Cache
Pronounced cash, a special high-speed storage mechanism. It can be either a reserved section of main memory or an independent high-speed storage device. Two types of caching are commonly used in personal computers: memory caching and disk caching. Cache Cramming
Cache Cramming is the technique of tricking a browser to run cached Java code from the local disk, instead of the internet zone, so it runs with less restrictive permissions. Cache Poisoning
Malicious or misleading data from a remote name server is saved [cached] by another name server. Typically used with DNS cache poisoning attacks. Call Admission Control (CAC)
The inspection and control all inbound and outbound voice network activity by a voice firewall based on user-defined policies. Cell
A cell is a unit of data transmitted over an ATM network. Certificate-Based Authentication
Certificate-Based Authentication is the use of SSL and certificates to authenticate and encrypt HTTP traffic. CGI
Common Gateway Interface. This mechanism is used by HTTP servers (web servers) to pass parameters to executable scripts in order to generate responses dynamically. Chain of Custody
Chain of Custody is the important application of the Federal rules of evidence and its handling. Challenge-Handshake Authentication Protocol (CHAP)
The Challenge-Handshake Authentication Protocol uses a challenge/response authentication mechanism where the response varies every challenge to prevent replay attacks. Checksum
A value that is computed by a function that is dependent on the contents of a data object and is stored or transmitted together with the object, for the purpose of detecting changes in the data. Cipher
A cryptographic algorithm for encryption and decryption. Ciphertext
Ciphertext is the encrypted form of the message being sent. Circuit Switched Network
A circuit switched network is where a single continuous physical circuit connected two endpoints where the route was immutable once set up. Client
A system entity that requests and uses a service provided by another system entity, called a "server." In some cases, the server may itself be a client of some other server. Cloud Computing
Utilization of remote servers in the data-center of a cloud provider to store, manage, and process your data instead of using local computer systems. Cold/Warm/Hot Disaster Recovery Site
* Hot site. It contains fully redundant hardware and software, with telecommunications, telephone and utility connectivity to continue all primary site operations. Failover occurs within minutes or hours, following a disaster. Daily data synchronization usually occurs between the primary and hot site, resulting in minimum or no data loss. Offsite data backup tapes might be obtained and delivered to the hot site to help restore operations. Backup tapes should be regularly tested to detect data corruption, malicious code and environmental damage. A hot site is the most expensive option. * Warm site. It contains partially redundant hardware and software, with telecommunications, telephone and utility connectivity to continue some, but not all primary site operations. Failover occurs within hours or days, following a disaster. Daily or weekly data synchronization usually occurs between the primary and warm site, resulting in minimum data loss. Offsite data backup tapes must be obtained and delivered to the warm site to restore operations. A warm site is the second most expensive option. * Cold site. Hardware is ordered, shipped and installed, and software is loaded. Basic telecommunications, telephone and utility connectivity might need turning on to continue some, but not all primary site operations. Relocation occurs within weeks or longer, depending on hardware arrival time, following a disaster. No data synchronization occurs between the primary and cold site, and could result in significant data loss. Offsite data backup tapes must be obtained and delivered to the cold site to restore operations. A cold site is the least expensive option. Collision
A collision occurs when multiple systems transmit simultaneously on the same wire. Competitive Intelligence
Competitive Intelligence is espionage using legal, or at least not obviously illegal, means. Computer Emergency Response Team (CERT)
An organization that studies computer and network INFOSEC in order to provide incident response services to victims of attacks, publish alerts concerning vulnerabilities and threats, and offer other information to help improve computer and network security. Computer Network
A collection of host computers together with the sub-network or inter-network through which they can exchange data. Confidentiality
Confidentiality is the need to ensure that information is disclosed only to those who are authorized to view it. Configuration Management
Establish a known baseline condition and manage it. Cookie
Data exchanged between an HTTP server and a browser (a client of the server) to store state information on the client side and retrieve it later for server use. An HTTP server, when sending data to a client, may send along a cookie, which the client retains after the HTTP connection closes. A server can use this mechanism to maintain persistent client-side state information for HTTP-based applications, retrieving the state information in later connections. Corruption
A threat action that undesirably alters system operation by adversely modifying system functions or data. Cost Benefit Analysis
A cost benefit analysis compares the cost of implementing countermeasures with the value of the reduced risk. Countermeasure
Reactive methods used to prevent an exploit from successfully occurring once a threat has been detected. Intrusion Prevention Systems (IPS) commonly employ countermeasures to prevent intruders form gaining further access to a computer network. Other counter measures are patches, access control lists and malware filters. Covert Channels
Covert Channels are the means by which information can be communicated between two parties in a covert fashion using normal system operations. For example by changing the amount of hard drive space that is available on a file server can be used to communicate information. Crimeware
A type of malware used by cyber criminals. The malware is designed to enable the cyber criminal to make money off of the infected system (such as harvesting key strokes, using the infected systems to launch Denial of Service Attacks, etc.). Cron
Cron is a Unix application that runs jobs for users and administrators at scheduled times of the day. Crossover Cable
A crossover cable reverses the pairs of cables at the other end and can be used to connect devices directly together. Cryptanalysis
The mathematical science that deals with analysis of a cryptographic system in order to gain knowledge needed to break or circumvent the protection that the system is designed to provide. In other words, convert the cipher text to plaintext without knowing the key. Cryptographic Algorithm or Hash
An algorithm that employs the science of cryptography, including encryption algorithms, cryptographic hash algorithms, digital signature algorithms, and key agreement algorithms. Cut-Through
Cut-Through is a method of switching where only the header of a packet is read before it is forwarded to its destination. Cyber-Attack
A cyber- attack is any unauthorized attempt to access, disrupt, steal, or damage computer systems, networks, or data. Learn more. Cybersecurity Risk Assessment
A cybersecurity risk assessment is the systematic process of identifying, analyzing, and evaluating potential threats, vulnerabilities, and impacts to an organization’s digital assets. Learn more. Cyclic Redundancy Check (CRC)
Sometimes called "cyclic redundancy code." A type of checksum algorithm that is not a cryptographic hash but is used to implement data integrity service where accidental changes to data are expected. Daemon
A program which is often started at the time the system boots and runs continuously without intervention from any of the users on the system. The daemon program forwards the requests to other programs (or processes) as appropriate. The term daemon is a Unix term, though many other operating systems provide support for daemons, though they're sometimes called other names. Windows, for example, refers to daemons and System Agents and services. Data Aggregation
Data Aggregation is the ability to get a more complete picture of the information by analyzing several different types of records at once. Data Breach
A data breach is a security incident in which sensitive, protected, or confidential information is accessed, stolen, or disclosed without authorization. Learn more. Data Custodian
A Data Custodian is the entity currently using or manipulating the data, and therefore, temporarily taking responsibility for the data. Data Encryption Standard (DES)
A widely-used method of data encryption using a private (secret) key. There are 72,000,000,000,000,000 (72 quadrillion) or more possible encryption keys that can be used. For each given message, the key is chosen at random from among this enormous number of keys. Like other private key cryptographic methods, both the sender and the receiver must know and use the same private key. Data Mining
Data Mining is a technique used to analyze existing information, usually with the intention of pursuing new avenues to pursue business. Data Owner
A Data Owner is the entity having responsibility and authority for the data. Data Warehousing
Data Warehousing is the consolidation of several previously independent databases into one location. Datagram
Request for Comment 1594 says, "a self-contained, independent entity of data carrying sufficient information to be routed from the source to the destination computer without reliance on earlier exchanges between this source and destination computer and the transporting network." The term has been generally replaced by the term packet. Datagrams or packets are the message units that the Internet Protocol deals with and that the Internet transports. A datagram or packet needs to be self-contained without reliance on earlier exchanges because there is no connection of fixed duration between the two communicating points as there is, for example, in most voice telephone conversations. (This kind of protocol is referred to as connectionless.) Day Zero
The "Day Zero" or "Zero Day" is the day a new vulnerability is made known. In some cases, a "zero day" exploit is referred to an exploit for which no patch is available yet. ("day one"-> day at which the patch is made available). Decapsulation
Decapsulation is the process of stripping off one layer's headers and passing the rest of the packet up to the next higher layer on the protocol stack. Decryption
Decryption is the process of transforming an encrypted message into its original plaintext. Defacement
Defacement is the method of modifying the content of a website in such a way that it becomes "vandalized" or embarrassing to the website owner. Defense In-Depth
Defense In-Depth is the approach of using multiple layers of security to guard against failure of a single security component. Demilitarized Zone (DMZ)
In computer security, in general a demilitarized zone (DMZ) or perimeter network is a network area (a subnetwork) that sits between an organization's internal network and an external network, usually the Internet. DMZ's help to enable the layered security model in that they provide subnetwork segmentation based on security requirements or policy. DMZ's provide either a transit mechanism from a secure source to an insecure destination or from an insecure source to a more secure destination. In some cases, a screened subnet which is used for servers accessible from the outside is referred to as a DMZ. Denial of Service
The prevention of authorized access to a system resource or the delaying of system operations and functions. Dictionary Attack
An attack that tries all of the phrases or words in a dictionary, trying to crack a password or key. A dictionary attack uses a predefined list of words compared to a brute force attack that tries all possible combinations. Diffie-Hellman
A key agreement algorithm published in 1976 by Whitfield Diffie and Martin Hellman. Diffie-Hellman does key establishment, not encryption. However, the key that it produces may be used for encryption, for further key management operations, or for any other cryptography. Digest Authentication
Digest Authentication allows a web client to compute MD5 hashes of the password to prove it has the password. Digital Certificate
A digital certificate is an electronic "credit card" that establishes your credentials when doing business or other transactions on the Web. It is issued by a certification authority. It contains your name, a serial number, expiration dates, a copy of the certificate holder's public key (used for encrypting messages and digital signatures), and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real. Digital Envelope
A digital envelope is an encrypted message with the encrypted session key. Digital Signature
A digital signature is a hash of a message that uniquely identifies the sender of the message and proves the message hasn't changed since transmission. Digital Signature Algorithm (DSA)
An asymmetric cryptographic algorithm that produces a digital signature in the form of a pair of large numbers. The signature is computed using rules and parameters such that the identity of the signer and the integrity of the signed data can be verified. Digital Signature Standard (DSS)
The US Government standard that specifies the Digital Signature Algorithm (DSA), which involves asymmetric cryptography. Disassembly
The process of taking a binary program and deriving the source code from it. Disaster Recovery Plan (DRP)
A Disaster Recovery Plan is the process of recovery of IT systems in the event of a disruption or disaster. Discretionary Access Control (DAC)
Discretionary Access Control consists of something the user can manage, such as a document password. Disruption
A circumstance or event that interrupts or prevents the correct operation of system services and functions. Distance Vector
Distance vectors measure the cost of routes to determine the best route to all known networks. Distributed Scans
Distributed Scans are scans that use multiple source addresses to gather information. Domain
A sphere of knowledge, or a collection of facts about some program entities or a number of network points or addresses, identified by a name. On the Internet, a domain consists of a set of network addresses. In the Internet's domain name system, a domain is a name with which name server records are associated that describe sub-domains or host. In Windows NT and Windows 2000, a domain is a set of network resources (applications, printers, and so forth) for a group of users. The user need only to log in to the domain to gain access to the resources, which may be located on a number of different servers in the network. Domain Hijacking
Domain hijacking is an attack by which an attacker takes over a domain by first blocking access to the domain's DNS server and then putting his own server up in its place. Domain Name
A domain name locates an organization or other entity on the Internet. For example, the domain name "www.sans.org" locates an Internet address for "sans.org" at Internet point 199.0.0.2 and a particular host server named "www". The "org" part of the domain name reflects the purpose of the organization or entity (in this example, "organization") and is called the top-level domain name. The "sans" part of the domain name defines the organization or entity and together with the top-level is called the second-level domain name. Domain Name System (DNS)
The domain name system (DNS) is the way that Internet domain names are located and translated into Internet Protocol addresses. A domain name is a meaningful and easy-to-remember "handle" for an Internet address. Due Care
Due care ensures that a minimal level of protection is in place in accordance with the best practice in the industry. Due Diligence
Due diligence is the requirement that organizations must develop and deploy a protection plan to prevent fraud, abuse, and additional deploy a means to detect them if they occur. DumpSec
DumpSec is a security tool that dumps a variety of information about a system's users, file system, registry, permissions, password policy, and services. Dumpster Diving
Dumpster Diving is obtaining passwords and corporate directories by searching through discarded media. Dynamic Link Library
A collection of small programs, any of which can be called when needed by a larger program that is running in the computer. The small program that lets the larger program communicate with a specific device such as a printer or scanner is often packaged as a DLL program (usually referred to as a DLL file). Dynamic Routing Protocol
Allows network devices to learn routes. Ex. RIP, EIGRP Dynamic routing occurs when routers talk to adjacent routers, informing each other of what networks each router is currently connected to. The routers must communicate using a routing protocol, of which there are many to choose from. The process on the router that is running the routing protocol, communicating with its neighbor routers, is usually called a routing daemon. The routing daemon updates the kernel's routing table with information it receives from neighbor routers. |