Acronyms of the CCNA Security Part 2 — Protocols and Algorithms

This article is a second in a series to help learners locate and understand the acronyms that should be found in their CCNA Security studies. Addressed below are several acronyms that deal with protocols and algorithms.

ARP (Address Resolution Protocol)–protocol for deriving layer two mac addresses from layer 3 IP addresses

HTTP (Hypertext Transfer Protocol)–protocol that facilitates communications between WWW clients and WWW servers to transport HTML, images and other content

HTTPS (Hypertext Transfer Protocol over Secure [sockets])–similar to HTTP, but utilizes a security protocol to create an authenticated connection from the web server to the client (with optional bidirectional authentication) and encrypted bidirectional communication

NAT (Network Address Translation)–technology to translate IP addresses to facilitate the use of overlapping address spaces. This can be an obfuscation protocol, but should not be considered a security feature

PAT (Port Address Translation)–subset of NAT that utilizes layer four ports to aggressively accommodate overs subscription of a public address or pool of addresses. This is the technology commonly used in SOHO routers to allow multiple clients access to the Internet using a single public IP address

SSH (Secure SHell)–provides a remote console access to a device in a manner similar to telnet. Unlike telnet, SSH is encrypted using a public/private key pair.

SSL (Secure Sockets Layer)–protocol often used as the secure socket layer of HTTPS to create the secure session for the higher level HTTP traffic

STP (Spanning Tree Protocol)–layer two switch control protocol used to eliminate loops. This technology is often used to allow a designer the ability to build redundancy. However, the protocol can be a target of attack and therefore has been retrofitted with various security features (root guard, BPDU guard) to control the operation

TLS (Transport Layer Security)–similar to SSL, but generally considered the more secure successor to its secure counterpart

ICMP (Internet Control Message Protocol)–protocol used for troubleshooting and testing of IP (Internet Protocol). Applications include Ping and Traceroute

RADIUS (Remote Authentication Dial-In User Service)–authentication protocol that allows a network device to pass authentication requests to an authentication server

RSA (Ravist, Shamir, and Adleman)–asymmetric encryption and authentication that utilizes a public and private key pair. RSA is a standard utilized in many protocols including SSL.

SDEE (Security Device Event Exchange)–flexible protocol standard for communicating with IPS and IDS devices

SGT (Security Group Tag)–in the Cisco Trustsec Architecture, a 16 bit label appended to an Ethernet Frame or IP Packet that indicates security classification

SNMP (Simple Network Management Protocol)–standard for managing network devices that allows for configuration, inventory and monitoring

TACACS+ (Terminal Access Controller Access Control System Plus)–Cisco proprietary protocol for authentication, authorization and accounting. While similar to RADIUS in function, TACACS+ utilizes a connection oriented transport layer and has been extended to allow “command authorization”

If you found this article useful for your CCNA Security studies, be sure to subscribe to the RSS Feed or Email Notifications. More content like this will be provided in future articles.

About Paul Stewart, CCIE 26009 (Security)

Paul is a Network and Security Engineer, Trainer and Blogger who enjoys understanding how things really work. With over 15 years of experience in the technology industry, Paul has helped many organizations build, maintain and secure their networks and systems.
This entry was posted in Career. Bookmark the permalink.