receives the signal from the network
involved with encoding and signaling, data transmission, and reception |
|
|
