| A | B |
|---|
| access control list (ACL) | A list of all users and groups that have access to an object. |
| accounting | Also known as auditing |
| Active Directory | Active Directory is a directory service technology created by Microsoft that provides a variety of network services |
| administrative share | A shared folder typically used for administrative purposes. |
| asymmetric encryption | Also known as public key cryptography |
| auditing | Also known as accounting |
| authentication | The process of identifying an individual |
| authorization | The process of giving individuals access to system objects based on their identity. |
| biometrics | An authentication method that identifies and recognizes people based on physical traits |
| BitLocker To Go | A new feature in Windows 7 that enables users to encrypt removable USB devices |
| brute force attack | A type of attack that tries as many possible combinations of characters as time and money permit. |
| built-in groups | The default groups that are included within Windows or Active Directory. |
| certificate chain | Also known as the certification path |
| certificate revocation list (CRL | A list of certificates (or more specifically |
| computer account | A logical object that provides a means for authenticating and auditing a computer's access to a Windows network |
| decryption | The process of converting data from encrypted format back to its original format. |
| dictionary attack | A form of attach which attempts all words in one or more dictionaries. Lists of common passwords are also typically tested. |
| digital certificate | An electronic document that contains an identity |
| digital signature | A mathematical scheme that is used to demonstrate the authenticity of a digital message or document. It is also used to prove that the message or document has not been modified. |
| domain controller | A Windows server that stores a replica of the account and security information of a domain and defines the domain boundaries. |
| domain user | A user account stored on the domain controller and allows you to gain access to resources within the domain |
| effective permissions | Actual permissions when logging in and accessing a file or folder. They consist of explicit permissions plus any inherited permissions. |
| encryption | The process of converting data into a format that cannot be read by another user. Once a user has encrypted a file |
| explicit permission | Permissions granted directly to a file or folder. |
| group | A collection or list of user accounts or computer accounts. |
| hash function | as a one-way encryption |
| inherited permission | Permissions granted to a folder (parent object or container) that flows into child objects (subfolders or files) inside that folder. |
| IP Security (IPsec) | A suite of protocols that provides a mechanism for data integrity |
| Kerberos | The default domain computer network authentication protocol |
| Key | Can be thought of as a password |
| local user account | A user account that is stored in the Security Account Manager (SAM) database on the local computer. |
| member server | A server that is not running as a domain controller. |
| multifactor authentication | When two or more authentication methods are used to authenticate someone. |
| nonrepudiation | Prevents one party from denying the actions it has carried out. |
| NTFS | The preferred file system for today’s Windows operating system. |
| NTFS Permission | Permissions that allow you to control which users and groups can gain access to files and folders on an NTFS volume. |
| NTLM | The default authentication protocol for Windows NT |
| organizational units (OU) | A container used in Active Directory to help organize objects within a domain and minimize the number of domains. |
| owner | A identity that controls an object including what permissions are set on the object and to whom permissions are granted. |
| password | A secret series of characters that enables a user to access a particular file |
| permission | Defines the type of access that is granted to an object (an object can be identified with a security identifier) or object attribute. |
| personal identification number (PIN | A secret numeric password shared between a user and a system that can be used to authenticate the user to the system. |
| public key infrastructure (PKI) | A system consisting of hardware |
| registry | A central |
| right | Authorizes a user to perform certain actions on a computer |
| Secure Sockets Layer (SSL) | A cryptographic system that uses two keys to encrypt data |
| Security Account Manager (SAM | A local security database found on most Windows computers. |
| security token | A physical device that an authorized computer services user is given to ease authentication. |
| share permissions | permissions assigned to shared folders or drives. |
| shared folder | Technology that allows access of data files over the network. |
| single sign-on (SSO) | Technology that allows you to log on once and access multiple related but independent software systems without having to log in again. |
| smart card | A pocket-sized card with embedded integrated circuits consisting of nonvolatile memory storage components and perhaps dedicated security logic. |
| symmetric encryption | Uses a single key to encrypt and decrypt data. |
| Syslog | A standard for logging program messages that can be accessed by devices that would not otherwise have a method for communications. |
| user account | A logical object that enables a user to log on to a computer and domain. |
| virtual private network (VPN) | Technology that links two computers through a wide-area network such as the Internet. To keep the connection secure |
