Term
|
Definition
| Preventing external threats from getting around our protection mechanisms. |
|
|
Term
| Breach of Confidentiality |
|
Definition
| Unauthorized reading of data or theft of information. |
|
|
Term
|
Definition
| Unauthorized modification of data. |
|
|
Term
|
Definition
| Unauthorized destruction of data. |
|
|
Term
|
Definition
| Unauthorized use of resources. |
|
|
Term
|
Definition
| Prevents legitimate use of the system. |
|
|
Term
|
Definition
| One participant in a communication pretends to be someone else. |
|
|
Term
|
Definition
| The correctness of identification. |
|
|
Term
|
Definition
| Malicious or fraudulent repeat of a valid data transmissions. |
|
|
Term
|
Definition
| Commonly used alongside a replay attack where the attacker changes the message in order to escalate privileges. |
|
|
Term
|
Definition
| An attacker gets between two communicating computers and pretends to be the server to the sender and the sender to the server in order to steal data or alter information. |
|
|
Term
|
Definition
| A breach where an active communication session is intercepted. |
|
|
Term
|
Definition
| A code segment that misuses its environment. Basically anything that pretends to be something it's not. |
|
|
Term
|
Definition
| Leaving a hole in security that only a user with knowledge of the hole would be able to use. An example would be the movie office space. |
|
|
Term
|
Definition
| Creating a hole in security when only certain conditions are met. |
|
|
Term
|
Definition
| Exploitation of a bug in a program to allow the attackers code to be run. |
|
|
Term
|
Definition
| Self-Replicating and infect other programs. |
|
|
Term
|
Definition
| Process that uses the spawn mechanism to make copies of itself and use of system resources. |
|
|
Term
|
Definition
| A means for a cracker to detect a system's vulnerabilities to attack. Port Scanning typically is automated, involving a tool that attempts to create a TCP/IP connection to a specified port of range of ports. |
|
|
Term
|
Definition
| A previously compromised, independent system that are used both by their owners and attackers. |
|
|
Term
| Distributed Denial of Service Attack |
|
Definition
| Having many compromised or willing systems all launch a DOS attack against a target with the hope of overwhelming it. |
|
|
Term
|
Definition
| Ensures that only a computer possessing the correct key can read a message. |
|
|
Term
|
Definition
| A way for a computer to decrypt an encrypted message. |
|
|
Term
|
Definition
| The same key is used to encrypt and decrypt. Systems must agree on a key ahead of time. |
|
|
Term
|
Definition
| Encrypting a chunk of bits at a time. |
|
|
Term
|
Definition
| XORing the encrypted chunk with the previous chunk before encryption. |
|
|
Term
|
Definition
| Encrypts and decrypts a stream a bits or bytes rather than a block. |
|
|
Term
|
Definition
| The key used to encrypt is different than the key used to decrypt. Often used with public keys and private keys. |
|
|
Term
|
Definition
| A key that is never shared. |
|
|
Term
|
Definition
| A key that everyone has access to. |
|
|
Term
|
Definition
| A function that creates a small, fixed-sized block of data from a message. |
|
|
Term
|
Definition
| The small, fixed-sized block of data made by a hash function. |
|
|
Term
|
Definition
| A way of ensuring a message is from a particular computer. |
|
|
Term
|
Definition
| A string that supposedly identifies a particular user. Check authenticity by comparing the password the user gives to the one stored in the system. |
|
|
Term
|
Definition
| The password changes in each session. |
|
|
