A security protocol from the IEEE for wireless LANs that adhere to the 802.11 standard. It relies on the Extensible Authentication Protocol (EAP) to pass messages to any of a variety of authentication servers, such as RADIUS or Kerberos.
AAA
Authentication, authorization, and accounting (pronounced "triple a").
ACK
Acknowledgement bit in a TCP frame.
ACL
Access control list. A set of data associated with a file, directory, or other resource that defines the access permissions for users, groups, processes, or devices.
ACS
Access Control Server.
APNIC
Asia Pacific Network Information Center. A nonprofit Internet registry organization for the Asia Pacific region.
application hardening
Staying current on patches for applications and reducing information the applications provide through service banners.
ARIN
American Registry for Internet Numbers. A nonprofit organization that dispenses IP addresses in North and South America, the Caribbean, and sub-Saharan Africa.
ATM
Asynchronous Transfer Mode. A network technology for both LANs and WANs that supports real-time voice and video as well as data.
authentication
Process by which a user or administrator demonstrates knowledge of possession of an item that verifies their identity to a system.
authorization
Process by which a user or administrator demonstrates that they have the authority to execute an action on a device.
BCP
Best common practices.
BIND
Berkeley Internet Name Domain. The most commonly used DNS software.
BPDU
Bridge protocol data unit. A Spanning Tree Protocol (STP) message unit that describes the attributes of a switch port, such as its MAC address, priority, and cost to reach.
buffer overflow
An application layer attack made possible by the improper bounds checking of input data in a program. By sending properly crafted data to the program, the attacker redirects the program to execute code of the attacker's choice.
Campus module
One of the SAFE modules, which provides end-user workstations, corporate intranet servers, management servers, and the associated Layer 2 functionality.
CCDA
Cisco Certified Design Associate.
CCDP
Cisco Certified Design Professional.
CCIE
Cisco Certified Internetwork Expert.
CCIP
Cisco Certified Internetwork Professional.
CCNA
Cisco Certified Network Associate.
CCNP
Cisco Certified Network Professional.
CCSP
Cisco Certified Security Professional.
CDP
Cisco Discovery Protocol. Media-and protocol-independent device-discovery protocol that runs on all Cisco-manufactured equipment, including routers, access servers, bridges, and switches.
CERT
Computer Emergency Response Team. A group of people in a specific organization who coordinate their responses to breaches of security or other computer emergencies, such as breakdowns and disasters.
CHAP
Challenge Handshake Authentication Protocol. An access control protocol that dynamically encrypts the user's ID and password.
CIA
Confidentiality, integrity, and availability. In the field of information security, describes the desired characteristics of protected data.
Data that has been coded (enciphered, encrypted, encoded) for security purposes.
CiscoAVVID
Architecture for Voice, Video, and Integrated Data.
Cisco IOS Firewall
A software option available for most Cisco routers that provides a stateful packet-filter firewall.
Cisco SecureACS
A complete access control server that supports the industry-standard RADIUS protocol and the Cisco-proprietary TACACS+ protocol.
CiscoVMS
CiscoWorks VPN/Security Management Solution. An integrated security management solution that is part of the SAFE blueprint for network security. VMS enables customers to deploy security infrastructures from small networks to large, complex, and widely distributed environments.
CiscoVPN3000 Series Concentrator
A purpose-built, remote-access VPN device.
clear text
Normal text that has not been encrypted and is readable by text editors and word processors.
CLI
Command-line interface.
client mode
Mode in which all users behind the hardware client appear as a single user on the corporate intranet through the use of Network Address Translation (NAT) overload or what is also commonly called Port Address Translation (PAT).
One of the SAFE modules, which provides connectivity to the Internet and terminates any VPN connectivity. Traffic for public services, such as e-mail, web, file transfer, and name lookups, is also terminated at the Corporate Internet module.
CSI
Cisco SAFE Implementation.
CSID
Cisco Secure IDS Director.
CSPM
Cisco Secure Policy Manager. A centralized, scalable, comprehensive security policy management application for the Cisco Secure security portfolio.
DDoS
Distributed denial of service. Attacks directed against a host or network where the intent is to deny access to the host or network by consuming all of the bandwidth available to the host. This attack typically involves a large number of attacking hosts controlled by one or more attackers.
Data Encryption Standard. The U.S. National Bureau of Standards secret key cryptography method that uses a 56-bit key.
DHCP
Dynamic Host Configuration Protocol. Software that automatically assigns IP addresses to client stations logging on to a TCP/IP network.
DMZ
Demilitarized zone. A middle ground between an organization's trusted internal network and an untrusted, external network such as the Internet.
DNS
Domain Name System. Name resolution software that lets users locate computers on a TCP/IP network by domain name.
DoS
Denial of service. An assault on a network that floods it with so many additional requests that regular traffic is either slowed or completely interrupted. This attack typically has a single point of origin.
DSL
Digital subscriber line. A technology that dramatically increases the digital capacity of ordinary telephone lines (the local loops) into the home or office.
EAP
Extensible Authentication Protocol. An extension to the PPP protocol that enables a variety of authentication protocols to be used.
egress
Means "exit."
EXEC
A phrase that is commonly used to refer to the interactive command processor of Cisco IOS.
Extranet
A website for customers rather than the general public.
firewall
A device used for implementing security policies that are designed to keep a network secure from intruders.
FTP
File Transfer Protocol. A protocol used to transfer files over a TCP/IP network.
Host intrusion prevention system. Software that prevents an attack on a computer system. An IPS is a significant step beyond an IDS (intrusion detection system) because it stops the attack from damaging or retrieving data.
HTTP
Hypertext Transfer Protocol. The protocol used by web browsers and web servers to transfer files, such as text and graphic files.
HTTPS
Hypertext Transfer Protocol Secure. The protocol used to access a secure web server. Using https in the URL instead of http directs the message to a secure port number rather than the default web port number of 80. The session is then managed by a security protocol.
IB
In-band.
ICMP
Internet Control Message Protocol. A TCP/IP protocol used to send error and control messages.
IDEA
International Data Encryption Algorithm. A secret key cryptography method that uses a 128-bit key.
IDS
Intrusion detection system. Software that detects illegal entrance to a computer system.
IDSsensor
Monitors network traffic constantly in real time while looking for distinctive attack patterns in the traffic flow.
IEEE
Institute of Electrical and Electronic Engineers.
IETF
Internet Engineering Task Force. A nonmembership, open, voluntary standards organization dedicated to identifying problems and opportunities in IP data networks and proposing technical solutions to the Internet community.
IIS
Internet Information Services. Microsoft's web server. Runs under the server versions of Windows NT and Windows 2000, adding full HTTP capability to the Windows operating system.
IKE
Internet Key Exchange. A method for establishing a security association (SA) that authenticates users, negotiates the encryption method, and exchanges the secret key.
in-band network management
Refers to the flow of management traffic that follows the same path as normal network data.
Media Access Control. The unique serial number burned into Ethernet and Token Ring adapters that identifies that network card from all others.
man-in-the-middle attack
An attacker intercepts data packets crossing a network, modifies or falsifies the information in those packets, and reinjects the packets into the network without being detected.
MC
Management console. A software-management interface to access a particular system or product set.
MIC
message integrity check.
MTA
Mail transport agent.
NAS
Network access server. Hardware or software that functions as a junction point between an external and internal network.
NAT
Network Address Translation. An IETF standard that allows an organization to present itself to the Internet with far fewer IP addresses than there are nodes on its internal network.
NetBIOS
The native networking protocol in DOS and Windows networks.
network extension mode
A mode in which all devices access the corporate intranet as if they were directly connected, and hosts in the intranet may initiate connections to the hosts behind the hardware client once a tunnel is established.
network management
A generic term used to describe the execution of the set of functions that help to maintain, monitor, and troubleshoot the resources of a network.
Network Time Protocol. A protocol used to synchronize the real-time clock in a computer.
OBB
Out-of-band.
OSPF
Open Shortest Path First. A routing protocol that determines the best path for routing IP traffic over a TCP/IP network based on distance between nodes and several quality parameters.
OTP
One-time password. A password that is generated for use one time only. Once the password has been used, the system will authenticate a user using that same password again.
out-of-band network management
Refers to the flow of management traffic that does not follow the same path as normal network data.
packet sniffer
Software application that uses a network adapter card in promiscuous mode to receive all packets on the physical network wire and pass those packets up to an application.
password attack
Attempt to determine the valid password to an account on a system and use it to gain access to that system.
The router that provides the first line of defense to an untrusted network.
perimeter security
The security policy and devices used at the edge of a network to protect the internal network. The firewall is a typical example of a perimeter security device.
PIX
Packet Internet Exchange.
PKI
Public key infrastructure. A system of digital certificates, Certificate Authorities, and other registration authorities that verify and authenticate the validity of each party involved in an Internet transaction.
POP
Point of presence.
POP3
Post Office Protocol version 3. A standard mail server commonly used on the Internet.
port redirection
An attack used to redirect traffic from a port on one host to another port, not necessarily on the same host.
PPTP
Point-to-Point Tunneling Protocol. A protocol from Microsoft that is used to create a VPN over the Internet.
proxy server
An application that breaks the connection between sender and receiver; also called a "proxy" or "application level gateway."
PSTN
Public Switched Telephone Network. The global voice telephone network.
public services segment
A network segment, usually the DMZ, where the Internet services servers are located.
QoS
Quality of service. The ability to define a level of performance in a data communications system.
RADIUS
Remote Authentication Dial-In User Service. An access control protocol that uses a challenge/response method for authentication.
RCP
Remote Copy Protocol. A protocol that allows users to copy files to and from a file system residing on a remote host or server.
reconnaissance attack
The act of gathering information about a network in preparation for a possible attack.
RFC
Request for Comments. A document that describes the specifications for a recommended technology. RFCs are used by the IETF and other standards bodies.
RFC1918
Describes address allocation for private internetworks. Describes the use of certain IP address ranges for private networks.
RFC2827
Describes network ingress filtering to mitigate DoS attacks that employ IP address spoofing.
RIP
Routing Information Protocol. A simple routing protocol that is part of the TCP/IP protocol suite.
RIPE
Réseaux IP Europénnes. Group formed to coordinate and promote TCP/IP-based networks in Europe.
risk assessment
A method used to quantify the level of risk inherent in a system.
rlogin
Remote LOGIN. A UNIX command that allows users to remotely log on to a server in the network as if they were at a terminal directly connected to that computer.
router
A device that forwards data packets from one LAN or WAN to another.
RSA
Rivest-Shamir-Adleman. A highly secure cryptography method by RSA Data Security, Inc. It uses a two-part key. The private key is kept by the owner; the public key is published.
RSH
Remote Shell. A UNIX command that enables a user to remotely log on to a server on the network and pass commands to it.
SAFE
The Cisco best-practice design blueprints for securing networks. The CSI exam focuses on the SAFE SMR blueprint.
SAFE module
A module within the SAFE design concept that describes a functional component of a network and its associated devices. The SAFE SMR blueprint includes the Corporate Internet module, the Campus module, and the WAN module.
script kiddie
An amateur that tries to illegally intrude into a system but takes the path of least resistance.
security policy
A framework definition that is used to protect the assets connected to a network.
security threat
Any action or actions against a network that are not authorized or that are in defiance of the security policy.
Security Wheel
A concept where network security is treated as a continuous process built around the corporate security policy.
SMB
Small and medium-size business.
SMR
Small, medium-size, and remote-user.
SMTP
Simple Mail Transfer Protocol. The standard e-mail protocol used on the Internet.
SNMP
Simple Network Management Protocol. A widely used network monitoring and control protocol.
split-tunnel
A VPN tunnel that allows only remote-site traffic that is specifically defined to traverse it; all other traffic follows the appropriate routes.
SQL
Structured Query Language. Pronounced "S-Q-L" or "see qwill"; a language used to interrogate and process data in a relational database.
SSH
Secure Shell. Provides secure logon for Windows and UNIX clients and servers. SSH replaces Telnet, FTP, and other remote-logon utilities with an encrypted alternative.
SSL
Secure Sockets Layer. The leading security protocol on the Internet. When an SSL session is started, the server sends its public key to the browser. The browser uses this public key to send a randomly generated secret key back to the server in order to have a secret key exchange for that session.
string attack
A type of attack where an attacker relies on an improper bounds check in the format of a string to be printed by the program thus permitting the execution of arbitrary code.
syslog
System Log protocol. A transport mechanism for sending event messages across an IP network.
TACACS+
Terminal Access Controller Access Control System Plus. An access control protocol that is used to authenticate a user who is logging on to the network.
TCP
Transmission Control Protocol. The TCP part of TCP/IP.
TCPSYN
The first packet in the three-way handshake that occurs when establishing a TCP connection between two hosts. Can also be used in a DoS attack by exhausting the resources on the target host.
TCP/IP
Transmission Control Protocol/Internet Protocol. A communications protocol developed under contract from the U.S. Department of Defense to internetwork dissimilar systems.
Telnet
A terminal-emulation protocol that is commonly used on the Internet and TCP/IP-based networks.
TFN
Tribe Flood Network.
TFTP
Trivial File Transfer Protocol. A version of the TCP/IP FTP protocol that has no directory or password capability.
TKIP
Temporal Key Integrity Protocol. TKIP is part of the IEEE 802.11i encryption standard for WLANs. TKIP is the next generation of the Wired Equivalency Protocol (WEP) used to secure 802.11 WLANs. TKIP provides per-packet key mixing, a message integrity check and a rekeying mechanism, thus fixing the flaws of WEP.
TLS
Transport Layer Security. A security protocol from the IETF that is a merger of SSL and other protocols.
traffic-rate limiting
A filtering technique used to limit the rate of predefined traffic on a link.
Trojan horse
A program that appears to be a normal application but, when executed, conducts covert actions on behalf of an attacker.
UDP
User Datagram Protocol. A protocol within the TCP/IP protocol suite that is used in place of TCP when a reliable delivery is not required.
URL
Uniform Resource Locator. The address that defines the route to a file on the web or any other Internet facility.
virus
Small piece of mobile code that attaches to other programs or documents and can infect a user's computer when the program is executed or the document is opened.
VLAN
Virtual LAN. A logical subgroup within a LAN that is created via software rather than manually moving cables in the wiring closet.
VMS
VPN/Security Management Solution.
VoIP
Voice over IP.
VOMIT
Voice Over Misconfigured IP Telephony.
VPN
Virtual private network. A private network that is configured within a public network to take advantage of the economies of scale and management facilities of large networks.
VPNHardware Client
Cisco VPN 3002 hardware client that is part of the Cisco VPN 3000 concentrator series of products and combines the ease of use and high-scalability features of the software client while providing the reliability and stability of a hardware platform.
VPNSoftware Client
Cisco VPN software client that establishes secure, end-to-end encrypted (IPSec) tunnels to any Cisco VPN gateways or concentrators from a wide range of operating systems, including Microsoft Windows, Linux, and Solaris.
VPN-enabled router
A Cisco VPN router that is running a version of Cisco IOS software that provides IPSec VPN capability.
VTP
VLAN Trunking Protocol.
WAN module
A SAFE module that provides WAN functionality.
WEP
Wired Equivalent Privacy. A security protocol for WLANs defined in the 802.11b standard.
WLAN
Wireless LAN.
X.25
The first international standard packet-switching network developed in the early 1970s.
لطفا منتظر باشید ...
