GLOSSARY

Security Glossary of Terms A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | XYZ - A - Abuse of Privilege: When a user performs an action that they should not have, according to organizational policy or law. /\ Access: The ability to enter a secured area. The process of interacting with a system. Used as either a verb or a noun. /\ Access Authorization: Permission granted to users, programs or workstations. /\ Access Control: A set of procedures performed by hardware, software and administrators to monitor access, identify users requesting access, record access attempts, and grant or deny access. /\ Access Sharing: Permitting two or more users simultaneous access to file servers or devices. /\ Alphanumeric Key: A sequence of letters, numbers, symbols and blank spaces from one to 80 characters long. /\ ANSI: The American National Standards Institute. Develops standards for transmission storage, languages and protocols. Represents the United States in the ISO (International Standards Organization). /\ Application Level Gateway [Firewall]: A firewall system in which service is provided by processes that maintain complete TCP connection state and sequencing. Application level firewalls often re-address traffic so that outgoing traffic appears to have originated from the firewall, rather than the internal host. /\ Application Logic: The computational aspects of an application, including a list of instructions that tells a software application how to operate. /\ Audit: The independent collection of records to access their veracity and completeness. /\ Audit Trail: An audit trail may be on paper or on disk. In computer security systems, a chronological record of when users log in, how long they arc engaged in various activities, what they were doing, whether any actual or attempted security violations occurred. /\ Authenticate: In networking, to establish the validity of a user or an object (i.e. communications server). /\ Authentication: The process of establishing the legitimacy of a node or user before allowing access to requested information. During the process, the user enters a name or account number (identification) and password (authentication). /\ Authentication Tool: A software or hand-held hardware "key" or "token" utilized during the user authentication process. See key and token. /\ Authentication Token: A portable device used for authenticating a user. Authentication tokens operate by challenge/response, time-based code sequences, or other techniques. This may include paper-based lists of one-time passwords. /\ Authorization: The process of determining what @ of activities are permitted. Usually, authorization is in the context of authentication. Once you have authenticated a user, the user may be authorized different @s of access or activity. /\ Availability: The portion of time that a system can be used for productive work, expressed as a percentage. /\ - B - Back Door: An entry point to a program or a system that is hidden or disguised, often created by the software's author for maintenance. A certain sequence of control characters permits access to the system manager account. If the back door becomes known, unauthorized users (or malicious software) can gain entry and cause damage. /\ Bandwidth: Capacity of a network or data connection, often measured in kilobits/second (kbps) for digital transmissions. /\ Bastion Host: A system that has been hardened to resist attack at some critical point of entry, and which is installed on a network in such a way that it is expected to come under attack. Bastion hosts are often components of firewalls, or may be 'outside" Web servers or public access systems. Generally, a bastion host is running some form of general purpose operating system (e.g., LNIX, VMS, WNT, etc.) rather than a ROM-based or firmware operating system. /\ Biometric Access Control: Any means of controlling access through human measurements, such as fingerprinting and voiceprinting. /\ Business-Critical Applications: The vital software needed to run a business, whether custom-written or commercially packaged, such as accounting/finance, ERP, manufacturing, human resources, sales databases, etc. /\ - C - CERT: The Computer Emergency Response Team was established at Carnegie-Mellon University after the 1988 Internet worm attack. /\ Challenge/Response: A security procedure in which one communicator requests authentication of another communicator, and the latter replies with a pre-established appropriate reply. /\ Chroot: A technique under UNIX whereby a process is permanently restricted to an isolated subset of the file system. /\ Client/Device: Hardware that retrieves information from a server.  /\ Clustering: Group of independent systems working together as a single system. Clustering technology allows groups of servers to access a single disk array containing applications and data. /\ Coded File: In encryption, a coded file contains unreadable information. /\ Combined Evaluation: Method using proxy and state or filter evaluations as allowed by administrator. [See State Full Evaluation]. /\ Communications Server: Procedures designed to ensure that telecommunications messages maintain their integrity and are not accessible by unauthorized individuals. /\ Computer Security: Technological and managerial procedures applied to computer systems to ensure the availability, integrity and confidentiality of information managed by the computer system. /\ Computer Security Audit: An independent evaluation of the controls employed to ensure appropriate protection of an organization's information assets. /\ Cryptographic Checksum: A one-way function applied to a file to produce a unique "fingerprint" of the file for later reference. Checksum systems are a primary means of detecting file system tampering on UNIX. /\ - D - Data Driven Attack: A form of attack in which the attack is encoded in innocuous-seeming data which is executed by a user or other software to implement an attack. In the case of firewalls, a data driven attack is a concern since it may get through the fir-firewall in data form and launch an attack against a system behind the firewall. /\ Data Encryption Standard: An encryption standard developed by EBM and then tested and adopted by the National Bureau of Standards. Published in 1977, the DES standard has proven itself over nearly 20 years of use in both government and private sectors. /\ Decode: Conversion of encoded text to plain text through the use of a code. /\ Decrypt: Conversion of either encoded or enciphered text into plaintext. /\ Dedicated: A special purpose device. Although it is capable of performing other duties, it is assigned to only one. /\ Defense in Depth: The security approach whereby each system on the network is secured to the greatest possible degree. May be used in conjunction with firewalls. /\ DES: Data encryption standard. /\ DNS Spoofing: Assuming the DNS name of another system by either corrupting the name service cache of a victim system, or by compromising a domain name server for a valid domain. /\ Dual Homed Gateway: 1) A system that has two or more network interfaces, each of which is connected to a different network. In firewall configurations, a dual homed gateway usually acts to block or filter some or all of the traffic trying to pass between the networks. 2) A firewall implement without the use of a screening router. /\ - E - E-mail Bombs: Code that when executed sends many messages to the same address (es) for the purpose of using up disk space and/or overloading the E-mail or web server. /\ Encrypting Router: See Tunneling Router and Virtual Network Perimeter. /\ Encryption: The process of scrambling files or programs, changing one character string to another through an algorithm (such as the DES algorithm). /\ End-to-End Encryption: Encryption at the point of origin in a network, followed by decryption at the destination. /\ Environment: The aggregate of external circumstances, conditions and events that affect the development, operation and maintenance of a system. /\ ERP: An acronym for Enterprise Resource Planning systems that permit organizations to manage resources across the enterprise and completely integrate manufacturing systems. /\ Extranet: "Extranet" refers to extending the LAN via remote or Internet access to partners outside your organization such as frequent suppliers and purchasers.  Such relationships should be over authenticated link to authorized segments of the LAN and are frequently encrypted for privacy." /\ - F - Fat Client: A computing device, such as a PC or Macintosh, that includes an operating system, RAM, ROM, a powerful processor and a wide range of installed applications that can execute on the desktop or 100% on the server under a Server-based Computing architecture. Fat clients can operate in a Server-based Computing environment. /\ Fault Tolerance: A design method that ensures continued systems operation in the event of individual failures by providing redundant system elements. /\ Firewall: A system or combination of systems that enforces a boundary between two or more networks. /\ Flooding programs: Code which when executed will bombard the selected system with requests in an effort to slow down or shut down the system. /\ Anonymous FTP: A guest account which allows anyone to login to the FTP Server. It can be a point to begin access on the host server. /\ - G - Gateway: A bridge between two networks. /\ Generic Utilities: General purpose code and devices; i.e., screen grabbers and sniffers that look at data and capture information like passwords, keys and secrets. /\ Global Security: The ability of an access control package to permit protection across a variety of mainframe environments, providing users with a common security interface to all. /\ Granularity: The relative fineness or coarseness by which a mechanism can be adjusted. /\ - H - Hack: Any software in which a significant portion of the code was originally another program. /\ Hacker: Those intent upon entering an environment to which they are not entitled entry for whatever purpose [entertainment, profit, theft, prank, etc.]. Usually iterative techniques escalating to more advanced methodologies and use of devices to intercept the communications property of another. /\ Host-based Security: The technique of securing an individual system from attack. Host-based security is operating system and version dependent. /\ Hot Standby: A backup system configured in such a way that it may be used if the system goes down. /\ Hybrid Gateways: An unusual configuration with routers that maintain the complete state of the TCP/IP connections or examine the traffic to try to detect and prevent attack [may involve baston host]. If very complicated it is difficult to attach; and, difficult to maintain and audit. /\ - I - ICA: An acronym for Citrix's Independent Computing Architecture, a three-part Server-based Computing technology that separates an application's logic from its user interface and allows 100% application execution on the server. /\ IETF: The Internet Engineering Task Force, a public forum that develops standards and resolves operational issues for the Internet. IETF is purely voluntary. /\ Information Systems Technology: The protection of information assets from accidental or intentional but unauthorized disclosure, modification, or destruction, or the inability to process that information. /\ Insider Attack: An attack originating from inside a protected network. /\ Internet (The Beginning): The Internet had its roots in early 1969 when the ARPANET was formed. ARPA stands for Advanced Research Projects Agency (which was part of the U.S. Department of Defense). One of the goals of ARPANET was research in distributed computer systems for military purposes. The first configuration involved four computers and was designed to demonstrate the feasibility of building networks using computers dispersed over a wide area. The advent of OPEN networks in the late 1980's required a new model of communications. The amalgamation of many types of systems into mixed environments demanded better translator between these operating systems and a non-proprietary approach to networking in general. Telecommunications Protocol/Internet Protocol {TCP/IP) provided the best solutions to this. /\ Internet (TOM): A web of different, intercommunicating networks funded by both commercial and government organizations. It connects networks in 40 countries. No one owns or runs the Internet. There are thousands of enterprise networks connected to the Internet, and there are millions of users, with thousands more joining every day. /\ Intrusion Detection: Detection of break-ins or break-in attempts either manually via software expert systems that operate on logs or other information available on the network. /\ IP Sniffing: Stealing network addresses by reading the packets. Harmful data is then sent stamped with internal trusted addresses. /\ IP Spoofing: An attack whereby an active, established, session is intercepted and co-opted by the attacker. EP Splicing attacks may occur after an authentication has been made, permitting the attacker to assume the role of an already authorized user. Primary protections against IP Splicing rely on encryption at the session or network layer. /\ IP Spoofing: An attack whereby a system attempts to illicitly impersonate another system by using its EP network address. /\ ISO: International Standards Organization sets standards for data communications. /\ ISSA: Information Systems Security Association. /\ - J - [No Entries] /\ - K - Key: In encryption, a key is a sequence of characters used to encode and decode a file. You can enter a key in two formats: alphanumeric and condensed (hexadecimal). In the network access security market, "key" often refers to the "token," or authentication tool, a device utilized to send and receive challenges and responses during the user authentication process. Keys may be small, hand-held hardware devices similar to pocket calculators or credit cards, or they may be loaded onto a PC as copy-protected, software. /\ - L - Least Privilege: Designing operational aspects of a system to operate with a minimum amount of system privilege. This reduces the authorization level at which various actions are performed and decreases the chance that a process or user with high privileges may be caused to perform unauthorized activity resulting in a security breach. /\ Local Area Network (LAN): An interconnected system of computers and peripherals, LAN users share data stored on hard disks and can share printers connected to the network. /\ Logging: The process of storing information about events that occurred on the firewall or network. /\ Log Processing: How audit logs are processed, searched for key events, or summarized. /\ Log Retention: How long audit logs are retained and maintained. /\ - M - Mobile Code: A program downloaded from the internet that runs automatically on a computer with little or no user interaction. Multi-User: The ability for multiple concurrent users to log on and run applications from a single server.  /\ - N - Network Computer (NC): A "thin" client hardware device that executes applications locally by downloading them from the network. NCs adhere to a specification jointly developed by Sun, IBM, Oracle, Apple and Netscape. They typically run Java applets within a Java browser, or Java applications within the Java Virtual Machine.  /\ Network Computing Architecture: A computing architecture in which components are dynamically downloaded from the network into the client device for execution by the client. The Java programming language is at the core of network computing.  /\ Network-Level Firewall: A firewall in which traffic is examined at the network protocol packet level. /\ Network Worm: A program or command file that uses a computer network as a means for adversely affecting a system's integrity, reliability or availability, A network worm may attack from one system to another by establishing a network connection. It is usually a self-contained program that does not need to attach itself to a host file to infiltrate network after network. /\ - O - One-Time Password: In network security, a password issued only once as a result of a challenge-response authentication process. Cannot be "stolen" or reused for unauthorized access. /\ Operating System: System software that controls a computer and its peripherals. Modern operating systems such as Windows 95 and NT handle many of a computer’s basic functions. /\ Orange Book: The Department of Defense Trusted Computer System Evaluation Criteria. It provides information to classify computer systems, defining the degree of trust that may be placed in them. /\ - P - Password: A secret code assigned to a user. A@ known by the computer system. Knowledge of the password associated with the user ID is considered proof of authorization. (See One-Time Password.) /\ Performance: A major factor in determining the overall productivity of a system, performance is primarily tied to availability, throughput and response time.  /\ Perimeter-based Security: The technique of securing a network by controlling access to all entry and exit points of the network. /\ PIN: In computer security, a personal identification number used during the authentication process. Known only to the user. (See Challenge/Response, Two-Factor Authentication.) /\ Policy: Organizational-level rules governing acceptable use of computing resources, security practices, and operational procedures. /\ Private Key: In encryption, one key (or password) is used to both lock and unlock data. Compare with public key. /\ Protocols: Agreed-upon methods of communications used by computers. /\ Proxy: 1) A method of replacing the code for service applications with an improved version that is more security aware. Preferred method is by "service communities", i.e. Oracle, rather than individual applications. Evolved from socket implementations. 2) A software agent that acts on behalf of a user. Typical proxies accept a connection from a user, make a decision as to whether or not the user or client IP address is permitted to use the proxy, perhaps does additional authentication, and then completes a connection on behalf of the user to a remote destination. /\ Public Key: In encryption a two-key system in which the key used to lock data is made public, so everyone can "lock." A second private key is used to unlock or decrypt. /\ - Q - [No Entries] /\ - R - Remote Access: The hookup of a remote computing device via communications lines such as ordinary phone lines or wide area networks to access network applications and information. /\ Remote Presentation Services Protocol: A protocol is a set of rules and procedures for exchanging data between computers on a network. A remote presentation services protocol transfers user interface, keystrokes, and mouse movements between a server and client.  /\ Risk Analysis: The analysis of an organization's information resources, existing controls and computer system vulnerabilities. It establishes a potential level of damage in dollars and/or other assets. /\ Rogue program: Any program intended to damage programs or data. Encompasses malicious Trojan Horses. /\ RSA: A public key cryptosystem named by its inventors, Rivest, Shamir and Adelman, who hold the patent. /\ - S - Scalability: The ability to expand a computing solution to support large numbers of users without impacting performance.  /\ Screened Host Gateway: A host on a network behind a screening router. The degree to which a screened host may be accessed depends on the screening rules in the router. /\ Screened Subnet: An isolated subnet created behind a screening router to protect the private network. The degree to which the subnet may be accessed depends on the screening rules in the router. /\ Screening Router: A router configured to permit or deny traffic using filtering techniques; based on a set of permission rules installed by the administrator. A component of many firewalls usually used to block traffic between the network and specific hosts on an IP port level. Not very secure; used when "speed" is the only decision criteria. /\ Server: The control computer on a local area network that controls software access to workstations, printers and other parts of the network.  /\ Server-based Computing: An innovative, server-based approach to delivering business-critical applications to end-user devices, whereby an application’s logic executes on the server and only the user interface is transmitted across a network to the client. Its benefits include single-point management, universal application access, bandwidth-independent performance, and improved security for business applications. /\ Server Farm: A group of servers that are linked together as a ‘single system image’ to provide centralized administration and horizontal scalability.  /\ Session Shadowing: A feature of Citrix WinFrame and MetaFrame that allows administrators and technical support staff to remotely join or take control of a user’s session for diagnosis, support and training.  /\ Session Stealing: See IP Splicing. /\ Single-Point Control: Helps reduce the total cost of application ownership by enabling applications and data to be deployed, managed and supported at the server. Single-point control enables application installations, updates and additions to be made once, on the server, which are then instantly available to users anywhere.  /\ Smart Card: A credit-card-sized device with embedded microelectronics circuitry for storing information about an individual. This is not a key or token, as used in the remote access authentication process. /\ Social Engineering: An attack based on deceiving users or administrators at the target site. Social engineering attacks are typically carried out by telephoning users or operators and pretending to be an authorized user, to attempt to gain illicit access to systems. /\ State Full Evaluation: Methodology using mixture of proxy or filtering technology intermittently depending upon perceived threat [and/or need for "speed"]. /\ - T - TCO: Total Cost of Ownership, a model that helps IT professionals understand and manage the budgeted (direct) and unbudgeted (indirect) costs incurred for acquiring, maintaining and using an application or a computing system. TCO normally includes training, upgrades, and administration as well as the purchase price. Lowering TCO through single-point control is a key benefit of Server-based Computing.  /\ Thin Client: A low-cost computing device that works in a server-centric computing model. Thin clients typically do not require state-of-the-art, powerful processors and large amounts of RAM and ROM because they access applications from a central server or network. Thin clients can operate in a Server-based Computing environment. /\ Token: A "token" is an authentication too, a device utilized to send and receive challenges and responses during the user authentication process. Tokens may be small, hand-held hardware devices similar to pocket calculators or credit cards. See key. /\ Trojan Horse: 1) Any program designed to do things that the user of the program did not intend to do or that disguises its harmful intent. 2) Program that installs itself while the user is making an authorized entry; and, then are used to break-in and exploit the system. /\ Tunneling Router: A router or system capable of routing traffic by encrypting it and encapsulating it for transmission across an untrusted network, for eventual de-encapsulation and decryption. /\ Turn Commands: Commands inserted to forward mail to another address for interception. /\ Two-Factor Authentication: Two-factor authentication is based on something a user knows (factor one) plus something the user has (factor two). In order to access a network, the user must have both "factors" - just as he/she must have an ATM card and a Personal Identification Number (PIN) to retrieve money from a bank account, In order to be authenticated during the challenge/response process, users must have this specific (private) information. /\ - U - User: Any person who interacts directly with a computer system. /\ User ID: A unique character string that identifies users. /\ User Identification: User identification is the process by which a user identifies himself to the system as a valid user. (As opposed to authentication, which is the process of establishing that the user is indeed that user and has a right to use the system.) /\ User Interface: The part of an application that the user works with. User interfaces can be text-driven, such as DOS, or graphical, such as Windows. /\ - V - Virtual Network Perimeter: A network that appears to be a single protected network behind firewalls, which actually encompasses encrypted virtual links over untrusted networks. /\ Virus: A self-replicating code segment. Viruses may or may not contain attack programs or trapdoors. /\ - W - Windows-Based Terminal (WBT): A fixed-function thin client device that connects to a Citrix WinFrame or MetaFrame server and Terminal Server to provide application access. The key differentiator of a WBT from other thin devices is that all application execution occurs on the server; there is no downloading or local processing of applications at the client. /\ Windows NT 4.0, Terminal Server Edition: A multi-user operating system for Windows NT 4.0 from Microsoft, formerly called "Hydra." /\ - XYZ - Y2K: An acronym for the Year 2000 Problem that involves three issues - two-digit data storage, leap year calculations and special meanings for dates. /\