Glossary
This glossary contains the key terms from the book. All the terms from each chapter’s “Define Key Terms” tasks are defined here.
A backup rotation scheme in which 10 backup tapes are used over the course of 2 weeks.
An authentication technology used to connect devices to a LAN or WLAN. It is an example of port-based NAC.
Acceptable usage policies define the rules that restrict how a computer, network, or other system may be used.
A list of permissions attached to an object. They specify what level of access a user, users, or groups have to an object. When dealing with firewalls, an ACL is a set of rules that apply to a list of network names, IP addresses. and port numbers.
Methodologies in which admission to physical areas, and more important computer systems, is managed and organized.
The date when users’ accounts they use to log on to the network expires.
The tracking of data, computer usage, and network resources. Often it means logging, auditing, and monitoring of the data and resources.
Also known as active inception in the CompTIA 2008 Security+ objectives; normally includes a computer placed between the sender and the receiver in an effort to capture and possibly modify information.
Ways of blocking and filtering out unwanted advertisement; pop-up blockers and content filters are considered to be ad filtering methods.
Advanced Encryption Standard (AES)
An encryption standard used with WPA and WPA2. The successor to DES/3DES and is another symmetric key encryption standard composed of three different block ciphers: AES-128, AES-192, and AES-256.
Type of spyware that pops up advertisements based on what it has learned about the user.
Well-defined instructions that describe computations from their initial state to their final state.
Also known as statistical anomaly–based; establishes a performance baseline based on a set of normal network traffic evaluations.
application-level gateway (ALG)
Applies security mechanisms to specific applications, such as FTP and/or BitTorrent. It supports address and port translation and checks if the type of application traffic is allowed.
An attack that exploits Ethernet networks, and it may enable an attacker to sniff frames of information, modify that information, or stop it from getting to its intended destination.
This type of cipher uses a pair of different keys to encrypt and decrypt data.
Records or logs that show the tracked actions of users, whether the user was successful in the attempt.
When a person’s identity is confirmed. Authentication is the verification of a person’s identity.
When a user is granted access to specific resources when authentication is complete.
Data is obtainable regardless of how information is stored, accessed, or protected.
Used in computer programs to bypass normal authentication and other security mechanisms in place.
A type of DMZ where the DMZ is located between the LAN and the Internet.
Part of an emergency power system used when there is an outage of regular electric grid power.
When a malicious individual leaves malware-infected removable media, such as a USB drive or optical disc, lying around in plain view.
The process of measuring changes in networking, hardware, software, and so on.
A monitoring system that looks at the previous behavior of applications, executables, and/or the operating system and compares that to current activity on the system.
The science of recognizing humans based on one or more physical characteristics.
An attack on a hashing system that attempts to send two different messages with the same hash function, causing a collision.
When a total loss of power for a prolonged period occurs.
A type of algorithm that encrypts a number of bits as individual units known as blocks.
The sending of unsolicited messages to Bluetooth-enabled devices such as mobile phones and PDAs.
The unauthorized access of information from a wireless device through a Bluetooth connection.
A group of compromised computers used to distribute malware across the Internet; the members are usually zombies.
When there is an accumulation of broadcast and multicast packet traffic on the LAN coming from one or more network interfaces.
When the voltage drops to such an extent that it typically causes the lights to dim and causes computers to shut off.
A password attack where every possible password is attempted.
When a process stores data outside of the memory that the developer intended. This could cause erratic behavior in the application, especially if the memory already had other data in it.
butt set (or lineman’s handset)
A device that looks similar to a phone but has alligator clips that can connect to the various terminals used by phone equipment, enabling a person to listen in to a conversation.
The Content Addressable Memory table, a table that is in a switch’s memory that contains ports and their corresponding MAC addresses.
The entity (usually a server) that issues digital certificates to users.
certificate revocation list (CRL)
A list of certificates no longer valid or have been revoked by the issuer.
Digitally signed electronic documents that bind a public key with a user identity.
Documents who had custody of evidence all the way up to litigation or a court trial (if necessary) and verifies that the evidence has not been modified.
Challenge-Handshake Authentication Protocol (CHAP)
An authentication scheme used by the Point-to-Point Protocol (PPP) that is the standard for dial-up connections.
A structured way of changing the state of a computer system, network, or IT procedure.
The refraction of light as in a rainbow. If light is refracted in such a manner on fiber optic cables, the signal cannot be read by the receiver.
An algorithm that can perform encryption or decryption.
Works at the Session layer of the OSI model and applies security mechanisms when a TCP or UDP connection is established; they act as a go-between for the Transport and Application Layers in TCP/IP.
Two or more servers that work with each other.
This has tables, chairs, bathrooms, and possibly some technical setup; for example basic phone, data, and electric lines, but will require days if not weeks to set up properly.
Technical assessments made of applications, systems, or networks.
Preventing the disclosure of information to unauthorized persons.
Individual computer programs that block external files that use JavaScript or images from loading into the browser.
Text files placed on the client computer that store information about it, which could include your computer’s browsing habits and credentials. Tracking cookies are used by spyware to collect information about a web user’s activities. Session cookies are used by attackers in an attempt to hijack a session.
A type of vulnerability found in web applications used with session hijacking.
When a signal transmitted on one copper wire creates an undesired effect on another wire; the signal “bleeds” over, so to speak.
A password attack uses a considerable set of precalculated encrypted passwords located in a lookup table.
Hash functions based on block ciphers.
The practice and study of hiding information.
data emanation (or signal emanation)
The electromagnetic field generated by a network cable or network device, which can be manipulated to eavesdrop on conversations or to steal data.
Data Encryption Standard (DES)
An older type of block cipher selected by the United States federal government back in the 1970s as its encryption standard; due to its weak key, it is now considered deprecated.
An account installed by default on a device or within an operating system with a default set of user credentials that are usually insecure.
A special area of the network (sometimes referred to as a subnetwork) that houses servers that host information accessed by clients or other networks on the Internet.
A broad term given to many different types of network attacks that attempts to make computer resources unavailable.
A password attack that uses a prearranged list of likely words, trying each of them one at a time.
Type of backup that backs up only the contents of a folder that have changed since the last full backup.
Invented in the 1970s, it was the first practical method for establishing a shared secret key over an unprotected communications channel.
A signature that authenticates a document through math, letting the recipient know that the document was created and sent by the actual sender and not someone else.
A plan that details the policies and procedures concerning the recovery and/or continuation of an organization’s technology infrastructure.
discretionary access control (DAC)
An access control policy generally determined by the owner.
When each disk is connected to a separate controller.
Distributed Denial of Service (DDoS)
An attack in which a group of compromised systems attack a single target, causing a DoS to occur at that host, usually using a botnet.
When a thief attempts to take responsibility for a shipment by diverting the delivery to a nearby location.
The modification of name resolution information that should be in a DNS server’s cache.
The process of deleting a domain name during the 5-day grace period (known as the add grace period or AGP) and immediately reregistering it for another 5-day period to keep a domain name indefinitely and for free.
The mitigation action that an organization takes to defend against the risks that have been uncovered during due diligence.
Ensuring that IT infrastructure risks are known and managed.
The principle that an organization must respect and safeguard personnel’s rights.
When a person literally scavenges for private information in garbage and recyclable containers.
A platonic extra added to an OS or application as a sort of joke; the harmless cousin of the logic bomb.
When a person uses direct observation to “listen” in to a conversation.
electromagnetic interference (EMI)
A disturbance that can affect electrical circuits, devices, and cables due to electromagnetic conduction or radiation.
elliptic curve cryptography (ECC)
A type of public key cryptography based on the structure of an elliptic curve.
The process of changing information using an algorithm (or cipher) into another form that is unreadable by others—unless they possess the key to that data.
Extensible Authentication Protocol (EAP)
Not an authentication mechanism in itself but instead defines message formats. 802.1X would be the authentication mechanism and defines how EAP is encapsulated within messages.
When a switch broadcasts data on all ports the way a hub does.
Also known as high-availability clusters, these are designed so that a secondary server can take over in the case that the primary one fails, with limited or no downtime.
When a system denies a user who actually should be allowed access to the system. For example, when an IDS/IPS fails to block an attack, thinking it is legitimate traffic.
When a system authenticates a user who should not be allowed access to the system. For example, when an IDS/IPS blocks legitimate traffic from passing on to the network.
An enclosure formed by conducting material or by a mesh of such material; it blocks out external static electric fields and can stop emanations from cell phones and other devices within the cage to leak out.
The process of controlling and/or extinguishing fires to protect people and an organization’s data and equipment.
A part of a computer system or network designed to block unauthorized access while permitting authorized communications. It is a device or set of devices configured to permit or deny computer applications based on a set of rules and other criteria.
People who perform preliminary analysis of the incident data and determine whether the incident is an incident or just an event, and the criticality of the incident.
An attack that works by creating a large number of processes quickly to saturate the available processing space in the computer’s operating system. It is a type of wabbit.
A type of DoS similar to the Smurf attack, but the traffic sent is UDP echo traffic as opposed to ICMP echo traffic.
Type of backup where all the contents of a folder are backed up.
A backup rotation scheme in which three sets of backup tapes must be defined—usually they are daily, weekly, and monthly, which correspond to son, father, and grandfather.
A general term used to describe applications that are behaving improperly but without serious consequences; often describes types of spyware.
Used in Microsoft environments to govern user and computer accounts through a set of rules.
Hardening of the operating system is the act of configuring an OS securely, updating it, creating rules and policies to help govern the system in a secure manner, and removing unnecessary applications and services.
A mathematical procedure that converts a variable-sized amount of data into a smaller block of data.
A summary of a file or message. It is generated to verify the integrity of the file or message.
The attempt at deceiving people into believing something that is false.
One or more computers, servers, or an area of a network, used to attract and trap potential attackers to counteract any attempts at unauthorized access of the network.
Generally is a single computer but could also be a file, group of files, or an area of unused IP address space used to attract and trap potential attackers to counteract any attempts at unauthorized access of the network.
host-based intrusion detection system (HIDS)
A type of system loaded on an individual computer; it analyzes and monitors what happens inside that computer, for example if any changes have been made to file integrity.
A near duplicate of the original site of the organization, complete with phones, computers, networking devices, and full backups.
Originally, a hotfix was defined as a single problem fixing patch to an individual OS or application that was installed live while the system was up and running, and without a reboot necessary. However, this term has changed over time and varies from vendor to vendor.
The HTTP proxy, also known as a web proxy, which caches web pages from servers on the Internet for a set amount of time.
When a person is in a state of being identified. It can also be described as something that identifies a person such as an ID card.
An initial validation of an identity.
Denies all traffic to a resource unless the users generating that traffic are specifically granted access to the resource. For example, when a device denies all traffic unless a rule is made to open the port associated with the type of traffic desired to be let through.
Type of backup that backs up only the contents of a folder that have changed since the last full backup or the last incremental backup.
Input validation or data validation is a process that ensures the correct usage of data.
This means that authorization is necessary before data can be modified.
An Internet content filter, or simply a content filter, is usually applied as software at the Application Layer and can filter out various types of Internet activities such as websites accessed, e-mail, instant messaging, and more. It is used most often to disallow access to inappropriate web material.
Internet Protocol Security (IPsec)
A TCP/IP protocol that authenticates and encrypts IP packets, effectively securing communications between computers and devices using the protocol.
Secures a network by keeping machines behind it anonymous; it does this through the use of NAT.
When users are cycled through various assignments.
An authentication protocol that enables computers to prove their identity to each other in a secure manner.
When certificate keys are held in case third parties, such as government or other organizations, need access to encrypted communications.
The essential piece of information that determines the output of a cipher.
The original hash used to store Windows passwords, known as LM hash, based off the DES algorithm.
Layer 2 Tunneling Protocol (L2TP)
A tunneling protocol used to connect virtual private networks. It does not include confidentiality or encryption on its own. It uses port 1701 and can be more secure than PPTP is used in conjunction with IPsec.
When a user is given only the amount of privileges needed to do their job.
Lightweight Directory Access Protocol (LDAP)
An Application Layer protocol used for accessing and modifying directory services data.
When multiple computers are connected in an attempt to share resources such as CPU, RAM, and hard disks.
Code that has, in some way, been inserted into software; it is meant to initiate some type of malicious function when specific criteria are met.
A method used to filter out which computers can access the wireless network; the WAP does this by consulting a list of MAC addresses that have been previously entered.
An attack that sends numerous packets to a switch, each of which has a different source MAC address, in an attempt to use up the memory on the switch. If this is successful, the switch will change state to failopen mode.
Software designed to infiltrate a computer system and possibly damage it without the user’s knowledge or consent.
mandatory access control (MAC)
An access control policy determined by a computer system, not by a user or owner, as it is in DAC.
When an organization requires that an employee take a certain amount of days vacation consecutively.
man-in-the-middle (MITM) attack
A form of eavesdropping that intercepts all data between a client and a server, relaying that information back and forth.
An area between two doorways, meant to hold people until they are identified and authenticated.
When multiple certificates are mapped to a single recipient.
Message-Digest Algorithm 5 (MD5)
A 128-bit key hash used to provide integrity of files and messages.
When two or more types of authentication are used when dealing with user access control.
When two computers, for example a client and a server, both verify each other’s identity.
Sets the rules by which connections to a network are governed.
network address translation (NAT)
The process of changing an IP address while it is in transit across a router. This is usually so one larger address space (private) can be remapped to another address space, or single IP address (public).
network intrusion detection system (NIDS)
A type of IDS that attempts to detect malicious network activities—for example, port scans and DoS attacks—by constantly monitoring network traffic.
network intrusion prevention system (NIPS)
Designed to inspect traffic and based on their configuration or security policy, they can remove, detain, or redirect malicious traffic.
Network Management System (NMS)
The software run on one or more servers that controls the monitoring of network attached devices and computers.
The study of physical and logical connectivity of networks.
The border of a computer network, commonly secured by devices such as firewalls and NIDS/NIPS solutions.
A random number issued by an authentication protocol that can only be used once.
When a network adapter captures only the packets that are addressed to it.
The idea of ensuring that a person or group cannot refute the validity of your proof against them.
Successor to the LM hash. A more advanced hash used to store Windows passwords, based off the RC4 algorithm.
Successor to the NTLM hash. Based off the MD5 hashing algorithm.
When used by an attacker, a malicious connection to the Windows interprocess communications share (IPC$).
A cipher that encrypts plaintext with a secret random key that is the same length as the plaintext.
When an individual certificate is mapped to a single recipient.
Also known as a SMTP open relay; it enables anyone on the Internet to send e-mail through an SMTP server.
Open Vulnerability and Assessment Language (OVAL)
A standard and a programming language designed to standardize the transfer of secure public information across networks and the Internet utilizing any security tools and services available.
Packet filtering as it applies to firewalls inspects each packet passing through the firewall and accepts or rejects it based on rules. Two types of packet filtering include stateless packet filters and stateful packet inspection (SPI).
Software tool used to recover passwords from hosts or to discover weak passwords.
Updates to a system. They generally carry the connotation of a small fix in the mind of the user or system administrator, so larger patches will often be referred to as software updates, service packs. or something similar.
The planning, testing, implementing, and auditing of patches.
A method of evaluating the security of a system by simulating one or more attacks on that system.
Generally consists of an attacker exploiting security flaws in routers and other networking hardware by flashing the firmware of the device and replacing it with a modified image.
File system permissions control what resources a person can access on the network.
Applications that protect an individual computer from unwanted Internet traffic; they do so by way of a set of rules and policies.
personally identifiable information (PII)
Information used to uniquely identify, contact, or locate a person.
The criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication.
When an unauthorized person tags along with an authorized person to gain entry to a restricted area.
A ping flood, also known as an ICMP flood attack, is when an attacker attempts to send many ICMP echo request packets (pings) to a host in an attempt to use up all available bandwidth.
A type of DoS that sends an oversized and/or malformed packet to another computer.
Point-to-Point Tunneling Protocol (PPTP)
A tunneling protocol used to support VPNs. Generally includes security mechanisms and no additional software or protocols need to be loaded. A VPN device or server must have inbound port 1723 open to enable incoming PPTP connections.
Rules or guidelines used to guide decisions and achieve outcomes. They can be written or configured on a computer.
An application or add-on to a web browser that blocks pop-up windows that usually contain advertisements.
port address translation (PAT)
Like NAT but it translates both IP addresses and port numbers.
Software used to decipher which ports are open on a host.
Similar to a dry pipe system, but there are requirements for it to be set off such as heat or smoke.
When a person invents a scenario, or pretext, in the hope of persuading a victim to divulge information.
An encryption program used primarily for signing, encrypting, and decrypting e-mails in an attempt to increase the security of e-mail communications.
A type of key that is known only to a specific user or users who keep the key a secret.
The act of exploiting a bug or design flaw in a software or firmware application to gain access to resources that normally would’ve been protected from an application or user.
In a network adapter, this passes all traffic to the CPU, not just the frames addressed to it. When the network adapter captures all packets that it has access to regardless of the destination for those packets.
Software tool used to capture and analyze packets.
Acts as an intermediary for clients usually located on a LAN and the servers that they want to access that are usually located on the Internet.
Uses asymmetric keys alone or in addition to symmetric keys. The asymmetric key algorithm creates a secret private key and a published public key.
An entire system of hardware and software, policies and procedures, and people, used to create, distribute, manage, store, and revoke digital certificates.
A type of key that is known to all parties involved in encrypted transactions within a given group.
An assessment that assigns numeric values to the probability of a risk and the impact it can have on the system or network.
An assessment that measures risk by using exact monetary values.
radio frequency interference (RFI)
Interference that can come from AM/FM transmissions and cell towers.
Mirroring. Data is copied to two identical disks. If one disk fails, the other continues to operate.
Striping with Parity. Data is striped across multiple disks; fault tolerant parity data is also written to each disk.
In password cracking, a set of precalculated encrypted passwords located in a lookup table.
Secondary connections to another ISP; for example, a backup T-1 line.
An enclosure that contains two complete power supplies, the second of which will turn on when the first fails.
A networking service that allows incoming connections from remote dial-in clients. It is also used with VPNs.
Remote Authentication Dial-In User Service (RADIUS)
Used to provide centralized administration of dial-up, VPN, and wireless authentication.
An attack in which valid data transmission is maliciously or fraudulently repeated or delayed.
The risk that is left over after a security and disaster recovery plan have been implemented.
The possibility of a malicious attack or other threat causing damage or downtime to a computer system.
The attempt to determine the amount of threats or hazards that could possibly occur in a given amount of time to your computers and networks.
The identification, assessment, and prioritization of risks, and the mitigating and monitoring of those risks.
When a risk is reduced or eliminated altogether.
role-based access control (RBAC)
An access model that works with sets of permissions, instead of individual permissions that are label-based. So roles are created for various job functions in an organization.
A type of software designed to gain administrator-level control over a computer system without being detected.
A public key cryptography algorithm created by Rivest, Shamir, Adleman. It is commonly used in e-commerce.
An IETF standard that provides cryptographic security for electronic messaging such as e-mail.
An unexpected decrease in the amount of voltage provided.
The randomization of the hashing process to defend against cryptanalysis password attacks and Rainbow Tables.
When a Web script runs in its own environment for the express purpose of not interfering with other processes, possibly for testing.
A group of hash functions designed by the NSA and published by the NIST, widely used in government. The most common currently is SHA-1.
A protocol that can create a secure channel between two computers or network devices.
A cryptographic protocol that provides secure Internet communications such as web browsing, instant messaging, e-mail, and VoIP.
Files that log activity of users. They show who did what and when, plus whether they succeeded or failed in their attempt.
Groups of policies that can be loaded in one procedure.
Physical devices given to authorized users to help with authentication. These devices might be attached to a keychain or are part of a card system.
This is when more than one person is required to complete a particular task or operation.
Part of a service contract where the level of service is formally defined.
A group of updates, bug fixes, updated drivers, and security fixes that are installed from one downloadable package or from one disc.
The name of a wireless access point (or network) to which network clients will connect; it is broadcast through the air.
When a person uses direct observation to find out a target’s password, PIN, or other such authentication information.
Frames and packets of network traffic are analyzed for predetermined attack patterns. These attack patterns are known as signatures.
Simple Network Management Protocol (SNMP)
A TCP/IP protocol that monitors network-attached devices and computers. It’s usually incorporated as part of a network management system.
An element, object, or part of a system that, if it fails, will cause the whole system to fail.
When a user can log in once but gain access to multiple systems without being asked to log in again.
A type of DoS that sends large amounts of ICMP echoes, broadcasting the ICMP echo requests to every computer on its network or subnetwork. The header of the ICMP echo requests will have a spoofed IP address. That IP address is the target of the Smurf attack. Every computer that replies to the ICMP echo requests will do so to the spoofed IP.
Software deployed by the network management system that is loaded on managed devices. The software redirects the information that the NMS needs to monitor the remote managed devices.
The abuse of electronic messaging systems such as e-mail, broadcast media, and instant messaging.
special hazard protection system
A clean agent sprinkler system such as FM-200 used in server rooms.
A short transient in voltage that can be due to a short circuit, tripped circuit breaker, power outage, or lightning strike.
When an attacker masquerades as another person by falsifying information.
A type of malicious software either downloaded unwittingly from a website or installed along with some other third-party software.
Systems that turn on automatically within seconds of a power outage.
Type of packet inspection that keeps track of network connections by examining the header in each packet, also known as SPI.
When a single private IP address translates to a single public IP address. This is also called one-to-one mapping.
The science (and art) of writing hidden messages; it is a form of security through obscurity.
A type of algorithm that encrypts each byte in a message on at a time.
Means that there is an unexpected increase in the amount of voltage provided.
A class of cipher that uses identical or closely related keys for encryption and decryption.
A type of DoS where an attacker sends a large amount of SYN request packets to a server in an attempt to deny service.
Sets the reset flag in a TCP header to 1, telling the respective computer to kill the TCP session immediately
When a hacker takes over a TCP session between two computers without the need of a cookie or any other type of host access.
A type of DoS that sends mangled IP fragments with overlapping and over-sized payloads to the target machine.
Refers to the investigations of conducted emissions from electrical and mechanical devices, which could be compromising to an organization.
Temporal Key Integrity Protocol (TKIP)
An algorithm used to secure wireless computer networks; meant as a replacement for WEP.
Terminal Access Controller Access-Control System (TACACS)
A remote authentication protocol similar to RADIUS used more often in UNIX networks.
A type of DMZ where a firewall has three legs that connect to the LAN, Internet, and the DMZ.
Part of the authentication process used by Kerberos.
Trojans set off on a certain date.
When a user’s logon hours are configured to restrict access to the network during certain types of the day and week.
A backup rotation scheme based on the mathematics of the Towers of Hanoi puzzle. Uses three backup sets. For example, the first tape is used every second day, the second tape is used every fourth day, and the third tape is used every eighth day.
Transport Layer Security (TLS)
The successor to SSL. Provides secure Internet communications. This is shown in a browser as HTTPS.
Similar to DES but applies the cipher algorithm three times to each cipher block.
Applications that appear to perform desired functions but are actually performing malicious functions behind the scenes.
Trusted Computer System Evaluation Criteria (TCSEC)
A DoD standard that sets basic requirements for assessing the effectiveness of computer security access policies. Also known as The Orange Book.
A similar attack to the Fraggle. It uses the connectionless User Datagram Protocol. It is enticing to attackers because it does not require a synchronization process.
uninterruptible power supply (UPS)
Takes the functionality of a surge suppressor and combines that with a battery backup, protecting our computer not only from surges and spikes, but also from sags, brownouts, and blackouts.
A security component of Windows Vista that keeps every user (besides the actual Administrator account) in standard user mode instead of as an administrator with full administrative rights—even if they are a member of the administrators group.
A device used to add computers to a 10BASE5 network. It pierces the copper conductor of a coaxial cable and can also be used for malicious purposes.
Created by virtual software; they are images of operating systems or individual applications.
A connection between two or more computers or devices that are not on the same private network.
The creation of a virtual entity, as opposed to a true or actual entity.
Code that runs on a computer without the user’s knowledge; it infects the computer when the code is accessed and executed.
The act of gaining access to traffic on other VLANs that would not normally be accessible by jumping from one VLAN to another
Weaknesses in your computer network design and individual host configuration.
Baselining of the network to assess the current security state of computers, servers, network devices, and the entire network in general.
The practice of finding and mitigating software vulnerabilities in computers and networks.
The act of scanning for weaknesses and susceptibilities in the network and on individual systems.
The act of scanning telephone numbers by dialing them one at a time and adding them to a list, in an attempt to gain access to computer networks.
The act of searching for wireless networks by a person in a vehicle through the use of a device with a wireless antenna, often a particularly strong antenna.
This will have computers, phones, and servers, but they might require some configuration before users can start working on them.
A decentralized model used for sharing certificates without the need for a centralized CA.
Consists of a pressurized water supply system that can deliver a high quantity of water to an entire building via a piping distribution system.
A security protocol created by the Wi-Fi Alliance to secure wireless computer networks, more secure than WEP.
Wired Equivalent Privacy (WEP)
A deprecated wireless network security standard, less secure than WPA.
Tapping into a network cable in an attempt to eavesdrop on a conversation or steal data.
Code that runs on a computer without the user’s knowledge; they self-replicate whereas a virus does not.
A common PKI standard developed by the ITU-T that incorporates the single sign-on authentication method.
The individual compromised computers in a botnet.