Brute Force Attack - There are two types of password attacks: dictionary and brute force. In a dictionary attack, a cracker compares a list of dictionary words to each password. This is the fastest method, since most users invariably use common words found in the dictionary for their passwords. If a dictionary attack fails, a cracker will often try a brute force attack. In this type of attack, every letter, number, and special character combination is compared against the list of passwords. If given enough time, a brute force attack can crack almost any password.
Compensating Control - A compensating control is a process or technology that helps to make up for the lack of a primary control. For example, if your organization insists on assigning weak passwords to the local administrator accounts on your servers, a compensating control might be to implement much stricter controls on physical access to the data center. Since local accounts are used by someone actually standing at the server keyboard, imposing strong physical access restrictions can help reduce risk.
Firmware - Put simply, firmware is a program on an integrated circuit or "chip". Many hardware devices contain firmware that performs tasks ranging from boot up activities to fundamental operating and housekeeping tasks.
Patch - A patch is a small fix to a program that corrects a problem. Security patches are regularly released by software and hardware vendors to eliminate newly discovered vulnerabilities in their products.
Personal Firewall - A personal firewall is an application that resides on and protects an end-user device from external threat agents. It operates in much the same way as a network class firewall.
Shoulder Surfing - When a person looks over another's shoulder to see what keys she presses to enter her password, that's shoulder surfing. Shoulder surfing is a term used to describe any activity whereby a person watches a user perform some action that may result in the unauthorized and unintentional revelation of confidential information.
SSL VPN - A VPN, or Virtual Private Network, is a secure connection between two points, usually at distant locations across the Internet. A VPN connection is often more secure than one with a device on the same internal network. The common method of implementing VPN is with IPSec (Internet Protocol Security). However, a new VPN technology is emerging based on SSL (Secure Sockets Layer). SSL uses certificates and public and private key encryption technology. SSL VPN brings more functionality to the network administrator and is usually much easier to implement than a traditional IPSec VPN implementation.
Token - A token is a physical object, usually about the size of a credit card, that identifies the person carrying it to a system or network. A token is typically used with a PIN.
Two Factor Authentication - There are three principle approaches to authenticating a user to a system or network. These approaches include the use of something you know, something you are, or something you have. An example of something you know is your password. Your fingerprint is an example of something you are. A token is an example of something you have. The use of any two of the three approaches is called two factor authentication.