An axiom of the Biba model that states that a subject at a specific classification level cannot write data to a higher classification level. This is often shortened to “no write up.”
A property of the Bell-LaPadula model that states that a subject at a specific classification level cannot write data to a lower classification level. This is often shortened to “no write down.”
A form of twisted-pair cable that supports 1000Mbps or 1Gbs throughput at 100 meter distances. Often called Gigabit Ethernet.
Another form of twisted-pair cable similar to 100Base-T.
A type of coaxial cable. Often used to connect systems to backbone trunks. 10Base2 has a maximum span of 185 meters with maximum throughput of 10Mpbs. Also called thinnet.
A type of coaxial cable. Often used as a network’s backbone. 10Base5 has a maximum span of 500 meters with maximum throughput of 10Mpbs. Also called thicknet.
A type of network cable that is made up of four pairs of wires that are twisted around each other and then sheathed in a PVC insulator. Also called twisted-pair.
Also known as Triple Digital Encryption Standard (DES). A block cipher algorithm used for encryption.
The standard that provides for bandwidths of up to 54Mbps in the 5GHz frequency spectrum.
The standard that provides for bandwidths of up to 11Mbps in the 2.4GHz frequency spectrum. This standard is also called Wireless Fidelity (Wi-Fi) or 802.11 high rate.
The standard that provides for bandwidths of 20Mbps in the 2.4GHz frequency spectrum.
A proposed amendment to the 802.11 standard that provides for bandwidths of 74Mbps in the 2.4GHz and 5GHz frequency spectrums. The standard is expected to be released in 2009.
Any system activity that does not normally occur on your system. Also referred to as suspicious activity.
The collection of similar elements into groups, classes, or roles for the assignment of security controls, restrictions, or permissions as a collective.
The collection of similar elements into groups, classes, or roles for the assignment of security controls, restrictions, or permissions as a collective.
Agreed-upon principles set forth by a company to govern how the employees of that company may use resources such as computers and Internet access.
The transfer of information from an object to a subject.
An attack aimed at gaining access to resources.
The means of giving or restricting user access to network resources. Access control is usually accomplished through the use of an access control list (ACL).
The column of an access control matrix that specifies what level of access each subject has over an object.
A table of subjects and objects that indicates the actions or functions that each subject can perform on each object. Each column of the matrix is an ACL. Each row of the matrix is a capability list.
Auditing, logging, and monitoring the attempted access or activities of a subject. Also referred to as activity tracking.
The point at which access to a network is accomplished. This term is often used in relation to a wireless access point (WAP).
Being responsible for an item. The administrator is often accountable for the network and the resources on it.
The act of keeping track of activity. Most often, this term is used to refer to tracking users' interactions with network resources via log files that are routinely scanned and checked.
An element of the password policy’s programmatic controls that disables a user account after a specified number of failed logon attempts. Account lockout is an effective countermeasure to brute force and dictionary attacks against a system’s logon prompt.
The formal declaration by the Designated Approving Authority (DAA) that an IT system is approved to operate in a particular security mode using a prescribed set of safeguards at an acceptable level of risk.
The letters in ACID represent the four required characteristics of database transitions: atomicity, consistency, isolation, and durability.
See acknowledgement.
A message confirming that a data packet was received. Acknowledgement occurs at the Transport layer of the Open Systems Interconnection (OSI) and TCP/IP models.
See access control list.
Web programs that users download to their own computer for execution rather than consuming server-side resources.
The replacement for NT Directory Service (NTDS) that is included with Windows 2000/2003. It acts similarly to Novell Directory Services (NDS), which is now known as eDirectory in NetWare 6.x/OES because it's a true X.500-based directory service.
A response generated in real time.
Involves an attacker gaining access to a host in the network through a switch and logically disconnecting it from the network.
A Microsoft technology that allows customized controls, icons, and other features to increase the usability of web-enabled systems. Microsoft’s answer to Sun’s Java applets. It operates in a very similar fashion, but ActiveX is implemented using any one of a variety of languages, including Visual Basic, C, C++, and Java.
Any action a user undertakes.
A network created when two RF-capable devices are brought within transmission range of each other. (RF stands for radio frequency.)
Protocol used to map known IP addresses to unknown physical addresses. A subprotocol of the TCP/IP protocol suite that operates at the Network layer (layer 3). ARP is used to discover the MAC address of a system by polling using its IP address.
The means by which a processor refers to various locations in memory.
Anomaly-detection intrusion detection system. An AD-IDS works by looking for deviations from a pattern of normal network traffic.
The policies and procedures defined by an organization's security policy to implement and enforce overall access control. Examples of administrative access controls include hiring practices, background checks, data classification, security training, vacation history reviews, work supervision, personnel controls, and testing.
Regulations that cover a range of topics from procedures to be used within a federal agency to immigration policies that will be used to enforce the laws passed by Congress. Administrative law is published in the Code of Federal Regulations (CFR).
Security controls that include facility construction and selection, site management, personnel controls, awareness training, and emergency response and procedures.
A set of rules that govern administrative usage of a system.
The user who is accountable and responsible for the network.
Evidence that is relevant to determining a fact. The fact that the evidence seeks to determine must be material (i.e., related) to the case. In addition, the evidence must be competent, meaning that it must have been obtained legally. Evidence that results from an illegal search would be inadmissible because it is not competent.
A FIPS publication that specifies a cryptographic algorithm for use by the U.S. government. The encryption standard selected in October 2000 by the National Institute for Standards and Technology (NIST) that is based on the Rijndael cipher. See also Federal Information Processing Standard (FIPS).
A policy that discusses behaviors and activities that are acceptable and defines consequences of violations. An advisory policy discusses the senior management's desires for security and compliance within an organization. Most policies are advisory.
Software that gathers information to pass on to marketers or intercepts personal data such as credit card numbers and makes them available to third parties.
An implementation of Advanced Encryption Standard (AES) that uses 256-bit encryption.
Intelligent code objects that perform actions on behalf of a user. They typically take initial instructions from the user and then carry on their activity in an unattended manner for a predetermined period of time, until certain conditions are met, or for an indefinite period.
SQL functions, such as COUNT(), MIN(), MAX(), SUM(), and AVG(), that can be run against a database to produce an information set.
See annual loss expectancy (ALE).
A notification that an unusual condition exists and should be investigated.
The series of steps/formulas/processes that is followed to arrive at a result.
The component or process that analyzes the data collected by the sensor.
A calculation that is used to identify risks and calculate the expected loss each year.
A calculation of how often a threat will occur. For example, a threat that occurs once every five years has an annualized rate of occurrence of 1/5, or 0.2.
The act of looking for variations from normal operations (anomalies) and reacting to them.
Authentication that doesn't require a user to provide a user-name, password, or any other identification before accessing resources.
A category of software that uses various methods to prevent and eliminate viruses in a computer. It typically also protects against future infection. See also virus.
The core program that runs the virus-scanning process.
Software that identifies the presence of a virus and is capable of removing or quarantining the virus.
See application programming interface (API).
A networking capability included with all Macintosh computers.
A freestanding device that operates in a largely self-contained manner.
The seventh layer of the Open Systems Interconnection (OSI) model. This layer deals with how applications access the network and describes application functionality, such as file transfer, messaging, and so on.
An abstract interface to the services and protocols provided by an operating system.
A virus that is protected in a way that makes disassembling it difficult. The difficulty makes it “armored” against antivirus programs that have trouble getting to, and understanding, its code.
See annualized rate of occurrence (ARO).
See Address Resolution Protocol (ARP).
The table that the Address Resolution Protocol uses. Contains a list of known TCP/IP addresses and their associated physical addresses. The table is cached in memory so that ARP lookups don't have to be performed for frequently accessed addresses. See also Media Access Control (MAC).
Any resource of value that you want to secure and protect.
An algorithm that utilizes two keys.
Encryption in which two keys must be used. One key is used to encrypt data, and the other is needed to decrypt the data. Asymmetric encryption is the opposite of symmetric encryption, where a single key serves both purposes.
Any unauthorized intrusion into the normal operations of a computer or computer network. The attack can be carried out to gain access to the system or any of its resources.
Files that hold information about a resource's access by users.
The act of tracking resource usage by users.
Individuals involved in auditing log and security files.
Verifying that the logs and other resources collected are legitimate. This technique can be useful in verifying that an attack has occurred.
The means of verifying that someone is who they say they are.
A header used to provide connectionless integrity and data origin authentication for IP datagrams and to provide protection against replays.
The ability of a resource to be accessed, often expressed as a time period. Many networks limit users' ability to access network resources to working hours, as a security precaution.
An opening left in a program application (usually by the developer) that allows additional access to data. Typically, these are created for debugging purposes and aren't documented. Before the product ships, the back doors are closed; when they aren't closed, security loopholes exist.
Originally created as a support tool, it is now well known as an illicit server program that can be used to gain access to Windows NT/2000 servers and take control.
A usable copy of data made to media. Ideally, the backup is made to removable media and stored for recovery should anything happen to the original data.
A documented plan governing backup situations.
A written policy detailing the frequency of backups and the location of storage media.
A model designed for the military to address the storage and protection of classified information. This model is specifically designed to prevent unauthorized access to classified information. The model prevents the user from accessing information that has a higher security rating than they are authorized to access. It also prevents information from being written to a lower level of security.
A set of rules governing basic operations.
See Border Gateway Protocol (BGP).
See Business Impact Analysis (BIA).
A model similar in concept to the Bell La-Padula model but more concerned with information integrity (an area the Bell La-Padula model doesn't address). In this model, there is no write up or read down. If you're assigned access to top-secret information, you can't read secret information or write to any level higher than the level to which you're authorized. This model keeps higher-level information pure by preventing less-reliable information from being intermixed with it.
A device that can authenticate an individual based on a physical characteristic.
The science of identifying a person by using one or more of their features. The feature can be a thumbprint, a retinal scan, or any other biological trait.
The basic input/output system for an IBM-based PC. It is the firmware that allows the computer to boot.
A probability method of finding collision in hash functions.
A type of symmetric block cipher created by Bruce Schneier.
Also known as the Master Boot Record (MBR). The first sector of the hard disk, where the program that boots the operating system resides. It's a popular target for viruses.
An ISP protocol that allows routers to share information about routes with each other.
A router used to translate from LAN framing to WAN framing.
An automated software program that collects information on the Web. For example, the Googlebot collects website information for the Google index. Bots can be used for malicious purposes as well.
A type of attack that relies purely on trial and error.
A type of denial of service (DoS) attack that occurs when more data is put into a buffer than it can hold, thereby overflowing it (as the name implies).
A contingency plan that allows a business to keep running in the event of a disruption to vital resources.
< DT>Business Impact Analysis (BIA)A study of the possible impact if a disruption to a business's vital resources were to occur.
See certificate authority (CA).
A type of symmetric block cipher defined by RFC 2144.
See Carlisle Adams Stafford Tavares (CAST).
See Common Criteria (CC).
See Common Criteria Recognition Agreement (CCRA).
The primary office from which most resources extend.
A digital entity that establishes who you are and is often used with e-commerce. It contains your name and other identifying data.
An issuer of digital certificates (which are then used for digital signatures or key pairs).
Policies governing the use of certificates.
The principles and procedures employed in the issuing and managing of certificates.
The act of making a certificate invalid.
A list of digital certificate revocations that must be regularly downloaded to stay current.
The log of the history of evidence that has been collected.
A protocol that challenges a system to verify identity. CHAP is an improvement over Password Authentication Protocol (PAP) in which one-way hashing is incorporated into a three-way handshake. RFC 1334 applies to both PAP and CHAP.
Documentation required to make a change in the scope of any particular item. In the realm of project management, a change document is a formal document requiring many signatures before key elements of the project can be modified.
See Challenge Handshake Authentication Protocol (CHAP).
A certain action or moment in time that is used to perform a check. It allows a restart to begin at the last point the data was saved as opposed to from the beginning.
A hexadecimal value computed from transmitted data that is used in error-checking routines.
See cryptographic algorithm.
A switching method where a dedicated connection between the sender and receiver is maintained throughout the conversation.
An integrity model for creating a secure architecture.
Unencrypted text that can be read with any editor.
The part of a client/server network where the computing is usually done. In a typical setting, a client uses the server for remote storage, backups, or security (such as a firewall).
A server-centric network in which all resources are stored on a file server and processing power is distributed among workstations and the file server.
An early encryption system from the NSA for civilian use; it was a hardware implementation of the skipjack encryption algorithm.
A method of balancing loads and providing fault tolerance.
A type of cabling used in computer networks.
The storage and conditions for release of source code provided by a vendor, partner, or other party.
A physical site that has all the resources necessary to enable an organization to use it if the main site is inaccessible (destroyed). Commonly, plans call for turning to a cold site within a certain number of hours after the loss of the main site.
The means and orderly fashion by which evidence is collected, identified, and marked.
An agreement between individuals to commit fraud or deceit.
A document of specifications detailing security evaluation methods for IT products and systems.
A set of standards, formerly known as the Mutual Recognition Agreement (MRA), that defines Evaluation Assurance Levels (EALs).
An older form of scripting that was used extensively in early web systems.
A virus that creates a new program that runs in place of an expected program of the same name.
Standards that support a non-hierarchical security classification.
Conforming with stated requirements. At an organizational level, it is achieved through management processes which identify the applicable requirements (defined for example in laws, regulations, contracts, strategies and policies), assess the state of compliance, assess the s and potential costs of non-compliance against the projected expenses to achieve compliance, and hence prioritize, fund and initiate any corrective actions deemed necessary.
Assurance that data remains private and no one sees it except for those expected to see it.
The administration of set up and changes to configurations.
Type of communications between two hosts that have no previous session established for synchronizing sent data. The data isn't acknowledged at the receiving end. This method can allow data loss. Within the TCP/IP suite, User Datagram Protocol (UDP) is used for connectionless communication.
Type of communications between two hosts that have a previous session established for synchronizing sent data. The receiving PC acknowledges the data. This method allows for guaranteed delivery of data between PCs. Within the TCP/IP suite, TCP is used for connection-oriented communications.
A plain-text file stored on your machine that contains information about you (and your preferences) and is used by a database server.
See Certificate Practice Statement (CPS).
See hacker.
See cyclical redundancy check (CRC).
Functions on which the livelihood of the company depends.
See Certificate Revocation List (CRL).
The study and practice of finding weaknesses in ciphers.
A person who does cryptanalysis.
A person who participates in the study of cryptographic algorithms.
A symmetric algorithm, also known as a cipher, used to encrypt and decrypt data.
The field of mathematics focused on encrypting and decrypting data.
An individual responsible for maintaining the data, and the integrity of it, within their area.
An error-checking method in data communications that runs a formula against data before transmission. The sending station then appends the resultant value (called a checksum) to the data and sends it. The receiving station uses the same formula on the data. If the receiving station doesn't get the same checksum result for the calculation, it considers the transmission invalid, rejects the frame, and asks for retransmission.
See Discretionary Access Control (DAC).
A quality that provides a level of confidence that data won't be jeopardized and will be kept secret.
The second layer of the Open Systems Interconnection (OSI) model. It describes the physical topology of a network.
A unit of data sent over a network. A packet includes a header, addressing information, and the data itself.
A centralized storage location for data, such as a database.
Where data originates.
A Layer 3, User Datagram Protocol (UDP) packet descriptor.
See distributed denial of service (DDoS) attack.
The process of converting encrypted data back into its original form.
The router to which all packets are sent when the workstation doesn't know where the destination station is or when it can't find the destination station on the local segment.
An area for placing web and other servers that serve the general public outside the firewall, therefore, isolating them from internal network access.
A type of attack that prevents any users—even legitimate ones—from using a system.
A portion of a complete address of a PC to which data is being sent from a sending PC. The port portion allows for the demultiplexing of data to be sent to a specific application.
The act of noticing an irregularity as it occurs.
See Dynamic Host Configuration Protocol (DHCP).
The act of attempting to crack passwords by testing them against a list of dictionary words. With today's powerful computers, an attacker can combine one of many available automated password-cracking utilities with several large dictionaries or “wordlists” and crack huge numbers of passwords in a matter of minutes. Any password based on any dictionary word is vulnerable to such an attack.
A type of backup that includes only new files or files that have changed since the last full backup. Differential backups differ from incremental backups in that they don't clear the archive bit upon their completion.
An asymmetric standard for exchanging keys. This cryptographic algorithm is used primarily to send secret keys across public networks. The process isn't used to encrypt or decrypt messages; it's used merely for the transmission of keys in a secure manner.
An asymmetrically encrypted signature whose sole purpose is to authenticate the sender.
A network database that contains a listing of all network resources, such as users, printers, groups, and so on.
A network service that provides access to a central database of information, which contains detailed information about the resources available on a network.
A method of communication between wireless receivers.
A communications technology that is used to communicate in the 802.11 standard.
The act of recovering data following a disaster that has destroyed it.
A plan outlining the procedure by which data is recovered after a disaster.
A method of restricting access to objects based on the identity of the subjects or the groups to which they belong.
Technology that keeps identical copies of data on two disks to prevent the loss of data if one disk faults.
Technology that enables writing data to multiple disks simultaneously in small portions called stripes. These stripes maximize use by having all the read/write heads working constantly. Different data is stored on each disk and isn't automatically duplicated (this means disk striping in and of itself doesn't provide fault tolerance).
A fault-tolerance solution of writing data across a number of disks and recording the parity on another. In the event any one disk fails, the data on it can be re-created by looking at the remaining data and computing parity to figure out the missing data.
A derivative of a DoS attack in which multiple hosts in multiple locations all focus on one target to reduce its availability to the public. See denial of service (DoS) attack.
See demilitarized zone (DMZ).
See Domain Name Service (DNS).
Any server that performs address resolution from a DNS fully qualified domain name (FQDN) to an IP address. See also Domain Name Service (DNS), Internet Protocol (IP).
An area in the DNS hierarchy that is managed as a single unit. See also Domain Name Service (DNS).
A four-layer conceptual model describing how communications should take place between computer systems. The four layers are Process/Application, Host-to-Host, Internet, and Network Access.
Within the Internet, a group of computers with shared traits and a common IP address set. A domain can also be a group of networked Windows computers that share a single SAM database. See also Security Accounts Manager (SAM).
The network service used in TCP/IP networks that translates hostnames to IP addresses. See also Transmission Control Protocol/Internet Protocol (TCP/IP).
See denial of service (DoS) attack.
See direct-sequence (DS).
A host that resides on more than one network and possesses more than one physical network card.
A keyboard and monitor that send keystrokes to a central processing com-puter (typically a mainframe or minicomputer) that returns screen displays to the monitor. The unit has no processing power of its own, hence the moniker “dumb.”
Looking through trash for clues—often in the form of paper scraps—to find users' passwords and other pertinent information. duplexed hard drives. Two hard drives to which identical information is written simultaneously. A dedicated controller card controls each drive. Used for fault tolerance.
Two servers that are identical, for use in clustering.
A type of firewall used to accept or reject packets based on their contents.
The use of route-discovery protocols to talk to other routers and find out what networks they are attached to. Routers that use dynamic routing send out special packets to request updates from the other routers on the network as well as to send their own updates.
A TCP/IP port that is not constantly used but accessed by an application when needed.
See Evaluation Assurance Level (EAL).
Any type of passive attack that intercepts data in an unauthorized manner—usually in order to find passwords. Cable sniffing, wiretapping, and man-in-the-middle attacks are eavesdropping attacks.
See Elliptic Curve Cryptosystem (ECC).
See exposure factor (EF).
The interference that can occur during transmissions over copper cable because of electromagnetic energy outside the cable. The result is degradation of the signal.
A type of public key cryptosystem that requires a shorter key length than many other cryptosystems (including the de facto industry standard, RSA).
See electromagnetic interference (EMI).
A header used to provide a mix of security services in IPv4 and IPv6. ESP can be used alone or in combination with the IP Authentication Header (AH).
The process of translating data into signals that can be transmitted on a trans-mission medium.
The process of converting data into a form that makes it less likely to be usable to anyone intercepting it if they can't decrypt it.
A string of alphanumeric characters used to decrypt encrypted data.
The process of luring someone.
The process of encouraging an attacker to perform an act, even if they don't want to do it.
An attempt to gain information about a network by specifically targeting network resources, users and groups, and applications running on the system.
The act of moving something up in priority. Often, when an incident is escalated, it's brought to the attention of the next highest supervisor. See also privilege escalation.
A shared-media network architecture. It operates at the Physical and Data Link layers of the Open Systems Interconnection (OSI) model. As the media access method, it uses baseband signaling over either a bus or a star topology. The cabling used in Ethernet networks can be coax, twisted-pair, wireless, or fiber-optic.
See MAC address.
A level of assurance, expressed as a numeric value, based on standards set by the Common Criteria Recognition Agreement (CCRA).
Any noticeable action or occurrence.
A calculation of how much data (or other assets) could be lost from a single occurrence. If all the data on the network could be jeopardized by a single attack,the exposure factor is 100 percent.
A threat that originates from outside the company.
Web (or similar) services set up in a private network to be accessed internally and by select external entities, such as vendors and suppliers.
Examining data leaving a network for signs of malicious traffic.
The process of reconstructing a system or switching over to other systems when a failure is detected.
A device that comes online when another fails.
A hot-site backup system in which the fail-over server is connected to the primary server. A heartbeat is sent from the primary server to the backup server. If the heart-beat stops, the fail-over system starts and takes over. Thus, the system doesn't go down even if the primary server isn't running.
A flagged event that isn't really an event and has been falsely triggered.
An electrically conductive wire mesh or other conductor woven into a “cage” that surrounds a room and prevents electromagnetic signals from entering or leaving the room through the walls.
A network that is up and running at least 99 percent of the time down less than 8 hours a year.
The ability to withstand a fault (failure) without losing data.
A network that can recover from minor errors.
An agreed-upon standard published under the Information Technology Management Reform Act. The secretary of commerce approves the standards after they're developed by the National Institute of Standards and Technology (NIST) for federal computer systems.
The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. This approach uses a “do once, use many times” framework that will save cost, time, and staff required to conduct redundant agency security assessments..
FedRAMP was established on December 8, 2011 via an official memorandum from the Federal Chief Information Officer to all agency CIOs. FedRAMP will achieve initial operating capability within 180 days.
See Federal Risk and Authorization Management Program.
TCP/IP and software that permit transferring files between computer systems and utilize clear-text passwords. Because FTP has been implemented on numerous types of computer systems, files can be transferred between disparate computer systems (for example, a personal computer and a minicomputer). See also Transmission Control Protocol/Internet Protocol (TCP/IP).
See Federal Information Processing Standard (FIPS).
The act of stopping a fire and preventing it from spreading.
A combination of hardware and software that protects a network from attack by hackers who could gain access through public networks, including the Internet.
The process of systematically identifying the network and its security posture.
In terms of security, the act of looking at all the data at your disposal to try to figure out who gained unauthorized access and the extent of that access.
A communications technology used to communicate in the 802.11 standard. FHSS accomplishes communication by hopping the transmission over a range of predefined frequencies.
See File Transfer Protocol (FTP).
A server that uploads and downloads files from another server on behalf of a workstation.
A backup that copies all data to the archive medium.
An information classification stating that the data so classified is available to anyone.
Management approach through which senior executives direct and control the entire organization, using a combination of management information and hierarchical management control structures. Governance activities ensure that critical management information reaching the executive team is sufficiently complete, accurate and timely to enable appropriate management decision making, and provide the control mechanisms to ensure that strategies, directions and instructions from management are carried out systematically and effectively[.
Term covering an organization's approach across these three areas. Governance, risk management and compliance activities are increasingly being integrated and aligned to some extent in order to avoid conflicts, wasteful overlaps and gaps. GRC typically encompasses activities such as corporate governance, enterprise risk management (ERM) and corporate compliance with applicable laws and regulations.
Governance, Risk, and Compliance or "GRC" is an increasingly recognized term that reflects a new way in which organizations are adopting an integrated approach to these aspects of their business.
A government act containing rules on privacy of consumer finance information.
One of the most popular methods of backup tape rotation. Three sets of tapes are rotated in this method. The most recent backup after the full backup is the Son. As newer backups are made, the Son becomes the Father and the Father, in turn, becomes the Grandfather. At the end of each month, a full backup is performed on all systems. This backup is stored in an off-site facility for a period of one year. Each monthly backup replaces the monthly backup from the previous year. Weekly or daily incremental backups are performed and stored until the next full backup occurs. This full backup is then stored off site, and the weekly or daily backup tapes are reused.
See Governance, Risk Management, and Compliance.
Generally used to refer to someone who gains access to a system, software, or hardware without permission. Also can be called a cracker.
The process of agreeing to communicate and share data. TCP uses a three-way handshake to establish connections, and part of this process can be exploited by certain types.
The process of making an entity, usually an operating system, more secure by closing known holes and addressing known security issues.
The process of transforming characters into other characters that represent (but are not) the originals. Traditionally, the results are smaller and more secure than the original.
A single number used to represent an original piece of data.
An act that addresses security and privacy of health-related data.
See host-based IDS (H-IDS).
A clustering solution to provide resource reliability and availability.
See man-in-the-middle attack.
See Health Insurance Portability and Accountability Act (HIPAA).
See host-based IPS (H-IPS).
Typically an e‐mail message warning of something that isn't true, such as the outbreak of a new virus. The hoax can send users into a panic and cause more harm than the virus.
A bogus system set up to attract and slow down a hacker. A honeypot can also be used to learn of the hacking techniques and methods that hackers employ.
Any network device with a TCP/IP network address.
An intrusion detection system that is host based. The alternative is network based.
An intrusion prevention system that is host based. To prevent the intrusion, it must first detect it (thus making it a superset of H-IDS) and then act accordingly.
Any code that behaves in a way other than in the best interest of the user and the security of data.
Describes communication that occurs between hosts.
Another word for a patch. When Microsoft rolls a bunch of hotfixes together, they become known as a service pack.
A location that can provide operations within hours of a failure.
See Hypertext Markup Language (HTML).
See Hypertext Transfer Protocol (HTTP).
See Hypertext Transfer Protocol (Secure).
A common acronym used for heating, ventilation, and air conditioning.
A set of codes used to format text and graphics that will be displayed in a browser. The codes define how data will be displayed.
The protocol used for communication between a web server and a web browser.
Also known as HTTPS. A combination of HTTP with Secure Sockets Layer (SSL) to make for a secure connection. It uses port 443 by default.
See Internet Assigned Numbers Authority (IANA).
See Internet Control Message Protocol (ICMP).
An attack that occurs by triggering a response from the Internet Control Message Protocol (ICMP) when it responds to a seemingly legitimate maintenance request. See also Internet Control Message Protocol (ICMP).
A two-step process of identifying a person (usually when they log on) and authenticating them by challenging their claim to access a resource.
See intrusion detection system (IDS).
See Institute of Electrical and Electronics Engineers, Inc. (IEEE).
LAN/MAN SecurityA series of guidelines dealing with various aspects of network security.
A family of protocols that provides for wireless communications using radio-frequency transmissions.
Defines the standards for implementing wireless technologies such as infrared and spread-spectrum radio.
See Internet Engineering Task Force (IETF).
See Internet Group Management Protocol (IGMP).
An application/program that shouldn't be there but is operating on the net-work, and one that is commonly used to gain unauthorized control by allowing someone to bypass normal authentication. NetBus is one of the best-known examples of an illicit server.
See instant messaging (IM).
See Internet Message Access Protocol (IMAP).
An attempt to violate a security policy, a successful penetration, a compromise of a system, or unauthorized access to information.
How an organization responds to an incident.
A policy that defines how an organization will respond to an incident.
Also known as a Computer Security Incident Response Team (CSIRT). The group of individuals responsible for responding when a security breach has occurred.
A type of backup in which only new files or files that have changed since the last full backup or the last incremental backup are included. Incremental backups clear the archive bit on files upon their completion.
The process of determining what information is accessible to what parties and for what purposes.
Written policies detailing dissemination of information.
Policies that define how information is destroyed when it has reached the end of its useful life.
A model concerned with all the properties of information flow, not just the direction of the flow.
Policies governing the various aspects of information security. Information policies include access, classifications, marking and storage, and the transmission and destruction of sensitive information. The development of information policies is critical to security.
A designation of how long data is retained and any other significant considerations about information.
Security practices applied to information.
The hardware and software necessary to run your network.
Security on the hardware and software necessary to run your network.
Immediate communication that can be sent back and forth between users who are currently logged on. From a security standpoint, there are risks associated with giving out information via IM that can be used in social engineering attacks; in addition, attachments sent can contain viruses.
An international organization that sets standards for various electrical and electronics issues.
A telecommunications standard that is used to digitally send voice, data, and video signals over the same lines.
See data integrity.
The process of covertly obtaining information not meant for you. Interception can be an active or passive process.
Information intended to remain within an organization.
A threat that arises from within an organization.
An algorithm that uses a 128-bit key. This product is similar in speed and capability to Digital Encryption Standard (DES), but it's more secure. IDEA is used in Pretty Good Privacy (PGP).
The standards organization that developed the Open Systems Interconnection (OSI) model. This model provides a guideline for how communications occur between computers.
Organization responsible for commu-nications standards, spectrum management, and the development of communications infrastructures in underdeveloped nations.\
A global network made up of a large number of individual networks that are inter-connected and use TCP/IP. See also Transmission Control Protocol/Internet Protocol (TCP/IP).
The committee that oversees management of the Internet. It's made up of two subcommittees: the Internet Engineering Task Force (IETF) and the Inter-net Research Task Force (IRTF). See also Internet Engineering Task Force (IETF) and Internet Research Task Force (IRTF).
The organization responsible for governing IP addresses.
A message and management protocol forTCP/IP. The Ping utility uses ICMP. See also Ping, Transmission Control Protocol/Internet Protocol (TCP/IP).
An international organization that works under the Internet Architecture Board to establish standards and protocols relating to the Internet.See also Internet Architecture Board (IAB).
A protocol used for multicasting operations Across the Internet.
The network layer responsible for routing, IP addressing, and packaging.
A protocol with a store-and-forward capability. It can also allow messages to be stored on an e‐mail server instead of downloaded to the client.
The protocol in the TCP/IP suite responsible for network addressing. See also Transmission Control Protocol/Internet Protocol (TCP/IP).
An international organization that works under the Internet Architecture Board to research new Internet technologies. See also Internet Architecture Board (IAB).
A company that provides direct access to the Internet for home and business computer users.
A professional membership group composed primarily of Internet experts. It oversees a number of committees and groups, including the Internet Engineering Task Force (IETF).
A connectionless, routable network protocol based on the Xerox XNS architecture. It's the default protocol for versions of NetWare before NetWare 5. It operates at the Network layer of the Open Systems Interconnection (OSI) model and is responsible for addressing and routing packets to workstations or servers on other networks. intranetWeb (or similar) services set up in a private network to be accessed internally only.
The act of entering a system without authorization to do so.
Tools that identify and respond to attacks using defined rules or logic. An IDS can be network based or host based.
The item/application performing intrusion detection. See also intrusion detection system (IDS).
A server that acts as a go-between for clients accessing the Internet. All communications look as if they originated from a proxy server because the IP address of the user making a request is hidden. Also known as Network Address Translation (NAT).
A set of protocols that enable encryption, authentication, and integrity over IP. IPSec is commonly used with virtual private networks (VPNs) and operates at Layer 3.
An attack during which a hacker tries to gain access to a network by pretending their interface has the same network address as the internal network.
See IP Security (IPSec).
See Internetwork Packet Exchange (IPX).
A 10-part plan designed to provide a generic security audit on the best practices of security for virtually all aspects of your IT department.
See Internet service provider (ISP).
A programming language that allows access to system resources of the system running the script. These scripts can interface with all aspects of an operating system just like programming languages, such as the C language.
The ability of a filesystem to use a log file of all changes and transactions that have occurred within a set period of time (for example, the last few hours). If a crash occurs, the operating system can look at the log files to see what transactions have been committed and which ones have not.
See Key Distribution Center (KDC).
See Key Exchange Algorithm (KEA).
An authentication scheme that uses tickets (unique keys) embedded within messages. Named after the three-headed guard dog who stood at the gates of Hades in Greek mythology.
The time during which the processes of a key or certificate take place.
An organization/facility that generates keys for users.
An agency that stores keys for the purpose of law-enforcement access.
A method of offering mutual authentication and establishing data encryption keys.
The act of creating keys for use by users.
The temporary deferment of a key for a period of time (such as for a leave of absence).
A mechanism for message authentication using cryptographic hash functions” per the draft of the Federal Information Processing Standard (FIPS) publication. Addressed in RFC 2104.
See Layer 2 Forwarding (L2F).
See Layer 2 Tunneling Protocol (L2TP).
See local area network (LAN).
An old authentication method used with early Windows-based systems.
The wait time between the call for an action or activity and the actual execution of that action.
The concept that access differs at different levels. Often used in discussion with the Biba and Bell La-Padula models as well as with cryptography to differentiate between security levels based upon user/group labels.
A tunneling protocol often used with virtual private networks (VPNs). L2F was developed by Cisco.
A tunneling protocol that adds functionality to Point-to-Point Protocol (PPP). This protocol was created by Microsoft and Cisco and is often used with virtual private networks (VPNs).
See Link Control Protocol (LCP).
See Lightweight Directory Access Protocol (LDAP).
A set of protocols that was derived from X.500 and operates at port 389.
Describes information that isn't intended for release to the public. This category of information isn't secret, but it's private.
The protocol used to establish, configure, and test the link between a client and PPP host. See also Point-to-Point Protocol (PPP).
A network that is restricted to a single building, group of buildings, or even a single room. A LAN can have one or more servers.
An authority used to identify or establish the identity of an individual for certificate issuance.
Any code that is hidden within an application and causes something unexpected to happen based on some criteria being met. For example, a programmer could create a pro-gram that always makes sure his name appears on the payroll roster; if it doesn't, then key files begin to be erased.
Tools used to help an organization know what is happening to its systems and assets. System logs tell what is happening with the systems in the network. Inventories refer to both the physical assets and the software assets a company owns.
A rule stating that in order to access the key server if n number of administrators have the ability to perform a process, m number of those administrators must authenticate for access to occur. M of N Control may involve physical presence.
See Media Access Control (MAC), Mandatory Access Control (MAC), and message authentication code (MAC).
The address that is either assigned to a network card or burned into the network interface card (NIC). PCs use MAC addresses to keep track of one another and keep each other separate.
A software exploitation virus that works by using the macro feature included in many applications.
A security policy wherein labels are used to identify the sensitivity of objects. When a user attempts to access an object, the label is checked to see if access should be allowed (that is, whether the user is operating at the same sensitivity level). This policy is “mandatory,” because labels are automatically applied to all data (and can be changed only by administrative action), as opposed to “discretionary” policies that leave it up to the user to decide whether to apply a label.
An attack that occurs when someone/-thing that is trusted intercepts packets and retransmits them to another party. Man-in-the-middle attacks have also been called TCP/IP hijacking in the past.
A device, such as a small room, that limits access to one or a few individuals. Mantraps typically use electronic locks and other methods to control access.
An attack focused on the encryption algorithm itself, the key mechanism, or any potential area of weakness in the algorithm.
The measure of the anticipated incidence of failure of a system or component.
The measurement of how long it takes to repair a system or component once a failure occurs.
Any storage medium.
A sublayer of the Data Link layer of the Open Systems Interconnection (OSI) model that controls the way multiple devices use the same media channel. It controls which devices can transmit and when they can transmit.
A common method of verifying integrity. The MAC is derived from the message and a secret key.
The signature area within a message.
An algorithm that creates a hash value. The hash value is also used to help maintain integrity. There are several versions of MD; the most common are MD5, MD4, and MD2.
An implementa-tion of the Challenge Handshake Authentication Protocol (CHAP) common in Microsoft's Windows-based operating systems. The latest version, and the only one supported in Win-dows Vista, is MSCHAPv2.
A method of evaluating attacks based on attack signatures and audit trails.
A communications device that converts digital computer signals into analog tones for transmission over the Public Switched Telephone Network (PSTN) and converts them back to digital upon reception. The word modem is an acronym for modulator/demodulator.
An attack that modifies information on your system.
See Microsoft Challenge Handshake Authentication Protocol (MSCHAP).
Sending data to more than one address.
The term employed anytime more than one factor must be considered.
A virus that attacks a system in more than one way.
See network access control (NAC).
Network Address Translation. See IP proxy.
The agency that developed the Trusted Computer System Evaluation Criteria (TCSEC) and the Trusted Network Interpretation Environmental Guideline (TNIEG).
An agency (formerly known as the National Bureau of Standards [NBS]) that has been involved in developing and support-ing standards for the U.S. government for over 100 years. NIST has become involved in cryptography standards, systems, and technology in a variety of areas. It's primarily con-cerned with governmental systems, where it exercises a great deal of influence.
The U.S. government agency responsible for protecting U.S. communications and producing foreign intelligence information. It was established by presidential directive in 1952 as a separately organized agency within the Department of Defense (DoD).
See Network Control Protocol (NCP).
See National Computing Security Center (NCSC).
See Novell Distributed Print Services (NDPS).
See NetWare Directory Services (NDS).
A method of information dissemination based on passing information only to those who need to know it.
A protocol used to transport Network Basic Input Output System (NetBIOS) traffic in a LAN.
The upper-layer NetWare protocol that functions on top of IPX and provides NetWare resource access to workstations. See also Internetwork Packet Exchange (IPX).
A directory management service used to manage all of the resources in a network. In later versions, the acronym was changed to Novell Directory Services, and the service is now known as eDirectory. NDS provides a database of all of the network objects or resources.
A protocol that gathers routing information based on the link-state routing method. Its precursor is the Routing Information Protocol (RIP). NLSP is a more efficient routing protocol than RIP.
A component used to provide a NetWare server with additional services and functionality. Unneeded services can be unloaded, thereby conserving memory.
A group of devices connected by some means for the purpose of sharing information or resources.
The set of standards defined by the network for clients attempting to access it. Usually, NAC requires that clients be virus free and adhere to specified policies before allowing them on the network.
See IP proxy.
Storage, such as hard drives, attached to a network for the purpose of storing data for clients on the network. Network attached storage is commonly used for backing up data.
An intrusion prevention system that is network based. To prevent the intrusion, it must first detect it (thus making it a superset of IDS), and then act accordingly.
The native protocol of Windows PCs. It provides a 15-character naming convention for resources on the network. NetBIOS is a broadcast-oriented network protocol in that all traffic is available to all devices in a LAN. The protocol can be transported over NetBIOS Extended User Interface (NetBEUI), TCP/IP, or Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX).
The protocol Point-to-Point Protocol (PPP) employs for encapsulating network traffic.
A protocol that enables users to access files on remote computers as if the files were local.
A physical device that connects computers and other network equipment to the transmission medium.
The lowest level of the TCP/IP suite; it is responsible for placing and removing packets on the physical network.
The third layer of the OSI model, it is responsible for logical addressing and translating logical names into physical addresses. This layer also controls the routing of data from source to destination as well as the building and dismantling of packets. See also Open Systems Interconnection (OSI) model.
A single, centralized area for network monitoring and administrative control of systems.
The software enabling networking; NOS can be on a LAN or WAN.
A device that has access to the signaling on the network cable.
An approach to an intrusion detection system (IDS), it attaches the system to a point in the network where it can monitor and report on all network traffic.
See host-based IPS (H-IPS).
The protocol that Microsoft Windows–based operating systems use for authentication with remote access protocols.
See Network File System (NFS).
See network interface card (NIC).
A service that isn't necessary to keep the server operating at the expected level in its expected role.
A model intended to ensure that higher-level security functions don't interfere with lower-level functions.
Verifying (by whatever means) that data was seen by an intended party. It makes sure they received the data and can't repudiate (dispute) that it arrived.
The act of being alerted to an event.
A Novell-designed printing system that uses NetWare Directory Services (NDS), known as eDirectory in NetWare 6, to install and manage printers. NDPS supports automatic network printer installation, automatic distribution of client printer drivers, and centralized printer management without the use of print queues.
Storing data off site, usually in a secure location.
A model in which the database and applications exist on the same system.
Words added to values during authentication. The message to be encrypted is added to this random text before hashing.
Storing backup data at the same site as the servers on which the original data resides.
A link-state routing protocol used in IP networks.
A model defined by the ISO to categorize the process of communication between computers in terms of seven layers. The seven layers are Application, Presentation, Session, Transport, Network, Data Link, and Physical. See also International Organization for Standardization (ISO).
Security as it relates to how an organization does things (operates).
The person primarily responsible for the intrusion detection system (IDS).
The process of applying all security patches and fixes to an operating system to make it as secure as possible.
See Open Systems Interconnection (OSI) model.
See Open Shortest Path First (OSPF).
A way to transmit the encryption key by using a method other than the one used to transmit the data. The key value is sent by letter, by courier, or by some other separate means.
An acronym for Open Vulnerability and Assessment Language, it is a community standard for system analysis that focuses on testing, analyzing, and reporting.
The person responsible for the current existence of a resource.
A firewall technology that accepts or rejects packets based on their content.
The process of breaking messages into packets at the sending router for easier transmission over a WAN.
A number of characters often added to data before an operation such as hashing takes place. Most often unique values, known as one-time pads, are added to make the resulting hash unique.
See Password Authentication Protocol (PAP).
The process of breaking a network into smaller components that can be individually protected.
A type of intruder detection that logs all network events to a file for an administrator to view later.
A nonactive response, such as logging. Passive response is the most common type of response to many intrusions. In general, passive responses are the easiest to develop and implement.
One of the simplest forms of authentication. Authentication is accomplished by sending the username and password to the server and having them verified. Passwords are sent as clear text and, therefore, can be easily seen if intercepted.
Attempting to enter a password by guessing its value.
A list of passwords that have already been used.
See Port Address Translation (PAT).
A fix for a known software problem.
The act of gaining access.
Security set up on the outside of the network or server to protect it.
See Pretty Good Privacy (PGP).
A virus that modifies and alters other programs and databases.
A form of social engineering in which you simply ask someone for a piece of information that you are missing by making it look as if it is a legitimate request. Commonly sent via e‐mail.
Someone who abuses phone systems, as opposed to data systems.
Control access measures used to restrict physical access to the server(s).
An object, such as a locked door, used to restrict physical access to network components.
The first layer of the OSI model; controls the functional interface. See also Open Systems Interconnection (OSI) model.
On a computer, an interface where you can connect a device.
Security that guards the physical aspects of the network.
A TCP/IP utility used to test whether another host is reachable. An Internet Control Message Protocol (ICMP) request is sent to the host, which responds with a reply if it's reachable. The request times out if the host isn't reachable.
A large Internet Control Message Protocol (ICMP) packet sent to overflow the remote host's buffer. A ping of death usually causes the remote host to reboot or hang.
Standard telephone service, as opposed to other connection technologies like Digital Subscriber Line (DSL).
Network communication in which two devices have exclusive access to a network medium. For example, a printer connected to only one workstation is using a point-to-point connection.
A full-duplex line protocol that supersedes Serial Line Internet Protocol (SLIP). It's part of the standard TCP/IP suite and is often used in dial-up connections.
An extension to Point-to-Point Protocol (PPP) that is used in virtual private networks (VPNs). An alternative to PPTP is L2TP.
Rules or standards governing usage.
An attribute of some viruses that allows them to mutate and appear differently each time they crop up. The mutations make it harder for virus scanners to detect (and react) to the viruses.
See Post Office Protocol (POP).
See Post Office Protocol Version 3 (POP3).
Some kind of opening that allows network data to pass through.
A means of translating between ports on a public and private network. Similar to Network Address Translation (NAT), which translates addresses between public and private.
The item (physical or software) that scans a server for open ports that can be taken advantage of. Port scanning is the process of sending messages to ports to see which ones are available and which ones aren't.
Anything that occurs “after the fact,” such as an audit or review.
An e‐mail access program that can be used to retrieve e‐mail from an e‐mail server.
The protocol used to download e‐mail from an SMTP e‐mail server to a network client. See also Simple Mail Transfer Protocol (SMTP).
See Plain Old Telephone Service (POTS).
A device that “conditions” the electrical supply to take out spikes and surges.
A device that provides electrical power.
See Point-to-Point Protocol (PPP).
See Point-to-Point Tunneling Protocol (PPTP).
The sixth layer of the OSI model; responsible for formatting data exchange, such as graphic commands, and converting character sets. This layer is also responsible for data compression, data encryption, and data stream redirection. See also Open Systems Interconnection (OSI) model.
The process of controlling access to evidence within chain-of-custody measures, often by placing it in a controlled-access area with a single custodian responsible for all access.
An implementation of RSA encryption. See also RSA.
A state of security in which information isn't seen by unauthorized parties without the express permission of the party involved.
A system that allows users to connect voice, data, pagers, networks, and almost any other application into a single telecommunications system. A PBX system allows an organization to be its own phone company.
Information that isn't for public knowledge.
An asymmetric encryption technology in which both the sender and the receiver have different keys. A public key is used to encrypt messages and the private key is used to decrypt them. See also public key.
The part of a network that lies behind a firewall and isn't “seen” on the Internet. See also firewall.
An audit performed to verify that no user is accessing information, or able to access information, beyond the security level at which they should be operating.
The result when a user obtains access to a resource they wouldn't normally be able to access. Privilege escalation can be done inadvertently, by running a program with Set User ID (SUID) or Set Group ID (SGID) permissions or by temporarily becoming another user (via su or sudo in Unix/Linux or RunAs in Windows 2000/2003).
The list of processes currently running on a system. In Windows NT/2000, it can be seen with Task Manager; the ps command shows it in Unix/Linux. Viewing a process list is one of the first steps to take to look for rogue processes running on a server.
A mode wherein a network interface card (NIC) intercepts all traffic crossing the network wire and not just the traffic intended for it.
A software and hardware troubleshooting tool that is used to decode protocol information to try to determine the source of a network problem and to establish baselines.
Standards or rules.
A type of firewall that prevents direct communication between a client and a host by acting as an intermediary. See also firewall.
An implementation of a web proxy. The server receives an HTTP request from a web browser and makes the request on behalf of the sending workstation. When the response comes, the proxy cache server caches a copy of the response locally. The next time someone makes a request for the same web page or Internet information, the proxy cache server can fulfill the request out of the cache instead of having to retrieve the resource from the Web.
A proxy server that also acts as a firewall, blocking network access from external networks.
A type of server that makes a single Internet connection and services requests on behalf of many users.
Information that is publicly made available to all.
A technology that uses two keys—a public key and a private key—to facilitate communication. The public key is used to encrypt a message to a receiver. See also private key.
A set of voluntary standards created by RSA security and industry security leaders.
A two-key encryption system wherein messages are encrypted with a private key and decrypted with a public key.
The Internet Engineering Task Force (IETF) working group developing standards and models for the Public Key Infrastructure (PKI) environment.
The part of a network outside a firewall that is exposed to the public. See also firewall.
An encryption system employing a key that is known to users beyond the recipient.
Cryptography based on changing the polarity of a photon. Quantum cryptography makes the process of interception difficult because any attempt to intercept the message changes the value of the message.
The part of the radio spectrum that a device uses.
The byproduct of electrical processes, similar to electromagnetic interference. The major difference is that RFI is usually projected across a radio spectrum.
See Remote Authentication Dial-In User Service (RADIUS).
See Redundant Array of Independent (or Inexpensive) Disks (RAID).
The different types of RAID, such as RAID-0, RAID-1, and so on.
See Remote Access Server (RAS).
See Role-Based Access Control (RBAC).
See Rivest Cipher 5 (RC5).
A configuration of multiple hard disks used to provide fault tolerance, should a disk fail, or gains in efficiency. Different levels of RAID exist.
An organization that offloads some of the work from a certificate authority (CA). An RA system operates as a middleman in the process. The RA can distribute keys, accept registrations for the CA, and validate identities. The RA doesn't issue certificates; that responsibility remains with the CA.
The person receiving a certificate.
Any networking protocol that is used to gain access to a network over public communication links.
A computer that has one or more modems installed to enable remote connections to the network.
A mechanism that allows authentication of dial-in and other network connections. RADIUS is commonly used by Internet service providers (ISPs) and in the implementation of virtual private networks (VPNs).
Any attack where the data is retransmitted repeatedly (often fraudulently or maliciously). In one such possibility, a user can replay a web session and visit sites intended only for the original user.
The process of copying directory information to other servers to keep them all synchronized.
A database or database server where the certificates are stored.
An attack in which the intruder modifies information in a system.
A document creation process and a set of practices that originated in 1969 and is used for proposed changes to Internet standards.
How you react to an event.
Information that isn't made available to all and to which access is granted based on some criteria.
A virus that attacks or bypasses the antivirus software installed on a computer.
Using an IP address to find a domain name rather than using a domain name to find an IP address (normal DNS). Pointer (PTR) records are used for the reverse lookup, and often reverse DNS is used to authenticate incoming connections.
The process of re-creating the functionality of an item by first deciding what the result is and then creating something from scratch that serves the same purpose.
The process of canceling credentials that have been lost or stolen (or are no longer valid). With certificates, revocation is accomplished with a Certificate Revocation List (CRL).
See Routing Information Protocol (RIP).
An evaluation of each risk that can be identified. Each risk should be outlined, described, and evaluated on the likelihood of it occurring.
An evaluation of how much risk you and your organization are willing to take. An assessment must be performed before any other actions—such as how much to spend on security in terms of dollars and manpower—can be decided.
Set of processes through which management identifies, analyzes, and, where necessary, responds appropriately to risks that might adversely affect realization of the organization's business objectives. The response to risks typically depends on their perceived gravity, and involves controlling, avoiding, accepting or transferring them to a third party.
A cipher algorithm created by Ronald Rivest (for RSA) and known for its speed. It works through blocks of variable sizes using three phases: key expansion, encryption, and decryption.
A profile downloaded from a server at each logon. When a user logs out at the end of the session, changes are made and remembered for the next time the user logs on.
An active Dynamic Host Configuration Protocol (DHCP) server that has been added to the network and is now leasing addresses to users instead of them obtaining an address from your server.
A type of control wherein the levels of security closely follow the structure of an organization. The role the person plays in the organization (accountant, salesman, and so on) corresponds to the level of security access they have to data.
Software program that has the ability to obtain root-level access and hide certain things from the operating system.
The path to get to the destination from a source.
The number of router hops between the source and the destination in an inter-network.
A device that connects two or more networks and allows packets to be transmitted and received between them. A router determines the best path for data packets from source to destination.
A function of the Network layer that involves moving data throughout a network. Data passes through several network subnetworks using routers that can select the path the data takes. See also router.
A distance-vector route discovery protocol used by Internetwork Packet Exchange (IPX) and Internet Protocol (IP). IPX uses hops and ticks to determine the cost for a particular route. See also Internetwork Packet Exchange (IPX).
A table that contains information about the locations of other routers on the network and their distance from the current router.
One of the providers of cryptography systems to industry and government. RSA stands for the initials of the three founders of RSA Security Inc.: Rivest, Shamir, and Adleman. RSA maintains a list of standards for Public Key Cryptography Standards (PKCS). RSA A commercial company that produces encryption software. RSA stands for Rivest,Shamir, and Adleman, the founders of the company.
See Rule Set-Based Access Control (RSBAC).
An open-source access control framework for the Linux kernel that uses access control modules to implement Mandatory Access Control (MAC).
See Security Accounts Manager (SAM).
A set of rules used when creating a Java applet that prevents certain functions when the applet is sent as part of a web page.
The process that attackers use to gather information about how a network is configured.
A router that is in front of a server on the private network. Typically, this server does packet filtering before reaching the firewall/proxy server that services the internal network.
See private key.
A protocol developed by Visa and MasterCard for secure credit card transactions. The protocol is becoming an accepted standard by many companies. SET provides encrypted credit card numbers over the Internet, and it's most suited to small amounts of data transmission.
A one-way hash algorithm designed to ensure the integrity of a message.
A protocol used for secure communications between a web server and a web browser.
A replacement for rlogin in Unix/Linux that includes security. Rlogin allowed one host to establish a connection with another with no real security being employed; SSH replaces it with slogin and digital certificates.
A protocol that secures messages by operating between the Application layer (HTTP) and the Transport layer.
A method of securing wireless networks that is beginning to gain momentum and acceptance.
A database within Windows NT–based operating systems that contains information about all users and groups and their associated rights and settings within a domain.
An audit of the system (host, network, and so on) for security vulnerabilities and holes.
A log file used in Windows NT to keep track of security events specified by the domain's audit policy.
Rules set in place by a company to ensure the security of a network. These may include how often a password must be changed or how many characters a pass-word should be.
Individuals who make their living working with computer security.
A piece of data that contains the rights and access privileges of the token bearer as part of the token.
A method of isolating a system from other systems or networks.
A unit of data transmission found at the Transport layer of the Open Systems Interconnection (OSI) model and used by TCP.
A device that collects data from the data source and passes it on to the analyzer.
A set of policies designed to reduce the risk of fraud and prevent other losses in an organization.
A number used to determine the order in which parts of a packet are to be reassembled after the packet has been split into sections.
A connection-oriented protocol that is part of the Internetwork Packet Exchange (IPX) protocol suite. It operates at the Transport layer of the OSI model. It initiates the connection between the sender and receiver, transmits the data, and then terminates the connection. See also Internetwork Packet Exchange (IPX), Open Systems Interconnection (OSI) model.
An older protocol that was used in early remote-access environments. SLIP was originally designed to connect Unix systems together in a dial-up environment, and it supports only serial communications.
A computer that provides resources to the clients on the network.
A network in which the resources are located on a server and accessed by clients.
A process that requires the workstation to authenticate against the server.
An item that adds functionality to a network by providing resources or doing tasks for other computers. In Windows-based operating systems, services include file and printer sharing for Microsoft or Novell networks.
An account created on a server for a user to perform special services, such as a backup operator, an account operator, and a server operator.
An agreement that specifies performance requirements for a vendor. This agreement may use mean time before failure (MTBF) and mean time to repair (MTTR) as performance measures in the SLA.
Operating system updates from Microsoft.
The agreed-upon (during connection) key used between a client and a server during a session. This key is generated by encrypting the server's digital ID (after validity has been established). The asymmetric key pair is then used to encrypt and verify the session key that is passed back and forth between client and server during the length of the connection.
The fifth layer of the OSI model. It determines how two computers establish, use, and end a session. Security authentication and network naming functions required for applications occur here. The Session layer establishes, maintains, and breaks dialogs between two stations. See also Open Systems Interconnection (OSI) model.
See Secure Hash Algorithm (SHA).
A network security method that assigns passwords to individual files or other network resources (such as printers) instead of assigning rights to network resources to users. The passwords are then given to all users that need access to these resources. All resources are visible from anywhere in the network, and any user who knows the password for a particular network resource can make changes to it.
Network cabling media that has a shield, similar to coax, wrapped over the wires.
Watching someone when they enter their username/password/sensitive data.
See Secure Hypertext Transfer Protocol (S-HTTP).
Transmission from one PC to another. A signal could be a notification to start a session or end a session.
The process whereby a protocol at the Physical layer receives information from the upper layers and translates all the data into signals that can be transmitted on a transmission medium.
The process of transmitting data across the medium. Two types of signaling are digital and analog.
An applet that doesn't run in the Java sandbox and has higher system access capabilities. Signed applets aren't usually downloaded from the Internet but are provided by in-house or custom programming efforts.
A protocol for sending e‐mail between SMTP servers.
The management protocol created for sending information about the health of the network-to-network management consoles.
The cost of a single loss when it occurs. This loss can be a critical failure, or it can be the result of an attack.
A relationship between the client and the network wherein the client is allowed to log on one time, and all resource access is based on that logon (as opposed to needing to log on to each individual server to access the resources there).
A generic site survey involves listening in on an existing wireless network using commercially available technologies. A wireless site survey, or wireless survey, is the process of planning and designing a wireless network, in particular an 802.11.
See Serial Line Internet Protocol (SLIP).
See Simple Mail Transfer Protocol (SMTP).
A feature designed into many e‐mail servers that allows them to forward mail to other e‐mail servers. While the ability to act as a relay exists to allow networks to grow, the possibility exists for rogue servers to also participate.
An attack in which large volumes of ICMP echo requests (pings) are broad-cast to all other machines on the network and in which the source address of the broadcast system has been spoofed to appear as though it came from the target computer. When all the machines that received the broadcast respond, they flood the target with more data than it can handle.
A method of performing backups that creates a compressed file of a database as it exists at the moment, without taking the users offline. A snapshot backup can take the place of other backups. It's often run on mirrored servers, but the snapshot captures only the most recent version of files.
A physical device that listens in (sniffs) on network traffic and looks for items it can make sense of. There is a legitimate purpose for these devices: Administrators use them to analyze traffic. However, when they're used by sources other than the administrator, they become security risks.
Analyzing data to look for passwords and anything else of value. Sniffing is also known as wiretapping, eavesdropping, and a number of other terms (packet sniffing, net-work sniffing, and so on).
See Simple Network Management Protocol (SNMP).
Looking through files in hopes of finding something interesting.
An attack that uses others by deceiving them.
The primary method used to communicate with services and applications such as the Web and Telnet. The socket is a programming construct that enables communication by mapping between ports and addresses.
An attack launched against applications and higher-level services.
Unwanted, unsolicited e‐mail sent in bulk.
A momentary or instantaneous increase in power over a power line.
An attempt by someone or something to masquerade as someone else.
See Sequenced Packet Exchange (SPX).
Software programs that work—often actively—on behalf of a third party.
See Secure Shell (SSH).
See Secure Sockets Layer (SSL).
A firewall security method that monitors the status of all the connections through the firewall.
Inspections that occur at all levels of the network and provide additional security using a state table that tracks every communications channel.
An entry in the Address Resolution Protocol (ARP) table that a user adds manually when a PC will be accessed often.
A method of routing packets where the router's routing table is updated manually by the network administrator instead of automatically by a route discovery protocol.
A port that is open but might not be obvious (invisible to those who don't know it exists). Trojan horses often exploit them.
A virus that attempts to avoid detection by masking itself from applications.
The science of hiding information within other information, such as a picture.
the effectiveness of a cryptographic system in preventing unauthorized decryption.
An individual who is attempting to present a certificate proving authenticity.
A device that protects electrical components from momentary or instantaneous increases (called spikes) in a power line.
A network that has multiple routes to get from a source to a destination. Switching allows for higher speeds.
See Secure WLAN Protocol (SWP).
The keys used when the same key encrypts and decrypts data.
A denial of service attack in which the hacker sends a barrage of spoofed SYN packets. The receiving station tries to respond to each SYN request for a connection, thereby tying up all the resources. All incoming connections are rejected until all current connections can be established.
Documents that provide you with the blueprint of your organization's software and hardware infrastructure.
A type of connection that directly attaches to a cable.
See Transmission Control Protocol (TCP).
An attack that begins as a normal TCP connection and whose purpose is to deny service. It's also known as a TCP SYN flood.
An attack wherein the attacker intercepts and then responds with a sequence number similar to the one used in the original session. The attack can either disrupt a session or hijack a valid session.
See TCP ACK attack.
A low-level logging package designed for Unix systems.
See Transmission Control Protocol/Internet Protocol (TCP/IP).
An attack in which the attacker commandeers a TCP session from a legitimate user after the legitimate user has achieved authentication, thereby removing the need for the attacker to authenticate himself.
A DoS attack that uses large packets and odd offset values to confuse the receiver and help facilitate a crash.
A protocol that functions at the Application layer of the OSI model, providing terminal emulation capabilities. See also Open Systems Interconnection (OSI) model.
A wrapper that works with wireless encryption to strengthen WEP implementations.
An authentication system that allows credentials to be accepted from multiple methods, including Kerberos. The TACACS client/server process occurs in the same manner as the Remote Authentication Dial-In User Service (RADIUS) process.
A program that enables a PC to act as a terminal for a mainframe or a Unix system.
A clear process of informing affected departments of a voluntary or involuntary termination.
An administrator-created account for confirming the basic functionality of a newly installed application, for example. The test account has equal rights to accounts that will use the new functionality. It's important to use test accounts instead of administrator accounts to test new functionality. If an administrator account is used, problems related to user rights might not manifest themselves because administrator accounts typically have full rights to all network resources.
See Trivial File Transfer Protocol (TFTP).
Systems that don't provide any disk storage or removable media on their workstations.
A party responsible for providing assurance to the relying party that a subscriber is genuine.
Any perceivable risk.
A system that effectively isolates the end user from the database by introducing a middle-tier server.
A field in an IP packet that indicates how many routers the packet can cross (hops it can make) and how long it takes before it's discarded. TTL is also used in Address Resolution Protocol (ARP) tables to indicate how long an entry should remain in the table.
See Transport Layer Security (TLS).
A piece of data holding information about the user. This information can contain group IDs, user IDs, privilege level, and so on.
Tracert
The command-line utility that shows the user every router interface a packet passes through on its way to a destination.
A section of a data packet that contains error-checking information.
A device that allows the network interface card (NIC) to connect to the network.
Sending packets from the PC to the server. The transmission can occur over a network cable, wireless connection, or other medium.
The protocol found at the Host-to-Host layer of the Department of Defense (DoD) model. This protocol breaks data packets into segments, numbers them, and sends them in order. The receiving computer reassembles the data so that the information is readable for the user. In the process, the sender and the receiver confirm that all data has been received; if not, it's resent. TCP is a connection-oriented protocol. See also connection-oriented.
The protocol suite developed by the Department of Defense (DoD) in conjunction with the Internet. It was designed as an internet working protocol suite that could route information around network failures. Today it's the de facto standard for communications on the Internet.
Physical cables and/or wireless technology across which computers are able to communicate.
The fourth layer of the OSI model. It's responsible for checking that the data packet created in the Session layer was received. If necessary, it also changes the length of messages for transport up or down the remaining layers. See also Open Systems Interconnection (OSI) model.
A protocol whose purpose is to verify that secure communications between a server and a client remain secure. Defined in RFC 2246.
A symmetric block cipher algorithm used for encryption.
A UDP-based protocol similar to FTP that doesn't provide the security or error-checking features of FTP. See also File Transfer Protocol (FTP).
Any application that masquerades as one thing in order to get past scrutiny and then does something malicious. One of the major differences between Trojan horses and viruses is that Trojan horses tend not to replicate themselves.
A list of objects signed by a trusted entity. Also known as a Certificate Trust List (CTL).
A method of utilizing encryption and storing the pass-words on a chip. The hardware holding the chip is then needed to unencrypt the data and make it readable.
See time to live (TTL).
The act of sending data across a public network by encapsulating it into other packets.
Using two access methods as a part of the authentication process.
A model in which the client PC or system runs an application that communicates with a database that is running on a different server.
See User Datagram Protocol (UDP).
A way of identifying a document on the Internet. It consists of the protocol used to access the document and the domain name or IP address of the host that holds the document; for example, http://www.aquilabusiness.com.
A device that can provide short-term power, usually by using batteries.
The most common networking cable currently in use; Unshielded Twisted Pair (UTP) is 8-wire cabling used with Ethernet.
The amount of time a particular computer or network component has been functional.
See Uniform Resource Locator (URL).
Defined policies governing computer usage.
The person who is using a computer or network or a resource.
The protocol at the Host-to-Host layer of the TCP/IP Department of Defense (DoD) model, which corresponds to the Transport layer of the OSI model. Packets are divided into datagrams, given numbers, sent, and put back together at the receiving end. UDP is a connectionless protocol. See also connectionless, Open Systems Interconnection (OSI) model.
A type of network security in which user accounts can read, write, change, and take ownership of files. Rights are assigned to user accounts, and each user knows only their own username and password—which makes this the preferred method for securing files.
Defined policies that detail user management.
Local area network (LAN) that allows users on different switch ports to participate in their own network separate from, but still connected to, the other stations on the same or a connected switch.
A link created by using a switch to limit network traffic.
System that uses the public Internet as a backbone for a private interconnection (network) between locations.
A program intended to damage a computer system. Sophisticated viruses are encrypted and hide in a computer, and might not appear until the user performs a certain action or until a certain date. See also antivirus.
The loudness of a sound, or the portion of a hard disk that functions as if it were a separate hard disk.
See virtual private network (VPN).
See wide area network (WAN).
Driving around with a laptop looking for open wireless access points with which to communicate.
A site that provides some capabilities in the event of a disaster. The organiza-tion that wants to use a warm site will need to install, configure, and reestablish operations on systems that might already exist in the warm site.
A cipher hole that can be exploited.
An attack that looks for cipher holes.
A type of proxy that is used to act on behalf of a web client or web server.
A server that holds and delivers web pages and other web content using HTTP. See also Hypertext Transfer Protocol (HTTP).
See Wired Equivalent Privacy (WEP).
A network that crosses local, regional, and/or international boundaries.
See Wireless Fidelity (Wi-Fi).
A Network Basic Input Output System (NetBIOS) name resolution service employed in Windows networks. Windows Internet Naming Service (WINS) translates hostnames into network addresses.
A type of Windows program (a file with either an .exe or a .dll file-name extension) that is loaded automatically by the server or manually by the administrator.
A Microsoft API used to interact with TCP/IP.
A Windows-based attack that affects only computers running Windows NT 3.51 or 4. It's caused by the way the Windows NT TCP/IP stack handles bad data in the TCP header. Instead of returning an error code or rejecting the bad data, it sends NT to the Blue Screen of Death (BSOD). Figuratively speaking, the attack “nukes” the computer.
A security protocol for 802.11b (wireless) networks that attempts to establish the same security for them as would be present in a wired network.
A wireless bridge used in a multipoint radio frequency (RF) network.
A bridge that performs all the functions of a regular bridge but uses RF instead of cables to transmit signals.
An 802.11b or 802.11g wireless network operating in the 2.4Ghz or 5Hhz frequency range.
A local area network that employs wireless access points (WAPs) and clients using the 802.11 standards.
The primary method of connecting a wireless device to a network.
Technologies employing wireless communications.
The security layer of the Wireless Applications Protocol (WAP). WTLS provides authentication, encryption, and data integrity for wireless devices.
See wireless local area network (WLAN).
An estimate of the amount of time and effort that would be needed to break a system.
A specific group of users or network devices, organized by job function or proximity to shared resources.
The copy of the data currently in use on a network.
A computer that isn't a server but is on a network. Generally, a workstation is used to do work, whereas a server is used to store data or perform a network function.
An association concerned with interoperability, growth, and standardization of the World Wide Web (WWW). This group is the primary sponsor of XML and other web-enabled technologies.
A program similar to a virus. Worms, however, propagate themselves over a network. See also virus.
The International Telecommunications Union (ITU) standard for directory services in the late 1980s. The standard was the basis for later models of directory structure, such as Lightweight Directory Access Protocol (LDAP).
Any system taking directions from a master control computer. Zombies are often utilized in distributed denial of service (DDoS) attacks.
An area in a building where access is individually monitored and controlled.