This article is part 4 of a series that describe the the acronyms that are likely found in a student’s CCNA Security studies. This article addresses the acronyms that are relevant in the context of Exploits, Attacks and Countermeasures.
ACE (Access Control Entry)–a single line or entry of an access control list
ACL (Access Control List)–an IOS or ASA construct that is used to permit or deny packets or to return a “match” or “not match” to a process that needs to make decisions based on layer 2, 3 or 4 header information.
CBAC (Context-Based Access Control)–traditional method of combining inspection with ACLs in order to allow an IOS Router to function as a stateful firewall
CoPP (Control Plane Policing)–a method used to drop or rate-limit types of traffic or packets that could cause a denial of service condition due to the requirement that they be handled by the router’s CPU
CPPr (Control Plane Protection)–an extension of CoPP that allows for more granular assessment and control of traffic destined for the CPU of an IOS based device
DAI (Dynamic Arp Inspection)–method to utilize the IP Snooping database of an intelligent switch as a record of expected source mac address and block frames that have an unexpected source mac address
DDoS (Distributed Denial of Service)–a form of denial of service that utilizes a large number of distributed remote hosts to over subscribe a resource or resources of the attack target
DoS (Denial of Service)–an attack with the goal of taking a system offline utilizing whatever means necessary to starve resource and block legitimate access
MiTM (Man-in-The-Middle)–attack where the attacker superimposes him or herself between two hosts. Either or both hosts may be the target of the attack.
NAC (Network Admissions Control)–a system that performs some assessment of a system connecting to the network and yields some form of security policy or profile
RBAC (Role-Based Access Control)–any method of permitting and/or restricting access to resources based on requirements to fulfill an organizational role
RPF (Reverse Path Forwarding)–technique of comparing source layer 3 address with the routing table entries associated with the ingress interface that ensures loop free packet forwarding for multicast protocols. Also used with unicast protocols to drop packets that appear to be spoofed based on the source address and the ingress interface
ZBF (Zone-Based Firewall)–a newer configuration construct (as compared to CBAC) for stateful firewall configuration in IOS router that identifies interfaces as part of a zone and defines the traffic profiles between the zones