Abuse of Privilege: When a user performs an action that they should not have, according to organizational policy or law.
Access: The ability to enter a secured area. The process of interacting with a system. Used as either a verb or a noun.
Access Authorization: Permission granted to users, programs or workstations.
Access Control: A set of procedures performed by hardware, software and administrators to monitor access, identify users requesting access, record access attempts, and grant or deny access.
Access Sharing: Permitting two or more users simultaneous access to file servers or devices.
Alphanumeric Key: A sequence of letters, numbers, symbols and blank spaces from one to 80 characters long.
ANSI: The American National Standards Institute. Develops standards for transmission storage, languages and protocols. Represents the United States in the ISO (International Standards Organization).
Application Level Gateway [Firewall]: A firewall system in which service is provided by processes that maintain complete TCP connection state and sequencing. Application level firewalls often re-address traffic so that outgoing traffic appears to have originated from the firewall, rather than the internal host.
Audit: The independent collection of records to access their veracity and completeness.
Audit Trail: An audit trail may be on paper or on disk. In computer security systems, a chronological record of when users log in, how long they arc engaged in various activities, what they were doing, whether any actual or attempted security violations occurred.
Authenticate: In networking, to establish the validity of a user or an object (i.e. communications server).
Authentication: The process of establishing the legitimacy of a node or user before allowing access to requested information. During the process, the user enters a name or account number (identification) and password (authentication).
Authentication Tool: A software or hand-held hardware "key" or "token" utilized during the user authentication process. See key and token.
Authentication Token: A portable device used for authenticating a user. Authentication tokens operate by challenge/response, time-based code sequences, or other techniques. This may include paper-based lists of one-time passwords.
Authorization: The process of determining what @ of activities are permitted. Usually, authorization is in the context of authentication. Once you have authenticated a user, the user may be authorized different @s of access or activity.
 

Back Door: An entry point to a program or a system that is hidden or disguised, often created by the software's author for maintenance. A certain sequence of control characters permits access to the system manager account. If the back door becomes known, unauthorized users (or malicious software) can gain entry and cause damage.
Bastion Host: A system that has been hardened to resist attack at some critical point of entry, and which is installed on a network in such a way that it is expected to come under attack. Bastion hosts are often components of firewalls, or may be 'outside" Web servers or public access systems. Generally, a bastion host is running some form of general purpose operating system (e.g., LNIX, VMS, WNT, etc.) rather than a ROM-based or firmware operating system.
Biometric Access Control: Any means of controlling access through human measurements, such as fingerprinting and voiceprinting.
 

CERT: The Computer Emergency Response Team was established at Carnegie-Mellon University after the 1988 Internet worm attack.
Challenge/Response: A security procedure in which one communicator requests authentication of another communicator, and the latter replies with a pre-established appropriate reply.
Chroot: A technique under UNIX whereby a process is permanently restricted to an isolated subset of the file system.
Coded File: In encryption, a coded file contains unreadable information.
Combined Evaluation: Method using proxy and state or filter evaluations as allowed by administrator. [See State Full Evaluation].
Communications Server: Procedures designed to ensure that telecommunications messages maintain their integrity and are not accessible by unauthorized individuals.
Computer Security: Technological and managerial procedures applied to computer systems to ensure the availability, integrity and confidentiality of information managed by the computer system.
Computer Security Audit: An independent evaluation of the controls employed to ensure appropriate protection of an organization's information assets.
Cryptographic Checksum: A one-way function applied to a file to produce a unique "fingerprint" of the file for later reference. Checksum systems are a primary means of detecting file system tampering on UNIX.
 

Data Driven Attack: A form of attack in which the attack is encoded in innocuous-seeming data which is executed by a user or other software to implement an attack. In the case of firewalls, a data driven attack is a concern since it may get through the fir-firewall in data form and launch an attack against a system behind the firewall.
Data Encryption Standard: An encryption standard developed by EBM and then tested and adopted by the National Bureau of Standards. Published in 1977, the DES standard has proven itself over nearly 20 years of use in both government and private sectors.
Decode: Conversion of encoded text to plain text through the use of a code.
Decrypt: Conversion of either encoded or enciphered text into plaintext.
Dedicated: A special purpose device. Although it is capable of performing other duties, it is assigned to only one.
Defense in Depth: The security approach whereby each system on the network is secured to the greatest possible degree. May be used in conjunction with firewalls.
DES: Data encryption standard.
DNS Spoofing: Assuming the DNS name of another system by either corrupting the name service cache of a victim system, or by compromising a domain name server for a valid domain.
Dual Homed Gateway: 1) A system that has two or more network interfaces, each of which is connected to a different network. In firewall configurations, a dual homed gateway usually acts to block or filter some or all of the traffic trying to pass between the networks.
2) A firewall implement without the use of a screening router.
 

E-mail Bombs: Code that when executed sends many messages to the same address(s) for the purpose of using up disk space and/or overloading the E-mail or web server.
Encrypting Router: See Tunneling Router and Virtual Network Perimeter.
Encryption: The process of scrambling files or programs, changing one character string to another through an algorithm (such as the DES algorithm).
End-to-End Encryption: Encryption at the point of origin in a network, followed by decryption at the destination.
Environment: The aggregate of external circumstances, conditions and events that affect the development, operation and maintenance of a system.

 

Firewall: A system or combination of systems that enforces a boundary between two or more networks.
Flooding programs: Code which when executed will bombard the selected system with requests in an effort to slow down or shut down the system.
Anonymous FTP: A guest account which allows anyone to login to the FTP Server. It can be a point to begin access on the host server.
 

Gateway: A bridge between two networks.
Generic Utilities: General purpose code and devices; i.e., screen grabbers and sniffers that look at data and capture information like passwords, keys and secrets.
Global Security: The ability of an access control package to permit protection across a variety of mainframe environments, providing users with a common security interface to all.
Granularity: The relative fineness or coarseness by which a mechanism can be adjusted.
 

Hack: Any software in which a significant portion of the code was originally another program.
Hacker: Those intent upon entering an environment to which they are not entitled entry for whatever purpose [entertainment, profit, theft, prank, etc.]. Usually iterative techniques escalating to more advanced methodologies and use of devices to intercept the communications property of another.
Host-based Security: The technique of securing an individual system from attack. Host-based security is operating system and version dependent.
Hot Standby: A backup system configured in such a way that it may be used if the system goes down.
Hybrid Gateways: An unusual configuration with routers that maintain the complete state of the TCP/IP connections or examine the traffic to try to detect and prevent attack [may involve baston host]. If very complicated it is difficult to attach; and, difficult to maintain and audit.
 

IETF: The Internet Engineering Task Force, a public forum that develops standards and resolves operational issues for the Internet. IETF is purely voluntary.
Information Systems Technology: The protection of information assets from accidental or intentional but unauthorized disclosure, modification, or destruction, or the inability to process that information.
Insider Attack: An attack originating from inside a protected network.
Internet (The Beginning): The Internet had its roots in early 1969 when the ARPANET was formed. ARPA stands for Advanced Research Projects Agency (which was part of the U.S. Department of Defense). One of the goals of ARPANET was research in distributed computer systems for military purposes. The first configuration involved four computers and was designed to demonstrate the feasibility of building networks using computers dispersed over a wide area. The advent of OPEN networks in the late 1980's required a new model of communications. The amalgamation of many types of systems into mixed environments demanded better translator between these operating systems and a non-proprietary approach to networking in general. Telecommunications Protocol/Internet Protocol {TCP/IP) provided the best solutions to this.
Internet (TOM): A web of different, intercommunicating networks funded by both commercial and government organizations. It connects networks in 40 countries. No one owns or runs the Internet. There are thousands of enterprise networks connected to the Internet, and there are millions of users, with thousands more joining every day.
Intrusion Detection: Detection of break-ins or break-in attempts either manually via software expert systems that operate on logs or other information available on the network.
IP Sniffing: Stealing network addresses by reading the packets. Harmful data is then sent stamped with internal trusted addresses.
IP Spoofing: An attack whereby an active, established, session is intercepted and co-opted by the attacker. EP Splicing attacks may occur after an authentication has been made, permitting the attacker to assume the role of an already authorized user. Primary protections against IP Splicing rely on encryption at the session or network layer.
IP Spoofing: An attack whereby a system attempts to illicitly impersonate another system by using its EP network address.
ISO: International Standards Organization sets standards for data communications.
ISSA: Information Systems Security Association.
 

Key: In encryption, a key is a sequence of characters used to encode and decode a file. You can enter a key in two formats: alphanumeric and condensed (hexadecimal). In the network access security market, "key" often refers to the "token," or authentication tool, a device utilized to send and receive challenges and responses during the user authentication process. Keys may be small, hand-held hardware devices similar to pocket calculators or credit cards, or they may be loaded onto a PC as copy-protected, software.
Keylogger: A program used to capture the keystrokes any actions of a computer user, often without their knowledge.

Least Privilege: Designing operational aspects of a system to operate with a minimum amount of system privilege. This reduces the authorization level at which various actions are performed and decreases the chance that a process or user with high privileges may be caused to perform unauthorized activity resulting in a security breach.
Local Area Network (LAN): An interconnected system of computers and peripherals, LAN users share data stored on hard disks and can share printers connected to the network.
Logging: The process of storing information about events that occurred on the firewall or network.
Log Processing: How audit logs are processed, searched for key events, or summarized.
Log Retention: How long audit logs are retained and maintained.
 

Network-Level Firewall: A firewall in which traffic is examined at the network protocol packet level.
Network Worm: A program or command file that uses a computer network as a means for adversely affecting a system's integrity, reliability or availability, A network worm may attack from one system to another by establishing a network connection. It is usually a self-contained program that does not need to attach itself to a host file to infiltrate network after network.
 

One-Time Password: In network security, a password issued only once as a result of a challenge-response authentication process. Cannot be "stolen" or reused for unauthorized access.
Operating System: The layer of software that sits between a computer and an application, such as an accounting system or E-mail.
Orange Book: The Department of Defense Trusted Computer System Evaluation Criteria. It provides information to classify computer systems, defining the degree of trust that may be placed in them.
 

Password: A secret code assigned to a user. A@ known by the computer system. Knowledge of the password associated with the user ID is considered proof of authorization. (See One-Time Password.)
Perimeter-based Security: The technique of securing a network by controlling access to all entry and exit points of the network.
PIN: In computer security, a personal identification number used during the authentication process. Known only to the user. (See Challenge/Response, Two-Factor Authentication.)
Policy: Organizational-level rules governing acceptable use of computing resources, security practices, and operational procedures.
Private Key: In encryption, one key (or password) is used to both lock and unlock data. Compare with public key.
Protocols: Agreed-upon methods of communications used by computers.
Proxy: 1) A method of replacing the code for service applications with an improved version that is more security aware. Preferred method is by "service communities", i.e. Oracle, rather than individual applications. Evolved from socket implementations.
2) A software agent that acts on behalf of a user. Typical proxies accept a connection from a user, make a decision as to whether or not the user or client IP address is permitted to use the proxy, perhaps does additional authentication, and then completes a connection on behalf of the user to a remote destination.
Public Key: In encryption a two-key system in which the key used to lock data is made public, so everyone can "lock." A second private key is used to unlock or decrypt.
 

Remote Spyware: A keylogger or spy software program send to a remote computer, usually via email for the purpose of spying
Risk Analysis: The analysis of an organization's information resources, existing controls and computer system vulnerabilities. It establishes a potential level of damage in dollars and/or other assets.
Rogue program: Any program intended to damage programs or data. Encompasses malicious Trojan Horses.
RSA: A public key cryptosystem named by its inventors, Rivest, Shamir and Adelman, who hold the patent.
 

Screened Host Gateway: A host on a network behind a screening router. The degree to which a screened host may be accessed depends on the screening rules in the router.
Screened Subnet: An isolated subnet created behind a screening router to protect the private network. The degree to which the subnet may be accessed depends on the screening rules in the router.
Screening Router: A router configured to permit or deny traffic using filtering techniques; based on a set of permission rules installed by the administrator. A component of many firewalls usually used to block traffic between the network and specific hosts on an IP port level. Not very secure; used when "speed" is the only decision criteria.
Session Stealing: See IP Splicing.
Smart Card: A credit-card-sized device with embedded microelectronics circuitry for storing information about an individual. This is not a key or token, as used in the remote access authentication process.
Spyware: A generic term to identify software that is used to secret capture information from a target computer
Social Engineering: An attack based on deceiving users or administrators at the target site. Social engineering attacks are typically carried out by telephoning users or operators and pretending to be an authorized user, to attempt to gain illicit access to systems.
State Full Evaluation: Methodology using mixture of proxy or filtering technology intermittently depending upon perceived threat [and/or need for "speed"].
 

Token: A "token" is an authentication too, a device utilized to send and receive challenges and responses during the user authentication process. Tokens may be small, hand-held hardware devices similar to pocket calculators or credit cards. See key.
Trojan Horse: 1) Any program designed to do things that the user of the program did not intend to do or that disguises its harmful intent. 2) Program that installs itself while the user is making an authorized entry; and, then are used to break-in and exploit the system.
Tunneling Router: A router or system capable of routing traffic by encrypting it and encapsulating it for transmission across an untrusted network, for eventual de-encapsulation and decryption.
Turn Commands: Commands inserted to forward mail to another address for interception.
Two-Factor Authentication: Two-factor authentication is based on something a user knows (factor one) plus something the user has (factor two). In order to access a network, the user must have both "factors" - just as he/she must have an ATM card and a Personal Identification Number (PIN) to retrieve money from a bank account, In order to be authenticated during the challenge/response process, users must have this specific (private) information.
 

User: Any person who interacts directly with a computer system.
User ID: A unique character string that identifies users.
User Identification: User identification is the process by which a user identifies himself to the system as a valid user. (As opposed to authentication, which is the process of establishing that the user is indeed that user and has a right to use the system.)
 

Virtual Network Perimeter: A network that appears to be a single protected network behind firewalls, which actually encompasses encrypted virtual links over untrusted networks.
Virus: A self-replicating code segment. Viruses may or may not contain attack programs or trapdoors.