Ch 6 & 7
A secret word or combination of characters that only the user should know
Password
A value that sets the limit between normal and abnormal behavior
Threshold
A logical sequence of steps or processes used by an attacker to launch an attack against a target system or network
Attack Protocol
An encryption method in which one value is substituted for another
Substitution Cipher
Limited-use symmetric keys for temporary communications during an online session
The selective method by which systems specify who may use a particular resource and how they may use it
Access Control
A software program or hardware appliance that can intercept, copy, and interpret network traffic
Packet Sniffer
The process of illegally attempting to determine the source of an intrusion by tracing it and trying to gain access to the originating system
Back Hack
A cryptographic method that incorporates mathematical operations involving both a public key and a private key to encipher or decipher a message
Asymmetric Encryption
The process of obtaining the plaintext message from a ciphertext message without knowing the keys used to perform the encryption
Cryptanalysis
The system of networks outside the organization over which the organization has not control
Untrusted Network
An application that records information about outbound communications
Pen Register
The rate at which authentic users are denied or prevented access to authorized areas as a result of a failure in the biometric device
False Reject Rate
Mathematical algorithms that generate a message summary or digest (sometimes called a fingerprint) to confirm message identity and integrity
Hash Functions
A cryptographic operation that involves simply rearranging the values within a block based on an established pattern
Transposition Cipher
An intermediate area between two networks designed to provide servers and firewall filtering between a trusted internal network and the outside, untrusted network
Demilitarized Zone
A published weakness or fault in an information asset or its protective systems that may be exploited and result in loss
Known vulnerability
an application that scans networks to identify exposed usernames and groups, open network shares, configuration problems, and other vulnerabilities in servers
Active Vulnerability Scanner
A key that can be used in symmetric encryption both to encipher and decipher the message
Secret Key
An advanced type of substitution cipher that uses a simple polyalphabetic code
Vigenere Cipher
A private, secure network operated over a public and insecure network
Virtual Private Network
An application that entices people who are illegally perusing the internal areas of a network by providing simulated rich content while the software notifies the administrator of the intrusion
Honeypot
A required, structured data classification scheme that rates each collection of information as well as each user
Mandatory Access Control
A substitution cipher that incorporates two or more alphabets in the encryption process
Polyalphabetic Cipher
The process of reversing public-key encryption to verify that a message was sent by the sender and thus cannot be refuted
Non-repudiation