CCNA Security Glossary 3
Sunday, August 31st, 2008 | Study Guide
Public Key Infrastructure (PKI) Taken as a whole, a set of technical, organizational, and legal components that combine to establish a system that enables large-scale use of public key cryptography. Via a PKI, an organization can provide authenticity, confidentiality, integrity, and nonrepudiation services.
public switched telephone network (PSTN) The North American public telephone network.
rainbow table A precomputed table of all possible combinations of characters and the hashes they create. If an attacker were to discover the contents of a password file, such as the SAM file in Windows, he could load the hashes stored in the SAM into a rainbow table. The rainbow table then displays the input required to generate that hash. This is often referred to as a time-versus-space trade-off attack. An attacker does not have to spend time trying every possible combination until
he finds a match. However, he must sacrifice more than 50 GB of hard drive space to store these tables, or have access to an online rainbow table.
Real-time Transport Protocol (RTP) Carries the voice payload in VoIP streams. Interestingly, although RTP is a Layer 4 protocol, it is encapsulated inside UDP (also a Layer 4 protocol). The UDP port numbers used can vary by vendor, but in Cisco environments, RTP typically uses even UDP ports in the range 16,384 to 32,767.
registration authority (RA) To make the operation of the CA more secure, many key management tasks may be effectively offloaded to RAs. These RAs are PKI servers that are responsible for performing management tasks on behalf of the CA. These include authenticating users when they enroll with the PKI, key generation for users who cannot generate their own keys, and distributing certificates after enrollment.
Remote Authentication Dial-In User Service (RADIUS) An authentication, authorization, and accounting (AAA) protocol for controlling access to network resources. RADIUS is commonly used by ISPs and corporations to manage access to the Internet or internal networks across an array of access technologies, including modems, DSL, wireless, and VPNs.
risk analysis Beyond basic identification of threats, a key design decision revolves around analyzing the probability that a threat will occur and the severity of the consequences if the threat does occur. This is called risk analysis.
Rivest Cipher (RC) algorithms A number of widely used RC algorithms or RC ciphers exist, and many were developed by Ronald Rivest. Four of the most widely used RC algorithms are RC2, RC4, RC5, and RC6. Of these, RC4 is the most popular. It is a variable key-size stream cipher that employs byte-oriented operations and is based on the use of a random permutation.
610 Rivest, Shamir, and Adleman (RSA)
Rivest, Shamir, and Adleman (RSA) Invented by Ron Rivest, Adi Shamir, and Len Adleman
in 1977, RSA is one of the most common asymmetric algorithms in use today. This public-key algorithm was patented until September 2000, when the patent expired, making the algorithm part
of the public domain. RSA has been widely embraced over the years, in part because of its ease of implementation and its flexibility.
role-based command-line interface (CLI) views Can be used to provide different sets of configuration information to different administrators. However, unlike making commands
available via privilege levels, using role-based CLI views you can control exactly what commands an administrator has access to.
RTP Control Protocol (RTCP) Provides information about an RTP flow, such as information about the quality of the call. In a Cisco environment, RTCP typically uses odd-numbered UDP ports in the range 16,384 to 32,767.
salami attack A collection of small attacks that result in a larger attack when combined.
salt A series of random bits added to a password. When the password is hashed, and that hash
is stored in a database, two identical passwords do not create the same hash. This also protects the passwords from attacks involving rainbow tables.
Secure RTP (SRTP) Secures the transmission of voice via Real-time Transport Protocol (RTP). Specifically, SRTP adds encryption, authentication, integrity, and antireplay mechanisms to voice traffic.
Secure Shell (SSH) A protocol that provides encryption and authentication functions for remote terminal sessions. This allows an administrator to securely attach to and exchange information with a router, for example. Cisco recommends that SSH be used instead of Telnet because Telnet sends data in plain text.
security level Defines the type of security algorithm performed on SNMP packets. Examples of security levels are noAuthNoPriv, authNoPriv, and authPriv.
security model Defines an approach for user and group authentication. Cisco IOS supports the
SNMPv1, SNMPv2c, and SNMPv3 security models.
security policy A continually changing document that dictates a set of guidelines for network use. These guidelines complement organizational objectives by specifying rules for how the network is used.
SNMP SET 611
security zone Consists of a group of interfaces to which a policy can be applied. Grouping interfaces into zones involves two steps. First, a zone must be created so that interfaces may be attached to it. Second, an interface must be configured to be a member of a given zone.
Session Initiation Protocol (SIP) Like H.323, SIP is considered a peer-to-peer protocol. SIP is
a very popular protocol to use in mixed-vendor environments, perhaps because of its use of existing protocols, such as HTTP and SMTP.
SHA-1 Secure Hash Algorithm 1. One of five cryptographic hash functions known as SHA hash functions. They were designed by the National Security Agency (NSA) and published by the National Institute of Standards and Technology (NIST) as a U.S. Federal Information Processing Standard. SHA-1 computes a fixed-length digital representation (a message digest) from an input data sequence (the message) of any length.
signature definition file (SDF) A database of signatures used to identify malicious traffic. Modern routers typically ship with an SDF file installed in flash memory. However, the administrator usually needs to periodically update the router’s SDF, because Cisco routinely updates these files to address emerging threats.
Simple Network Management Protocol (SNMP) A management protocol that allows an
SNMP manager to collect information from an SNMP agent.
Skinny Client Control Protocol (SCCP) A Cisco-proprietary signaling protocol often called Skinny protocol. SCCP is often used for signaling between Cisco IP Phones and Cisco Unified Communications Manager servers. However, some Cisco gateways also support SCCP. SCCP is considered a client/server protocol, such as MGCP and H.248.
Small Computer Systems Interface (SCSI) In terms of SAN networking, the SCSI communications model serves as the basis for all the major SAN transport technologies. In fact, you could say that a SAN can best be described as the merging of SCSI and networking.
SNMP agent A piece of software that runs on a managed device (such as a server, router, or switch).
SNMP GET A message that is used to retrieve information from a managed device.
SNMP manager Runs a network management application. Sometimes called a Network
Management Server (NMS).
SNMP SET A message that is used to set a variable in a managed device or to trigger an action on the managed device.
612 SNMP trap
SNMP trap An unsolicited message sent from the managed device to an SNMP manager. It can
be used to notify the SNMP manager about a significant event that occurred on a managed device.
snooping Broadly defines a class of attacks focused on compromising the confidentiality of
data. In terms of SAN deployments, these attacks seek to give an attacker access to data that would otherwise be confidential.
Software Encryption Algorithm (SEAL) This kind of encryption uses a 160-bit encryption
key. It offers the benefit of having less of an impact on the CPU compared to other software-based algorithms. It is an alternative to software-based DES, 3DES, and AES.
spam over IP telephony (SPIT) VoIP spam. A SPIT attack on your Cisco IP Phone could, for example, make unsolicited messages periodically appear on the phone’s LCD screen or make the phone ring periodically.
spoofing Imitating a given resource by alternative means. In network terms this might represent the spoofing of an IP address, where an attacker poses as the valid recipient at a given IP address
to intercept traffic.
standard access control list (ACL) Standard ACLs allow traffic to be permitted or denied from only specific IP addresses. With these ACLs, the packet’s destination and the ports involved are
not taken into account.
static firewall This first-generation firewall technology analyzes network traffic at the transport protocol layer. IP packets are examined to see if they match one of a set of rules defining which data flows are allowed. These rules specify whether communication is allowed based on information contained in the network and transport layer headers as well as the direction of the packet flow.
storage-area network (SAN) In a SAN, storage devices are shared among all networked
servers as peer resources. A SAN may be used to connect servers to storage, servers to each other, and storage to storage.
stream cipher Uses smaller units of plain text than what are used with block ciphers. Typically they work with bits. Transformation of these smaller plain-text units also varies, depending on when during the encryption process they are encountered. One of the great benefits of stream ciphers as compared to block ciphers is that they are much faster. Generally they do not increase the message size because they can encrypt an arbitrary number of bits.
supplicant A user device (such as a PC) that requests permission to access the network. This device must support the 802.1x standard. For example, a PC running the Microsoft Windows XP operating system supporting 802.1x could act as a supplicant.
Transmission Control Protocol (TCP) 613
Switch Port Analyzer (SPAN) port Can receive a copy of traffic crossing another port or
VLAN.
symmetric algorithm Because of the simplicity of its mathematics and the speed at which it operates, a symmetric algorithm is the most commonly used form of cryptography. Symmetric encryption algorithms are also stronger. Therefore, they can use shorter key lengths compared to asymmetric algorithms. This further helps increase their speed of execution in software.
syslog A protocol used to collect log information. The logs are transmitted in clear text. A syslog logging solution consists of two primary components: syslog servers and syslog clients. A syslog server receives and stores log messages sent from syslog clients.
System Development Life Cycle (SDLC) Describes the life cycle of a component, which is broken into five phases: initiation, acquisition and development, implementation, operations and maintenance, and disposition.
Terminal Access Controller Access-Control System Plus (TACACS+) A protocol that provides access control for routers, network access servers, and other networked computing devices via one or more centralized servers. TACACS+ provides separate authentication, authorization, and accounting services.
threat identification The process that network security designers use to identify what potential threats exist, regardless of the probability that the threat will be carried out.
training Creates competence on the part of the end user to perform a specific task or to serve in
a specific role. Conducting a class for network administrators about the features of a Cisco
Adaptive Security Appliance (ASA) is an example of training.
transform set A collection of security protocols and algorithms that can be used to establish an
IKE Phase 2 (IPsec) tunnel.
Transmission Control Protocol (TCP) One of the core protocols of the Internet protocol suite. TCP provides reliable, in-order delivery of a stream of bytes, making it suitable for applications such as file transfer and e-mail. It is so important in the Internet protocol suite that sometimes the entire suite is called “the TCP/IP protocol suite.” TCP is the transport protocol that manages individual conversations between web servers and web clients. TCP divides HTTP messages into smaller pieces, called segments, to be sent to the destination client. It is also responsible for controlling the size of messages and rate at which they are exchanged between the server and the client.
614 transparent firewall
transparent firewall A Layer 2 firewall that behaves like a “stealth firewall.” In other words, it
is not seen as a router hop to connected devices. In this implementation, the security appliance connects the same network on its inside and outside ports. However, each interface resides on a separate VLAN.
transport mode Uses a packet’s original IP header, as opposed to adding a tunnel header for packets traveling over an IPsec-protected VPN. This approach works well in networks in which increasing a packet’s size could cause an issue.
Triple Data Encryption Standard (3DES) Applies the DES algorithm three times in a row to
a plain-text block, but each application uses a different key. Applying DES three times with different keys makes brute-force attacks on 3DES unfeasible. This stems from the fact that the basic algorithm has stood the test of time, weathering 35 years in the field, proving quite trustworthy.
Trojan horse A piece of software that appears to perform a certain action but in fact performs another action, such as a computer virus. This action, generally encoded in a hidden payload, may
or may not be malicious in nature.
tunnel mode Unlike transport mode, tunnel mode encapsulates an entire packet traveling over
an IPsec-protected VPN. As a result, the encapsulated packet has a new IPsec header. This new header has source and destination IP address information that reflects the two VPN termination devices at two different sites. Therefore, tunnel mode is frequently used in an IPsec site-to-site VPN.
turbo access control list (ACL) Processes ACLs into lookup tables for greater efficiency. Turbo ACLs use the packet header to access these tables in a small, fixed number of lookups, independent of the existing number of ACL entries.
user datagram protocol (UDP) A communications protocol that has no error recovery features and is mostly used to send streamed material over the Internet.
VACL VLAN access control list. An ACL applied within a VLAN, as opposed to an ACL
applied when traffic travels from one VLAN, or subnet, to another (as typically seen on a router).
virtual private network (VPN) A logical connection (sometimes called a tunnel) that can be established over an “untrusted” network (such as the Internet). An IPsec VPN can use a series of security protocols and algorithms to protect the traffic flowing over a VPN tunnel.
virtual SAN (VSAN) Created from a collection of ports that are part of a set of connected Fibre Channel switches. Together these ports form a virtual fabric. Ports within a single switch may be partitioned off to form multiple VSANs. Conversely, multiple switches may be used together, and any number of their ports may be joined to form a single VSAN.
zone pair 615
virus A computer program that can copy itself and infect a computer without the user’s permission or knowledge. A virus may spread from one computer to another only when its host is taken to the uninfected computer. For instance, a user sends the virus over a network or the Internet, or carries it on a removable medium such as a CD or USB drive. Compared to other malicious code, a virus generally requires end-user interaction. A worm, on the other hand, is based on a system vulnerability. A virus attaches itself to a file, whereas a worm lives in RAM.
vishing Maliciously collecting private information over the phone.
VLAN hopping An attack that allows traffic from one VLAN to pass into another VLAN
without first being routed.
voice over IP (VoIP) Sends packetized voice over an IP network. VoIP networks use devices such as gateways to interconnect traditional telephony equipment (such as POTS phones, PBXs, and key systems) to an IP infrastructure.
vulnerability A weakness in an information system that an attacker might leverage to gain unauthorized access to a system or its data.
warm site Like a hot site, a facility that has very similar equipment to that on the original site. However, a warm site is unlikely to have current data because of a lack of frequent replication with the original site. Therefore, disaster recovery personnel typically need to go to the warm site and manually bring systems online. As a result, critical business operations might not be restored for days.
World Wide Name (WWN) Fibre Channel networks use this kind of 64-bit address to uniquely identify each element in a Fibre Channel network. These WWNs may be used in zoning to assign security permissions.
worm A self-replicating computer program that lives in RAM, rather than attaching itself to a file like a virus does. It uses a network to send copies of itself to other nodes in the network and may do so without user intervention.
X.509v3 An industry standard that has been incorporated to define basic PKI formats. Areas that are based on X.509v3 include the certificate and certificate revocation list (CRL) format.
zone-based firewall In this kind of firewall, zones establish the network’s security borders. The zone itself defines a boundary where traffic is subjected to policy restrictions as it crosses into another region of the network. The default policy between zones is deny all. This means that if no policy is explicitly configured, all traffic moving between zones is blocked.
zone pair Used to specify a unidirectional firewall policy between two security zones. To define the zone pair, the zone-pair security command is used. The direction of the traffic flow is defined
by specifying a source and destination zone. These must be security zones. The same zone cannot be defined as both the source and the destination.
PassGuide Practice Test Questions
No comments yet.
Leave a comment
Search
Pages
PassGuide Certification Testing
