Welcome » IT Booklets » Information Security » Appendix B: Glossary
A C D E F H I M N P R S T U V W
AACL - Access control list.Applet - A small program that typically is transmitted with a Web page.AUP - An acceptable use policy. It documents permitted system uses and activities for a specific user and the consequences of noncompliance.Authentication - The process of verifying the identity of an individual user, machine, software component, or any other entity.Authorization - The process of giving access to parts of a system, typically based on the business needs and the role of the individual within the business.CCertificate Authority (CA) - The entity or organization that attests using a digital certificate that a particular electronic message comes from a specific individual or system.Cookie - A message given by a Web server to a Web browser, stored by the Web browser, and returned to the Web server when requested.DDictionary Attack - Discovery of authenticators by encrypting likely authenticators and comparing the actual encrypted authenticator with the newly encrypted possible authenticators.EExploit - A technique or code that uses a vulnerability to provide system access to the attacker.FFS/ISAC - Financial Services Information Sharing and Analysis Center.Full-Duplex - A communications channel that carries data in both directions.HHardening - The process of securing a computer’s administrative functions or inactivating those features not needed for the computer’s intended business purpose. Hash - A fixed length cryptographic output of variables, such as a message, being operated on by a formula or cryptographic algorithm.Hijacking - The use of an authenticated user’s communication session to communicate with system components.Host - A computer that is accessed by a user from a remote location.II/O - Input/output.IDS - Intrusion Detection System.IPS - Intrusion Prevention System.IPv6 - Version 6 of the Internet Protocol.ISAC - Information Sharing and Analysis Center.ISO - International Organization for Standards.MMan-In-The-Middle Attack - A man-in-the-middle attack places the attacker’s computer in the communication line between the server and the client. The attacker’s machine can monitor and change communications.Media - Physical objects that store data, such as paper, hard disk drives, tapes, and compact disks (CDs).NNon-Repudiation - Ensuring that a transferred message has been sent and received by the parties claiming to have sent and received the message. Non-repudiation is a way to guarantee that the sender of a message cannot later deny having sent the message and that the recipient cannot deny having received the message.PP2P - Peer-to-peer communication, the communications that travel from one user’s computer to another user’s computer without being stored for later access on a server. E-mail is not a P2P communication since it travels from the sender to a server, and is retrieved by the recipient from the server. On-line chat, however, is a P2P communication since messages travel directly from one user to another.Patch - Software code that replaces or updates other code. Frequently patches are used to correct security flaws.Port - Either an endpoint to a logical connection or a physical connection to a computer.Protocol - A format for transmitting data between devices.RReplay Attack - The interception of communications, such as an authentication communication, and subsequently impersonation of the sender by retransmitting the intercepted communication.Routing - The process of moving information from its source to the destination.SSecurity Event - An event that compromises the confidentiality, integrity, availability, or accountability of an information system.Server - A computer or other device that manages a network service. An example is a print server, which is a device that manages network printing.Sniffing - The passive interception of data transmissions.Social Engineering - Obtaining information from individuals by trickery.Spoofing - A form of masquerading where a trusted IP address is used instead of the true IP address as a means of gaining access to a computer system.Stateful Inspection - A firewall inspection technique that examines the claimed purpose of a communication for validity. For example, a communication claiming to respond to a request is compared to a table of outstanding requests.System Resources - Capabilities that can be accessed by a user or program either on the user’s machine or across the network. Capabilities can be services, such as file or print services, or devices, such as routers.TTrojan Horse - Malicious code that is hidden in software that has an apparently beneficial or harmless use.UUtility - A program used to configure or maintain systems, or to make changes to stored or transmitted data.VVirus - Malicious code that replicates itself within a computer.VLAN - Virtual local area network.Vulnerability - A flaw that allows a person to operate a computer system with authorization in excess of that which the system owner specifically granted to him or her.WWarehouse Attack - The compromise of systems that store authenticators.Worm - A program that scans a system or an entire network for available, unused space in which to run. Worms tend to tie up all computing resources in a system or on a network and effectively shut it down.