|
 SECURITY GLOSSARY OF TERMS
A | B | C |
D | E | F |
G | H | I |
J | K | L |
M | N | O |
P | Q | R |
S | T | U |
V | W | X Y Z
-
A -
Abuse of Privilege: When a user performs an action that they
should not have, according to organizational policy or law.
/\
Access: The ability to enter a secured area. The process of
interacting with a system. Used as either a verb or a noun.
/\
Access Authorization: Permission granted to users,
programs or workstations. /\
Access Control: A set of procedures performed by
hardware, software and administrators to monitor access, identify users
requesting access, record access attempts, and grant or deny access.
/\
Access Sharing: Permitting two or more users
simultaneous access to file servers or devices. /\
Alphanumeric Key: A sequence of letters, numbers,
symbols and blank spaces from one to 80 characters long.
/\
ANSI: The American National Standards Institute.
Develops standards for transmission storage, languages and protocols.
Represents the United States in the ISO (International Standards
Organization). /\
Application Level Gateway [Firewall]: A firewall system in which
service is provided by processes that maintain complete TCP connection
state and sequencing. Application level firewalls often re-address
traffic so that outgoing traffic appears to have originated from the
firewall, rather than the internal host.
/\
Application Logic: The
computational aspects of an application, including a list of instructions
that tells a software application how to operate. /\
Audit: The independent collection of records to access their
veracity and completeness. /\
Audit Trail: An audit trail may be on paper or on disk. In
computer security systems, a chronological record of when users log in,
how long they arc engaged in various activities, what they were doing,
whether any actual or attempted security violations occurred.
/\
Authenticate: In networking, to establish the validity of a user
or an object (i.e. communications server). /\
Authentication: The process of establishing the legitimacy of a
node or user before allowing access to requested information. During the
process, the user enters a name or account number (identification) and
password (authentication). /\
Authentication Tool: A software or hand-held hardware "key" or
"token" utilized during the user authentication process. See key and
token. /\
Authentication Token: A portable device used for authenticating
a user. Authentication tokens operate by challenge/response, time-based
code sequences, or other techniques. This may include paper-based lists
of one-time passwords. /\
Authorization: The process of determining what @ of activities
are permitted. Usually, authorization is in the context of
authentication. Once you have authenticated a user, the user may be
authorized different @s of access or activity. /\
Availability: The
portion of time that a system can be used for productive work, expressed
as a percentage. /\
- B -
Back Door: An
entry point to a program or a system that is hidden or disguised, often
created by the software's author for maintenance. A certain sequence of
control characters permits access to the system manager account. If the
back door becomes known, unauthorized users (or malicious software) can
gain entry and cause damage.
/\
Bandwidth: Capacity of a network or data connection,
often measured in kilobits/second (kbps) for digital transmissions.
/\
Bastion Host: A system that has been hardened to resist attack
at some critical point of entry, and which is installed on a network in
such a way that it is expected to come under attack. Bastion hosts are
often components of firewalls, or may be 'outside" Web servers or public
access systems. Generally, a bastion host is running some form of general
purpose operating system (e.g., LNIX, VMS, WNT, etc.) rather than a
ROM-based or firmware operating system. /\
Biometric Access Control: Any means of controlling access
through human measurements, such as fingerprinting and voiceprinting.
/\
Business-Critical Applications: The vital software
needed to run a business, whether custom-written or commercially
packaged, such as accounting/finance, ERP, manufacturing, human
resources, sales databases, etc. /\
- C -
CERT: The
Computer Emergency Response Team was established at Carnegie-Mellon
University after the 1988 Internet worm attack.
/\
Challenge/Response: A security procedure in which one
communicator requests authentication of another communicator, and the
latter replies with a pre-established appropriate reply.
/\
Chroot: A technique under UNIX whereby a process is permanently
restricted to an isolated subset of the file system.
/\
Client/Device:
Hardware that retrieves information from a server.
/\
Clustering:
Group of independent systems working together as a single system.
Clustering technology allows groups of servers to access a single disk
array containing applications and data. /\
Coded File: In encryption, a coded file contains unreadable
information. /\
Combined Evaluation: Method using proxy and state or filter
evaluations as allowed by administrator. [See State Full Evaluation].
/\
Communications Server: Procedures designed to ensure that
telecommunications messages maintain their integrity and are not
accessible by unauthorized individuals. /\
Computer Security: Technological and managerial procedures
applied to computer systems to ensure the availability, integrity and
confidentiality of information managed by the computer system.
/\
Computer Security Audit: An independent evaluation of the
controls employed to ensure appropriate protection of an organization's
information assets. /\
Cryptographic Checksum: A one-way function applied to a file to
produce a unique "fingerprint" of the file for later reference. Checksum
systems are a primary means of detecting file system tampering on UNIX.
/\
- D -
Data Driven Attack:
A form of attack in which the attack is encoded in innocuous-seeming data
which is executed by a user or other software to implement an attack. In
the case of firewalls, a data driven attack is a concern since it may get
through the fir-firewall in data form and launch an attack against a
system behind the firewall.
/\
Data Encryption Standard: An encryption standard developed by
EBM and then tested and adopted by the National Bureau of Standards.
Published in 1977, the DES standard has proven itself over nearly 20
years of use in both government and private sectors.
/\
Decode: Conversion of encoded text to plain text through the use
of a code. /\
Decrypt: Conversion of either encoded or enciphered text into
plaintext. /\
Dedicated: A special purpose device. Although it is capable of
performing other duties, it is assigned to only one.
/\
Defense in Depth: The security approach whereby each system on
the network is secured to the greatest possible degree. May be used in
conjunction with firewalls. /\
DES: Data encryption standard. /\
DNS Spoofing: Assuming the DNS name of another system by either
corrupting the name service cache of a victim system, or by compromising
a domain name server for a valid domain. /\
Dual Homed Gateway: 1) A system that has two or more network
interfaces, each of which is connected to a different network. In
firewall configurations, a dual homed gateway usually acts to block or
filter some or all of the traffic trying to pass between the networks. 2)
A firewall implement without the use of a screening router.
/\
- E -
E-mail Bombs:
Code that when executed sends many messages to the same address(s) for
the purpose of using up disk space and/or overloading the E-mail or web
server.
/\
Encrypting Router: See Tunneling Router and Virtual Network
Perimeter. /\
Encryption: The process of scrambling files or programs,
changing one character string to another through an algorithm (such as
the DES algorithm). /\
End-to-End Encryption: Encryption at the point of origin in a
network, followed by decryption at the destination.
/\
Environment: The aggregate of external circumstances, conditions
and events that affect the development, operation and maintenance of a
system. /\
ERP: An acronym for Enterprise Resource Planning
systems that permit organizations to manage resources across the
enterprise and completely integrate manufacturing systems.
/\
Extranet: "Extranet" refers to extending the LAN via remote or
Internet access to partners outside your organization such as frequent
suppliers and purchasers. Such relationships should be over
authenticated link to authorized segments of the LAN and are frequently
encrypted for privacy." /\
-
F -
Fat Client: A computing device, such as a PC or
Macintosh, that includes an operating system, RAM, ROM, a powerful
processor and a wide range of installed applications that can execute on
the desktop or 100% on the server under a Server-based Computing
architecture. Fat clients can operate in a Server-based Computing
environment. /\
Fault Tolerance: A design method that ensures continued
systems operation in the event of individual failures by providing
redundant system elements. /\
Firewall: A system or combination of systems that enforces a
boundary between two or more networks.
/\
Flooding programs: Code which when executed will bombard the
selected system with requests in an effort to slow down or shut down the
system.
/\
Anonymous FTP: A guest account which allows anyone to login to
the FTP Server. It can be a point to begin access on the host server.
/\
- G -
Gateway: A
bridge between two networks.
/\
Generic Utilities: General purpose code and devices; i.e.,
screen grabbers and sniffers that look at data and capture information
like passwords, keys and secrets. /\
Global Security: The ability of an access control package to
permit protection across a variety of mainframe environments, providing
users with a common security interface to all. /\
Granularity: The relative fineness or coarseness by which a
mechanism can be adjusted. /\
- H -
Hack: Any
software in which a significant portion of the code was originally
another program.
/\
Hacker: Those intent upon entering an environment to which they
are not entitled entry for whatever purpose [entertainment, profit,
theft, prank, etc.]. Usually iterative techniques escalating to more
advanced methodologies and use of devices to intercept the communications
property of another. /\
Host-based Security: The technique of securing an individual
system from attack. Host-based security is operating system and version
dependent. /\
Hot Standby: A backup system configured in such a way that it
may be used if the system goes down. /\
Hybrid Gateways: An unusual configuration with routers that
maintain the complete state of the TCP/IP connections or examine the
traffic to try to detect and prevent attack [may involve baston host]. If
very complicated it is difficult to attach; and, difficult to maintain
and audit. /\
-
I -
ICA: An acronym for Citrix's Independent Computing Architecture,
a three-part Server-based Computing technology that separates an
application's logic from its user interface and allows 100% application
execution on the server. /\
IETF: The Internet Engineering Task Force, a public forum that
develops standards and resolves operational issues for the Internet. IETF
is purely voluntary. /\
Information Systems Technology: The protection of information
assets from accidental or intentional but unauthorized disclosure,
modification, or destruction, or the inability to process that
information. /\
Insider Attack: An attack originating from inside a protected
network. /\
Internet (The Beginning): The Internet had its roots in early
1969 when the ARPANET was formed. ARPA stands for Advanced Research
Projects Agency (which was part of the U.S. Department of Defense). One
of the goals of ARPANET was research in distributed computer systems for
military purposes. The first configuration involved four computers and
was designed to demonstrate the feasibility of building networks using
computers dispersed over a wide area. The advent of OPEN networks in the
late 1980's required a new model of communications. The amalgamation of
many types of systems into mixed environments demanded better translator
between these operating systems and a non-proprietary approach to
networking in general. Telecommunications Protocol/Internet Protocol
{TCP/IP) provided the best solutions to this. /\
Internet (TOM): A web of different, intercommunicating networks
funded by both commercial and government organizations. It connects
networks in 40 countries. No one owns or runs the Internet. There are
thousands of enterprise networks connected to the Internet, and there are
millions of users, with thousands more joining every day.
/\
Intrusion Detection: Detection of break-ins or break-in attempts
either manually via software expert systems that operate on logs or other
information available on the network. /\
IP
Sniffing: Stealing network addresses by reading the packets.
Harmful data is then sent stamped with internal trusted addresses.
/\
IP
Spoofing: An attack whereby an active, established, session is
intercepted and co-opted by the attacker. EP Splicing attacks may occur
after an authentication has been made, permitting the attacker to assume
the role of an already authorized user. Primary protections against IP
Splicing rely on encryption at the session or network layer.
/\
IP
Spoofing: An attack whereby a system attempts to illicitly
impersonate another system by using its EP network address.
/\
ISO: International Standards Organization sets standards for
data communications. /\
ISSA: Information Systems Security Association.
/\
- J -
[No Entries]
/\
- K
-
Key: In
encryption, a key is a sequence of characters used to encode and decode a
file. You can enter a key in two formats: alphanumeric and condensed
(hexadecimal). In the network access security market, "key" often refers
to the "token," or authentication tool, a device utilized to send and
receive challenges and responses during the user authentication process.
Keys may be small, hand-held hardware devices similar to pocket
calculators or credit cards, or they may be loaded onto a PC as
copy-protected, software.
/\
- L -
Least Privilege:
Designing operational aspects of a system to operate with a minimum
amount of system privilege. This reduces the authorization level at which
various actions are performed and decreases the chance that a process or
user with high privileges may be caused to perform unauthorized activity
resulting in a security breach.
/\
Local Area Network (LAN): An interconnected system of computers
and peripherals, LAN users share data stored on hard disks and can share
printers connected to the network. /\
Logging: The process of storing information about events that
occurred on the firewall or network. /\
Log Processing: How audit logs are processed, searched for key
events, or summarized. /\
Log Retention: How long audit logs are retained and maintained.
/\
-
M -
Mobile Code: A program downloaded from the internet that runs
automatically on a computer with little or no user interaction.
Multi-User: The ability for multiple concurrent
users to log on and run applications from a single server.
/\
-
N -
Network Computer (NC): A "thin" client hardware
device that executes applications locally by downloading them from the
network. NCs adhere to a specification jointly developed by Sun, IBM,
Oracle, Apple and Netscape. They typically run Java applets within a Java
browser, or Java applications within the Java Virtual Machine.
/\
Network Computing Architecture: A computing
architecture in which components are dynamically downloaded from the
network into the client device for execution by the client. The Java
programming language is at the core of network computing.
/\
Network-Level Firewall: A firewall in which traffic is examined
at the network protocol packet level. /\
Network Worm: A program or command file that uses a computer
network as a means for adversely affecting a system's integrity,
reliability or availability, A network worm may attack from one system to
another by establishing a network connection. It is usually a
self-contained program that does not need to attach itself to a host file
to infiltrate network after network. /\
- O -
One-Time Password:
In network security, a password issued only once as a result of a
challenge-response authentication process. Cannot be "stolen" or reused
for unauthorized access.
/\
Operating System: System software that controls a
computer and its peripherals. Modern operating systems such as Windows 95
and NT handle many of a computer’s basic functions.
/\
Orange Book: The Department of Defense Trusted Computer System
Evaluation Criteria. It provides information to classify computer
systems, defining the degree of trust that may be placed in them.
/\
- P -
Password: A
secret code assigned to a user. A@ known by the computer system.
Knowledge of the password associated with the user ID is considered proof
of authorization. (See One-Time Password.)
/\
Performance: A major factor in determining the
overall productivity of a system, performance is primarily tied to
availability, throughput and response time. /\
Perimeter-based Security: The technique of securing a network by
controlling access to all entry and exit points of the network.
/\
PIN: In computer security, a personal identification number used
during the authentication process. Known only to the user. (See
Challenge/Response, Two-Factor Authentication.) /\
Policy: Organizational-level rules governing acceptable use of
computing resources, security practices, and operational procedures.
/\
Private Key: In encryption, one key (or password) is used to
both lock and unlock data. Compare with public key.
/\
Protocols: Agreed-upon methods of communications used by
computers. /\
Proxy: 1) A method of replacing the code for service
applications with an improved version that is more security aware.
Preferred method is by "service communities", i.e. Oracle, rather than
individual applications. Evolved from socket implementations. 2) A
software agent that acts on behalf of a user. Typical proxies accept a
connection from a user, make a decision as to whether or not the user or
client IP address is permitted to use the proxy, perhaps does additional
authentication, and then completes a connection on behalf of the user to
a remote destination. /\
Public Key: In encryption a two-key system in which the key used
to lock data is made public, so everyone can "lock." A second private key
is used to unlock or decrypt. /\
- Q -
[No Entries]
/\
-
R -
Remote Access: The hookup of a remote computing
device via communications lines such as ordinary phone lines or wide area
networks to access network applications and information.
/\
Remote Presentation Services Protocol: A protocol
is a set of rules and procedures for exchanging data between computers on
a network. A remote presentation services protocol transfers user
interface, keystrokes, and mouse movements between a server and client.
/\
Risk Analysis: The analysis of an organization's information
resources, existing controls and computer system vulnerabilities. It
establishes a potential level of damage in dollars and/or other assets.
/\
Rogue program: Any program intended to damage programs or data.
Encompasses malicious Trojan Horses. /\
RSA: A public key cryptosystem named by its inventors, Rivest,
Shamir and Adelman, who hold the patent. /\
-
S -
Scalability: The ability to expand a computing
solution to support large numbers of users without impacting
performance. /\
Screened Host Gateway: A host on a network behind a screening
router. The degree to which a screened host may be accessed depends on
the screening rules in the router. /\
Screened Subnet: An isolated subnet created behind a screening
router to protect the private network. The degree to which the subnet may
be accessed depends on the screening rules in the router.
/\
Screening Router: A router configured to permit or deny traffic
using filtering techniques; based on a set of permission rules installed
by the administrator. A component of many firewalls usually used to block
traffic between the network and specific hosts on an IP port level. Not
very secure; used when "speed" is the only decision criteria.
/\
Server: The control computer on a local area
network that controls software access to workstations, printers and other
parts of the network. /\
Server-based Computing: An innovative,
server-based approach to delivering business-critical applications to
end-user devices, whereby an application’s logic executes on the server
and only the user interface is transmitted across a network to the
client. Its benefits include single-point management, universal
application access, bandwidth-independent performance, and improved
security for business applications. /\
Server Farm: A group of servers that are linked
together as a ‘single system image’ to provide centralized administration
and horizontal scaleability. /\
Session Shadowing: A feature of Citrix WinFrame and MetaFrame that
allows administrators and technical support staff to remotely join or
take control of a user’s session for diagnosis, support and training.
/\
Session Stealing: See IP Splicing. /\
Single-Point Control: Helps reduce the total cost
of application ownership by enabling applications and data to be
deployed, managed and supported at the server. Single-point control
enables application installations, updates and additions to be made once,
on the server, which are then instantly available to users anywhere.
/\
Smart Card: A credit-card-sized device with embedded
microelectronics circuitry for storing information about an individual.
This is not a key or token, as used in the remote access authentication
process. /\
Social Engineering: An attack based on deceiving users or
administrators at the target site. Social engineering attacks are
typically carried out by telephoning users or operators and pretending to
be an authorized user, to attempt to gain illicit access to systems.
/\
State Full Evaluation: Methodology using mixture of proxy or
filtering technology intermittently depending upon perceived threat
[and/or need for "speed"]. /\
-
T -
TCO: Total Cost of Ownership, a model that helps
IT professionals understand and manage the budgeted (direct) and
unbudgeted (indirect) costs incurred for acquiring, maintaining and using
an application or a computing system. TCO normally includes training,
upgrades, and administration as well as the purchase price. Lowering TCO
through single-point control is a key benefit of Server-based Computing.
/\
Thin Client: A low-cost computing device that works in a
server-centric computing model. Thin clients typically do not require
state-of-the-art, powerful processors and large amounts of RAM and ROM
because they access applications from a central server or network. Thin
clients can operate in a Server-based Computing environment.
/\
Token: A "token" is an authentication too, a device utilized to
send and receive challenges and responses during the user authentication
process. Tokens may be small, hand-held hardware devices similar to
pocket calculators or credit cards. See key. /\
Trojan Horse: 1) Any program designed to do things that the user
of the program did not intend to do or that disguises its harmful intent.
2) Program that installs itself while the user is making an authorized
entry; and, then are used to break-in and exploit the system.
/\
Tunneling Router: A router or system capable of routing traffic
by encrypting it and encapsulating it for transmission across an
untrusted network, for eventual de-encapsulation and decryption.
/\
Turn Commands: Commands inserted to forward mail to another
address for interception. /\
Two-Factor Authentication: Two-factor authentication is based on
something a user knows (factor one) plus something the user has (factor
two). In order to access a network, the user must have both "factors" -
just as he/she must have an ATM card and a Personal Identification Number
(PIN) to retrieve money from a bank account, In order to be authenticated
during the challenge/response process, users must have this specific
(private) information. /\
- U -
User: Any person
who interacts directly with a computer system.
/\
User ID: A unique character string that identifies users.
/\
User Identification: User identification is the process by which
a user identifies himself to the system as a valid user. (As opposed to
authentication, which is the process of establishing that the user is
indeed that user and has a right to use the system.)
/\
User Interface: The part of an application that
the user works with. User interfaces can be text-driven, such as DOS, or
graphical, such as Windows. /\
- V -
Virtual Network
Perimeter: A network that appears to be a single protected
network behind firewalls, which actually encompasses encrypted virtual
links over untrusted networks.
/\
Virus: A self-replicating code segment. Viruses may or may not
contain attack programs or trapdoors. /\
-
W -
Windows-Based Terminal (WBT): A fixed-function
thin client device that connects to a Citrix WinFrame or MetaFrame server
and Terminal Server to provide application access. The key differentiator
of a WBT from other thin devices is that all application execution occurs
on the server; there is no downloading or local processing of
applications at the client. /\
Windows NT 4.0, Terminal Server Edition: A
multi-user operating system for Windows NT 4.0 from Microsoft, formerly
called "Hydra." /\
-
XYZ -
Y2K: An acronym for the Year 2000 Problem that involves
three issues - two-digit data storage, leap year calculations and special
meanings for dates. /\ |
