Glossary of Terms

ACL

An access control list defines a security policy within a system.

AD

Active Directory is used within Microsoft environments as a directory service.

AEAD

Authenticated Encryption with Associated Data is a modern block cipher mode of operation that simultaneously provides confidentiality, integrity, and authenticity assurances on the data.

AES

The Advanced Encryption Standard is a cryptosystem established by NIST.

AFP

The Apple Filing Protocol is a network file service protocol for Apple OS X.

AH

The IPsecAuthentication Header guarantees integrity and data origin authentication of IP packets. Further, it can optionally protect against replay attacks.

AJP

The Apache JServ Protocol is a binary protocol used to proxy inbound requests from a frontend HTTP web server to a backend Java servlet container (e.g., JBoss).

ARP

Address Resolution Protocol is a Layer 2 protocol used within IPv4 networks to map IP addresses to MAC hardware addresses using a data link protocol (e.g., IEEE 802.3 Ethernet or 802.11 WiFi).

AS

A BGP Autonomous System number defines IP routing prefixes under the administrative control of a single entity (typically an Internet service provider).

ASLR

Address Space Layout Randomization is a memory-protection mechanism used by operating systems to guard against memory corruption attacks by randomizing the location of useful content within memory.

ASN.1

Abstract Syntax Notation One is a standard and notation that describes rules and structures for representing, encoding, transmitting, and decoding data in telecommunications and computer networking.

BGP

Border Gateway Protocol is an exterior gateway protocol designed to exchange routing and reachability information among autonomous systems on the Internet.

BPDU

A Bridge Protocol Data Unit is a network frame containing STP information.

CA

A Certificate Authority is a trusted entity that signs X.509 digital certificates.

CAM

Within an Ethernet switch, the content addressable memory table is used to record MAC addresses and corresponding port locations.

CBC

The Cipher Block Chaining mode of operation within a cryptosystem.

CDE

The Common Desktop Environment is a desktop environment for Unix systems.

CDN

A Content Delivery Network is a distributed network of proxy servers deployed in multiple data centers. The goal of a CDN is to serve content to clients with high availability and low latency.

CDP

The Cisco Discovery Protocol is a proprietary data link (Layer 2) protocol used to share information about directly connected Cisco equipment (e.g., operating system and IP address details).

CFML

ColdFusion Markup Language is a tag-based scripting language supporting dynamic web page creation and database access. In the language, ColdFusion tags are embedded in HTML files.

CMS

A Content Management System is an application that supports the creation and modification of content using a common user interface, supporting multiple users working in a collaborative environment.

CN

The Common Name attribute within an X.509 certificate describes the identity of a component within a larger system (e.g., a user or host).

COM

Component Object Model is a Microsoft binary-interface standard for software components. It is used to enable interprocess communication and dynamic object creation in a large range of programming languages.

CRAM

A challenge–response authentication mechanism stipulates that one party presents a question (“challenge”) and another party must provide a valid answer (“response”) to successfully authenticate (RFC 2195).

CSRF

Cross-site request forgery is a type of attack that occurs when malicious content causes a user’s web browser to perform an unwanted action on a trusted site.

CVE

Common Vulnerabilities and Exposures is a dictionary of publicly known information security vulnerabilities, maintained by the MITRE Corporation.

CVSS

Common Vulnerability Scoring System is an open industry standard for assessing the severity of computer system security vulnerabilities.

DCCP

Datagram Congestion Control Protocol is a transport layer (Layer 4) protocol implementing reliable connection setup, teardown, congestion control, and feature negotiation (RFC 4340).

DCOM

Distributed Component Object Model is a proprietary Microsoft technology for communication among software components distributed across networked computers.

DEFLATE

A data compression algorithm described by RFC 1951.

DEP

Data Execution Prevention is a set of hardware and software security features that prevent instructions from being executed from protected areas of memory.

DES and 3DES

The Data Encryption Standard is a symmetric-key block cipher published by NIST. Triple DES applies the DES cipher three times to each data block.

DH and DHE

Diffie-Hellman and Ephemeral Diffie-Hellman are anonymous key agreement protocols used to establish a shared secret between two parties over an insecure channel.

DHCP

The Dynamic Host Configuration Protocol provides IP address and other configuration information to local clients.

DKIM

Domain Keys Identified Mail is an email authentication method designed to prevent email spoofing by providing a mechanism to allow mail exchangers to check that incoming mail from a domain is authorized (RFC 6376).

DMARC

Domain-based Message Authentication, Reporting, and Conformance is an email validation system designed to detect and prevent email spoofing (RFC 7489).

DN

Within LDAP, objects are referenced by their Distinguished Name values.

DNS64

A mechanism used to translate IPv4 DNS records for IPv6-only clients.

DNSSEC

Domain Name System Security Extensions is a suite of IETF specifications for securing DNS information provided over IP networks.

DSA and DSS

The Digital Signature Algorithm is published in the Digital Signature Standard (FIPS 186).

DTLS

Datagram Transport Layer Security provides optional communications security for datagram protocols, including UDP (RFC 6347) and SCTP (RFC 6083).

DTP

The Dynamic Trunking Protocol is a proprietary Layer 2 Cisco networking protocol used to negotiate trunking on a link between two 802.1Q VLAN-aware switches.

EAP

The Extensible Authentication Protocol is a framework frequently used in wireless networks and point-to-point connections to authenticate clients (RFC 3748).

EAPOL

Extensible Authentication Protocol Over LAN is a network port authentication protocol used in IEEE 802.1AE, 802.1AR, and 802.1X environments to provide generic sign-on to access network resources.

ECC

Elliptic curve cryptography is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. ECC requires smaller keys compared to non-ECC cryptography to provide equivalent security.

ECDH, ECDHE, and ECDSA

The elliptic curve analogues of DH, DHE, and DSA.

EIGRP

Enhanced Interior Gateway Routing Protocol is a proprietary distance-vector routing protocol that is used in Cisco environments to automate routing decisions and configuration.

ESP

The IPsec Encapsulating Security Payload provides origin authenticity, integrity, and confidentiality protection of packets.

FIPS and FISMA

Federal Information Processing Standards are issued by NIST after approval by the US Secretary of Commerce pursuant to the Federal Information Security Management Act.

GCC

The GNU Compiler Collection is a compiler system produced by the GNU Project supporting various programming languages.

GCM

Galois/Counter Mode is a mode of operation for symmetric-key cryptographic block ciphers that has been widely adopted because of its efficiency and performance.

GNU

GNU’s Not Unix is a complete free software operating system.

GOT

The Global Offset Table is a table of variables and memory address locations.

GSSAPI

The Generic Security Service Application Program Interface provides access to security services such as authentication providers (RFC 2743).

GUID

A Globally Unique Identifier is a 128-bit integer used to identify a resource.

HDFS

The Hadoop Distributed File System is a distributed portable file system written in Java for the Hadoop framework.

HMAC

A keyed-hash message authentication code is a specific type of MAC involving a cryptographic hash function (hence the “H”) in combination with a secret key.

HSRP

Hot Standby Routing Protocol is a Cisco proprietary redundancy protocol used to establish fault-tolerant default gateways (RFC 2281).

IDEA

The International Data Encryption Algorithm is a dated symmetric-key block cipher.

IEEE

The Institute of Electrical and Electronics Engineers is the world’s largest association of technical professionals with more than 400,000 members.

IETF

The Internet Engineering Task Force develops and promotes voluntary Internet standards, in particular the standards that comprise the Internet protocol suite. It is an open standards organization, with no formal membership or membership requirements.

IDS

An intrusion detection system monitors network or system activities for anomalies or policy violations that indicate a computer attack.

IPS

An intrusion prevention system identifies and blocks malicious computer activity.

IKE

The Internet Key Exchange protocol is used to set up an IPsec SA.

IP ID

Within IPv4, an identification field enables fragmentation and reassembly and is required to be unique (RFC 6864).

IPC

Interprocess communication is a mechanism that lets processes share data.

IPMI

The Intelligent Platform Management Interface is a set of specifications for an autonomous subsystem that provides management and monitoring capabilities independent of a host system’s CPU, firmware, and operating system.

IPsec

Internet Protocol Security is a protocol suite for secure IP communications by authenticating and encrypting each IP packet of a session.

IRC

Internet Relay Chat is a protocol that facilitates text communication.

ISAKMP

The Internet Security Association and Key Management Protocol is used to establish IPsec session parameters (RFC 2408).

iSCSI

A protocol used to send Small Computer System Interface commands over TCP/IP networks, providing access to storage arrays in particular.

IV

An initialization vector is a fixed-size input to a cryptographic primitive that is typically required to be random. IV randomization ensures that repeated usage of a key does not allow an attacker to infer relationships between segments of ciphertext.

JDBC

Java Database Connectivity is an API for accessing database management systems.

JDWP

The Java Debug Wire Protocol is a protocol used for communication between a debugger and a target Java virtual machine.

JMX

Java Management Extensions is a Java technology that supplies tools for managing and monitoring applications, system objects, devices, and service-oriented networks. Objects called MBeans represent resources.

JNDI

The Java Naming and Directory Interface is a Java API for a directory service that makes it possible for software clients to discover and look up data and objects via a name.

JSON

JavaScript Object Notation is an open format that uses human-readable text to transmit data objects consisting of attribute–value pairs.

KDC

A key distribution center is part of a cryptosystem intended to reduce the risks inherent in exchanging keys, as used within Kerberos and other systems.

Kerberos

Kerberos is a secure method for authenticating requests to services in a network.

LDAP

The Lightweight Directory Access Protocol is a directory service protocol.

LLMNR

The Link-Local Multicast Name Resolution protocol is based on DNS that lets both IPv4 and IPv6 hosts perform name resolution on the same local link.

LLVM

The Low-Level Virtual Machine is a collection of compiler toolchain technologies.

LSA and LSARPC

The Microsoft Windows Local Security Authority is a protected subsystem that maintains information about all aspects of security on a system. LSARPC denotes the RPC interface that is used to interact with the subsystem.

MAC (cryptography)

A message authentication code is a value used to confirm that a message came from the stated sender (is authentic) and has not been changed in transit (has integrity).

MAC (address)

A media access control address is a unique identifier used within IEEE 802 networks, including 802.3 Ethernet and 802.11 WiFi.

MBean

A managed beanrepresents a resource running in the Java virtual machine.

MD5

A cryptographic hash function producing a 128-bit (16-byte) hash value, typically expressed in text format as a 32-digit hexadecimal number. MD5 should be avoided, as a severe collision attack exists that can find collisions within seconds on a computer with a 2.6 GHz Pentium 4 processor.

mDNS

Multicast DNS is commonly used to provide name resolution in a small network where no conventional DNS server has been installed (RFC 6762).

MFA

Multifactor authentication is a method of computer access control in which a user is only granted access after successfully presenting several separate pieces of evidence to an authentication mechanism.

MIB

A management information base is used to manage entities in a network.

MIME

The Multipurpose Internet Mail Extensions standard provides support for text in foreign character sets, binary attachments, and message bodies with multiple parts within SMTP, HTTP, and other protocols.

MITM

A man-in-the-middle attack is undertaken by an adversary with network access to compromise data in-transit.

MS-CHAP and MS-CHAPv2

The Microsoft Challenge-Handshake Authentication Protocol, which exists in two versions: MS-CHAP (RFC 2433) and MS-CHAPv2 (RFC 2759).

MSSP

A managed security service provider offers email and web content filtering, firewall management, and other services.

MTA

A message transfer agent is software that transfers email messages from one computer to another using a client–server application architecture.

MTU

A maximum transmission unit is the largest size frame or packet, specified in octets (8-bit bytes), which can be sent in a packet- or frame-based network such as the Internet.

NAC

IEEE 802.1X port-based Network Access Control that provides an authentication mechanism to devices that want to attach to an Ethernet or WiFi network.

NAT

Network Address Translation is a method of remapping one IP address space into another by modifying network address information. In IPv6 environments, a NAT64 gateway translates connections across IPv4 and IPv6 protocols.

NBT-NS

The Microsoft NetBIOS Name Service is a precursor protocol to LLMNR and provides local name resolution within legacy Windows environments.

NDN

A nondelivery notification is commonly generated by an MTA when it is unable to deliver a message to an intended recipient.

NDP

Neighbor Discovery Protocol is a link layer (Layer 2) protocol used within IPv6 networks to discover and autoconfigure other nodes (RFC 4861).

NFS

Network File System is a distributed file system protocol (RFC 7530).

NIS

Network Information Service is a dated directory service protocol for distributing system configuration data (such as user and host names) between systems in a network. NIS+ is a protocol developed by Sun Microsystems to replace NIS.

NIST

The US National Institute of Standards and Technology.

Nonce

A number to be used once during the operation of a cryptosystem.

NSE

The Nmap Scripting Engine, supporting automation of tasks including network discovery, service querying, and vulnerability exploitation.

NTLM

The NT LAN Manager is a Microsoft security protocol that provides authentication, integrity, and confidentiality to users. NTLMv2 is the successor of NTLM.

NTP

The Network Time Protocol provides clock synchronization between computer systems over packet-switched, variable-latency data networks.

NVD

The National Vulnerability Database is a repository of vulnerability management data maintained by NIST.

NetBIOS

The Microsoft Network Basic I/O System makes it possible for applications on different computers to communicate over a network.

ODBC

Open Database Connectivity is an API for accessing database management systems.

OGNL

Object-Graph Navigation Language is an open source expression language for Java.

OID

Object identifiers uniquely identify managed objects in a MIB hierarchy.

ORDBMS

An Object-Relational Database Management System such as MySQL, Oracle Database, and PostgreSQL.

OSPF

Open Shortest Path First is a routing protocol for IP networks. It uses a link state routing algorithm and falls into the group of interior routing protocols, operating within a single AS.

OTP

A one-time password is a credential that is valid for a single session or transaction.

OTR

Off-the-record provides encryption for instant messaging conversations.

OU

An organizational unit is a subdivision within a directory into which you can place users, groups, computers, and other organizational units.

OWA

Microsoft Outlook Web Access, used to provide access to email over HTTP.

OWASP

The Open Web Application Security Project.

PAC (WPAD)

A proxy auto-configuration file defines how web browsers can automatically choose the appropriate proxy server for fetching a given URL.

PAC (Kerberos)

The Microsoft Privilege Account Certificate is an extension element of the authorization data within a Kerberos ticket. It contains information such as security identifiers, group membership, user profile information, and password credentials.

PCAP

The packet capture API and file format is used to store and manipulate network data.

PEAP

The Protected Extensible Authentication Protocol encapsulates EAP within a TLS tunnel.

PGP

Pretty Good Privacy is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication.

PKI

Public key infrastructure is a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates and manage public key encryption.

PLT

The Procedure Linkage Table is used to call external functions whose addresses weren’t known at the time of linking.

PPTP

Point-to-Point Tunneling Protocol is used to implement virtual private networks.

PRF

Within TLS, a pseudorandom function is a mechanism used to securely generate pseudorandom output of arbitrary length from an input secret, seed, and identifying label.

PRNG

A pseudorandom number generator is an algorithm for generating a sequence of numbers whose properties approximate the properties of sequences of random numbers. The PRNG-generated sequence is not truly random, because it is completely determined by a relatively small set of initial values, called the seed.

PSK

A preshared key is used as a secret within IPsec VPNs and other systems.

PXE

Preboot Execution Environment is an industry standard client/server interface that allows networked computers that are not yet loaded with an operating system to be configured and booted remotely by an administrator.

RADIUS

Remote Authentication Dial-In User Service is a networking protocol that provides centralized authentication, authorization, and accounting.

RAKP

The RMCP+ Authenticated Key-Exchange Protocol is used within IPMI.

RC2 and RC4

Rivest Cipher 2 and Rivest Cipher 4 are fast stream ciphers. Multiple vulnerabilities have been discovered in both, however, rendering them insecure.

RDP

Remote Desktop Protocol is a proprietary Microsoft protocol that provides a user with a graphical interface to connect to another computer over a network connection.

REST

Representational State Transfer is an architecture style for designing networked applications. REST relies on stateless, client–server, cacheable communications, and commonly uses HTTP to transfer data.

RFB

The remote framebuffer protocol provides remote access to graphical user interfaces.

RFC

A Request for Comments is a formal IETF document that is the result of committee drafting and subsequent review by interested parties.

RID (Microsoft Windows)

A SID is concatenated with a monotonically increasing relative identifier.

RIP

The Routing Information Protocol (e.g., RIPv1, RIPv2, and RIPng); one of the oldest distance-vector routing protocols, which employs the hop count as a routing metric. RIP prevents routing loops by limiting the number of hops allowed in a path.

RMI

The Remote Method Invocation system lets an object running in one Java virtual machine invoke methods on an object running in another Java virtual machine.

ROP

Return-oriented programming is a technique by which an adversary can execute code in the presence of security defenses such as DEP and code signing.

RPC

Remote procedure call is a protocol used to request a service from a remote program across a network.

RSA

RSA is one of the first practical public key cryptosystems and is widely used for secure key exchange within TLS and other protocols.

SA

An IPsec security association is a bundle of algorithms and parameters (such as keys) used to encrypt and authenticate a particular network flow in one direction.

SAML

Security Assertion Markup Language is an XML data format for exchanging authentication and authorization data between parties (in particular, between an identity provider and a service provider).

SAMR

The Microsoft Security Account Manager Remote protocol provides management functionality for an account store or directory containing users and groups.

SASL

The Simple Authentication and Security Layer is a framework for authentication and data security in Internet protocols. It decouples authentication mechanisms from application protocols.

SCCM

The Microsoft System Center Configuration Manager provides patch management, software distribution, operating system deployment, and inventory capabilities within enterprise networks.

SCM

The Microsoft Service Control Manager starts, stops, and interacts with service processes within Windows systems.

SCP and SFTP

Secure Copy and the Secure File Transfer Protocol are SSH subsystems that provide encrypted file transfer between two remote hosts.

SCTP

The Stream Control Transmission Protocol is a transport-layer protocol serving in a similar role to TCP and UDP within IP networks (RFC 4960).

SEH

Structured exception handling is a mechanism for handling both hardware and software exceptions within Microsoft Windows.

SHA

The Secure Hash Algorithm family (e.g., SHA-1, SHA-256, SHA-384) are cryptographic hash functions, each published as a US Federal Information Processing Standard published by NIST. Cryptographic weaknesses were discovered in SHA-1, and the standard is no longer approved for use after 2010.

SID (Oracle Database)

The System Identifier is used to uniquely identify a particular database on a system.

SID (Microsoft Windows)

A Security Identifier is a value used to uniquely identify an object (such as a user or a group).

SIP

The Session Initiation Protocol is a communications protocol for signaling and controlling multimedia communication sessions. The most common applications of SIP are in Internet telephony for voice and video calls as well as instant messaging.

SMB

The Server Message Block protocol provides access to data, printers, and service endpoints within Microsoft environments.

SNMP

The Simple Network Management Protocol is used to monitor and configure network devices and systems on an IP network.

SPDY

SPDY is an open networking protocol developed primarily at Google for transporting web content, with the particular goals of reducing web page load latency and improving web security.

SPF

Sender Policy Framework is an email validation system designed to detect and prevent email spoofing (RFC 7208).

SPNEGO

The Simple and Protected Negotiate authentication mechanism (RFC 4559).

SQL

Structured Query Language is used to communicate with a database.

SS7

Signaling System 7 is a telecommunications standard that defines how network elements in a public switched telephone network exchange information over a digital signaling network.

SSDP

The Simple Service Discovery Protocol supports advertisement and discovery of network services within an IP network.

SSH

Secure Shell provides encrypted access to hosts over an unsecured network.

SSL

Secure Sockets Layer is a dated protocol used to provide transport security in a computer network. SSL has many known exploitable weaknesses and should not be used, as described by RFC 7568.

STP

Spanning Tree Protocol is a Layer 2 protocol that runs across switches to eliminate loops and associated traffic storms at the data link layer, as defined by IEEE 802.1D.

TFTP

The Trivial File Transfer Protocol is a simple protocol that lets a client transfer files to or from a remote host without authentication. One of its primary uses is in the early stages of nodes booting from a local area network.

TGT

Within Kerberos, a KDC may issue a ticket-granting ticket, which is time stamped and encrypted using the user’s password. The TGT is in turn used to request individual service tickets (RFC 4120).

TLS

Transport Layer Security is used to provide confidentiality, authentication, and integrity checking within a computer network (RFC 5246).

TNS

The Transparent Network Substrate protocol within Oracle Database.

TTL

Time to live is a mechanism that limits the lifespan of data in a computer system, as used within IP to prevent packets from infinitely circulating, and DNS to cache data.

UDF

A user-defined function is a function provided by the user of a program. Within MySQL and PostgreSQL databases, they are used to elevate privileges and pivot.

UID

A user ID value within an operating system (e.g., Linux and Apple OS X).

VLAN

An IEEE 802.1Q virtual LAN is a broadcast domain that is partitioned and isolated in a computer network at Layer 2.

VNC

Virtual Network Computing is a graphical desktop sharing system that uses the RFB protocol to remotely access another computer.

VRRP

The Virtual Router Redundancy Protocol provides automatic assignment of available IP routers to participating hosts (RFC 5798).

VoIP

Voice over IP is a group of technologies for the delivery of voice communications and multimedia sessions over IP networks.

WAF

A web application firewall is a mechanism that applies a set of rules to an HTTP conversation.

WHOIS

WHOIS is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an address block, or autonomous system (RFC 3912).

WMI

Microsoft Windows Management Instrumentation is an initiative to develop a standard technology for accessing management information in an enterprise environment.

WPAD

The Web Proxy Auto-Discovery Protocol is used to automatically configure web browser settings via DHCP or DNS discovery methods.

WebDAV

Web Distributed Authoring and Versioning is an HTTP extension that lets clients perform remote content authoring operations (RFC 4918).

X.509

X.509 is an important standard used within PKI to manage digital certificates.

XAUTH

Within IPsec, VPNs using IKE, extended authentication provides user authentication support. The mechanism is superseded by EAP in IKEv2.

XML

The Extensible Markup Language defines a set of rules for encoding documents in a format that is both human-readable and machine-readable.

XMPP

Extensible Messaging and Presence Protocol is a message-oriented communication protocol based on XML.

XSS

Cross-site scripting vulnerabilities enable attackers to inject client-side scripts into web pages viewed by other users, causing information to be leaked, and other unintended consequences.

XST

Cross-site tracing is a flaw exploited via HTTP TRACE and TRACK methods.

XXE

XML External Entity processing attacks succeed when an improperly configured parser processes XML input containing a reference to an external entity with unintended consequences (commonly data exposure).

YAML

YAML Ain’t Markup Language is a human-readable data serialization language commonly used in Ruby and Python applications.