|
PRIVACYKEYBOARD™
SOFTWARE
PRIVACY AND SECURITY TERMS DICTIONARY
| A |
 |
Abuse
of Privilege: When a user performs an action that they
should not have, according to organizational policy or law.
Access: The ability to enter a secured
area. The process of interacting with a system. Used as either
a verb or a noun.
Access Authorization: Permission granted
to users, programs or workstations.
Access Control: A set of procedures performed
by hardware, software and administrators to monitor access,
identify users requesting access, record access attempts,
and grant or deny access.
Access Sharing: Permitting two or more
users simultaneous access to file servers or devices.
Alphanumeric Key: A sequence of letters,
numbers, symbols and blank spaces from one to 80 characters
long.
ANSI: The American National Standards Institute.
Develops standards for transmission storage, languages and
protocols. Represents the United States in the ISO (International
Standards Organization).
Application Level Gateway [Firewall]: A
firewall system in which service is provided by processes
that maintain complete TCP connection state and sequencing.
Application level firewalls often re-address traffic so that
outgoing traffic appears to have originated from the firewall,
rather than the internal host.
Audit: The independent collection of records
to access their veracity and completeness.
Audit Trail: An audit trail may be on paper
or on disk. In computer security systems, a chronological
record of when users log in, how long they arc engaged in
various activities, what they were doing, whether any actual
or attempted security violations occurred.
Authenticate: In networking, to establish
the validity of a user or an object (i.e. communications server).
Authentication: The process of establishing
the legitimacy of a node or user before allowing access to
requested information. During the process, the user enters
a name or account number (identification) and password (authentication).
Authentication Tool: A software or hand-held
hardware "key" or "token" utilized during
the user authentication process. See key and token.
Authentication Token: A portable device
used for authenticating a user. Authentication tokens operate
by challenge/response, time-based code sequences, or other
techniques. This may include paper-based lists of one-time
passwords.
Authorization: The process of determining
what @ of activities are permitted. Usually, authorization
is in the context of authentication. Once you have authenticated
a user, the user may be authorized different @s of access
or activity.
|
|
| B |
|
Back
Door: An entry point to a program or a system that is hidden or
disguised, often created by the software's author for maintenance. A
certain sequence of control characters permits access to the system
manager account. If the back door becomes known, unauthorized users (or
malicious software) can gain entry and cause damage.
Bastion Host: A system that has been hardened to resist
attack at some critical point of entry, and which is installed on a
network in such a way that it is expected to come under attack. Bastion
hosts are often components of firewalls, or may be 'outside" Web
servers or public access systems. Generally, a bastion host is running
some form of general purpose operating system (e.g., LNIX, VMS, WNT, etc.)
rather than a ROM-based or firmware operating system.
Biometric Access Control: Any means of controlling
access through human measurements, such as fingerprinting and
voiceprinting.
|
|
| C |
|
CERT:
The Computer Emergency Response Team was established at Carnegie-Mellon
University after the 1988 Internet worm attack.
Challenge/Response: A security procedure
in which one communicator requests authentication of another
communicator, and the latter replies with a pre-established
appropriate reply.
Chroot: A technique under UNIX whereby
a process is permanently restricted to an isolated subset
of the file system.
Coded File: In encryption, a coded file
contains unreadable information.
Combined Evaluation: Method using proxy
and state or filter evaluations as allowed by administrator.
[See State Full Evaluation].
Communications Server: Procedures designed
to ensure that telecommunications messages maintain their
integrity and are not accessible by unauthorized individuals.
Computer Security: Technological and managerial
procedures applied to computer systems to ensure the availability,
integrity and confidentiality of information managed by the
computer system.
Computer Security Audit: An independent
evaluation of the controls employed to ensure appropriate
protection of an organization's information assets.
Cryptographic Checksum: A one-way function
applied to a file to produce a unique "fingerprint"
of the file for later reference. Checksum systems are a primary
means of detecting file system tampering on UNIX.
|
|
| D |
|
Data
Driven Attack: A form of attack in which the attack is
encoded in innocuous-seeming data which is executed by a user
or other software to implement an attack. In the case of firewalls,
a data driven attack is a concern since it may get through
the fir-firewall in data form and launch an attack against
a system behind the firewall.
Data Encryption Standard: An encryption
standard developed by EBM and then tested and adopted by the
National Bureau of Standards. Published in 1977, the DES standard
has proven itself over nearly 20 years of use in both government
and private sectors.
Decode: Conversion of encoded text to plain
text through the use of a code.
Decrypt: Conversion of either encoded or
enciphered text into plaintext.
Dedicated: A special purpose device. Although
it is capable of performing other duties, it is assigned to
only one.
Defense in Depth: The security approach
whereby each system on the network is secured to the greatest
possible degree. May be used in conjunction with firewalls.
DES: Data encryption standard.
DNS Spoofing: Assuming the DNS name of
another system by either corrupting the name service cache
of a victim system, or by compromising a domain name server
for a valid domain.
Dual Homed Gateway: 1) A system that has
two or more network interfaces, each of which is connected
to a different network. In firewall configurations, a dual
homed gateway usually acts to block or filter some or all
of the traffic trying to pass between the networks.
2) A firewall implement without the use of a screening router.
|
|
| E |
|
E-mail
Bombs: Code that when executed sends many messages to
the same address(s) for the purpose of using up disk space
and/or overloading the E-mail or web server.
Encrypting Router: See Tunneling Router
and Virtual Network Perimeter.
Encryption: The process of scrambling files
or programs, changing one character string to another through
an algorithm (such as the DES algorithm).
End-to-End Encryption: Encryption at the
point of origin in a network, followed by decryption at the
destination.
Environment: The aggregate of external
circumstances, conditions and events that affect the development,
operation and maintenance of a system.
|
|
| F |
|
Firewall:
A system or combination of systems that enforces a boundary
between two or more networks.
Flooding programs: Code which when executed
will bombard the selected system with requests in an effort
to slow down or shut down the system.
Anonymous FTP: A guest account which allows
anyone to login to the FTP Server. It can be a point to begin
access on the host server.
|
|
| G |
|
Gateway:
A bridge between two networks.
Generic Utilities: General purpose code
and devices; i.e., screen grabbers and sniffers that look
at data and capture information like passwords, keys and secrets.
Global Security: The ability of an access
control package to permit protection across a variety of mainframe
environments, providing users with a common security interface
to all.
Granularity: The relative fineness or coarseness
by which a mechanism can be adjusted.
|
|
| H |
|
Hack:
Any software in which a significant portion of the code was originally
another program.
Hacker: Those intent upon entering an environment to
which they are not entitled entry for whatever purpose [entertainment,
profit, theft, prank, etc.]. Usually iterative techniques escalating to
more advanced methodologies and use of devices to intercept the
communications property of another.
Host-based Security: The technique of securing an
individual system from attack. Host-based security is operating system and
version dependent.
Hot Standby: A backup system configured in such a way
that it may be used if the system goes down.
Hybrid Gateways: An unusual configuration with routers
that maintain the complete state of the TCP/IP connections or examine the
traffic to try to detect and prevent attack [may involve baston host]. If
very complicated it is difficult to attach; and, difficult to maintain and
audit.
|
|
| I |
|
IETF:
The Internet Engineering Task Force, a public forum that develops
standards and resolves operational issues for the Internet. IETF is purely
voluntary.
Information Systems Technology: The protection of
information assets from accidental or intentional but unauthorized
disclosure, modification, or destruction, or the inability to process that
information.
Insider Attack: An attack originating from inside a
protected network.
Internet (The Beginning): The Internet had its roots in
early 1969 when the ARPANET was formed. ARPA stands for Advanced Research
Projects Agency (which was part of the U.S. Department of Defense). One of
the goals of ARPANET was research in distributed computer systems for
military purposes. The first configuration involved four computers and was
designed to demonstrate the feasibility of building networks using
computers dispersed over a wide area. The advent of OPEN networks in the
late 1980's required a new model of communications. The amalgamation of
many types of systems into mixed environments demanded better translator
between these operating systems and a non-proprietary approach to
networking in general. Telecommunications Protocol/Internet Protocol
{TCP/IP) provided the best solutions to this.
Internet (TOM): A web of different, intercommunicating
networks funded by both commercial and government organizations. It
connects networks in 40 countries. No one owns or runs the Internet. There
are thousands of enterprise networks connected to the Internet, and there
are millions of users, with thousands more joining every day.
Intrusion Detection: Detection of break-ins or break-in
attempts either manually via software expert systems that operate on logs
or other information available on the network.
IP Sniffing: Stealing network addresses by reading the
packets. Harmful data is then sent stamped with internal trusted
addresses.
IP Spoofing: An attack whereby an active, established,
session is intercepted and co-opted by the attacker. EP Splicing attacks
may occur after an authentication has been made, permitting the attacker
to assume the role of an already authorized user. Primary protections
against IP Splicing rely on encryption at the session or network layer.
IP Spoofing: An attack whereby a system attempts to
illicitly impersonate another system by using its EP network address.
ISO: International Standards Organization sets
standards for data communications.
ISSA: Information Systems Security Association.
|
|
| K |
|
Key:
In encryption, a key is a sequence of characters used to encode and decode
a file. You can enter a key in two formats: alphanumeric and condensed
(hexadecimal). In the network access security market, "key"
often refers to the "token," or authentication tool, a device
utilized to send and receive challenges and responses during the user
authentication process. Keys may be small, hand-held hardware devices
similar to pocket calculators or credit cards, or they may be loaded onto
a PC as copy-protected, software.
Keylogger: A program used to capture the keystrokes any actions of
a computer user, often without their knowledge.
|
|
| L |
|
Least
Privilege: Designing operational aspects of a system to operate with a
minimum amount of system privilege. This reduces the authorization level
at which various actions are performed and decreases the chance that a
process or user with high privileges may be caused to perform unauthorized
activity resulting in a security breach.
Local Area Network (LAN): An interconnected system of
computers and peripherals, LAN users share data stored on hard disks and
can share printers connected to the network.
Logging: The process of storing information about
events that occurred on the firewall or network.
Log Processing: How audit logs are processed, searched
for key events, or summarized.
Log Retention: How long audit logs are retained and
maintained.
|
|
| N |
|
Network-Level
Firewall: A firewall in which traffic is examined at the network
protocol packet level.
Network Worm: A program or command file that uses a
computer network as a means for adversely affecting a system's integrity,
reliability or availability, A network worm may attack from one system to
another by establishing a network connection. It is usually a
self-contained program that does not need to attach itself to a host file
to infiltrate network after network.
|
|
| O |
|
One-Time
Password: In network security, a password issued only once as a result
of a challenge-response authentication process. Cannot be
"stolen" or reused for unauthorized access.
Operating System: The layer of software that sits
between a computer and an application, such as an accounting system or
E-mail.
Orange Book: The Department of Defense Trusted Computer
System Evaluation Criteria. It provides information to classify computer
systems, defining the degree of trust that may be placed in them.
|
|
| P |
|
Password:
A secret code assigned to a user. A@ known by the computer system.
Knowledge of the password associated with the user ID is considered proof
of authorization. (See One-Time Password.)
Perimeter-based Security: The technique of securing a
network by controlling access to all entry and exit points of the network.
PIN: In computer security, a personal identification
number used during the authentication process. Known only to the user.
(See Challenge/Response, Two-Factor Authentication.)
Policy: Organizational-level rules governing acceptable
use of computing resources, security practices, and operational
procedures.
Private Key: In encryption, one key (or password) is
used to both lock and unlock data. Compare with public key.
Protocols: Agreed-upon methods of communications used
by computers.
Proxy: 1) A method of replacing the code for service
applications with an improved version that is more security aware.
Preferred method is by "service communities", i.e. Oracle,
rather than individual applications. Evolved from socket implementations.
2) A software agent that acts on behalf of a user. Typical proxies accept
a connection from a user, make a decision as to whether or not the user or
client IP address is permitted to use the proxy, perhaps does additional
authentication, and then completes a connection on behalf of the user to a
remote destination.
Public Key: In encryption a two-key system in which the
key used to lock data is made public, so everyone can "lock." A
second private key is used to unlock or decrypt.
|
|
| R |
|
Remote
Spyware: A keylogger or spy software program send to a remote
computer, usually via email for the purpose of spying
Risk Analysis: The analysis of an organization's information
resources, existing controls and computer system vulnerabilities. It
establishes a potential level of damage in dollars and/or other assets.
Rogue program: Any program intended to damage programs
or data. Encompasses malicious Trojan Horses.
RSA: A public key cryptosystem named by its inventors,
Rivest, Shamir and Adelman, who hold the patent.
|
|
| S |
|
Screened
Host Gateway: A host on a network behind a screening router. The
degree to which a screened host may be accessed depends on the screening
rules in the router.
Screened Subnet: An isolated subnet created behind a
screening router to protect the private network. The degree to which the
subnet may be accessed depends on the screening rules in the router.
Screening Router: A router configured to permit or deny
traffic using filtering techniques; based on a set of permission rules
installed by the administrator. A component of many firewalls usually used
to block traffic between the network and specific hosts on an IP port
level. Not very secure; used when "speed" is the only decision
criteria.
Session Stealing: See IP Splicing.
Smart Card: A credit-card-sized device with embedded
microelectronics circuitry for storing information about an individual.
This is not a key or token, as used in the remote access authentication
process.
Spyware: A generic term to identify software that is used to secret
capture information from a target computer
Social Engineering: An attack based on deceiving users or
administrators at the target site. Social engineering attacks are
typically carried out by telephoning users or operators and pretending to
be an authorized user, to attempt to gain illicit access to systems.
State Full Evaluation: Methodology using mixture of
proxy or filtering technology intermittently depending upon perceived
threat [and/or need for "speed"].
|
|
| T |
|
Token:
A "token" is an authentication too, a device utilized to send
and receive challenges and responses during the user authentication
process. Tokens may be small, hand-held hardware devices similar to pocket
calculators or credit cards. See key.
Trojan Horse: 1) Any program designed to do things that
the user of the program did not intend to do or that disguises its harmful
intent. 2) Program that installs itself while the user is making an
authorized entry; and, then are used to break-in and exploit the system.
Tunneling Router: A router or system capable of routing
traffic by encrypting it and encapsulating it for transmission across an
untrusted network, for eventual de-encapsulation and decryption.
Turn Commands: Commands inserted to forward mail to
another address for interception.
Two-Factor Authentication: Two-factor authentication is
based on something a user knows (factor one) plus something the user has
(factor two). In order to access a network, the user must have both
"factors" - just as he/she must have an ATM card and a Personal
Identification Number (PIN) to retrieve money from a bank account, In
order to be authenticated during the challenge/response process, users
must have this specific (private) information.
|
|
| U |
|
User:
Any person who interacts directly with a computer system.
User ID: A unique character string that identifies
users.
User Identification: User identification is the process
by which a user identifies himself to the system as a valid user. (As
opposed to authentication, which is the process of establishing that the
user is indeed that user and has a right to use the system.)
|
|
| V |
|
Virtual
Network Perimeter: A network that appears to be a single protected
network behind firewalls, which actually encompasses encrypted virtual
links over untrusted networks.
Virus: A self-replicating code segment. Viruses may or
may not contain attack programs or trapdoors.
|
|
|
