Acronyms of the CCNA Security Part 4 — Exploits, Attacks and Countermeasures

This article is part 4 of a series that describe the the acronyms that are likely found in a student’s CCNA Security studies. This article addresses the acronyms that are relevant in the context of Exploits, Attacks and Countermeasures.

ACE (Access Control Entry)–a single line or entry of an access control list

ACL (Access Control List)–an IOS or ASA construct that is used to permit or deny packets or to return a “match” or “not match” to a process that needs to make decisions based on layer 2, 3 or 4 header information.

CBAC (Context-Based Access Control)–traditional method of combining inspection with ACLs in order to allow an IOS Router to function as a stateful firewall

CoPP (Control Plane Policing)–a method used to drop or rate-limit types of traffic or packets that could cause a denial of service condition due to the requirement that they be handled by the router’s CPU

CPPr (Control Plane Protection)–an extension of CoPP that allows for more granular assessment and control of traffic destined for the CPU of an IOS based device

DAI (Dynamic Arp Inspection)–method to utilize the IP Snooping database of an intelligent switch as a record of expected source mac address and block frames that have an unexpected source mac address

DDoS (Distributed Denial of Service)–a form of denial of service that utilizes a large number of distributed remote hosts to over subscribe a resource or resources of the attack target

DoS (Denial of Service)–an attack with the goal of taking a system offline utilizing whatever means necessary to starve resource and block legitimate access

MiTM (Man-in-The-Middle)–attack where the attacker superimposes him or herself between two hosts. Either or both hosts may be the target of the attack.

NAC (Network Admissions Control)–a system that performs some assessment of a system connecting to the network and yields some form of security policy or profile

RBAC (Role-Based Access Control)–any method of permitting and/or restricting access to resources based on requirements to fulfill an organizational role

RPF (Reverse Path Forwarding)–technique of comparing source layer 3 address with the routing table entries associated with the ingress interface that ensures loop free packet forwarding for multicast protocols. Also used with unicast protocols to drop packets that appear to be spoofed based on the source address and the ingress interface

ZBF (Zone-Based Firewall)–a newer configuration construct (as compared to CBAC) for stateful firewall configuration in IOS router that identifies interfaces as part of a zone and defines the traffic profiles between the zones

About Paul Stewart, CCIE 26009 (Security)

Paul is a Network and Security Engineer, Trainer and Blogger who enjoys understanding how things really work. With over 15 years of experience in the technology industry, Paul has helped many organizations build, maintain and secure their networks and systems.
This entry was posted in Career. Bookmark the permalink.