Triple DES.
A family of IEEE standards for wireless LANs.
A security protocol from the IEEE for wireless LANs that adhere to the 802.11 standard. It relies on the Extensible Authentication Protocol (EAP) to pass messages to any of a variety of authentication servers, such as RADIUS or Kerberos.
Authentication, authorization, and accounting (pronounced "triple a").
Acknowledgement bit in a TCP frame.
Access control list. A set of data associated with a file, directory, or other resource that defines the access permissions for users, groups, processes, or devices.
Access Control Server.
Asia Pacific Network Information Center. A nonprofit Internet registry organization for the Asia Pacific region.
Staying current on patches for applications and reducing information the applications provide through service banners.
American Registry for Internet Numbers. A nonprofit organization that dispenses IP addresses in North and South America, the Caribbean, and sub-Saharan Africa.
Asynchronous Transfer Mode. A network technology for both LANs and WANs that supports real-time voice and video as well as data.
Process by which a user or administrator demonstrates knowledge of possession of an item that verifies their identity to a system.
Process by which a user or administrator demonstrates that they have the authority to execute an action on a device.
Best common practices.
Berkeley Internet Name Domain. The most commonly used DNS software.
Bridge protocol data unit. A Spanning Tree Protocol (STP) message unit that describes the attributes of a switch port, such as its MAC address, priority, and cost to reach.
An application layer attack made possible by the improper bounds checking of input data in a program. By sending properly crafted data to the program, the attacker redirects the program to execute code of the attacker's choice.
One of the SAFE modules, which provides end-user workstations, corporate intranet servers, management servers, and the associated Layer 2 functionality.
Cisco Certified Design Associate.
Cisco Certified Design Professional.
Cisco Certified Internetwork Expert.
Cisco Certified Internetwork Professional.
Cisco Certified Network Associate.
Cisco Certified Network Professional.
Cisco Certified Security Professional.
Cisco Discovery Protocol. Media-and protocol-independent device-discovery protocol that runs on all Cisco-manufactured equipment, including routers, access servers, bridges, and switches.
Computer Emergency Response Team. A group of people in a specific organization who coordinate their responses to breaches of security or other computer emergencies, such as breakdowns and disasters.
Challenge Handshake Authentication Protocol. An access control protocol that dynamically encrypts the user's ID and password.
Confidentiality, integrity, and availability. In the field of information security, describes the desired characteristics of protected data.
Data that has been coded (enciphered, encrypted, encoded) for security purposes.
Architecture for Voice, Video, and Integrated Data.
A software option available for most Cisco routers that provides a stateful packet-filter firewall.
A complete access control server that supports the industry-standard RADIUS protocol and the Cisco-proprietary TACACS+ protocol.
CiscoWorks VPN/Security Management Solution. An integrated security management solution that is part of the SAFE blueprint for network security. VMS enables customers to deploy security infrastructures from small networks to large, complex, and widely distributed environments.
A purpose-built, remote-access VPN device.
Normal text that has not been encrypted and is readable by text editors and word processors.
Command-line interface.
Mode in which all users behind the hardware client appear as a single user on the corporate intranet through the use of Network Address Translation (NAT) overload or what is also commonly called Port Address Translation (PAT).
One of the SAFE modules, which provides connectivity to the Internet and terminates any VPN connectivity. Traffic for public services, such as e-mail, web, file transfer, and name lookups, is also terminated at the Corporate Internet module.
Cisco SAFE Implementation.
Cisco Secure IDS Director.
Cisco Secure Policy Manager. A centralized, scalable, comprehensive security policy management application for the Cisco Secure security portfolio.
Distributed denial of service. Attacks directed against a host or network where the intent is to deny access to the host or network by consuming all of the bandwidth available to the host. This attack typically involves a large number of attacking hosts controlled by one or more attackers.
Data Encryption Standard. The U.S. National Bureau of Standards secret key cryptography method that uses a 56-bit key.
Dynamic Host Configuration Protocol. Software that automatically assigns IP addresses to client stations logging on to a TCP/IP network.
Demilitarized zone. A middle ground between an organization's trusted internal network and an untrusted, external network such as the Internet.
Domain Name System. Name resolution software that lets users locate computers on a TCP/IP network by domain name.
Denial of service. An assault on a network that floods it with so many additional requests that regular traffic is either slowed or completely interrupted. This attack typically has a single point of origin.
Digital subscriber line. A technology that dramatically increases the digital capacity of ordinary telephone lines (the local loops) into the home or office.
Extensible Authentication Protocol. An extension to the PPP protocol that enables a variety of authentication protocols to be used.
Means "exit."
A phrase that is commonly used to refer to the interactive command processor of Cisco IOS.
A website for customers rather than the general public.
A device used for implementing security policies that are designed to keep a network secure from intruders.
File Transfer Protocol. A protocol used to transfer files over a TCP/IP network.
Firewall Services Module.
Host-based intrusion detection system.
Host intrusion prevention system. Software that prevents an attack on a computer system. An IPS is a significant step beyond an IDS (intrusion detection system) because it stops the attack from damaging or retrieving data.
Hypertext Transfer Protocol. The protocol used by web browsers and web servers to transfer files, such as text and graphic files.
Hypertext Transfer Protocol Secure. The protocol used to access a secure web server. Using https in the URL instead of http directs the message to a secure port number rather than the default web port number of 80. The session is then managed by a security protocol.
In-band.
Internet Control Message Protocol. A TCP/IP protocol used to send error and control messages.
International Data Encryption Algorithm. A secret key cryptography method that uses a 128-bit key.
Intrusion detection system. Software that detects illegal entrance to a computer system.
Monitors network traffic constantly in real time while looking for distinctive attack patterns in the traffic flow.
Institute of Electrical and Electronic Engineers.
Internet Engineering Task Force. A nonmembership, open, voluntary standards organization dedicated to identifying problems and opportunities in IP data networks and proposing technical solutions to the Internet community.
Internet Information Services. Microsoft's web server. Runs under the server versions of Windows NT and Windows 2000, adding full HTTP capability to the Windows operating system.
Internet Key Exchange. A method for establishing a security association (SA) that authenticates users, negotiates the encryption method, and exchanges the secret key.
Refers to the flow of management traffic that follows the same path as normal network data.
Means "entrance."
Network of computers in more than 100 countries that covers commercial, academic, and government endeavours.
An in-house website that serves the employees of the enterprise.
Cisco operating system software that is the primary control program used in its routers.
Internet Protocol. The network layer protocol in the TCP/IP communications protocol suite.
An attacker inserts the IP address of an authorized user into the transmission of an unauthorized user to gain illegal access to a computer system.
IP Security. A security protocol from the IETF that provides authentication and encryption over the Internet.
IP telephony.
Internet service provider.
Layer 2.
Layer 2 Tunneling Protocol. A protocol from the IETF that allows a PPP session to run over the Internet or an ATM or Frame Relay network.
The communications layer that contains the physical address of a client or server station.
The communications layer that contains the logical address of a client or server station.
Lightweight Directory Access Protocol. A protocol used to access a directory listing.
Lite EAP. Cisco-proprietary EAP.
Media Access Control. The unique serial number burned into Ethernet and Token Ring adapters that identifies that network card from all others.
An attacker intercepts data packets crossing a network, modifies or falsifies the information in those packets, and reinjects the packets into the network without being detected.
Management console. A software-management interface to access a particular system or product set.
message integrity check.
Mail transport agent.
Network access server. Hardware or software that functions as a junction point between an external and internal network.
Network Address Translation. An IETF standard that allows an organization to present itself to the Internet with far fewer IP addresses than there are nodes on its internal network.
The native networking protocol in DOS and Windows networks.
A mode in which all devices access the corporate intranet as if they were directly connected, and hosts in the intranet may initiate connections to the hosts behind the hardware client once a tunnel is established.
A generic term used to describe the execution of the set of functions that help to maintain, monitor, and troubleshoot the resources of a network.
Network intrusion detection system.
Network Time Protocol. A protocol used to synchronize the real-time clock in a computer.
Out-of-band.
Open Shortest Path First. A routing protocol that determines the best path for routing IP traffic over a TCP/IP network based on distance between nodes and several quality parameters.
One-time password. A password that is generated for use one time only. Once the password has been used, the system will authenticate a user using that same password again.
Refers to the flow of management traffic that does not follow the same path as normal network data.
Software application that uses a network adapter card in promiscuous mode to receive all packets on the physical network wire and pass those packets up to an application.
Attempt to determine the valid password to an account on a system and use it to gain access to that system.
Port Address Translation.
Protected EAP.
The router that provides the first line of defense to an untrusted network.
The security policy and devices used at the edge of a network to protect the internal network. The firewall is a typical example of a perimeter security device.
Packet Internet Exchange.
Public key infrastructure. A system of digital certificates, Certificate Authorities, and other registration authorities that verify and authenticate the validity of each party involved in an Internet transaction.
Point of presence.
Post Office Protocol version 3. A standard mail server commonly used on the Internet.
An attack used to redirect traffic from a port on one host to another port, not necessarily on the same host.
Point-to-Point Tunneling Protocol. A protocol from Microsoft that is used to create a VPN over the Internet.
An application that breaks the connection between sender and receiver; also called a "proxy" or "application level gateway."
Public Switched Telephone Network. The global voice telephone network.
A network segment, usually the DMZ, where the Internet services servers are located.
Quality of service. The ability to define a level of performance in a data communications system.
Remote Authentication Dial-In User Service. An access control protocol that uses a challenge/response method for authentication.
Remote Copy Protocol. A protocol that allows users to copy files to and from a file system residing on a remote host or server.
The act of gathering information about a network in preparation for a possible attack.
Request for Comments. A document that describes the specifications for a recommended technology. RFCs are used by the IETF and other standards bodies.
Describes address allocation for private internetworks. Describes the use of certain IP address ranges for private networks.
Describes network ingress filtering to mitigate DoS attacks that employ IP address spoofing.
Routing Information Protocol. A simple routing protocol that is part of the TCP/IP protocol suite.
Réseaux IP Europénnes. Group formed to coordinate and promote TCP/IP-based networks in Europe.
A method used to quantify the level of risk inherent in a system.
Remote LOGIN. A UNIX command that allows users to remotely log on to a server in the network as if they were at a terminal directly connected to that computer.
A device that forwards data packets from one LAN or WAN to another.
Rivest-Shamir-Adleman. A highly secure cryptography method by RSA Data Security, Inc. It uses a two-part key. The private key is kept by the owner; the public key is published.
Remote Shell. A UNIX command that enables a user to remotely log on to a server on the network and pass commands to it.
The Cisco best-practice design blueprints for securing networks. The CSI exam focuses on the SAFE SMR blueprint.
A module within the SAFE design concept that describes a functional component of a network and its associated devices. The SAFE SMR blueprint includes the Corporate Internet module, the Campus module, and the WAN module.
An amateur that tries to illegally intrude into a system but takes the path of least resistance.
A framework definition that is used to protect the assets connected to a network.
Any action or actions against a network that are not authorized or that are in defiance of the security policy.
A concept where network security is treated as a continuous process built around the corporate security policy.
Small and medium-size business.
Small, medium-size, and remote-user.
Simple Mail Transfer Protocol. The standard e-mail protocol used on the Internet.
Simple Network Management Protocol. A widely used network monitoring and control protocol.
A VPN tunnel that allows only remote-site traffic that is specifically defined to traverse it; all other traffic follows the appropriate routes.
Structured Query Language. Pronounced "S-Q-L" or "see qwill"; a language used to interrogate and process data in a relational database.
Secure Shell. Provides secure logon for Windows and UNIX clients and servers. SSH replaces Telnet, FTP, and other remote-logon utilities with an encrypted alternative.
Secure Sockets Layer. The leading security protocol on the Internet. When an SSL session is started, the server sends its public key to the browser. The browser uses this public key to send a randomly generated secret key back to the server in order to have a secret key exchange for that session.
A type of attack where an attacker relies on an improper bounds check in the format of a string to be printed by the program thus permitting the execution of arbitrary code.
System Log protocol. A transport mechanism for sending event messages across an IP network.
Terminal Access Controller Access Control System Plus. An access control protocol that is used to authenticate a user who is logging on to the network.
Transmission Control Protocol. The TCP part of TCP/IP.
The first packet in the three-way handshake that occurs when establishing a TCP connection between two hosts. Can also be used in a DoS attack by exhausting the resources on the target host.
Transmission Control Protocol/Internet Protocol. A communications protocol developed under contract from the U.S. Department of Defense to internetwork dissimilar systems.
A terminal-emulation protocol that is commonly used on the Internet and TCP/IP-based networks.
Tribe Flood Network.
Trivial File Transfer Protocol. A version of the TCP/IP FTP protocol that has no directory or password capability.
Temporal Key Integrity Protocol. TKIP is part of the IEEE 802.11i encryption standard for WLANs. TKIP is the next generation of the Wired Equivalency Protocol (WEP) used to secure 802.11 WLANs. TKIP provides per-packet key mixing, a message integrity check and a rekeying mechanism, thus fixing the flaws of WEP.
Transport Layer Security. A security protocol from the IETF that is a merger of SSL and other protocols.
A filtering technique used to limit the rate of predefined traffic on a link.
A program that appears to be a normal application but, when executed, conducts covert actions on behalf of an attacker.
User Datagram Protocol. A protocol within the TCP/IP protocol suite that is used in place of TCP when a reliable delivery is not required.
Uniform Resource Locator. The address that defines the route to a file on the web or any other Internet facility.
Small piece of mobile code that attaches to other programs or documents and can infect a user's computer when the program is executed or the document is opened.
Virtual LAN. A logical subgroup within a LAN that is created via software rather than manually moving cables in the wiring closet.
VPN/Security Management Solution.
Voice over IP.
Voice Over Misconfigured IP Telephony.
Virtual private network. A private network that is configured within a public network to take advantage of the economies of scale and management facilities of large networks.
Cisco VPN 3002 hardware client that is part of the Cisco VPN 3000 concentrator series of products and combines the ease of use and high-scalability features of the software client while providing the reliability and stability of a hardware platform.
Cisco VPN software client that establishes secure, end-to-end encrypted (IPSec) tunnels to any Cisco VPN gateways or concentrators from a wide range of operating systems, including Microsoft Windows, Linux, and Solaris.
A Cisco VPN router that is running a version of Cisco IOS software that provides IPSec VPN capability.
VLAN Trunking Protocol.
A SAFE module that provides WAN functionality.
Wired Equivalent Privacy. A security protocol for WLANs defined in the 802.11b standard.
Wireless LAN.
The first international standard packet-switching network developed in the early 1970s.