|
|
|
IT-Glossary Abuse of Privilege: When a user performs an action that they should not have, according to organizational policy or law. Access: The ability to enter a secured area. The process of interacting with a system. Used as either a verb or a noun. Access Authorization: Permission granted to users, programs
or workstations. Access Control: A set of procedures performed by hardware,
software and administrators to monitor access, identify users requesting
access, record access attempts, and grant or deny access. Access Mediation: Process of monitoring and controlling
access to the resources of an IT product, including but not limited to
the monitoring and updating of policy attributes during accesses as well
as the protection of unauthorized or inappropriate accesses. Access port: A logical or physical identifier that
a computer uses to distinguish different terminal input/output data streams. Access Sharing: Permitting two or more users simultaneous
access to file servers or devices. Active Attack: An attack which results in an unauthorized
state change, such as the manipulation of files, or the adding of unauthorized
files. Administrative Security: The management constraints and supplemental
controls established to provide an acceptable level of protection for
data. AIS: Automated Information System - any equipment of an interconnected
system or subsystems of equipment that is used in the automatic acquisition,
storage, manipulation, control, display, transmission, or reception of
data and includes software, firmware, and hardware. Alert:
A formatted message describing a circumstance
relevant to network security. Alerts are often derived from critical audit
events. Alphanumeric Key: A sequence of letters, numbers, symbols
and blank spaces from one to 80 characters long. Ankle-Biter: A person who aspires to be a hacker/cracker but has very limited knowledge or skills related to AIS's. Usually associated with young teens who collect and use simple malicious programs obtained from the Internet. Anomaly Detection Model: A model where intrusions are detected by
looking for activity that is different from the user's or system's
normal behavior. Anonymous FTP: A guest account which allows anyone to
login to the FTP Server. It can be a point to begin access on the host
server. ANSI: The American National Standards Institute. Develops standards
for transmission storage, languages and protocols. Represents the Antivirus: A virus that specifically looks for and
removes another virus. Application Level Gateway [Firewall]: A firewall system in which service is provided by processes that maintain complete TCP connection state and sequencing. Application level firewalls often re-address traffic so that outgoing traffic appears to have originated from the firewall, rather than the internal host. Application Logic: The computational aspects of an application,
including a list of instructions that tells a software application how
to operate. ASIM: Automated Security Incident Measurement - Monitors network
traffic and collects information on targeted unit networks by detecting
unauthorized network activity. Asymmetric
cryptography: In
order to use asymmetric cryptography, each person receives a key pair;
one public key and one private key. Each person's public key is published,
while the private key is kept secret. The need for sender and receiver
sharing information about the secret is eliminated. The only requirement
is that public keys are associated with their users in a trusted (authenticated)
manner Attack: An attempt to subvert or bypass security controls on a
computer. The attack may alter, release, or deny data. Whether an attack
will succeed depends on the vulnerability of the computer system and the
effectiveness of existing countermeasures. Attacks may be active or passive.
An active attack attempts to alter or destroy data. A passive attack attempts
to intercept and read data without altering it. Audit: The independent collection of records to
access their veracity and completeness. Audit Trail: An audit trail may be on paper or on
disk. In computer security systems, a chronological record of when users
log in, how long they arc engaged in various activities, what they were
doing, whether any actual or attempted security violations occurred. Authenticate: In networking, to establish the validity
of a user or an object (i.e. communications server). Authentication: The process of establishing the legitimacy
of a node or user before allowing access to requested information. During
the process, the user enters a name or account number (identification)
and password (authentication). Authentication Tool: A software or hand-held hardware "key"
or "token" utilized during the user authentication process.
See key and token. Authentication Token: A portable device used for authenticating
a user. Authentication tokens operate by challenge/response, time-based
code sequences, or other techniques. This may include paper-based lists
of one-time passwords. Authorization: The process of determining
what @ of activities are permitted. Usually, authorization is in
the context of authentication. Once you have authenticated a user, the
user may be authorized different @s of access or activity. Automatic Data Processing (ADP) System: An assembly of computer hardware,
firmware, and software configured for the purpose of classifying, sorting,
calculating, computing, summarizing, transmitting and receiving, storing,
and retrieving data with a minimum of human intervention. Automated Security Monitoring: All security features needed to provide an acceptable level of protection for hardware, software, and classified, sensitive, unclassified or critical data, material, or processes in the system. Availability: The portion of time that a system can
be used for productive work, expressed as a percentage. Back Door: An entry point to a program or a system
that is hidden or disguised, often created by the software's author for
maintenance. A certain sequence of control characters permits access to
the system manager account. If the back door becomes known, unauthorized
users (or malicious software) can gain entry and cause damage. Backup plan: Synonymous with contingency plan. Bandwidth: Capacity of a network or data connection, often measured in kilobits/second (kbps) for digital transmissions. Bastion Host: A system that has been hardened to resist attack at some critical point of entry, and which is installed on a network in such a way that it is expected to come under attack. Bastion hosts are often components of firewalls, or may be 'outside" Web servers or public access systems. Generally, a bastion host is running some form of general purpose operating system (e.g., LNIX, VMS, WNT, etc.) rather than a ROM-based or firmware operating system. BDC: Backup Domain Controller: A copy of PDC information is kept on a "backup" machine to ensure high availability and spread network/system load in Lan Manager domains. Bell-La Padula Security Model: Formal-state transition model of computer security policy that describes a formal set of access controls based on information sensitivity and subject authorizations. Benign environment: A nonhostile environment that may be protected from external hostile elements by physical, personnel, and procedural security countermeasures. Between-the-lines entry: Unauthorized access obtained by tapping the temporarily inactive terminal of a legitimate user. Bimodal Virus: A virus that infects both boot records and files. Also called bipartite or multipartite. Binding of Security Functionality: The ability of security enforcing functions
and mechanisms to work together in a way which is mutually supportive
and provides an integrated and effective whole. Boot:
To start a computer so that it is ready
to run programs for the user. A PC can be booted either by turning its
power on, or by pressing Ctrl+Alt+ Boot Records: Those areas on diskettes or hard disks that contain some of the first instructions executed by a PC when it is booting. Boot records must be loaded and executed in order to load the operating system. Viruses that infect boot records change the boot records to include a copy of themselves. When the PC boots, the virus program is run and will typically install itself in memory before the operating system is loaded. Boot-sector-infecting virus: Some viruses infect the boot records of
hard disks and diskettes. They typically do so by replacing the existing
boot record with their own code. The virus is executed when the system
is booted from the hard disk or diskette, and installs its own code in
the system's memory so that it can infect other hard disks or diskettes
later. Once that has happened, the virus will usually execute the normal
boot program, which it stores elsewhere on the disk. Biometric Access Control: Any means of controlling access through
human measurements, such as fingerprinting and voiceprinting. Block Oriented Encryption: Encryption methods where the data to be
encrypted is divided into blocks of equal length, on which the key is
then applied according to the respective method. Bug:
An error in the design or implementation
of a program that causes it to do something that neither the user nor
the program author had intended to be done.
Business-Critical Applications: The vital software needed to run a business,
whether custom-written or commercially packaged, such as accounting/finance,
ERP, manufacturing, human resources, sales databases, etc. Blue bomb: (also known as "the blue screen
of death" or "WinNuke") a technique for causing the Windows operating system of someone
you're communicating with to crash or suddenly terminate. The "blue
bomb" is actually an out-of-band network packet containing information
that the operating system can't process. This condition causes the operating
system to "crash" or terminate prematurely. The operating system
can usually be restarted without any permanent damage other than possible
loss of unsaved data when you crashed. The blue bomb derives its name
from the effect it sometimes causes on the display as the operating system
is terminating - a white-on-blue error screen. Blue bombs are sometimes
sent by multi-player game participants who are about to lose or users
of Internet Relay Chat (IRC) who are making a final comment. This is known
as "nuking" someone. The program that causes the blue bomb is
known as WinNuke. Many Internet service providers
are filtering out the packets so they don't reach users. Buffer
overflow:
A buffer overflow occurs when a buffer was assigned by a programmer to
hold variable data, and the variable data placed into that buffer exceeds
the size of the initial of the buffer assignment. Depending on the operating
system and exactly what the "extra" data overflowing the buffer
is, this can be used by a hacker to cause portions of a system to fail,
or even execute arbitrary code. Most buffer overflow exploits centre around
user-supplied data exceeding a buffer, and the extra data being executed
on the stack to open up additional access. Buffer overflows exist on all
major network operating systems.
Call back: A procedure for identifying a remote terminal.
In a call back, the host system disconnects the caller and then dials
the authorized telephone number of the remote terminal to reestablish
the connection. Synonymous with dial back. CERT: The Computer Emergency Response Team was established at Certificate: Digital equivalent of an identity card.
It contains, among other things, the name of its owner, the name of the
issuing authority, a validity period, and the public part of an asymmetric
key pair. With the digital signature from the certification authority,
the public key is uniquely linked to its user. Certification body: An independent and impartial national
organization that performs certification. Also referred to as an evaluation
body or entity. Certificate Path: In PKIs, certificates
are arranged in a hierarchical structure. The root certification authority's
certificate is on the uppermost node. This certification authority certifies
other certification authorities where necessary. User certificates are
located at the bottom of the hierarchy. So that all users can communicate
with each other within this hierarchy, each participant needs the certificate
path to the root certification authority. This enables all users to check
any certificate within this hierarchy for authenticity and validity. Certificate Revocation List: (Short: CRL.) List of certificates that
have been declared invalid before their expiry date by the issuing CA.
The CA maintains this list and is obliged to publish it, i.e. update it
regularly and put it at the disposal of all participants. Challenge/Response: A security procedure in which one communicator
requests authentication of another communicator, and the latter replies
with a pre-established appropriate reply. Channel: An information transfer path within a
system. May also refer to the mechanism by which the path is effected. Chroot: A technique under UNIX whereby a process
is permanently restricted to an isolated subset of the file system. Cipher: A cipher is an encryption-decryption
algorithm. Ciphertext: Ciphertext is the product of encryption.
It is text that has been encoded in such a way, that it can only be decoded
again by individuals possessing the appropriate key. Client/Device: Hardware that retrieves information from
a server. Closed security environment: An environment in which both of the following
conditions hold true: (1) Application developers (including maintainers)
have sufficient clearances and authorizations to provide an acceptable
presumption that they have not introduced malicious logic and (2) configuration
control provides sufficient assurance that applications and the equipment
are protected against the introduction of malicious logic prior to and
during the operation of system applications. Closed user group: A closed user group permits users belonging
to a group to communicate with each other, but precludes communications
with other users who are not members of the group. Clustering: Group of independent systems working together
as a single system. Clustering technology allows groups of servers to
access a single disk array containing applications and data. Cluster
virus: A virus that
infects disks or diskettes by modifying their file systems so that every
program file entry points to the virus code. The virus code only exists
in one physical place on the disk, but running any program on the disk
will run the virus as well. So, cluster viruses can appear to infect every
program on a disk. Coded File: In encryption, a coded file contains unreadable
information. COM
File: A PC-DOS binary image that is loaded into
memory. It has restrictions in size and method of program load. It generally
loads somewhat faster than an EXE file and has a simpler structure. Combined Evaluation: Method using proxy and state or filter
evaluations as allowed by administrator. Communication channel: The physical media and devices which provide
the means for transmitting information from one component of a network
to (one or more) other components. Communication link: The physical means of connecting one location
to another for the purpose of transmitting and/or receiving data. Communications security (COMSEC): Measures taken to deny unauthorized persons
information derived from Communications Server: Procedures designed to ensure that telecommunications
messages maintain their integrity and are not accessible by unauthorized
individuals. Companion virus: A virus that creates a new program with
the same file name as an existing program, but in a different place or
with a different file type, so that typing the program's name on the command
line causes the virus program to be executed instead of the original program.
For instance, a companion virus could create a file name FOO.COM that
contained its code, if a program named FOO.EXE already existed. When the
user types FOO on the command line, FOO.COM would get executed instead
of FOO.EXE. Compartment: A designation applied to a type of sensitive
information, indicating the special handling procedures to be used for
the information and the general class of people who may have access to
the information. It can refer to the designation of information belonging
to one or more categories. Compromise: A violation of the security system such
that an unauthorized disclosure of sensitive information may have occurred. Compromising emanations: Unintentional data-related or intelligence-bearing
signals that, if intercepted and analyzed, disclose the information transmission
received, handled, or otherwise processed by any information processing
equipment. Computer abuse: The misuse, alteration, disruption, or
destruction of data processing resources. The key aspect is that it is
intentional and improper. Computer architecture: The set of layers and protocols (including
formats and standards that different hardware/software must comply with
to achieve stated objectives) which define a computer system. Computer
architecture features can be available to application programs and system
programmers in several modes, including a protected mode. For example,
the system-level features of computer architecture may include: (1) memory
management, (2) protection, (3) multitasking, (4) input/output, (5) exceptions
and multiprocessing, (6) initialization, (7) coprocessing
and multiprocessing, (8) debugging, and (9) cache management. Computer cryptography: The use of a cryptoalgorithm
in a computer, microprocessor, or microcomputer to perform encryption
or decryption in order to protect information or to authenticate users,
sources, or information. Computer Security: Technological and managerial procedures
applied to computer systems to ensure the availability, integrity and
confidentiality of information managed by the computer system. Computer security subsystem: A device designed to provide limited computer
security features in a larger system environment. Computer Security Technical Vulnerability
Reporting Program (CSTVRP): A program that focuses on technical vulnerabilities in commercially
available hardware, firmware and software products acquired by DoD. CSTVRP provides for the reporting, cataloging, and
discreet dissemination of technical vulnerability and corrective measure
information to DoD components on a need-to-know
basis. Concealment system: A method of achieving confidentiality
in which sensitive information is hidden by embedding it in irrelevant
data. Confidentiality: A message is confidential when its contents
can only be read by authorized recipients. Without encryption, message
contents can be read by third parties, unnoticed by sender and addressee.
By using powerful encryption algorithms it is guaranteed that only entitled
recipients can read the contents. Configuration: Selection of one of the sets of possible
combinations of features of a system. Configuration control: The process of controlling modifications
to the system's hardware, firmware, software, and Configuration management: The management of security features and
assurances through control of changes made to a system's hardware, software,
firmware, documentation, test, test fixtures, and test documentation throughout
the development and operational life of the system. Confinement: The prevention of the leaking of sensitive
data from a program. Cookie: The most common meaning of "Cookie"
on the Internet refers to a piece of information sent by a Web Server
to a Web Browser that the Browser software is expected to save and to
send back to the Server whenever the browser makes additional requests
from the Server. Depending on the type of Cookie used, and the Browser's
settings, the Browser may accept or not accept the Cookie, and may save
the Cookie for either a short time or a long time. Cross Certification: Process where a CA of one PKI issues a
certificate on the public key of a CA of another PKI. Establishes interoperability,
since certificates of the latter PKI can be verified by individuals of
the former PKI. Cracker: A cracker is someone who breaks
into someone else's computer system, often on a network. A cracker can
be doing this for profit, maliciously, for some altruistic purpose or
cause, or because the challenge is there. Some breaking-and-entering has
been done ostensibly to point out weaknesses in a site's security system. CRC:Cyclic Redundancy Code. A CRC is a type of checksum.
A checksum algorithm takes a file (or other string of bytes) and calculates from it a few bytes (the checksum) that
depend on the entire file. The idea is that, if anything in the file changes,
the checksum will change. CRC checksums are usually used to detect random,
uncorrelated changes in files. Cryptanalysis: Study of how to defeat (compromise) cryptographic
mechanisms. See also: Cryptography and Cryptology. Cryptography: Mathematical discipline that is concerned
with finding methods for keeping communications private, unimpaired, and
authentic. Today's cryptography is based on the existence of mathematical
problems that are believed (by experts) to be difficult. Cryptology: Discipline of cryptography
and cryptanalysis
combined. Cryptosystem: A cryptosystem is a system for encrypting
and decrypting data. Encryption involves an algorithm for combining the
original data (plaintext) with one or more keys - numbers or strings of
characters known only to the sender and/or recipient. The resulting output
is known as ciphertext. The security of a cryptosystem
usually depends on the secrecy of (some of) the keys rather than on the
supposed secrecy of the algorithm. A strong cryptosystem has a large range
of possible keys so that it is not possible to just try all possible keys.
A strong cryptosystem will produce Ciphertext that appears random to all standard statistical
tests. A strong cryptosystem will resist all known previous methods for
breaking codes (cryptanalysis). Cryptographic Checksum: A one-way function applied to a file to
produce a unique "fingerprint" of the file for later reference.
Checksum systems are a primary means of detecting file system tampering
on UNIX. Cryptware: Software
that allows performing encryption. and/or decryption of data Data Driven Attack: A form of attack in which the attack
is encoded in innocuous-seeming data which is executed by a user or other
software to implement an attack. In the case of firewalls, a data driven
attack is a concern since it may get through the fir-firewall in data
form and launch an attack against a system behind the firewall. Data Encryption Standard: An encryption standard developed by EBM
and then tested and adopted by the National Bureau of Standards. Published
in 1977, the DES standard has proven itself over nearly 20 years of use
in both government and private sectors. Decode: Conversion of encoded text to plain text
through the use of a code. Decrypt: Conversion of either encoded or enciphered
text into plaintext. Dedicated: A special purpose device. Although it
is capable of performing other duties, it is assigned to only one. Defense in Depth: The security approach whereby each system
on the network is secured to the greatest possible degree. May be used
in conjunction with firewalls. Daemon: (pronounced and sometimes spelled like "demon")
is a program that runs continuously and exists for the purpose of handling
periodic service requests that a computer system expects to receive. The
daemon program forwards the requests to other programs (or processes)
as appropriate. Each server of pages on the Web has an HTTPD or Hypertext
Transport Protocol daemon that continually waits for requests to come
in from Web clients and their users. DES: Data Encryption Standard. Symmetric encryption procedure with
56 bytes key length. DES was developed by IBM and published on DES3: Triple-DES-Algorithm: The simple DES algorithm no longer being
considered secure, it was extended to the – currently secure – Triple-DES-algorithm.
It runs DES three times, either with two or with three different keys,
being equivalent to an effective key length of 113 resp. 168 bit. Digest: A hash value (or digest) is a number generated
from a string of text. The hash value is substantially smaller than the
text itself, and is generated by a formula in such a way that it is extremely
unlikely that some other text will result in the same hash value. Hashing
can be used to check the integrity of data: if someone produces a hash
value and sends it along with the message, the receiver can produce a
hash value on receipt of the message. If the receiver's hash matches the
one that was sent along with the message, the original message has not
been changed. Digital Envelop: A cryptographic technique to encrypt data
and send the encryption key along with the data. Generally, a symmetric
algorithm is used to encrypt the data and an asymmetric algorithm is used
to encrypt the encryption key. DoS Denial of Service: A DoS attack is commonly referred to
as a "hack" because it is a malicious offensive against another
computer system; but unlike most other hacks, it does not involve the
attacker gaining access or entry into the target server. Instead, a DoS is a massive stream of information
sent to a target with the intention of flooding it until it crashes or
can no longer take legitimate traffic. The information is frequently in
the form of "pings," which are small packets of data sent by
one computer to another with the intention of checking to see if the other
computer is accessible. The target computer responds to the ping and the
connection is made. But if the pinger gives
a false address, the target computer can't return the ping to make the
connection. In that case, the target waits and finally gives up. In great
amounts, this can overwhelm a server. DNS: Domain name service, allows the resolution of hostnames to
IP addresses and vice versa in large networks. DNS Spoofing: Assuming the DNS name of another system
by either corrupting the name service cache of a victim system, or by
compromising a domain name server for a valid domain. Dual Homed Gateway: 1) A system that has two or more network
interfaces, each of which is connected to a different network. In firewall
configurations, a dual homed gateway usually acts to block or filter some
or all of the traffic trying to pass between the networks. 2) A firewall
implement without the use of a screening router. Encryption: The process of scrambling files or programs,
changing one character string to another through an algorithm (such as
the DES algorithm). End-to-End Encryption: Encryption at the point of origin in a
network, followed by decryption at the destination. Entrapment: The deliberate use of apparent security
weakness with the specific purpose of detecting those who are likely to
exploit and genuine weakness. Environment: The aggregate of external circumstances,
conditions and events that affect the development, operation and maintenance
of a system. Ethernet
spoofing: Any procedure
that involves assuming another host's Ethernet address to gain unauthorized
access to the target. EXE
File: A PC-DOS executable file similar to a COM
file, except that it is not restricted in size (except for memory limitations),
and that it may contain relocatable code. Extranet: "Extranet" refers to extending
the LAN via remote or Internet access to partners outside your organization
such as frequent suppliers and purchasers. Such relationships should
be over authenticated link to authorized segments of the LAN and are frequently
encrypted for privacy." Fat Client: A computing device, such as a PC or Macintosh, that includes an operating system, RAM, ROM, a powerful processor and a wide range of installed applications that can execute on the desktop or 100% on the server under a Server-based Computing architecture. Fat clients can operate in a Server-based Computing environment. Fault Tolerance: A design method that ensures continued
systems operation in the event of individual failures by providing redundant
system elements. File-infecting virus: Some viruses infect executable files. There are a variety of mechanisms that they use to do so. Usually, the virus will get control when the program is first executed. In most cases, the virus will return control to the original program after it has completed its own execution. Firewall: A system or combination of systems that enforces a boundary between two or more networks. FIRST: Forum of Incident Response and Security Teams
Flooding programs: Code which when executed will bombard
the selected system with requests in an effort to slow down or shut down
the system. FTP: FTP (File Transfer Protocol), a standard Internet protocol,
is the simplest way to exchange files between computers on the Internet.
Like the Hypertext Transfer Protocol (HTTP), which transfers displayable
Web pages and related files, and the Simple Mail Transfer Protocol (SMTP),
which transfers e-mail, FTP is an application protocol that uses the Internet's
TCP/IP protocols. FTP is commonly used to transfer Web page files from
their creator to the computer that acts as their server for everyone on
the Internet. It's also commonly used to download programs and other files
to your computer from other servers.
Gateway: A bridge between two networks. Generic Utilities: General purpose code and devices; i.e.,
screen grabbers and sniffers that look at data
and capture information like passwords, keys and secrets. Global Security: The ability of an access control package
to permit protection across a variety of mainframe environments, providing
users with a common security interface to all. Granularity: The relative fineness or coarseness by
which a mechanism can be adjusted. Hack: Any software in which a significant portion of the code was
originally another program. Hacker: Those intent upon entering an environment to
which they are not entitled entry for whatever purpose [entertainment,
profit, theft, prank, etc.]. Usually iterative techniques escalating to
more advanced methodologies and use of devices to intercept the communications
property of another. Handshake: Parameter exchange preceding the actual
data transmission. Hash Function: (Also: Hash Algorithm.) Function for computing
from any input data a cryptographic checksum of given length. For good
hash functions it is extremely improbable to retrieve the input data from
the hash value or to find different inputs resulting in the same hash
value. Hashing: Hashing means producing hash values, also
called digests, for accessing data or for security. A hash value (or digest)
is a number generated from a string of text. The hash value is substantially
smaller than the text itself, and is generated by a formula in such a
way that it is extremely unlikely that some other text will result in
the same hash value. Hashing can be used to check the integrity of data:
if someone produces a hash value and sends it along with the message,
the receiver can produce a hash value on receipt of the message. If the
receiver's hash matches the one that was sent along with the message,
the original message has not been changed.
Hash Value: (Also: Fingerprint.) Result of hash function. Hybrid Process: Combination of symmetric and asymmetric
cryptography. In a first step, the message is encrypted symmetrically,
the encryption key used is then encrypted asymmetrically with the recipient's
public key, and sent along with the encrypted message. The recipient decrypts
with his private key the symmetric encryption key and with this decrypts
the message. Recommended for large amounts of data and for encryption
for many recipients. Host: Any computer that has full two-way access
to other computers on the Internet. A host has a specific "local
or host number" that, together with the network number, forms its
unique Internet Protocol address. If you use PPP to get access to your
access provider, you have a unique IP address for the duration of any
connection you make to the Internet and your computer is a host for that
period. In this context, a "host" is a node in a network. Host-based Security: The technique of securing an individual
system from attack. Host-based security is operating system and version
dependent. Hot Standby: A backup system configured in such a way
that it may be used if the system goes down. Hybrid Gateways: An unusual configuration with routers
that maintain the complete state of the TCP/IP connections or examine
the traffic to try to detect and prevent attack [may involve baston
host]. If very complicated it is difficult to attach; and, difficult to
maintain and audit. ICA: An acronym for Citrix's Independent Computing Architecture,
a three-part Server-based Computing technology that separates an application's
logic from its user interface and allows 100% application execution on
the server. IDEA:International Data Encryption Algorithm. Symmetric algorithm, developed at ETH Zürich
( IETF: Internet Engineering Task Force. Open international community
of network designers, operators, vendors, and researchers concerned with
the evolution of the Internet architecture and the smooth operation of
the Internet. It is open to any interested individual. The actual technical
work of the IETF is done in working groups, which are organized by topic
into several areas (e.g., routing, transport, security, etc.). Much of
the work is handled via mailing lists. The IETF holds meetings three times
per year. Standards are expressed in the form of Requests for Comments
(RFCs). Incident: For purpose of this document the term
"incident" implies an incident related to computer security. Information Systems Technology: The protection of information assets from
accidental or intentional but unauthorized disclosure, modification, or
destruction, or the inability to process that information. Insider Attack: An attack originating from inside a protected
network. Integrity:
That aspect of security that deals with
the correctness of information or its processing. An attack on integrity
would seek to erase a file that should not be erased, alter an element
of a database improperly, corrupt the audit trail for a series of events,
propagate a virus, etc. Internet (The Beginning): The Internet had its roots in early 1969
when the ARPANET was formed. ARPA stands for Advanced Research Projects
Agency (which was part of the U.S. Department of Defense). One of the
goals of ARPANET was research in distributed computer systems for military
purposes. The first configuration involved four computers and was designed
to demonstrate the feasibility of building networks using computers dispersed
over a wide area. The advent of OPEN networks in the late 1980's required
a new model of communications. The amalgamation of many types of systems
into mixed environments demanded better translator between these operating
systems and a non-proprietary approach to networking in general. Telecommunications
Protocol/Internet Protocol {TCP/IP) provided the best solutions to this. Internet (TOM): A web of different, intercommunicating
networks funded by both commercial and government organizations. It connects
networks in 40 countries. No one owns or runs the Internet. There are thousands of enterprise networks connected to the Internet,
and there are millions of users, with thousands more joining every day. Internet Protocol: handles the address part of each data
packet that is transmitted from one computer to another on the Internet.
(A protocol is the set of rules computers use to talk to each other.)
Each computer (or host) on the Internet has a unique address containing
four numbers separated by periods (for example, 199.0.0.2). Each file
you request (for example, someone's Web home page) is identified in part
by a domain name that maps to the Internet address of its computer. The
file you request is in turn sent to you at your associated Internet address
by the IPs at either end of the exchange. Intranet: Closed, non-public network that is contained
e.g. within an enterprise. IPSec: Internet Protocol Security. Protocol (based on the IP) to
ensure authenticity, privacy, and integrity during data exchange. Intrusion Detection: Detection of break-ins or break-in attempts
either manually via software expert systems that operate on logs or other
information available on the network. IP
address: In the most widely installed level of
the Internet Protocol (IP) today, an IP address is a 32-bit number that
identifies each sender or receiver of information that is sent in packets
across the Internet. When you request an HTML page or send e-mail, the
Internet Protocol part of TCP/IP includes your IP address in the message
(actually, in each of the packets if more than one is required) and sends
it to the IP address that is obtained by looking up the domain name in
the URL you requested or in the e-mail address you're sending a note to.
At the other end, the recipient can see the IP address of the Web page
requestor or the e-mail sender and can respond by sending another message
using the IP address it received.
IP Sniffing: Stealing network addresses by reading
the packets. Harmful data is then sent stamped with internal trusted addresses. IP Spoofing: An attack whereby an active, established,
session is intercepted and co-opted by the attacker. EP Splicing attacks
may occur after an authentication has been made, permitting the attacker
to assume the role of an already authorized user. Primary protections
against IP Splicing rely on encryption at the session or network layer. IP Spoofing: An attack whereby a system attempts to
illicitly impersonate another system by using its EP network address. IRT: Incident Response Team. Similar to CSIRC and IHT this
is another acronym for CERTs. ISO: International Standards Organization sets standards for data
communications. ISSA: Information Systems Security Association. Key: In encryption, a key is a sequence of characters used to
encode and decode a file. You can enter a key in two formats: alphanumeric
and condensed (hexadecimal). In the network access security market, "key"
often refers to the "token," or authentication tool, a device
utilized to send and receive challenges and responses during the user
authentication process. Keys may be small, hand-held hardware devices
similar to pocket calculators or credit cards, or they may be loaded onto
a PC as copy-protected, software. Key Recovery: General term encompassing numerous ways
of permitting emergency access to cryptographic keys, e.g. if a key
is lost, by cryptographic techniques. LDAP: Lightweight Directory Access Protocol. Protocol
with which access to directory services is given, used to query, for example,
certificates or e-mail addresses. Least Privilege: Designing operational aspects of a system
to operate with a minimum amount of system privilege. This reduces the
authorization level at which various actions are performed and decreases
the chance that a process or user with high privileges may be caused to
perform unauthorized activity resulting in a security breach. Load
balancing: Distributing processing and communications
activity evenly across a computer network so that no single device is
overwhelmed. Load balancing is especially important for networks where
it's difficult to predict the number of requests that will be issued to
a server. Busy Web sites typically employ two or more Web servers in a
load balancing scheme. If one server starts to get swamped, requests are
forwarded to another server with more capacity. Load balancing can also
refer to the communications channels themselves.
Local Area Network (LAN): An interconnected system of computers
and peripherals, LAN users share data stored on hard disks and can share
printers connected to the network. Logging: The process of storing information about
events that occurred on the firewall or network. Logic
bomb: Any program or code, generally malicious,
that causes a system to lock up or fail. Log Processing: How audit logs are processed, searched
for key events, or summarized. Log Retention: How long audit logs are retained and maintained. Mail Bomb: The mail sent to urge others to sent massive
amounts of e-mail to a single system or person, with the intent to crash
the recipient's system. MFT: Multi Functional Terminal. A client/server system from Unisys
(B38 terminal) which runs the CTOS operating system. Used for making contracts,
accessing Terco and word-processing. 3270 and
VT emulators are available. Mobile Code: A program downloaded from the internet
that runs automatically on a computer with little or no user interaction. Multi-User: The ability for multiple concurrent users
to log on and run applications from a single server. Master Boot Records: Those
boot records on PC hard disks that define the structure of the information
on the disk. There is only one master boot record on each physical hard
disk. Each logical disk drive (C:) has a system
boot record associated with it.
Network Computer (NC): A "thin" client hardware device that executes applications locally by downloading them from the network. NCs adhere to a specification jointly developed by Sun, IBM, Oracle, Apple and Netscape. They typically run Java applets within a Java browser, or Java applications within the Java Virtual Machine. Network Computing Architecture: A computing architecture in which components
are dynamically downloaded from the network into the client device for
execution by the client. The Java programming language is at the core
of network computing. Network-Level Firewall: A firewall in which traffic is examined
at the network protocol packet level. Network Worm: A program or command file that uses a
computer network as a means for adversely affecting a system's integrity,
reliability or availability, A network worm may attack from one system
to another by establishing a network connection. It is usually a self-contained
program that does not need to attach itself to a host file to infiltrate
network after network. NSA: National Security Agency. US-American governmental agency
with a mandate to listen to and decode foreign communications of interest
to Nuking: a technique for causing the Windows operating
system of someone you're communicating with to crash or suddenly terminate.
The "nuke" is actually an out-of-band network packet containing
information that the operating system can't process. This condition causes
the operating system to "crash" or terminate prematurely. The
operating system can usually be restarted without any permanent damage
other than possible loss of unsaved data when you crashed One-Time Password: In network security, a password issued
only once as a result of a challenge-response authentication process.
Cannot be "stolen" or reused for unauthorized access. OOB: (Out of Band) the urgent data transmission method that
is exploited in WinNuke's. Operating System: System software that controls a computer and its peripherals. Modern operating systems such as Windows 95 and NT handle many of a computer’s basic functions. Orange Book: The Department of Defense Trusted Computer
System Evaluation Criteria. It provides information to classify computer
systems, defining the degree of trust that may be placed in them.
Packet sniffer: A device or program that monitors the
data traveling between computers on a network. Password: A secret code assigned to a user. A@ known
by the computer system. Knowledge of the password associated with the
user ID is considered proof of authorization. (See One-Time Password.) Password
sniffing: The use of a sniffer
to capture passwords as they pass across a network. The network could
be a local area network. The network could be a local area network, or
the Internet itself. The sniffer could be hardware
or software. A favorite method for installing a password sniffer
onto a local area network would be trough the use of a Trojan Horse. PDC: Primary Domain Controller: The principal NT server containing
user account information in a domain. PEM: Privacy Enhanced Mail. Format for the digital signing of texts
and the sending of certificates. Additionally, encryption can be carried
out. The format is framed in such a way that it can be sent regardless
of the transport path and the e-mail applications. PEM documents are suited
for local verification of signatures and privacy because they keep their
security enhancements after being received. Thus PEM serves well for document
security in general. (See also MailTrusT.) Performance: A major factor in determining the overall
productivity of a system, performance is primarily tied to availability,
throughput and response time. Perimeter-based Security: The technique of securing a network by
controlling access to all entry and exit points of the network. PGP: Pretty Good Privacy. Developed 1991 by Phil Zimmermann. PKI
based on mutual trust between the participants; used mainly by individuals
in the non-commercial sector. Piggyback
attack: The gaining
of unauthorized access to a system via an another
user's legitimate connection.
PIN: In computer security, a personal identification number used
during the authentication process. Known only to the user. (See Challenge/Response,
Two-Factor Authentication.) PKCS: Public Key Cryptography System, Public Key Cryptography Standards.
Collection of standards for the exchange of information via the Internet. Policy: Organizational-level rules governing acceptable
use of computing resources, security practices, and operational procedures. Port: An electronic connection that allows data to travel between
a client PC and a server on the network. Port Scan: Data sent by the cracker over the Internet
to locate a PC or network and determine whether it has open ports that
will accept a connection. Private Key: In encryption, one key (or password)
is used to both lock and unlock data. Compare with public key. Privacy: Privacy of data means that only persons
who are entitled to can read these data. The transport protocols usually
used in networks cannot prevent unauthorized persons to read data undetected.
Using strong cryptography, however, can guarantee privacy. Protocols: Agreed-upon methods of communications
used by computers. Prototype Certificate: Certificate containing a signature that
has been generated by one's own private key. Only after certification
of the prototype certificate by a CA does it become a real certificate. Proxy: 1) A method of replacing the code for service applications
with an improved version that is more security aware. Preferred method
is by "service communities", i.e. Oracle, rather than individual
applications. Evolved from socket implementations. 2) A software agent
that acts on behalf of a user. Typical proxies accept a connection from
a user, make a decision as to whether or not the user or client IP address
is permitted to use the proxy, perhaps does additional authentication,
and then completes a connection on behalf of the user to a remote destination. Public Key: In encryption a two-key system in which
the key used to lock data is made public, so everyone can "lock."
A second private key is used to unlock or decrypt. Public Key Infrastructure (PKI) : The
set of hardware, software, people, policies, and procedures needed to
create, manage, store, distribute, and revoke certificates based on public
key cryptography. A PKI where users are certified by a superior CA
enables an authenticated communication, provided that the users have a
common point of trust. RAS: Remote Access Service: Microsoft's utility
for connecting computers over Dialup lines or for connecting laptops. RC4: A cipher designed by RSA Data Security, Inc., which can accept
keys of arbitrary length, and is essentially a pseudo random number generator
with the output of the generator being XORed
with the data stream to produce the encrypted data. For this reason, it
is very important that the same RC4 key never be used to encrypt two different
data streams. The algorithm is very fast, its security is unknown, but
breaking it does not seem trivial either. Registry: the space where Windows stores most
application and system data. Stored in the file system.1st
and accessible through the program regedit. Registration Authority: Registers users' requests for certification
and passes them to the relevant CA for issuance. Takes charge of the administration
of the issued user certificates Remote Access: The hookup of a remote computing device via communications lines such as ordinary phone lines or wide area networks to access network applications and information. Remote Presentation Services Protocol:
A protocol is a set of rules and procedures
for exchanging data between computers on a network. A remote presentation
services protocol transfers user interface, keystrokes, and mouse movements
between a server and client. Replicator: Any program that acts to produce copies
of itself examples include, a worm, a fork bomb or virus. It is even claimed
by some that UNIX and C are the symbiotic halves of an extremely successful
replicator.
Resident Extension: In PC-DOS, programs can install a part
of themselves in memory, and this part can remain active after the program
has ended. This memory resident part is called a resident extension, since
it is effectively an extension to the operating system. Many viruses install
themselves as resident extensions, which will then look for files to infect
when those files are accessed or executed later. Revocation: For several reasons a certificate may need
to be revoked, i.e. need to be declared invalid prior to the expiration
of the validity period. Circumstances which might cause a certificate
revocation could be, e.g., if the holder's name changes, if association
between subject and CA changes, if the secret key is compromised or is
suspected to be compromised, or if the holder misuses his certificate. Risk Analysis: The analysis of an organization's information
resources, existing controls and computer system vulnerabilities. It establishes
a potential level of damage in dollars and/or other assets. Rogue program: Any program intended to damage programs
or data. Encompasses malicious Trojan Horses. Root Authority: (Also: Root Certificate: Certificate of the highest certification
authority of a hierarchy (root
authority). It is the basis of all trust in a hierarchical PKI.
A PSE
with certificate is tightly bound to the certification hierarchy and the
root certificate. The tight binding allows trustworthy communications
with other partners, even when they have been certified by subordinate
certification authorities. Rootkit: A
hacker security tool that captures passwords and message traffic to and
from a computer. A collection of tools that allows a hacker to provide
a backdoor into a system, collect information on other systems on the
network, mask the fact that the system is compromised, and much more.
Rootkit is a classic example of Trojan horse
software. Router: a device or, in some cases, software
in a computer, that determines the next network point to which a packet
should be forwarded toward its final destination. The router is connected
to at least two networks and decides which way to send each information
packet based on its current understanding of the state of the networks
it is connected to. A router is located at any juncture networks or gatway, including each Internet point of presence. A router
is often included as part of a network switch. RSA: A public key cryptosystem named by its inventors, Rivest, Shamir and Adelman, who hold the patent.
S/MIME: Secure/Multipurpose Internet Mail Extensions,
S/MIME provides a standard way to send and receive secure electronic mail.
Based on the popular Internet MIME standard (RFC 1521), S/MIME provides
authentication, message integrity, privacy and non-repudiation of origin
of electronic messages, using digital signatures and encryption.
Satan: Security administrator's tools for analyzing networks. A
TCP/IP port scanner that checks remote hosts for common misconfiguration
problems and security vulnerabilities.
Self-Extracting Files: A file which,
when run, decompresses part of itself into one or more new files. It is
common to store and transmit groups of files in a self-extracting file
to conserve both disk space and transmission time. If infected files are
compressed into a self-extracting file, anti-virus programs that only
scan files will not necessarily be able to detect the virus. To scan such
files, you must first extract and then scan their constituent files. Self-Garbling Viruses: Some viruses attempt to hide from virus
scanning programs by keeping most of their code garbled in some way, and
changing the garbling each time they spread. When such a virus runs, a
small header degarbles the body of the virus
and then branches to it. Server: The control computer on a local area network
that controls software access to workstations, printers and other parts
of the network. Server-based Computing: An innovative, server-based approach to
delivering business-critical applications to end-user devices, whereby
an application’s logic executes on the server and only the user interface
is transmitted across a network to the client. Its benefits include single-point
management, universal application access, bandwidth-independent performance, and improved security for business applications.
Server
certificate: A digital
document attesting to the binding of a given server to a given company
or organization. Server Farm: A group of servers that are linked together
as a ‘single system image’ to provide centralized administration and horizontal
scaleability. Session Shadowing: A feature of Citrix WinFrame
and MetaFrame that allows administrators and
technical support staff to remotely join or take control of a user’s session
for diagnosis, support and training. SET: Short for Secure Electronic Transaction, a new standard that
enables secure credit card transactions on the Internet. SET has been
endorsed by virtually all the major players in the electronic commerce
arena, including Microsoft, Netscape, Visa, and Mastercard.
By employing digital signatures, SET will enable merchants to verify that
buyers are who they claim to be. And it will protect buyers by providing
a mechanism for their credit card number to be transferred directly to
the credit card issuer for verification and billing without the merchant
being able to see the number. Scalability: The ability to expand a computing solution
to support large numbers of users without impacting performance.
Screened Host Gateway: A host on a network behind a screening
router. The degree to which a screened host may be accessed depends on
the screening rules in the router. Screened Subnet: An isolated subnet created behind a screening
router to protect the private network. The degree to which the subnet
may be accessed depends on the screening rules in the router. Screening Router: A router configured to permit or deny
traffic using filtering techniques; based on a set of permission rules
installed by the administrator. A component of many firewalls usually
used to block traffic between the network and specific hosts on an IP
port level. Not very secure; used when "speed" is the only decision
criteria. Signature: A search pattern, often a simple string
of bytes, that is expected to be found in every
instance of a particular virus. Usually, different viruses have different
signatures. Stealth Viruses: Some viruses attempt to hide from detection
programs by hiding their presence in boot records or files. When such
viruses are run, they install a resident extension. This resident extension
intercepts various disk accesses, determines if its own code is part of
the disk access, and removes the code before giving the data to the calling
program. The result is that the virus can be in several places on the
disk, but normal reads of the disk will not reveal it. System Boot Records: Each logical PC-DOS or OS/2 drive (e.g.
C:, D:, etc.) has a system boot record associated
with it. The system boot record contains code that tells the system about
that logical drive and tables that contain an index to the files on it. Single-Point Control: Helps reduce the total cost of application
ownership by enabling applications and data to be deployed, managed and
supported at the server. Single-point control enables application installations,
updates and additions to be made once, on the server, which are then instantly
available to users anywhere. Smart Card: A credit-card-sized device with embedded
microelectronics circuitry for storing information about an individual.
This is not a key or token, as used in the remote access authentication
process. S/MIME: Secure Multipurpose Internet Mail Extension.
The new standard for security enhancement of e-mail is S/MIME. The advantage
(as opposed to PEM and MailTrusT) lies in its
ability to transport complete mails with attachments in one security package. Smurfing: A denial of service attack in which an attacker spoofs the source
address of an echo-request ICMP (ping) packet to the broadcast address
for a network, causing the machines in the network to respond en masse
to the victim thereby clogging its network
Sniffer: A sniffer
is a program that monitors and analyzes network traffic, detecting bottlenecks
and problems. Using this information, a network manager can keep traffic
flowing efficiently. A sniffer can also be used
illegitimately to capture data being transmitted on a network. A network
router reads every packet of data passed to it, determining whether it
is intended for a destination within the router's own network or whether
it should be passed further along the Internet. A router with a sniffer, however, may be able to read the data in the packet
as well as the source and destination addresses. Socket: the endpoint in a connection. Sockets are created and used
with a set of programming requests or "function calls" sometimes
called the sockets application programming interface (API). The most common
sockets API is the Berkeley UNIX C language interface for sockets. Sockets
can also be used for communication between processes within the same computer. Social Engineering: An attack based on deceiving users or
administrators at the target site. Social engineering attacks are typically
carried out by telephoning users or operators and pretending to be an
authorized user, to attempt to gain illicit access to systems. Spoof: 1) To deceive for the purpose of gaining access to someone
else's resources (for example, to fake an Internet address so that one
looks like a certain kind of Internet user) 2) To simulate a communications
protocol by a program that is interjected into a normal sequence of processes
for the purpose of adding some useful function SSL: This protocol is designed to create a secure connection to
the server. SSL uses public key encryption, one of the strongest encryption
methods around, to protect data as it travels
over the Internet. SSL was created by Netscape. Spam: To crash a program by overrunning a fixed-site
buffer with excessively large input data. Also, to cause a person or a
newsgroup to be flooded with irrelevant or inappropriate messages. State Full Evaluation: Methodology using mixture of proxy or
filtering technology intermittently depending upon perceived threat [and/or
need for "speed"]. Stealth Mode: A protective setting that hides a port
so that it isn't visible over the Internet. A port that has been put into
stealth mode will give no reply to a port scan, thereby providing no evidence
that a computer exists at the scanned IP address. Strong
authentication:
Authentication is the verification of the identity of a person or process.
In a communication system, authentication verifies that messages really
come from their stated source, like the signature on a (paper) letter.
Strong authentication uses a combination of items belonging to two out
of the three following categories: Personal knowledge: something the authorized
user knows (password, PIN) Personal objects: something that belongs to
the authorized user (token, card, key) Personal characteristics: something
uniquely characterizing the authorized user (physical characteristics
e.g. voice, length of fingers…)
Symmetric cryptography: Cryptography based on the sender and
the receiver knowing and using the same secret key. The sender uses it
to encrypt the message, the receiver uses the
same secret key to decrypt the message. The main problem is that the sender
and the receiver have to agree on the secret key without anyone else finding
out. Mostly asymmetric cryptography is used to solve this problem. SYN Flood attack: A SYN Flood attack is when the client
does not response to the SYN-ACK, tying up the service until the service
times out, and continues to send SYN packets. The source address of the
client is forged to a non-existent host, and as long as the SYN packets
are sent faster than the timeout rate of the TCP stack waiting for the
time out, the resources of the service will be tied up. Sysop: A sysop is the person who runs a computer
server. The term is used mainly in the world of bulletin board services
(BBSs) . In general,
a sysop or system operator is one who runsthe
day-to-day operation of a server and the term suggests a person who is
available when the system is. A related term is administrator. In larger
computer systems, the administrator manages security and user access while
a system operator monitors and performs routine operations at the computer.
In smaller computer systems (for example, UNIX systems), the administrator
and the system operator tend to be the same person. TCB: Trusted Computing Base: The Orange Book (TCSEC) classes use
the notion of a Trusted Computing Base (or TCB) extensively.
This is the central part of the system (e.g. the kernel) which
is trusted to carry out security functions. TCO: Total Cost of Ownership, a model that helps IT professionals
understand and manage the budgeted (direct) and unbudgeted (indirect)
costs incurred for acquiring, maintaining and using an application or
a computing system. TCO normally includes training, upgrades, and administration
as well as the purchase price. Lowering TCO through single-point control
is a key benefit of Server-based Computing. TCP/IP: Transmission Control Protocol
/ Internet Protocol: This suite of protocols, originally
developed for the Internet, is now the standard enterprise network protocol. Telnet: the way you can access someone else's
computer, assuming they have given you permission. (Such a computer is
frequently called a host computer.) More technically, Telnet is a user
command and an underlying TCP/IP protocol for accessing remote computers.
The Web or HTTP protocol and the FTP protocol allow you to request specific
files from remote computers, but not to actually be logged on as a user
of that computer. With Telnet, you log on as a regular user with whatever
privileges you may have been granted to the specific applications and
data on that computer. Thin Client: A low-cost computing device that works
in a server-centric computing model. Thin clients typically do not require
state-of-the-art, powerful processors and large amounts of RAM and ROM
because they access applications from a central server or network. Thin
clients can operate in a Server-based Computing environment. Threat: As defined by [CERT 1993] "any circumstances
or event that has the potential to cause harm to a system or network"
That means, that even the existance of a(n unknown) vulnerability implies a threat
by definition. Token: A "token" is an authentication too, a device utilized
to send and receive challenges and responses during the user authentication
process. Tokens may be small, hand-held hardware devices similar to pocket
calculators or credit cards. See key. Traceroute: A
TCP/IP program common to UNIX that traces the route between your machine
and a remote host. TransportPassword: A newly issued PSE is encrypted by CA Management with a Transport
Password. This password protects the PSE on its way from the CA to the
user. The user is informed of the password by the CA (e.g. by a letter)
and is advised to change it immediately after receiving the PSE TripleDES (3DES): DES,
Data Encryption Standard is a symmetrical key algorithm originally developed
at IBM. When used for communication, both sender and receiver must know
the same secret key, which is used both to encrypt and decrypt the message.
DES has a 64 bit block size and uses a 56 bit key during encryption. 3DES
(TripleDES) has been developed to provide stronger
security. With 3DES, the plaintext is encrypted, three times with the
DES algorithm to provide stronger security than DES. The effective key
length becomes 112 bit, instead of the 56 bit DES key. Trojan Horse: 1) Any program designed to do things that the user of the program did not intend to do or that
disguises its harmful intent. 2) Program that installs itself while
the user is making an authorized entry; and, then are used to break-in
and exploit the system. Tunneling Router: A router or system capable of routing
traffic by encrypting it and encapsulating it for transmission across
an untrusted network, for eventual de-encapsulation and decryption.
Turn Commands: Commands inserted to forward mail to another
address for interception. Two-Factor Authentication: Two-factor authentication is based on
something a user knows (factor one) plus something the user has (factor
two). In order to access a network, the user must have both "factors"
- just as he/she must have an ATM card and a Personal Identification Number
(PIN) to retrieve money from a bank account, In order to be authenticated
during the challenge/response process, users must have this specific (private)
information. UDP: a communications transport protocol layer that is
an alternative to the Transmission Control Protocol (TCP) layer. Like
TCP, it interfaces with the Internet Protocol (IP) layer. UDP, however,
does not provide the data gathering reliability of TCP. For example, it
doesn't provide sequencing of the packets that the data arrives in. This
means that the application program must be able to provide these services. USB: Universal Serial Bus: a 12Mbps serial bus for PC peripherals
designed for low and medium speed devices such as keyboards, monitors,
tape drives, etc. User: Any person who interacts directly with a computer system. User ID: A unique character string that identifies
users. User Identification: User identification is the process by
which a user identifies himself to the system
as a valid user. (As opposed to authentication, which
is the process of establishing that the user is indeed that user and has
a right to use the system.) User Interface: The part of an application that the user
works with. User interfaces can be text-driven, such as DOS, or graphical,
such as Windows. Variant: A modified version of a virus that is usually
produced on purpose by a virus author or by someone who modifies the original
virus. Variants may be very similar to their parent virus, or may be fairly
different. Some are text variants, which means
that the only differences between them and their parent virus are in internal
program comments that are never displayed, or in text that is displayed
to the screen. Some are the result of small changes made to the original
virus, apparently to create a new virus which is not detected by certain
anti-virus programs. Some are the result of large changes, such as combining
the spreading part of one virus with the damage part of another. Virtual Network Perimeter: A network that appears to be a single
protected network behind firewalls, which actually encompasses encrypted
virtual links over untrusted networks. Virus: A self-replicating code segment. Viruses may or may not
contain attack programs or trapdoors. Vulnerability: This term refers to any weakness in any system ( either hardware or software) that allows intruders to gain unauthorized access or deny service. Warez: (pronounced as though spelled "wares"
or possibly by some pronounced like the city of " WinNuke: see "blue bomb" Worm: A program that makes copies of itself elsewhere in a computing system. These copies may be created on the same computer, or may be sent over networks to other computers. The first use of the term described a program that copied itself benignly around a network, using otherwise-unused resources on networked machines to perform distributed computation. Some worms are security threats, using networks to spread themselves against the wishes of the system owners and disrupting networks by overloading them. X.509: X.509 is the standard for user certificates. The public
key of a user, together with identification information, is enciphered
with the private key of the certificate authority that issued it. So,
in fact, the CA digitally signs the public key of the user. The public
key of the CA is distributed universally, to allow everyone to verify
the user certificate. Y: To be updated Z: To be updated |
