Triple DES, a 168-bit (3 x 56-bit encryption process). DES, or Data Encryption Standard, is a symmetric key encryption algorithm using a block-cipher method.
Authentication, authorization, and accounting.
The server/host responsible for running RADIUS or TACACS services.
Access Control Server, the RADIUS and TACACS system sold by Cisco.
Advanced Encryption Standard, is a symmetric key encryption algorithm using a block-cipher method developed by Joan Daemen and Vincent Rijmen. Available in key sizes of 128-bit, 192-bit, or 256-bit.
A method of attack that starts with relatively few packets and amplifies its responses (like Smurf or Fraggle attacks).
Cisco’s secure mobility client solution, supporting full-tunnel VPN. Require sa small client on the workstation, but then tunnels all traffic through the SSL or IPsec tunnel, allowing other nonsecure protocols to be transported and secured.
Adaptive Security Appliance firewall, such as the ASA 5510 Firewall.
Property (tangible or intangible) that has value to a company, something worth protecting.
Meaning both sides are not the same (not symmetrical). An asymmetrical encryption algorithm uses one key to encrypt data and a second (and different) key to decrypt the data.
attack severity rating
The amount of damage an attack can cause. It is used as one property of a signature inside of an IPS/IDS system.
A detailed review of a network, system or collection of processes. Accounting is another word that has a similar function: collecting information about the network.
authentication method list
The list of methods to be used for authentication (RADIUS, TACACS, enable password, Kerberos, vty line, or local database).
authorization method list
The list of methods to be used for authorization (RADIUS,TACACS, Kerberos, local database, or to pass if already authenticated).
Used to specify what the authenticated user is authorized to do
Cisco Common Classification Policy Language. This promotes the concept of using class maps and policy maps to identify and provide specific treatment for traffic
Certificate authority. A system that generates and issues digital certificates. This is usually a device that is trusted by both parties using certificates.
Cisco Configuration Professional. A web-based router administration tool with a GUI.
Groups of routers presented together in CCP as a community of devices. A way to organize the devices being managed within CCP.
Sections of configurations that can be reapplied to multiple devices in CCP, substituting variables (such as a hostname) that are unique to each router.
CCP user profiles
Method to restrict what CCP displays to the administrator, thus limiting what the administrator can see and change through CCP.
Cisco public key
The Cisco public key is needed for the IOS-based IPS to verify Cisco’s digital signature of the IPS signature package provided by Cisco.
Security Intelligence Operations. Early warning intelligence, threat and vulnerabilityanalysis, and proven Cisco mitigation solutions to help protect networks.
The portion of modular policy framework (MPF) in the ASA, or C3PL on routers and switches, that defines what types of traffic belong to a certain class. Policy maps rely on class maps for the classification of traffic.
class map type inspect
This special type of class map defines specific classes and types of traffic to be used for further inspection in Zone-Based Firewalls on IOS routers.
clientless SSL VPN
Allows for limited VPN resource access within some protocols that can natively support TLS, such as HTTPS and CIFS shared over HTTPS.
Security enforcement that involves the observation of users and roles in addition to things like interface-based controls. An example is an ACS server providing full access to an administrator who is logged in from his local computer, but restricted access when that same user is logged in through a remote device or through a smart phone.
The logic systems in a device that are responsible for the routing or switching decisions (control). Routing protocols are a prime example.
Certificate revocation list. Used in a PKI environment to inform clients about certificates that have been revoked by the CA.
custom privilege level
Level 0 (user) and level 15 (enable) are predefined; anything in between (1–14) would be custom privilege level.
The logic systems in a device that are responsible for the actual movement (post-decision) of information. End users sending traffic to their servers is one example of traffic on the data plane.
The Diffie-Hellman exchange, refers to the security algorithm used to exchange keys securely, even over an unsecured network connection. Groups refer to the lengths of the keys involved in the exchange. Group 1 is a 768-bit key exchange, Group 2 is a 1024-bitkey exchange, and Group 5 is a 1536-bit key exchange. The purpose of this algorithm is toestablish shared symmetrical secret keys on both peers. The symmetric keys are used by symmetric algorithms such as AES.