UDP
User Datagram Protocol.
TCP
Transmission Control Protocol.
RADIUS
Remote Authentication Dial In User Service.
TTP
Trusted Third Parties.
Roaming
Roaming is the ability to get wireless network service in an area that differs from the registered home network location.
Octet
The sequence of 8 bits are called an octet. A byte may vary depending on the computer architecture.
Ciphers
An algorithm to hide information from unauthorized or verify that the information is correctly transmitted.
Stream ciphers
Stream ciphers operates on one bit at a time. The output is a PRNG. The output stream is XOR:ed with the data to encrypt. Often weak.
DES
Data Encryption Standard.
3-DES
Repeating DES three times with different keys. Is assumed to be safe to use until 2030, but is slow.
AES
Advanced Encryption Standard.
RC4
Ron's code 4. Is fast but weak.
ECB
Electronic Code-Book mode.
CBC
Cipher Block Chaining mode.
IV
Initialization vector.
CTR
Counter mode.
Asymmetric key encryption
One key is used to encrypt the data, and the other is used to decrypt the data. One of the keys can be public.
RSA
Rivest, Shamir, Adleman. An encryption algorithm with asymmetric keys.
ECC
Elliptic Curve Cryptography.
McEliece
An asymmetric encryption algorithm.
Lattice-based cryptography
Cryptography that involves lattices, which is a mathematical property defined in geometry and group theory.
MD5
Message Digest 5. A common hash function.
SHA-1
Secure hash algorithm. A common hash function.
SHA-2
Family name for SHA-224, SHA-256, SHA-384 and SHA-512. A common hash function.
SHA-3
The next generation of hash functions.
HMAC
Keyed-Hashing for Message Authentication. A standard for message authentication with MAC. It involves a cryptographic hash function and a secret cryptographic key to verify the integrity and authenticity of a message simultaneously.
CBC MAC
Cipher Block Chaining MAC.
Diffie-Hellman Key Agreement
Offers a secure way of exchanging keys over an untrusted network, but should be used carefully since we are not sure with whom we may share a key with.
TLS
Transport Layer Security.
SSH
Secure Shell.
IPSec
Internet Protocol Security.
CA
Certificate Authority.
PKI
Public Key Infrastructure.
CRL
Certificate Revocation Lists
OCSP
Online Certificate Status Protocol.
MITM
Man in the Middle.
DoS
Denial of Service.
DDoS
Distributed Denial of Service.
Ingress filtering
A technique used to ensure that incoming packets are actually from the network they claim to be.
Egress filtering
A technique used to control outgoing packets from a network to ensure that unauthorized or malicious traffic never leaves the network.
ICMP
Internet Control Message Protocol.
NAT
Network Address Translation.
LSR
Loose source route.
SSR
Strict source route.
IDS
Intrusion Detection System.
SYN
Synchronization flag in TCP segment. Used to initiate a connection between two hosts.
ACK
Acknowledgement flag in TCP segment. Used to acknowledge a successful transmission of a packet.
RST
Reset flag in TCP segment. Used to control whenever a segment arrives that does not meet the criteria for a referenced connection.
RFC
Requests for Comments.
DMZ
Demilitarized zone.
Stateless firewalls
Stateless firewalls do not inspect traffic or an entire packet. They only filter packets based on specific rules.
Stateful firewalls
Stateful firewalls keep track of the state of active network connections while analyzing the traffic looking for malicious activity.
Proxy server
A proxy server is a server that acts as an intermediary between a client and a server. The request from the client is directed toward the proxy which evaluates the request and passes it forwards. This has benefits like load balancing, privacy and security.
Screening router
Often used as a perimeter protection for an internal network and performs basic packet filtering.
ISP
Internet Service Provider.
Nonce
A nonce is a number that can only be used once in a cryptographic setting. This is to prevent replay attacks. They are often random or pseudo-random numbers.
DMZ
DMZ stands for demilitarized zone and is sometimes referred to as a perimeter network or screened subnet. It is a subnetwork that exposes companies external services to untrusted larger networks like the internet.
Spoofing
In a spoofing attack, an attacker successfully identifies as another person by falsifying data.
NAC
Network access control (NAC) is a solution that defines and implements a security policy based on a set of protocols. This policy is used when a device is connecting to the network.
DHCP
Dynamic Host Configuration Protocol (DHCP) is a protocol that allows a user to automatically retrieve an IP address in the network as well as other details about the network.
Port knocking
Port knocking is a method to open ports on the firewall for a specific user based on successfully connecting to a predefined set of closed ports.
De-perimeterisation
De-perimeterisation is the removal of the boundary between an organization and the outside world. A mixture of approaches is used for security instead of relying on the boundary to the internet.
The Jericho approach
The Jericho approach was a promotion for de-perimeterisation issued by the Jericho Forum.
RIP
Routing Information Protocol (RIP) is one of the oldest protocols for determining the best route through the internet.
BGF
Border Gateway Protocol (BGF) is the protocol underlying the global routing system of the internet.
Clogging
Is a type of DoS attack where an attacker establishes many thousands of connections to a specific host, making them unavailable for other users.
NAT
Network Address Translation (NAT)
AP
Access Point.
WAP
Wireless Access Point.
SSID
Identifier (name) for the network.
BSSID
Identifier for access points and their clients. The Access Point MAC address.
ESSID
It is the same as the SSID but used across multiple different Access Points as a part of the same WLAN.
BAN logic
Burrows–Abadi–Needham logic (BAN logic) is a set of rules to analyze information exchange protocols.