This article is a second in a series to help learners locate and understand the acronyms that should be found in their CCNA Security studies. Addressed below are several acronyms that deal with protocols and algorithms.
ARP (Address Resolution Protocol)–protocol for deriving layer two mac addresses from layer 3 IP addresses
HTTP (Hypertext Transfer Protocol)–protocol that facilitates communications between WWW clients and WWW servers to transport HTML, images and other content
HTTPS (Hypertext Transfer Protocol over Secure [sockets])–similar to HTTP, but utilizes a security protocol to create an authenticated connection from the web server to the client (with optional bidirectional authentication) and encrypted bidirectional communication
NAT (Network Address Translation)–technology to translate IP addresses to facilitate the use of overlapping address spaces. This can be an obfuscation protocol, but should not be considered a security feature
PAT (Port Address Translation)–subset of NAT that utilizes layer four ports to aggressively accommodate overs subscription of a public address or pool of addresses. This is the technology commonly used in SOHO routers to allow multiple clients access to the Internet using a single public IP address
SSH (Secure SHell)–provides a remote console access to a device in a manner similar to telnet. Unlike telnet, SSH is encrypted using a public/private key pair.
SSL (Secure Sockets Layer)–protocol often used as the secure socket layer of HTTPS to create the secure session for the higher level HTTP traffic
STP (Spanning Tree Protocol)–layer two switch control protocol used to eliminate loops. This technology is often used to allow a designer the ability to build redundancy. However, the protocol can be a target of attack and therefore has been retrofitted with various security features (root guard, BPDU guard) to control the operation
TLS (Transport Layer Security)–similar to SSL, but generally considered the more secure successor to its secure counterpart
ICMP (Internet Control Message Protocol)–protocol used for troubleshooting and testing of IP (Internet Protocol). Applications include Ping and Traceroute
RADIUS (Remote Authentication Dial-In User Service)–authentication protocol that allows a network device to pass authentication requests to an authentication server
RSA (Ravist, Shamir, and Adleman)–asymmetric encryption and authentication that utilizes a public and private key pair. RSA is a standard utilized in many protocols including SSL.
SDEE (Security Device Event Exchange)–flexible protocol standard for communicating with IPS and IDS devices
SGT (Security Group Tag)–in the Cisco Trustsec Architecture, a 16 bit label appended to an Ethernet Frame or IP Packet that indicates security classification
SNMP (Simple Network Management Protocol)–standard for managing network devices that allows for configuration, inventory and monitoring
TACACS+ (Terminal Access Controller Access Control System Plus)–Cisco proprietary protocol for authentication, authorization and accounting. While similar to RADIUS in function, TACACS+ utilizes a connection oriented transport layer and has been extended to allow “command authorization”