A detection method where a database of known vulnerabilities or attack patterns is used.

Any information that can be used to identify a specific individual.

A string of code embedded into an application or script that will execute in response to an event.

The lack of this security control is one of the most common security issues on web-based applications. It allows for many different types of attacks, such as buffer overflow, SQL injection, and XSS.

A principle which states that individuals and processes should only be granted the rights and permissions needed to perform assigned tasks or functions, but no more.

The last rule in an ACL.

The order in which you should collect evidence (in general, starting with the least stable and moving to the most stable).

An attack that misleads computers or switches about the actual MAC address of a system.

A policy whereby employees are allowed to use their own smartphones and tablets to connection to the organization’s network.

An example of this would be an organization which keeps track of every user’s last 24 passwords and prevents users from reusing those passwords until they’ve used 24 new passwords.

A buffered zone between a private network and the Internet.

Short vertical posts, often made of reinforced concrete and/or steel. Good a preventing a car from driving into a building.

Malware that has the ability to mutate when it replicates or executes itself.

A technique in which a computer program sends random data to an application, often in the hopes of finding a security vulnerability.

A smart card would be an example of this type of authentication factor.

Turning this feature off will stop the casual user from seeing your wireless network.

SLE X ARO.

An attack in which specifically crafted input is given to a web application, resulting in a back-end database returning information.

Before deploying a patch to the whole network, it may be useful to test it in one of these.

A centralized method of authentication for multiple remote access servers. Its name is also a geometry term.

A protocol that translates public IP addresses to private IP addresses and private addresses back to public.

A system to provide fault tolerance for disks and increase the system availability. In this version, data written to one disk is also written to another disk (a process called mirroring).

An attack that spoof the source address of a directed broadcast ping packet to flood a victim with ping replies.

A hardware chip on a computer’s motherboard that stored cryptographic keys used for encryption. Provides full disk encryption capabilities.

A network authentication mechanism used within Windows Active Directory domains and some Unix environments known as realms. Relies on the issuing of tickets which are used for authentication.