Random CS Category #1
A list of certificates no longer valid or that have been revoked by the issuer.
certificate revocation list (CRL)
An encryption standard used with WPA and WPA2. The successor to DES/3DES and is another symmetric key encryption standard composed of three different block ciphers: AES-128, AES-192, and AES-256.
Advanced Encryption Standard (AES)
A type of algorithm that encrypts a number of bits as individual units known as blocks.
block cipher
A 64-bit block cipher designed by Bruce Schneier as an alternative to DES.
blowfish
When a process stores data outside the memory that the developer intended to be used for storage. This could cause erratic behavior in the application, especially if the memory already had other data in it.
buffer overflow
When a person’s identity is confirmed. Authentication is the verification of a person’s identity.
authentication
Used in computer programs to bypass normal authentication and other security mechanisms in place.
backdoors
A method of VPN where the user can always access the connection without the need to periodically disconnect and reconnect. It often uses SSL/TLS for encrypted connections instead of PPTP or L2TP.
always-on VPN
Gaining information about a target system using active, engaging techniques.
active reconnaissance
When people test a system but have no specific knowledge of the system code involved with the system.
black-box testing
The science of recognizing humans based on one or more physical characteristics.
biometrics
The act of verifying whether a process is secure; for example, the secure boot process of a UEFI-based system.
attestation
When a user is granted access to specific resources after authentication is complete.
authorization
A type of cipher that uses a pair of different keys to encrypt and decrypt data.
asymmetric key algorithm
An access model that is dynamic and context-aware and uses IF-THEN statements and combination of policies to control access to resources.
attribute-based access control (ABAC)
A type of SDLC based on being adaptive to change, and cooperation between business people, customers, and developers. See software development lifecycle. Compare with waterfall model.
agile model
A password attack where every possible password is attempted.
brute-force attack
An authentication technology used to connect devices to a LAN or WLAN. It is an example of port-based network access control (NAC).
802.1X
A set of computer attacking processes that targets private organizations or nation states. Also refers to a group (often a government) that persistently targets a specific entity.
advanced persistent threat (APT)
A method of disallowing one or more applications from use.
application black-listing
A list of permissions attached to an object. ACLs specify what level of access a user, users, or groups have to an object. When dealing with firewalls, an ACL is a set of rules that applies to a list of network names, IP addresses, and port numbers.
access control list (ACL)
A technique used to prevent the exploitation of memory vulnerabilities.
address space layout randomization (ASLR)
A group of compromised computers used to distribute malware across the Internet; the members are usually zombies.
botnet
The entity (usually a server) that issues digital certificates to users.
certificate authority (CA)
A method of securing a control unit, system, or network through isolation and possibly shielding
air gap