Envoy Data IT Security Glossary
Glossary Terms
Administrative Security
The management constraints and supplemental controls established to provide an acceptable level of protection for data.
The management constraints and supplemental controls established to provide an acceptable level of protection for data.
Adware
While not necessarily malware, adware is considered to go beyond the reasonable advertising that one might expect from freeware or shareware. Typically a separate program that is installed at the same time as a shareware or similar program, adware will usually continue to generate advertising even when the user is not running the origianlly desired program. See also cookies, spyware, and web bugs
While not necessarily malware, adware is considered to go beyond the reasonable advertising that one might expect from freeware or shareware. Typically a separate program that is installed at the same time as a shareware or similar program, adware will usually continue to generate advertising even when the user is not running the origianlly desired program. See also cookies, spyware, and web bugs
AIS
Automated Information System – any equipment of an interconnected system or subsystems of equipment that is used in the automatic acquisition, storage, manipulation, control, display, transmission, or reception of data and includes software, firmware, and hardware.
Automated Information System – any equipment of an interconnected system or subsystems of equipment that is used in the automatic acquisition, storage, manipulation, control, display, transmission, or reception of data and includes software, firmware, and hardware.
Application Level Gateway
(Firewall) A firewall system in which service is provided by processes that maintain complete TCP connection state and sequencing. Application level firewalls often re-address traffic so that outgoing traffic appears to have originated from the firewall, rather than the internal host.
(Firewall) A firewall system in which service is provided by processes that maintain complete TCP connection state and sequencing. Application level firewalls often re-address traffic so that outgoing traffic appears to have originated from the firewall, rather than the internal host.
Assessment
Surveys and Inspections; an analysis of the vulnerabilities of an AIS. Information acquisition and review process designed to assist a customer to determine how best to use resources to protect information in systems.
Surveys and Inspections; an analysis of the vulnerabilities of an AIS. Information acquisition and review process designed to assist a customer to determine how best to use resources to protect information in systems.
Assurance
A measure of confidence that the security features and architecture of an AIS accurately mediate and enforce the security policy.
A measure of confidence that the security features and architecture of an AIS accurately mediate and enforce the security policy.
ATA cards
ATA, short for advanced technology attachment, is a type of disk drive that integrates the drive controller directly on the drive itself.
Attack
An attempt to bypass security controls on a computer. The attack may alter, release, or deny data. Whether an attack will succeed depends on the vulnerability of the computer system and the effectiveness of existing countermeasures.
An attempt to bypass security controls on a computer. The attack may alter, release, or deny data. Whether an attack will succeed depends on the vulnerability of the computer system and the effectiveness of existing countermeasures.
Authenticate
To establish the validity of a claimed user or object.
To establish the validity of a claimed user or object.
Authentication
To positively verify the identity of a user, device, or other entity in a computer system, often as a prerequisite to allowing access to resources in a system.
To positively verify the identity of a user, device, or other entity in a computer system, often as a prerequisite to allowing access to resources in a system.
Automated Security Monitoring
All security features needed to provide an acceptable level of protection for hardware, software, and classified, sensitive, unclassified or critical data, material, or processes in the system.
All security features needed to provide an acceptable level of protection for hardware, software, and classified, sensitive, unclassified or critical data, material, or processes in the system.
Back Door
A hole in the security of a computer system deliberately left in place by designers or maintainers. Synonymous with trap door; a hidden software or hardware mechanism used to circumvent security controls.
A hole in the security of a computer system deliberately left in place by designers or maintainers. Synonymous with trap door; a hidden software or hardware mechanism used to circumvent security controls.
Biometrics
In IT security, biometrics is a form of user authentication. Biological markers are used to verify identity and control physical, network, or data access. The most common use of biometrics is fingerprint analysis, however, there are less common and more expensive biometric technologies including facial recognition, DNA, iris or retinal recognition and palm print analysis.
Breach
The successful defeat of security controls which could result in a penetration of the system. A violation of controls of a particular information system such that information assets or system components are unduly exposed.
The successful defeat of security controls which could result in a penetration of the system. A violation of controls of a particular information system such that information assets or system components are unduly exposed.
Buffer Overflow
This happens when more data is put into a buffer or holding area, then the buffer can handle. This is due to a mismatch in processing rates between the producing and consuming processes. This can result in system crashes or the creation of a back door leading to system access.
This happens when more data is put into a buffer or holding area, then the buffer can handle. This is due to a mismatch in processing rates between the producing and consuming processes. This can result in system crashes or the creation of a back door leading to system access.
Bug
An unwanted and unintended property of a program or piece of hardware, especially one that causes it to malfunction.
An unwanted and unintended property of a program or piece of hardware, especially one that causes it to malfunction.
CAC
Short for Common Access Card, CAC is the standard form of ID for military personnel. Essentially a multi-function smart card, Common Access Cards are used for physical access to buildings, logical access to computers and networks, as a passport while traveling outside the US and as an electronic purse for new recruits.
Certificate Authority (CA)
A CA (Certificate Authority) issues digital certificates that are used to certify the ownership of a public key, allowing others to rely upon signatures or assertions made by the private key that corresponds to the public key that is certified.
CGI
Common Gateway Interface – CGI is the method that Web servers use to allow interaction between servers and programs.
Common Gateway Interface – CGI is the method that Web servers use to allow interaction between servers and programs.
CGI Scripts
Allows for the creation of dynamic and interactive web pages. They also tend to be the most vulnerable part of a web server (besides the underlying host security).
Allows for the creation of dynamic and interactive web pages. They also tend to be the most vulnerable part of a web server (besides the underlying host security).
Circuit Level Gateway
One form of a firewall. Validates TCP and UDP sessions before opening a connection. Creates a handshake, and once that takes place passes everything through until the session is ended.
One form of a firewall. Validates TCP and UDP sessions before opening a connection. Creates a handshake, and once that takes place passes everything through until the session is ended.
Cloud Computing
Cloud computing uses the internet and central remote servers to maintain data and applications. Cloud computing allows consumers and businesses to use applications without installation as well as access their personal files at any computer with internet access. This technology allows for much more efficient computing by centralizing storage, memory, processing and bandwidth.
CMS
CMS, short for Card Management System, refers to the system used to manage issuance and administration requirements of smart card deployments. Smart cards contain data specific to the holder, including personal information, security clearance and access level. CMS is used to initially put data on the smart card as well as to update records as needed.
COAST
Computer Operations, Audit, and Security Technology – is a multiple project, multiple investigator laboratory in computer security research in the Computer Sciences Department at Purdue University. It functions with close ties to researchers and engineers in major companies and government agencies. Its research is focused on real-world needs and limitations, with a special focus on security for legacy computing systems.
Computer Operations, Audit, and Security Technology – is a multiple project, multiple investigator laboratory in computer security research in the Computer Sciences Department at Purdue University. It functions with close ties to researchers and engineers in major companies and government agencies. Its research is focused on real-world needs and limitations, with a special focus on security for legacy computing systems.
Compromise
An intrusion into a computer system where unauthorized disclosure, modification or destruction of sensitive information may have occurred.
An intrusion into a computer system where unauthorized disclosure, modification or destruction of sensitive information may have occurred.
Computer Network Attack
(CAN) Operations to disrupt, deny, degrade, or destroy information resident in computers and computer networks, or the computers and networks themselves. (DODD S-3600.1 of 9 Dec 96)
(CAN) Operations to disrupt, deny, degrade, or destroy information resident in computers and computer networks, or the computers and networks themselves. (DODD S-3600.1 of 9 Dec 96)
Computer Security
Technological and managerial procedures applied to computer systems to ensure the availability, integrity and confidentiality of information managed by the computer system.
Technological and managerial procedures applied to computer systems to ensure the availability, integrity and confidentiality of information managed by the computer system.
Computer Security Intrusion
Any event of unauthorized access or penetration to an automated information system (AIS).
Any event of unauthorized access or penetration to an automated information system (AIS).
Contact Smart Card
Contact smart cards must make contact by being physically inserted into the smart card reader.
Contactless Smart Card Reader
Contactless smart cards need only be waved at a smart card reader in order to work. While some contactless smart card readers require the smart card to physically touch the reader, they are still considered contactless because the card does not have to be inserted into the reader.
Countermeasures
Action, device, procedure, technique, or other measure that reduces the vulnerability of an automated information system. Countermeasures that are aimed at specific threats and vulnerabilities involve more sophisticated techniques as well as activities traditionally perceived as security.
Action, device, procedure, technique, or other measure that reduces the vulnerability of an automated information system. Countermeasures that are aimed at specific threats and vulnerabilities involve more sophisticated techniques as well as activities traditionally perceived as security.
Crack
A popular hacking tool used to decode encrypted passwords. System administrators also use Crack to assess weak passwords by novice users in order to enhance the security of the AIS.
A popular hacking tool used to decode encrypted passwords. System administrators also use Crack to assess weak passwords by novice users in order to enhance the security of the AIS.
Cryptography
The art of science concerning the principles, means, and methods for rendering plain text unintelligible and for converting encrypted messages into intelligible form.
The art of science concerning the principles, means, and methods for rendering plain text unintelligible and for converting encrypted messages into intelligible form.
Cryptographic Keys
Cryptographic keys are used to encrypt data and ensure authentication of information. Typically, each company has their own set of cryptographic keys that allow other companies to verify data that has been sent electronically. Cryptographic keys can be used in a variety of ways including, digital signatures, message verification and credit card transactions.
DARPA
Defense Advanced Research Projects Agency.
Defense Advanced Research Projects Agency.
Data Driven Attack
A form of attack that is encoded in innocuous seeming data which is executed by a user or a process to implement an attack. A data driven attack is a concern for firewalls, since it may get through the firewall in data form and launch an attack against a system behind the firewall.
A form of attack that is encoded in innocuous seeming data which is executed by a user or a process to implement an attack. A data driven attack is a concern for firewalls, since it may get through the firewall in data form and launch an attack against a system behind the firewall.
Data Encryption Standard
Definition 1) (DES) An unclassified crypto algorithm adopted by the National Bureau of Standards for public use. Definition 2) A cryptographic algorithm for the protection of unclassified data, published in Federal Information Processing Standard (FIPS) 46. The DES, which was approved by the National Institute of Standards and Technology (NIST), is intended for public and government use.
Definition 1) (DES) An unclassified crypto algorithm adopted by the National Bureau of Standards for public use. Definition 2) A cryptographic algorithm for the protection of unclassified data, published in Federal Information Processing Standard (FIPS) 46. The DES, which was approved by the National Institute of Standards and Technology (NIST), is intended for public and government use.
Derf
The act of exploiting a terminal which someone else has absent-mindedly left logged on.
The act of exploiting a terminal which someone else has absent-mindedly left logged on.
DES
See Data Encryption Standard
See Data Encryption Standard
Digital Signature
Digital signatures are used to electronically sign important documents. A digital signature provides a secure way to ensure that the person whose signature appears is actually the person who signed the document. As many companies try to go paperless as much as possible, digital signatures are becoming more popular.
DMZ
Demilitarized Zone – A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.
Demilitarized Zone – A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.
DNS Spoofing
Assuming the DNS name of another system by either corrupting the name service cache of a victim system, or by compromising a domain name server for a valid domain.
Assuming the DNS name of another system by either corrupting the name service cache of a victim system, or by compromising a domain name server for a valid domain.
Dongle
Often referred to as a hardware token, hard token, authentication token, USB token, cryptographic token, or key fob; dongles plug into USB ports and ensure only authorized users can access a particular application. Essentially, dongles perform the same functions as smart cards, but in a much more limited capacity.
Encapsulating Security Payload
(ESP) A mechanism to provide confidentiality and integrity protection to IP datagrams.
(ESP) A mechanism to provide confidentiality and integrity protection to IP datagrams.
Encryption
Encrypted information is unreadable to anyone without authorization. Whole devices such as hard drives, portable drives, and USB flash drives can be encrypted as well as entire networks, emails, computer files, and smart cards. Encryption also helps protect from the interception of data moving between networks, mobile devices, Bluetooth, and even ATMs.
False Negative
Occurs when an actual intrusive action has occurred but the system allows it to pass as non-intrusive behavior.
Occurs when an actual intrusive action has occurred but the system allows it to pass as non-intrusive behavior.
False Positive
Occurs when the system classifies an action as anomalous (a possible intrusion) when it is a legitimate action.
Occurs when the system classifies an action as anomalous (a possible intrusion) when it is a legitimate action.
Fault Tolerance
The ability of a system or component to continue normal operation despite the presence of hardware or software faults.
The ability of a system or component to continue normal operation despite the presence of hardware or software faults.
Federal Information Processing Standards (FIPS)
FIPS is an IT security mandate for government agencies. Specifically, FIPS is a set of standards developed by the National Institute of Standards and Technology for encoding government data.
Firewall
A system or combination of systems that enforces a boundary between two or more networks. Gateway that limits access between networks in accordance with local security policy. The typical firewall is an inexpensive micro-based Unix box kept clean of critical data, with many modems and public network ports on it, but just one carefully watched connection back to the rest of the cluster.
A system or combination of systems that enforces a boundary between two or more networks. Gateway that limits access between networks in accordance with local security policy. The typical firewall is an inexpensive micro-based Unix box kept clean of critical data, with many modems and public network ports on it, but just one carefully watched connection back to the rest of the cluster.
Health Insurance Portability and Accountability Act (HIPPA)
HIPPA is a government mandate targeted at the healthcare industry. HIPPA includes IT security provisions that are intended to streamline standards for ensuring the protection of sensitive healthcare related information, including patient records.
Host
A single computer or workstation; it can be connected to a network.
A single computer or workstation; it can be connected to a network.
Host Based
Information, such as audit data from a single host which may be used to detect intrusions.
Information, such as audit data from a single host which may be used to detect intrusions.
HSM
Hardware Security Modules (HSM) use cryptographic keys to secure applications, transactions and information. Cryptographic keys protect information by creating a secret code that is used to encrypt all information contained within the HSM.
IDEA
(International Data Encryption Algorithm) – A private key encryption-decryption algorithm that uses a key that is twice the length of a DES key.
(International Data Encryption Algorithm) – A private key encryption-decryption algorithm that uses a key that is twice the length of a DES key.
Intrusion
Any set of actions that attempt to compromise the integrity, confidentiality or availability of a resource.
Any set of actions that attempt to compromise the integrity, confidentiality or availability of a resource.
Intrusion Detection
Pertaining to techniques which attempt to detect intrusion into a computer or network by observation of actions, security logs, or audit data. Detection of break-ins or attempts either manually or via software expert systems that operate on logs or other information available on the network.
Pertaining to techniques which attempt to detect intrusion into a computer or network by observation of actions, security logs, or audit data. Detection of break-ins or attempts either manually or via software expert systems that operate on logs or other information available on the network.
ISO
The ISO (International Organization for Standards) sets standard sizes for things such as smart cards so that they will be usable around the world.
IP Splicing / Hijacking
An action whereby an active, established, session is intercepted and co-opted by the unauthorized user. IP splicing attacks may occur after an authentication has been made, permitting the attacker to assume the role of an already authorized user. Primary protections against IP splicing rely on encryption at the session or network layer.
An action whereby an active, established, session is intercepted and co-opted by the unauthorized user. IP splicing attacks may occur after an authentication has been made, permitting the attacker to assume the role of an already authorized user. Primary protections against IP splicing rely on encryption at the session or network layer.
IP Spoofing
An attack whereby a system attempts to illicitly impersonate another system by using IP network address.
An attack whereby a system attempts to illicitly impersonate another system by using IP network address.
Key
A symbol or sequence of symbols (or electrical or mechanical correlates of symbols) applied to text in order to encrypt or decrypt.
A symbol or sequence of symbols (or electrical or mechanical correlates of symbols) applied to text in order to encrypt or decrypt.
Key Escrow
The system of giving a piece of a key to each of a certain number of trustees such that the key can be recovered with the collaboration of all the trustees.
The system of giving a piece of a key to each of a certain number of trustees such that the key can be recovered with the collaboration of all the trustees.
Keystroking
Keystroking, also called keystroke logging, keylogging, or keystroke monitoring, involves tracking the keys struck on a keyboard in an effort to obtain a user’s password information. This activity is a serious threat to IT security because successful attacks place sensitive data at risk. Hackers execute these practices covertly through the use of software, hardware, and even acoustic analysis. Countermeasures include, but are not limited to, anti-spyware, one-time passwords (OTP), security tokens (including smart cards), on-screen keyboards, and speech recognition; however, these various countermeasures generally inhibit only one kind of keystroking, thus creating a need for the deployment of multiple measures.
LAN
Local Area Network – A computer communications system limited to no more than a few miles and using high-speed connections (2 to 100 megabits per second). A short-haul communications system that connects ADP devices in a building or group of buildings within a few square kilometers, including workstations, front-end processors, controllers, switches, and gateways.
Local Area Network – A computer communications system limited to no more than a few miles and using high-speed connections (2 to 100 megabits per second). A short-haul communications system that connects ADP devices in a building or group of buildings within a few square kilometers, including workstations, front-end processors, controllers, switches, and gateways.
Malicious Code
Hardware, software, of firmware that is intentionally included in a system for an unauthorized purpose; e.g. a Trojan horse.
Hardware, software, of firmware that is intentionally included in a system for an unauthorized purpose; e.g. a Trojan horse.
Malware
A generic term increasingly being used to describe any form of malicious software; eg, viruses, trojan horses, malicious active content, etc.
A generic term increasingly being used to describe any form of malicious software; eg, viruses, trojan horses, malicious active content, etc.
Metric
A random variable x representing a quantitative measure accumulated over a period.
A random variable x representing a quantitative measure accumulated over a period.
Middleware
Smart card readers cannot interact with individual or networked computers without the aid of middleware. Middleware is essentially software that allows smart card readers, computers, and networks to communicate about the security clearance of each smart card the reader scans.
Multihost Based Auditing
Audit data from multiple hosts may be used to detect intrusions.
Audit data from multiple hosts may be used to detect intrusions.
Multi-Factor Authentication
Multi-Factor Authentication, also known as Strong Authentication, involves a combination of two or more methods of authentication. These methods include what you know (passwords, usernames and security questions), what you have (a token, smart card, or phone number that can receive one-time passwords), and who you are (biometrics).
Nak Attack
Negative Acknowledgment – A penetration technique which capitalizes on a potential weakness in an operating system that does not handle asynchronous interrupts properly and thus, leaves the system in an unprotected state during such interrupts.
Negative Acknowledgment – A penetration technique which capitalizes on a potential weakness in an operating system that does not handle asynchronous interrupts properly and thus, leaves the system in an unprotected state during such interrupts.
Net Send Spam
Windows messenger vulnerability also known as net send spam, messenger spam or winpopup. These types of ads usually take the form of a gray pop up box bearing spam (unsolicited advertisements) with an “OK” button.
Windows messenger vulnerability also known as net send spam, messenger spam or winpopup. These types of ads usually take the form of a gray pop up box bearing spam (unsolicited advertisements) with an “OK” button.
Network
Two or more machines interconnected for communications.
Two or more machines interconnected for communications.
Network Based
Network traffic data along with audit data from the hosts used to detect intrusions.
Network traffic data along with audit data from the hosts used to detect intrusions.
Network Level Firewall
A firewall in which traffic is examined at the network protocol (IP) packet level.
A firewall in which traffic is examined at the network protocol (IP) packet level.
Network Security
Protection of networks and their services from unauthorized modification, destruction, or disclosure, and provision of assurance that the network performs its critical functions correctly and there are no harmful side-effects. Network security includes providing for data integrity.
Protection of networks and their services from unauthorized modification, destruction, or disclosure, and provision of assurance that the network performs its critical functions correctly and there are no harmful side-effects. Network security includes providing for data integrity.
Network Security Officer
Individual formally appointed by a designated approving authority to ensure that the provisions of all applicable directives are implemented throughout the life cycle of an automated information system network.
Individual formally appointed by a designated approving authority to ensure that the provisions of all applicable directives are implemented throughout the life cycle of an automated information system network.
Non-Repudiation
Method by which the sender of data is provided with proof of delivery and the recipient is assured of the sender’s identity, so that neither can later deny having processed the data.
Method by which the sender of data is provided with proof of delivery and the recipient is assured of the sender’s identity, so that neither can later deny having processed the data.
OEM
OEM is short for original equipment manufacturer. The definition for an OEM has changed over time. 1. The original definition: the manufacturer of a good which is purchased by another company and sold under the purchasing company’s name. 2. The more recent definition: a company that buys a product and incorporates or re-brands it into a new product under its own name.
Open Security
Environment that does not provide environment sufficient assurance that applications and equipment are protected against the introduction of malicious logic prior to or during the operation of a system.
Environment that does not provide environment sufficient assurance that applications and equipment are protected against the introduction of malicious logic prior to or during the operation of a system.
Open Systems Security
Provision of tools for the secure internetworking of open systems.
Provision of tools for the secure internetworking of open systems.
Operational Data Security
The protection of data from either accidental or unauthorized, intentional modification, destruction, or disclosure during input, processing, or output operations.
The protection of data from either accidental or unauthorized, intentional modification, destruction, or disclosure during input, processing, or output operations.
Operations Security
Definition 1) The process of denying adversaries information about friendly capabilities and intentions by identifying, controlling, and protecting indicators associated with planning and conducting military operations and other activities. Definition 2) An analytical process by with the U.S. Government and its supporting contractors can deny to potential adversaries information about capabilities and intentions by identifying, controlling, and protecting evidence of the planning and execution of sensitive activities and operations.
Definition 1) The process of denying adversaries information about friendly capabilities and intentions by identifying, controlling, and protecting indicators associated with planning and conducting military operations and other activities. Definition 2) An analytical process by with the U.S. Government and its supporting contractors can deny to potential adversaries information about capabilities and intentions by identifying, controlling, and protecting evidence of the planning and execution of sensitive activities and operations.
OSI
Open Systems Interconnection. A set of internationally accepted and openly developed standards that meet the needs of network resource administration and integrated network utility.
Open Systems Interconnection. A set of internationally accepted and openly developed standards that meet the needs of network resource administration and integrated network utility.
OTP/One time password
A one time password (OTP) is a password that can only be used once, usually within a set time frame. Due to the emergence of programs designed to track keyboard keystrokes, one-time-passwords provide added IT security. Various devices such as tokens have the ability to generate these passwords.
Packet
A block of data sent over the network transmitting the identities of the sending and receiving stations, error-control information, and message.
A block of data sent over the network transmitting the identities of the sending and receiving stations, error-control information, and message.
Packet Filter
Inspects each packet for user defined content, such as an IP address but does not track the state of sessions. This is one of the least secure types of firewall.
Inspects each packet for user defined content, such as an IP address but does not track the state of sessions. This is one of the least secure types of firewall.
Packet Filtering
A feature incorporated into routers and bridges to limit the flow of information based on predetermined communications such as source, destination, or type of service being provided by the network. Packet filters let the administrator limit protocol specific traffic to one network segment, isolate e-mail domains, and perform many other traffic control functions.
A feature incorporated into routers and bridges to limit the flow of information based on predetermined communications such as source, destination, or type of service being provided by the network. Packet filters let the administrator limit protocol specific traffic to one network segment, isolate e-mail domains, and perform many other traffic control functions.
Packet Sniffer
A device or program that monitors the data traveling between computers on a network.
A device or program that monitors the data traveling between computers on a network.
Passive Attack
Attack which does not result in an unauthorized state change, such as an attack that only monitors and/or records data.
Attack which does not result in an unauthorized state change, such as an attack that only monitors and/or records data.
Passive Threat
The threat of unauthorized disclosure of information without changing the state of the system. A type of threat that involves the interception, not the alteration, of information.
The threat of unauthorized disclosure of information without changing the state of the system. A type of threat that involves the interception, not the alteration, of information.
Payment Card Industry Data Security Standard (PCI DSS)
PCI DSS, referred to more generally as PCI Compliance, is a set of IT security standards that apply to all organizations hold, process, or exchange cardholder information. PCI Compliance intends to prevent credit card fraud through a series of precautions. Non-compliant companies risk losing their ability to process credit card payments and/or being audited and/or fined.
PC Card
PC Cards, originally called PCMCIA cards, were initially used to add extra memory to portable computers. However, as the ability to contain more memory in smaller spaces evolved, PC Cards are now more commonly used as smart card readers, biometric readers, hardware tokens, WiFi cards, radio and TV tuner cards, and occasionally, even external storage cards.
PCMCIA
PCMCIA stands for Personal Computer Memory Card International Association. The PCMCIA group creates and publishes technical specifications for memory cards that can be inserted into computers. The original cards created based on these standards were referred to as PCMCIA cards by the manufacturers. However, customers had trouble remembering and understanding this acronym, so the name of the cards was changed to PC card.
PEM (Privacy Enhanced Mail)
An IETF standard for secure electronic mail exchange.
An IETF standard for secure electronic mail exchange.
Perimeter Based Security
The technique of securing a network by controlling access to all entry and exit points of the network. Usually associated with firewalls and/or filters.
The technique of securing a network by controlling access to all entry and exit points of the network. Usually associated with firewalls and/or filters.
PHF
Phone book file demonstration program that hackers use to gain access to a computer system and potentially read and capture password files.
Phone book file demonstration program that hackers use to gain access to a computer system and potentially read and capture password files.
Physical Security
The measures used to provide physical protection of resources against deliberate and accidental threats.
The measures used to provide physical protection of resources against deliberate and accidental threats.
Port Scan
A port scan is a series of messages sent by someone attempting to break into a computer to learn which computer network services, each associated with a “well-known” port number, the computer provides. Port scanning, a favorite approach of computer cracker, gives the assailant an idea where to probe for weaknesses. Essentially, a port scan consists of sending a message to each port, one at a time. The kind of response received indicates whether the port is used and can therefore be probed for weakness.
A port scan is a series of messages sent by someone attempting to break into a computer to learn which computer network services, each associated with a “well-known” port number, the computer provides. Port scanning, a favorite approach of computer cracker, gives the assailant an idea where to probe for weaknesses. Essentially, a port scan consists of sending a message to each port, one at a time. The kind of response received indicates whether the port is used and can therefore be probed for weakness.
Private Key Cryptography
An encryption methodology in which the encryptor and decryptor use the same key, which must be kept secret. This methodology is usually only used by a small group.
An encryption methodology in which the encryptor and decryptor use the same key, which must be kept secret. This methodology is usually only used by a small group.
Probe
Any effort to gather information about a machine or its users for the apparent purpose of gaining unauthorized access to the system at a later date.
Any effort to gather information about a machine or its users for the apparent purpose of gaining unauthorized access to the system at a later date.
Procedural Security
See Administrative Security.
See Administrative Security.
Profile
Patterns of a user’s activity which can detect changes in normal routines.
Patterns of a user’s activity which can detect changes in normal routines.
Promiscuous Mode
Normally an Ethernet interface reads all address information and accepts follow-on packets only destined for itself, but when the interface is in promiscuous mode, it reads all information (sniffer), regardless of its destination.
Normally an Ethernet interface reads all address information and accepts follow-on packets only destined for itself, but when the interface is in promiscuous mode, it reads all information (sniffer), regardless of its destination.
Protocol
Agreed-upon methods of communications used by computers. A specification that describes the rules and procedures that products should follow to perform activities on a network, such as transmitting data. If they use the same protocols, products from different vendors should be able to communicate on the same network.
Agreed-upon methods of communications used by computers. A specification that describes the rules and procedures that products should follow to perform activities on a network, such as transmitting data. If they use the same protocols, products from different vendors should be able to communicate on the same network.
Proxy
A firewall mechanism that replaces the IP address of a host on the internal (protected) network with its own IP address for all traffic passing through it. A software agent that acts on behalf of a user, typical proxies accept a connection from a user, make a decision as to whether or not the user or client IP address is permitted to use the proxy, perhaps does additional authentication, and then completes a connection on behalf of the user to a remote destination.
A firewall mechanism that replaces the IP address of a host on the internal (protected) network with its own IP address for all traffic passing through it. A software agent that acts on behalf of a user, typical proxies accept a connection from a user, make a decision as to whether or not the user or client IP address is permitted to use the proxy, perhaps does additional authentication, and then completes a connection on behalf of the user to a remote destination.
Public Key Cryptography
Type of cryptography in which the encryption process is publicly available and unprotected, but in which a part of the decryption key is protected so that only a party with knowledge of both parts of the decryption process can decrypt the cipher text.
Type of cryptography in which the encryption process is publicly available and unprotected, but in which a part of the decryption key is protected so that only a party with knowledge of both parts of the decryption process can decrypt the cipher text.
Public Key Infrastructure (PKI)
Public Key Infrastructure (PKI) creates a way for users to confidently and securely exchange data and messages with one another over unsecure networks, such as the internet. Through the creation of a set of keys that are used to encrypt and decrypt data, it becomes possible to prove that the digital signature or contract that was received was in fact sent from the person it says it was sent from.
Rebadging
Rebadging is the process of renaming a product without making any actual changes to the product other than superficial ones, such as changing the logo.
Replicator
Any program that acts to produce copies of itself examples include; a program, a worm, a fork bomb or virus. It is even claimed by some that UNIX and C are the symbiotic halves of an extremely successful replicator.
Any program that acts to produce copies of itself examples include; a program, a worm, a fork bomb or virus. It is even claimed by some that UNIX and C are the symbiotic halves of an extremely successful replicator.
Retro-Virus
A retro-virus is a virus that waits until all possible backup media are infected too, so that it is not possible to restore the system to an uninfected state.
A retro-virus is a virus that waits until all possible backup media are infected too, so that it is not possible to restore the system to an uninfected state.
Risk Assessment
A study of vulnerabilities, threats, likelihood, loss or impact, and theoretical effectiveness of security measures. The process of evaluating threats and vulnerabilities, known and postulated, to determine expected loss and establish the degree of acceptability to system operations.
A study of vulnerabilities, threats, likelihood, loss or impact, and theoretical effectiveness of security measures. The process of evaluating threats and vulnerabilities, known and postulated, to determine expected loss and establish the degree of acceptability to system operations.
Risk Management
The total process to identify, control, and minimize the impact of uncertain events. The objective of the risk management program is to reduce risk and obtain and maintain DAA (Designated Approving Authority) approval.
The total process to identify, control, and minimize the impact of uncertain events. The objective of the risk management program is to reduce risk and obtain and maintain DAA (Designated Approving Authority) approval.
Rootkit
A hacker security tool that captures passwords and message traffic to and from a computer. A collection of tools that allows a hacker to provide a backdoor into a system, collect information on other systems on the network, mask the fact that the system is compromised, and much more. Rootkit is a classic example of Trojan Horse software. Rootkit is available for a wide range of operating systems.
A hacker security tool that captures passwords and message traffic to and from a computer. A collection of tools that allows a hacker to provide a backdoor into a system, collect information on other systems on the network, mask the fact that the system is compromised, and much more. Rootkit is a classic example of Trojan Horse software. Rootkit is available for a wide range of operating systems.
Router
An interconnection device that is similar to a bridge but serves packets or frames containing certain protocols. Routers link LANs at the network layer.
An interconnection device that is similar to a bridge but serves packets or frames containing certain protocols. Routers link LANs at the network layer.
Routing Control
The application of rules during the process of routing so as to chose or avoid specific networks, links or relays.
The application of rules during the process of routing so as to chose or avoid specific networks, links or relays.
RSA Algorithm
RSA stands for Rivest-Shamir-Aldeman. A public-key cryptographic algorithm that hinges on the assumption that the factoring of the product of two large primes is difficult.
RSA stands for Rivest-Shamir-Aldeman. A public-key cryptographic algorithm that hinges on the assumption that the factoring of the product of two large primes is difficult.
Rules Based Detection
The intrusion detection system detects intrusions by looking for activity that corresponds to known intrusion techniques (signatures) or system vulnerabilities. Also known as Misuse Detection.
The intrusion detection system detects intrusions by looking for activity that corresponds to known intrusion techniques (signatures) or system vulnerabilities. Also known as Misuse Detection.
Sabanes-Oxley (SOX)
The SOX security mandate provides requirements for financial reporting in publicly held companies.
SATAN
Security Administrator Tool for Analyzing Networks – A tool for remotely probing and identifying the vulnerabilities of systems on IP networks. A powerful freeware program which helps to identify system security weaknesses.
Security Administrator Tool for Analyzing Networks – A tool for remotely probing and identifying the vulnerabilities of systems on IP networks. A powerful freeware program which helps to identify system security weaknesses.
Scanner
A program which examines computers and network systems examining configurations and looking for security vulnerabilities. This type of program can be used by both defenders and attackers.
A program which examines computers and network systems examining configurations and looking for security vulnerabilities. This type of program can be used by both defenders and attackers.
Secure Network Server
A device that acts as a gateway between a protected enclave and the outside world.
A device that acts as a gateway between a protected enclave and the outside world.
Secure Shell
A completely encrypted shell connection between two machines protected by a super long pass-phrase.
A completely encrypted shell connection between two machines protected by a super long pass-phrase.
Security
A condition that results from the establishment and maintenance of protective measures that ensure a state of inviolability from hostile acts or influences.
A condition that results from the establishment and maintenance of protective measures that ensure a state of inviolability from hostile acts or influences.
Security Architecture
A detailed description of all aspects of the system that relate to security, along with a set of principles to guide the design. A security architecture describes how the system is put together to satisfy the security requirements.
A detailed description of all aspects of the system that relate to security, along with a set of principles to guide the design. A security architecture describes how the system is put together to satisfy the security requirements.
Security Audit
A search through a computer system for security problems and vulnerabilities.
A search through a computer system for security problems and vulnerabilities.
Security Countermeasures
Countermeasures that are aimed at specific threats and vulnerabilities or involve more active techniques as well as activities traditionally perceived as security.
Countermeasures that are aimed at specific threats and vulnerabilities or involve more active techniques as well as activities traditionally perceived as security.
Security Domains
The sets of objects that a subject has the ability to access.
The sets of objects that a subject has the ability to access.
Security Features
The security-relevant functions, mechanisms, and characteristics of AIS hardware and software.
The security-relevant functions, mechanisms, and characteristics of AIS hardware and software.
Security Incident
Any act or circumstance that involves classified information that deviates from the requirements of governing security publications. For example, compromise, possible compromise, inadvertent disclosure, and deviation.
Any act or circumstance that involves classified information that deviates from the requirements of governing security publications. For example, compromise, possible compromise, inadvertent disclosure, and deviation.
Security Kernel
The hardware, firmware, and software elements of a Trusted Computing Base that implement the reference monitor concept. It must mediate all accesses, be protected from modification, and be verifiable as correct.
The hardware, firmware, and software elements of a Trusted Computing Base that implement the reference monitor concept. It must mediate all accesses, be protected from modification, and be verifiable as correct.
Security Officer
The ADP official having the designated responsibility for the security of and ADP system.
The ADP official having the designated responsibility for the security of and ADP system.
Security Perimeter
The boundary where security controls are in effect to protect assets.
The boundary where security controls are in effect to protect assets.
Security Policies
The set of laws, rules, and practices that regulate how an organization manages, protects, and distributes sensitive information.
The set of laws, rules, and practices that regulate how an organization manages, protects, and distributes sensitive information.
Security Policy Model
A formal presentation of the security policy enforced by the system. It must identify the set of rules and practices that regulate how a system manages, protects, and distributes sensitive information.
A formal presentation of the security policy enforced by the system. It must identify the set of rules and practices that regulate how a system manages, protects, and distributes sensitive information.
Security Requirements
Types and levels of protection necessary for equipment, data, information, applications, and facilities.
Types and levels of protection necessary for equipment, data, information, applications, and facilities.
Security Scan
A search through a computer system for security problems and vulnerabilities.
A search through a computer system for security problems and vulnerabilities.
Security Service
A service, provided by a layer of communicating open systems, which ensures adequate security of the systems or of data transfers.
A service, provided by a layer of communicating open systems, which ensures adequate security of the systems or of data transfers.
Security Violation
An instance in which a user or other person circumvents or defeats the controls of a system to obtain unauthorized access to information contained therein or to system resources.
An instance in which a user or other person circumvents or defeats the controls of a system to obtain unauthorized access to information contained therein or to system resources.
Server
A system that provides network service such as disk storage and file transfer, or a program that provides such a service. A kind of daemon which performs a service for the requester, which often runs on a computer other than the one which the server runs.
A system that provides network service such as disk storage and file transfer, or a program that provides such a service. A kind of daemon which performs a service for the requester, which often runs on a computer other than the one which the server runs.
Simple Network Management Protocol (SNMP)
Software used to control network communications devices using TCP/IP.
Software used to control network communications devices using TCP/IP.
Single Sign On (SSO)
Single sign-on technology allows users to log in once at the beginning of a session without re-entering passwords to gain access to other applications. Single sign-on technology helps prevent password fatigue because it reduces the number of username and passwords that a user must develop and remember.
Smart Card
Smart cards are used to verify a person’s identity. Loaded with information about the user, such as personal data, security clearance and building access levels, smart cards are used to provide both physical access to buildings as well as logical access to computer servers and networks. Smart cards can also be used for applications such as digital signatures and single sign-on.
Smart Card Reader
Smart Card Readers are used to get the information off a smart card so a person’s identity can be verified.
Spam
To crash a program by overrunning a fixed-site buffer with excessively large input data. Also, to cause a person or newsgroup to be flooded with irrelevant or inappropriate messages.
To crash a program by overrunning a fixed-site buffer with excessively large input data. Also, to cause a person or newsgroup to be flooded with irrelevant or inappropriate messages.
Spam
Unsolicited “junk” e-mail sent to large numbers of people to promote products or services. Sexually explicit unsolicited e-mail is called “porn spam.” Also refers to inappropriate promotional or commercial postings to discussion groups or bulletin boards.
Unsolicited “junk” e-mail sent to large numbers of people to promote products or services. Sexually explicit unsolicited e-mail is called “porn spam.” Also refers to inappropriate promotional or commercial postings to discussion groups or bulletin boards.
Spoofing
Pretending to be someone else. The deliberate inducement of a user or a resource to take an incorrect action. Attempt to gain access to an AIS by pretending to be an authorized user. Impersonating, masquerading, and mimicking are forms of spoofing.
Pretending to be someone else. The deliberate inducement of a user or a resource to take an incorrect action. Attempt to gain access to an AIS by pretending to be an authorized user. Impersonating, masquerading, and mimicking are forms of spoofing.
Spyware
A general term for a program that surreptitiously monitors your actions. While they are sometimes sinister, like a remote control program used by a hacker, software companies have been known to employ spyware to gather data about customers. The practice is generally frowned upon.
A general term for a program that surreptitiously monitors your actions. While they are sometimes sinister, like a remote control program used by a hacker, software companies have been known to employ spyware to gather data about customers. The practice is generally frowned upon.
SRAM
SRAM (Static Random Access Memory) is a type of volatile memory. SRAM can hold its power as long as power is supplied to it, making them useful in applications requiring high speed, such as data processing memory.
SSL (Secure Sockets Layer)
A session layer protocol that provides authentication and confidentiality to applications.
A session layer protocol that provides authentication and confidentiality to applications.
Steganography
The activity of concealing a message by hiding the fact that that communication is happening. Steganography is often referred to as “hiding in plain sight.”
The activity of concealing a message by hiding the fact that that communication is happening. Steganography is often referred to as “hiding in plain sight.”
Strong Authentication
Strong Authentication, also known as Multi-Factor Authentication, involves a combination of two or more methods of authentication. These methods include what you know (passwords, usernames and security questions), what you have (a token, smart card, or phone number that can receive one-time passwords), and who you are (biometrics).
Subversion
Occurs when an intruder modifies the operation of the intrusion detector to force false negatives to occur.
Occurs when an intruder modifies the operation of the intrusion detector to force false negatives to occur.
SYN Flood
When the SYN queue is flooded, no new connection can be opened.
When the SYN queue is flooded, no new connection can be opened.
TCP/IP
Transmission Control Protocol/Internetwork Protocol. The suite of protocols the Internet is based on.
Transmission Control Protocol/Internetwork Protocol. The suite of protocols the Internet is based on.
tcpwrapper
A software tool for security which provides additional network logging, and restricts service access to authorized hosts by service.
A software tool for security which provides additional network logging, and restricts service access to authorized hosts by service.
Term Rule-Based Security Policy
A security policy based on global rules imposed for all users. These rules usually rely on a comparison of the sensitivity of the resources being accessed and the possession of corresponding attributes of users, a group of users, or entities acting on behalf of users.
A security policy based on global rules imposed for all users. These rules usually rely on a comparison of the sensitivity of the resources being accessed and the possession of corresponding attributes of users, a group of users, or entities acting on behalf of users.
Terminal Hijacking
Allows an attacker, on a certain machine, to control any terminal session that is in progress. An attack hacker can send and receive terminal I/O while a user is on the terminal.
Allows an attacker, on a certain machine, to control any terminal session that is in progress. An attack hacker can send and receive terminal I/O while a user is on the terminal.
Threat
The means through which the ability or intent of a threat agent to adversely affect an automated system, facility, or operation can be manifest. A potential violation of security.
The means through which the ability or intent of a threat agent to adversely affect an automated system, facility, or operation can be manifest. A potential violation of security.
Threat Agent
Methods and things used to exploit a vulnerability in an information system, operation, or facility; fire, natural disaster and so forth.
Methods and things used to exploit a vulnerability in an information system, operation, or facility; fire, natural disaster and so forth.
Threat Assessment
Process of formally evaluating the degree of threat to an information system and describing the nature of the threat.
Process of formally evaluating the degree of threat to an information system and describing the nature of the threat.
Tokens
A security token is sometimes referred to as a hardware token, hard token, authentication token, USB token, cryptographic token, key fob, or dongle. Tokens exist in various forms – some include small keypads for PIN entry while others look like a USB flash drive – but their function is much the same, verifying user identity electronically. Tokens identify individuals through the use of PINs, digital signatures, and even biometric data.
Topology
The map or plan of the network. The physical topology describes how the wires or cables are laid out, and the logical or electrical topology describes how the information flows.
The map or plan of the network. The physical topology describes how the wires or cables are laid out, and the logical or electrical topology describes how the information flows.
Trace Packet
In a packet-switching network, a unique packet that causes a report of each stage of its progress to be sent to the network control center from each visited system element.
In a packet-switching network, a unique packet that causes a report of each stage of its progress to be sent to the network control center from each visited system element.
Traceroute
An operation of sending trace packets for determining information; traces the route of UDP packets for the local host to a remote host. Normally traceroute displays the time and location of the route taken to reach its destination computer.
An operation of sending trace packets for determining information; traces the route of UDP packets for the local host to a remote host. Normally traceroute displays the time and location of the route taken to reach its destination computer.
Tripwire
A software tool for security. Basically, it works with a database that maintains information about the byte count of files. If the byte count has changed, it will identify it to the system security manager.
A software tool for security. Basically, it works with a database that maintains information about the byte count of files. If the byte count has changed, it will identify it to the system security manager.
Trusted Computer System Evaluation Criteria
(TCSEC) A system that employs sufficient hardware and software assurance measures to allow its use for simultaneous processing of a range of sensitive or classified information.
(TCSEC) A system that employs sufficient hardware and software assurance measures to allow its use for simultaneous processing of a range of sensitive or classified information.
Trusted Computing Base (TCB)
The totality of protection mechanisms within a computer system including hardware, firmware, and software – the combination of which are responsible for enforcing a security policy. A TCB consists of one or more components that together enforce a unified security policy over a product or system.
The totality of protection mechanisms within a computer system including hardware, firmware, and software – the combination of which are responsible for enforcing a security policy. A TCB consists of one or more components that together enforce a unified security policy over a product or system.
Trusted Network Interpretation
The specific security features, the assurance requirements and the rating structure of the Orange Book as extended to networks of computers ranging from isolated LANs to WANs.
The specific security features, the assurance requirements and the rating structure of the Orange Book as extended to networks of computers ranging from isolated LANs to WANs.
TTY Watcher
A hacker tool that allows hackers with even a small amount of skill to hijack terminals. It has a GUI interface.
A hacker tool that allows hackers with even a small amount of skill to hijack terminals. It has a GUI interface.
Two-Factor Authentication
Two-Factor Authentication is used as a more secure way of verifying a person’s identity, requiring the use of two of the following things: who you are (biometrics), what you know (password or security question) or what you have (token).
Virus
A program that can “infect” other programs by modifying them to include a, possibly evolved, copy of itself.
A program that can “infect” other programs by modifying them to include a, possibly evolved, copy of itself.
Vulnerability
Hardware, firmware, or software flow that leaves an AIS open for potential exploitation. A weakness in automated system security procedures, administrative controls, physical layout, internal controls, and so forth, that could be exploited by a threat to gain unauthorized access to information or disrupt critical processing.
Hardware, firmware, or software flow that leaves an AIS open for potential exploitation. A weakness in automated system security procedures, administrative controls, physical layout, internal controls, and so forth, that could be exploited by a threat to gain unauthorized access to information or disrupt critical processing.
Vulnerability Analysis
The systematic examination of systems in order to determine the adequacy of security measures, identify security deficiencies, and provide data from which to predict the effectiveness of proposed security measures
The systematic examination of systems in order to determine the adequacy of security measures, identify security deficiencies, and provide data from which to predict the effectiveness of proposed security measures
Vulnerability Assessment
A measurement of vulnerability which includes the susceptibility of a particular system to a specific attack and the opportunities available to a threat agent to mount that attack
A measurement of vulnerability which includes the susceptibility of a particular system to a specific attack and the opportunities available to a threat agent to mount that attack
WAN
Wide Area Network. A physical or logical network that provides capabilities for a number of independent devices to communicate with each other over a common transmission-interconnected topology in geographic areas larger than those served by local area networks.
Wide Area Network. A physical or logical network that provides capabilities for a number of independent devices to communicate with each other over a common transmission-interconnected topology in geographic areas larger than those served by local area networks.
Web bug
A link on a given Web page or embedded in an email message that contains a link to a different Web site and therefore passes a call, and information, unknown to the user, to a remote site. Most commonly a web bug is either invisible or unnoticeable (typically it is one pixel in size) in order not to alert the user to its presence.
A link on a given Web page or embedded in an email message that contains a link to a different Web site and therefore passes a call, and information, unknown to the user, to a remote site. Most commonly a web bug is either invisible or unnoticeable (typically it is one pixel in size) in order not to alert the user to its presence.