Term
|
Definition
Also known as Triple Digital Encryption Standard (DES). A block cipher algorithm
used for encryption. |
|
|
Term
|
Definition
Agreed-upon principles set forth by a company to govern how the
employees of that company may use resources such as computers and Internet access. |
|
|
Term
|
Definition
| An attack aimed at gaining access to resources. |
|
|
Term
|
Definition
The means of giving or restricting user access to network resources. Access
control is usually accomplished through the use of an access control list (ACL). |
|
|
Term
| access control list (ACL) |
|
Definition
| A table or data file that specifies whether a user or group has access to a specific resource on a computer or network. |
|
|
Term
|
Definition
The point at which access to a network is accomplished. This term is
often used in relation to a wireless access point (WAP). |
|
|
Term
|
Definition
A message confirming that a data packet was received.
Acknowledgment occurs at the Transport layer of the Open Systems Interconnection
(OSI) and TCP/IP models. |
|
|
Term
|
Definition
The replacement for NT Directory Service (NTDS) that is included with
Windows 2000/2003. It acts similarly to Novell Directory Services (NDS), which is now
known as eDirectory in NetWare 6.x/OES because it’s a true X.500-based directory service. |
|
|
Term
|
Definition
Involves an attacker gaining access to a host in the network through a
switch and logically disconnecting it from the network. |
|
|
Term
|
Definition
Anomaly-detection intrusion detection system. An AD-IDS works by looking for
deviations from a pattern of normal network traffic. |
|
|
Term
| Advanced Encryption Standard (AES) |
|
Definition
A FIPS publication that specifies a cryptographic
algorithm for use by the U.S. government. See also Federal Information Processing
Standard (FIPS). |
|
|
Term
| annual loss expectancy (ALE) |
|
Definition
A calculation that is used to identify risks and calculate the
expected loss each year. |
|
|
Term
|
Definition
Authentication that doesn’t require a user to provide a username,
password, or any other identification before accessing resources. |
|
|
Term
|
Definition
The seventh layer of the Open Systems Interconnection (OSI) model.
This layer deals with how applications access the network and describes application functionality,
such as file transfer, messaging, and so on. |
|
|
Term
|
Definition
The table that the Address Resolution Protocol uses. Contains a list of known
TCP/IP addresses and their associated physical addresses. The table is cached in memory so
that ARP lookups don’t have to be performed for frequently accessed addresses. See also
Media Access Control (MAC). |
|
|
Term
|
Definition
| An algorithm that utilizes two keys. |
|
|
Term
|
Definition
Encryption in which two keys must be used. One key is used to
encrypt data, and the other is needed to decrypt the data. Asymmetric encryption is the
opposite of symmetric encryption, where a single key serves both purposes. |
|
|
Term
|
Definition
| Files that hold information about a resource’s access by users. |
|
|
Term
|
Definition
| The act of tracking resource usage by users. |
|
|
Term
| authenticating the evidence |
|
Definition
Verifying that the logs and other resources collected are
legitimate. This technique can be useful in verifying that an attack has occurred. |
|
|
Term
|
Definition
A header used to provide connectionless integrity and data
origin authentication for IP datagrams and to provide protection against replays. |
|
|
Term
|
Definition
An opening left in a program application (usually by the developer)
that allows additional access to data. Typically, these are created for debugging purposes
and aren’t documented. Before the product ships, the back doors are closed; when they
aren’t closed, security loopholes exist. |
|
|
Term
|
Definition
Originally created as a support tool, it is now well known as an illicit server
program that can be used to gain access to Windows NT/2000 servers and take control. |
|
|
Term
|
Definition
A model designed for the military to address the storage and protection
of classified information. This model is specifically designed to prevent unauthorized access
to classified information. The model prevents the user from accessing information that has a
higher security rating than they are authorized to access. It also prevents information from
being written to a lower level of security. |
|
|
Term
|
Definition
| A set of rules governing basic operations. |
|
|
Term
|
Definition
A model similar in concept to the Bell La-Padula model but more concerned with
information integrity (an area the Bell La-Padula model doesn’t address). In this model, there is
no write up or read down. If you’re assigned access to top-secret information, you can’t read secret information or write to any level higher than the level to which you’re authorized. This
model keeps higher-level information pure by preventing less-reliable information from being
intermixed with it. |
|
|
Term
|
Definition
| A probability method of finding collision in hash functions. |
|
|
Term
|
Definition
Also known as the Master Boot Record (MBR). The first sector of the
hard disk, where the program that boots the operating system resides. It’s a popular
target for viruses. |
|
|
Term
| Border Gateway Protocol (BGP) |
|
Definition
An ISP protocol that allows routers to share information
about routes with each other. |
|
|
Term
|
Definition
| A router used to translate from LAN framing to WAN framing |
|
|
Term
|
Definition
| A type of attack that relies purely on trial and error. |
|
|
Term
|
Definition
A type of denial of service (DoS) attack that occurs when more
data is put into a buffer than it can hold, thereby overflowing it (as the name implies). |
|
|
Term
| Certificate Practice Statement (CPS) |
|
Definition
The principles and procedures employed in the
issuing and managing of certificates. |
|
|
Term
|
Definition
| The log of the history of evidence that has been collected. |
|
|
Term
| Challenge Handshake Authentication Protocol (CHAP) |
|
Definition
A protocol that challenges a
system to verify identity. CHAP is an improvement over Password Authentication Protocol
(PAP) in which one-way hashing is incorporated into a three-way handshake. RFC 1334
applies to both PAP and CHAP. |
|
|
Term
|
Definition
A certain action or moment in time that is used to perform a check. It allows
a restart to begin at the last point the data was saved as opposed to from the beginning. |
|
|
Term
|
Definition
The means and orderly fashion by which evidence is collected,
identified, and marked. |
|
|
Term
|
Definition
| A method of balancing loads and providing fault tolerance. |
|
|
Term
|
Definition
The storage and conditions for release of source code provided by a vendor,
partner, or other party. |
|
|
Term
|
Definition
A physical site that has all the resources necessary to enable an organization to
use it if the main site is inaccessible (destroyed). Commonly, plans call for turning to a cold
site within a certain number of hours after the loss of the main site. |
|
|
Term
|
Definition
| An agreement between individuals to commit fraud or deceit. |
|
|
Term
|
Definition
A document of specifications detailing security evaluation methods
for IT products and systems. |
|
|
Term
|
Definition
A virus that creates a new program that runs in place of an expected
program of the same name |
|
|
Term
|
Definition
Assurance that data remains private and no one sees it except for those
expected to see it. |
|
|
Term
|
Definition
| The study and practice of finding weaknesses in ciphers |
|
|
Term
| cyclical redundancy check (CRC) |
|
Definition
An error-checking method in data communications that
runs a formula against data before transmission. The sending station then appends the resultant
value (called a checksum) to the data and sends it. The receiving station uses the same
formula on the data. If the receiving station doesn’t get the same checksum result for the calculation,
it considers the transmission invalid, rejects the frame, and asks for retransmission. |
|
|
Term
|
Definition
The second layer of the Open Systems Interconnection (OSI) model. It
describes the physical topology of a network. |
|
|
Term
|
Definition
An area for placing web and other servers that serve the general
public outside the firewall, therefore, isolating them from internal network access. |
|
|
Term
| denial of service (DoS) attack |
|
Definition
A type of attack that prevents any users—even legitimate
ones—from using a system. |
|
|
Term
|
Definition
A type of backup that includes only new files or files that have changed
since the last full backup. Differential backups differ from incremental backups in that they
don’t clear the archive bit upon their completion. |
|
|
Term
|
Definition
An asymmetrically encrypted signature whose sole purpose is to
authenticate the sender. |
|
|
Term
|
Definition
| A method of communication between wireless receivers |
|
|
Term
| direct-sequence spread spectrum (DSSS) |
|
Definition
A communications technology that is used to
communicate in the 802.11 standard. |
|
|
Term
| Discretionary Access Control (DAC) |
|
Definition
A method of restricting access to objects based on
the identity of the subjects or the groups to which they belong. |
|
|
Term
|
Definition
Any server that performs address resolution from a DNS fully qualified
domain name (FQDN) to an IP address. See also Domain Name Service (DNS), Internet
Protocol (IP) |
|
|
Term
| Domain Name Service (DNS) |
|
Definition
The network service used in TCP/IP networks that translates
hostnames to IP addresses. See also Transmission Control Protocol/Internet Protocol (TCP/IP). |
|
|
Term
| Dynamic Host Configuration Protocol (DHCP) |
|
Definition
A protocol used on a TCP/IP network
to send client configuration data, including IP address, default gateway, subnet mask, and
DNS configuration, to clients. DHCP uses a four-step process: Discover, Offer, Request,
and Acknowledgement. See also default gateway, Domain Name Service (DNS), Transmission
Control Protocol/Internet Protocol (TCP/IP). |
|
|
Term
| Elliptic Curve Cryptosystem (ECC) |
|
Definition
A type of public key cryptosystem that requires a shorter
key length than many other cryptosystems (including the de facto industry standard, RSA). |
|
|
Term
| Encapsulating Security Payload (ESP) |
|
Definition
A header used to provide a mix of security
services in IPv4 and IPv6. ESP can be used alone or in combination with the IP Authentication
Header (AH). |
|
|
Term
|
Definition
An attempt to gain information about a network by specifically targeting
network resources, users and groups, and applications running on the system. |
|
|
Term
| Evaluation Assurance Level (EAL) |
|
Definition
A level of assurance, expressed as a numeric value, based
on standards set by the Common Criteria Recognition Agreement (CCRA). |
|
|
Term
|
Definition
| Examining data leaving a network for signs of malicious traffic. |
|
|
Term
|
Definition
The process of reconstructing a system or switching over to other systems
when a failure is detected. |
|
|
Term
| File Transfer Protocol (FTP) |
|
Definition
TCP/IP and software that permit transferring files between
computer systems and utilize clear-text passwords. Because FTP has been implemented on
numerous types of computer systems, files can be transferred between disparate computer
systems (for example, a personal computer and a minicomputer). See also Transmission
Control Protocol/Internet Protocol (TCP/IP). |
|
|
Term
| honeypot (also known as Honey pot) |
|
Definition
A bogus system set up to attract and slow down a
hacker. A honeypot can also be used to learn of the hacking techniques and methods that
hackers employ. |
|
|
Term
|
Definition
An intrusion prevention system that is host based. To prevent the
intrusion, it must first detect it (thus making it a superset of H-IDS) and then act accordingly |
|
|
Term
|
Definition
An attack that occurs by triggering a response from the Internet Control
Message Protocol (ICMP) when it responds to a seemingly legitimate maintenance request. |
|
|
Term
| International Data Encryption Algorithm (IDEA) |
|
Definition
An algorithm that uses a 128-bit key.
This product is similar in speed and capability to Digital Encryption Standard (DES), but
it’s more secure. IDEA is used in Pretty Good Privacy (PGP). |
|
|
Term
| International Organization for Standardization (ISO) |
|
Definition
The standards organization that
developed the Open Systems Interconnection (OSI) model. This model provides a guideline
for how communications occur between computers. |
|
|
Term
| Internet Control Message Protocol (ICMP) |
|
Definition
A message and management protocol for
TCP/IP. The Ping utility uses ICMP |
|
|
Term
| Internet Group Management Protocol (IGMP) |
|
Definition
A protocol used for multicasting operations
across the Internet. |
|
|
Term
| Internetwork Packet Exchange (IPX) |
|
Definition
A connectionless, routable network protocol based on
the Xerox XNS architecture. It’s the default protocol for versions of NetWare before NetWare
5. It operates at the Network layer of the Open Systems Interconnection (OSI) model and is
responsible for addressing and routing packets to workstations or servers on other networks. |
|
|
Term
| intrusion detection system (IDS) |
|
Definition
Tools that identify and respond to attacks using defined
rules or logic. An IDS can be network based or host based. |
|
|
Term
|
Definition
A set of protocols that enable encryption, authentication, and integrity
over IP. IPSec is commonly used with virtual private networks (VPNs) and operates at Layer 3. |
|
|
Term
|
Definition
Named after the three-headed guard dog who stood at the gates of Hades in
Greek mythology.
key/certificate life |
|
|
Term
| Key Distribution Center (KDC) |
|
Definition
| An organization/facility that generates keys for users |
|
|
Term
| Keyed-Hash Message Authentication Code (HMAC) |
|
Definition
A mechanism for message
authentication using cryptographic hash functions |
|
|
Term
| Layer 2 Tunneling Protocol (L2TP) |
|
Definition
A tunneling protocol that adds functionality to Pointto-
Point Protocol (PPP). This protocol was created by Microsoft and Cisco and is often used
with virtual private networks (VPNs). |
|
|
Term
|
Definition
Describes information that isn’t intended for release to the public.
This category of information isn’t secret, but it’s private. |
|
|
Term
| Link Control Protocol (LCP) |
|
Definition
The protocol used to establish, configure, and test the link
between a client and PPP host. |
|
|
Term
|
Definition
Any code that is hidden within an application and causes something unexpected
to happen based on some criteria being met. For example, a programmer could create a program
that always makes sure his name appears on the payroll roster; if it doesn’t, then key files
begin to be erased. |
|
|
Term
|
Definition
The address that is either assigned to a network card or burned into the
network interface card (NIC). PCs use MAC addresses to keep track of one another and
keep each other separate. |
|
|
Term
| Mandatory Access Control (MAC) |
|
Definition
A security policy wherein labels are used to identify
the sensitivity of objects. When a user attempts to access an object, the label is checked to
see if access should be allowed (that is, whether the user is operating at the same sensitivity
level). This policy is “mandatory,” because labels are automatically applied to all data (and
can be changed only by administrative action), as opposed to “discretionary” policies that
leave it up to the user to decide whether to apply a label. |
|
|
Term
|
Definition
An attack focused on the encryption algorithm itself, the key
mechanism, or any potential area of weakness in the algorithm. |
|
|
Term
|
Definition
A device, such as a small room, that limits access to one or a few individuals.
Mantraps typically use electronic locks and other methods to control access. |
|
|
Term
| Media Access Control (MAC) |
|
Definition
A sublayer of the Data Link layer of the Open Systems
Interconnection (OSI) model that controls the way multiple devices use the same media
channel. It controls which devices can transmit and when they can transmit. |
|
|
Term
| Message Digest Algorithm (MDA) |
|
Definition
An algorithm that creates a hash value. The hash
value is also used to help maintain integrity. There are several versions of MD; the most
common are MD5, MD4, and MD2. |
|
|
Term
| Microsoft Challenge Handshake Authentication Protocol (MSCHAP) |
|
Definition
An implementation
of the Challenge Handshake Authentication Protocol (CHAP) common in Microsoft’s
Windows-based operating systems. The latest version, and the only one supported in Windows
Vista, is MSCHAPv2. |
|
|
Term
| misuse-detection IDS (MD-IDS) |
|
Definition
A method of evaluating attacks based on attack signatures
and audit trails. |
|
|
Term
| NetWare Core Protocol (NCP) |
|
Definition
The upper-layer NetWare protocol that functions on top
of IPX and provides NetWare resource access to workstations. See also Internetwork Packet
Exchange (IPX). |
|
|
Term
| NetWare Directory Services (NDS) |
|
Definition
A directory management service used to manage all
of the resources in a network. In later versions, the acronym was changed to Novell Directory
Services, and the service is now known as eDirectory. NDS provides a database of all of the
network objects or resources. |
|
|
Term
| NetWare Link State Protocol (NLSP) |
|
Definition
A protocol that gathers routing information based
on the link-state routing method. Its precursor is the Routing Information Protocol (RIP).
NLSP is a more efficient routing protocol than RIP. |
|
|
Term
| NetWare Loadable Module (NLM) |
|
Definition
A component used to provide a NetWare server
with additional services and functionality. Unneeded services can be unloaded, thereby
conserving memory. |
|
|
Term
| network access control (NAC) |
|
Definition
The set of standards defined by the network for clients
attempting to access it. Usually, NAC requires that clients be virus free and adhere to specified
policies before allowing them on the network. |
|
|
Term
| Network Basic Input Output System (NetBIOS) |
|
Definition
The native protocol of Windows PCs.
It provides a 15-character naming convention for resources on the network. NetBIOS is a
broadcast-oriented network protocol in that all traffic is available to all devices in a LAN.
The protocol can be transported over NetBIOS Extended User Interface (NetBEUI), TCP/IP,
or Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX). |
|
|
Term
| Network Control Protocol (NCP) |
|
Definition
The protocol Point-to-Point Protocol (PPP) employs for
encapsulating network traffic. |
|
|
Term
| Network File System (NFS) |
|
Definition
A protocol that enables users to access files on remote
computers as if the files were local. |
|
|
Term
|
Definition
The lowest level of the TCP/IP suite; it is responsible for placing
and removing packets on the physical network. |
|
|
Term
|
Definition
The third layer of the OSI model, it is responsible for logical addressing
and translating logical names into physical addresses. This layer also controls the routing of
data from source to destination as well as the building and dismantling of packets. See also
Open Systems Interconnection (OSI) model. |
|
|
Term
| New Technology LAN Manager (NTLM) |
|
Definition
The protocol that Microsoft Windows–based
operating systems use for authentication with remote access protocols. |
|
|
Term
| Open Shortest Path First (OSPF) |
|
Definition
| A link-state routing protocol used in IP networks. |
|
|
Term
| Open Systems Interconnection (OSI) model |
|
Definition
A model defined by the ISO to categorize
the process of communication between computers in terms of seven layers. The seven layers
are Application, Presentation, Session, Transport, Network, Data Link, and Physical. See
also International Organization for Standardization (ISO). |
|
|
Term
| Password Authentication Protocol (PAP) |
|
Definition
One of the simplest forms of authentication.
Authentication is accomplished by sending the username and password to the server and
having them verified. Passwords are sent as clear text and, therefore, can be easily seen if
intercepted. |
|
|
Term
|
Definition
The first layer of the OSI model; controls the functional interface. See also
Open Systems Interconnection (OSI) model. |
|
|
Term
|
Definition
A large Internet Control Message Protocol (ICMP) packet sent to overflow
the remote host’s buffer. A ping of death usually causes the remote host to reboot or hang. |
|
|
Term
| Port Address Translation (PAT) |
|
Definition
A means of translating between ports on a public and
private network. Similar to Network Address Translation (NAT), which translates addresses
between public and private. |
|
|
Term
|
Definition
The sixth layer of the OSI model; responsible for formatting data
exchange, such as graphic commands, and converting character sets. This layer is also
responsible for data compression, data encryption, and data stream redirection. See also
Open Systems Interconnection (OSI) model. |
|
|
Term
|
Definition
The process of controlling access to evidence within chain-ofcustody
measures, often by placing it in a controlled-access area with a single custodian
responsible for all access. |
|
|
Term
| Public Key Infrastructure (PKI) |
|
Definition
A two-key encryption system wherein messages are
encrypted with a private key and decrypted with a public key. |
|
|
Term
| registration authority (RA) |
|
Definition
An organization that offloads some of the work from a
certificate authority (CA). An RA system operates as a middleman in the process. The
RA can distribute keys, accept registrations for the CA, and validate identities. The RA
doesn’t issue certificates; that responsibility remains with the CA. |
|
|
Term
| Secure Sockets Layer (SSL) |
|
Definition
A protocol that secures messages by operating between the
Application layer (HTTP) and the Transport layer. |
|
|
