Triple DES. for further details.
See also [DES]
Authentication, authorization, and accounting (pronounced "triple a").
Acknowledgment bit in a TCP frame.
Access control list. A list of rules that can be applied to traffic entering a network device or other computing resource. These rules are most often enforced based on the Layer 3 (L3) and Layer 4 (L4) information in a packet.
Advanced Encryption Standard. The newest standard for data confidentiality from the U.S. government. Over time, this will replace DES in most deployments.
Asia Pacific Network Information Center. A nonprofit Internet registry organization for the Asia Pacific region.
American Registry for Internet Numbers. A nonprofit organization that dispenses IP addresses in North and South America, the Caribbean, and sub-Saharan Africa.
Best common practices. Generally accepted guidelines for the implementation of a specific feature or function on the network.
Berkeley Internet Name Domain. The most commonly used Domain Name System (DNS) software.
Bridge protocol data unit. A Spanning-Tree Protocol (STP) message unit that describes the attributes of a switch port, such as its Media Access Control (MAC) address, priority, and cost to reach.
Cisco Discovery Protocol. Media- and protocol-independent device-discovery protocol that runs on most equipment manufactured by Cisco Systems, including routers and switches
Computer Emergency Response Team. A group of people in a specific organization who coordinate their response to breaches of security or other computer emergencies such as breakdowns and disasters. CERT is also a federally funded organization out of Carnegie Mellon University that aids in distributing information about computer security vulnerabilities.
Confidentiality, integrity, and availability. Three core elements used in computer security.
Data that has been coded (enciphered, encrypted, encoded) for security purposes.
Normal text that has not been encrypted and is readable by text editors and word processors. Also known as plaintext.
Command-line interface. The text-based method of configuring a device.
Distributed denial of service.
See also [DoS]
Data Encryption Standard. The original U.S. government standard for data confidentiality now replaced by AES.
Dynamic Host Configuration Protocol. Software that automatically assigns IP addresses to client stations logging on to a TCP/IP network.
Demilitarized zone. A middle ground between an organization's trusted internal network and an untrusted external network such as the Internet.
Domain Name System. Name resolution software that lets users locate computers on a TCP/IP network by name.
Denial of service. An assault on a network that floods it with so many additional requests that regular traffic is either slowed or completely interrupted.
A phrase that is commonly used to refer to the interactive command processor of Cisco IOS.
A separate portion of a network designed to facilitate commerce between a vendor and its customers and suppliers.
A network device that has the capability to implementing access control or other security techniques to enforce a particular traffic policy at a given point in the network.
File Transfer Protocol. A protocol used to transfer files over a TCP/IP network.
Host intrusion detection system.
See also [IDS]
Hypertext Transfer Protocol. The communications protocol used to connect to web servers.
Hypertext Transfer Protocol Secure. The protocol for accessing a web server employing Secure Sockets Layer (SSL)/Transport Layer Security (TLS) encryption. Using HTTPS in a URL instead of HTTP directs the message to a secure port number rather than the default web port number of 80. The session is then managed by a security protocol.
Internet Control Message Protocol. A TCP/IP protocol used to send error and control messages.
Intrusion detection system. Software that watches for attack traffic to a computer system or network.
Institute of Electrical and Electronics Engineers. The standards body behind Ethernet and 802.11, among others.
Internet Engineering Task Force. The standards body responsible for much of the Internet's protocols including TCP/IP.
Internet Key Exchange. A method for establishing a security association (SA) that authenticates users, negotiates the encryption method, and exchanges the secret key.
Internet Message Access Protocol. A standard mail protocol commonly used on the Internet.
An in-house network that serves the employees of an organization.
Internetwork Operating System. An operating system from Cisco Systems that is the primary control program used in Cisco routers and many switches.
Internet Protocol. The network layer protocol in the TCP/IP communications protocol suite.
IP Security. A security protocol from the Internet Engineering Task Force (IETF) that can provide authentication and encryption at Layer 3.
Internet service provider.
See also [Layer 2]
See also [Layer 3]
Local area network.
The communications protocol that contains the data-link address of a client or server station such as a Media Access Control (MAC) address in Ethernet.
The communications protocol that contains the network layer address of a client or server station such as an IP address in TCP/IP.
Lightweight Directory Access Protocol. A protocol used to access a directory listing.
Media Access Control. The unique identifier used in Ethernet and Token Ring adapters that identifies a specific network card.
Network access server. Hardware and/or software that functions as a junction point between an external and internal network. Typically NAS refers to a dial-up gateway to access an organization.
Network intrusion detection system.
See also [IDS]
Network Time Protocol. A protocol used to synchronize the real-time clock in a computer.
Open Shortest Path First. A routing protocol that determines the best path for routing IP traffic over a TCP/IP network based on distance between nodes and several quality parameters.
Post Office Protocol version 3. A standard mail protocol commonly used on the Internet.
Also called a "proxy" or "application level gateway," an application that terminates and reestablishes the connection between sender and receiver, often performing security checks at this step.
Public-Switched Telephone Network. The global voice telephone network.
Quality of service. The ability to define a level of performance in a data communications system.
Remote Authentication Dial-In User Service. An access control protocol that uses a challenge/response method for authentication.
Request for Comments. A document that describes the specifications for a recommended technology. RFCs are used by the Internet Engineering Task Force (IETF).
Routing Information Protocol. A simple routing protocol that is part of the TCP/IP protocol suite.
A device that forwards data packets at Layer 3 from one LAN or WAN to another.
Rivest-Shamir-Adleman. A cryptography method by RSA Data Security, Inc. It uses a two-part key. The private key is kept by the owner; the public key is made available.
An amateur that tries to illegally intrude into a system by taking the path of least resistance.
Simple Mail Transfer Protocol. The standard e-mail delivery protocol on the Internet.
Simple Network Management Protocol. A widely used network monitoring and control protocol.
Structured Query Language. Pronounced "SQL" or "see qwill," a language used to interrogate and process data in a relational database.
Secure Shell. Provides secure logon for many popular operating systems and network devices. SSH can replace Telnet, FTP, and other remote logon utilities as a cryptographically protected alternative.
Secure Sockets Layer. The leading security protocol on the Internet. When an SSL session is started, the server sends its public key to the browser, and the browser uses that key to send a randomly generated secret key back to the server to have a secret key exchange for that session. SSL is slowly being replace by Transport Layer Security (TLS), though the functionality remains very similar.
System Log protocol. A framework for sending event messages for a host, potentially across an IP network.
Terminal Access Controller Access Control System Plus. An access control protocol used in many Cisco devices.
Transmission Control Protocol. The reliable, connection-oriented protocol within TCP/IP.
A terminal emulation protocol commonly used on TCP/IP-based networks.
Trivial File Transfer Protocol. A lightweight file transfer protocol used for sending data between two end stations. Directory traversal and authentication are not supported.
Transport Layer Security. A security protocol from the Internet Engineering Task Force (IETF) that is the evolution of Secure Sockets Layer (SSL).
User Datagram Protocol. A protocol within the TCP/IP protocol suite that is used in place of TCP when a reliable delivery is not required.
Uniform Resource Locator. The address that defines the route to a file on the web or any other Internet facility.
Virtual LAN. A VLAN is a logical subgroup within a local area network that is created by using software rather than physically separate networks.
Voice over IP.
Virtual private network. A logical private network that is configured within a public network but that maintains the same security and availability characteristics of a physically private network.
Wide area network. A communications network that covers a wide geographic area.
World Wide Web.
Part I. Network Security Foundations
Network Security Axioms
Security Policy and Operations Life Cycle
Secure Networking Threats
Network Security Technologies
Part II. Designing Secure Networks
General Design Considerations
Network Security Platform Options and Best Deployment Practices
Common Application Design Considerations
Identity Design Considerations
IPsec VPN Design Considerations
Supporting-Technology Design Considerations
Designing Your Security System
Part III. Secure Network Designs
Edge Security Design
Campus Security Design
Teleworker Security Design
Part IV. Network Management, Case Studies, and Conclusions
Secure Network Management and Network Security Management
Appendix A. Glossary of Terms
Appendix B. Answers to Applied Knowledge Questions
Appendix C. Sample Security Policies
INFOSEC Acceptable Use Policy
Guidelines on Antivirus Process