Xem mẫu
SANS GIAC Information Security KickStart Glossary of Terms
Term
Access Control ACL
Definition
Mechanism(s) used to restrict access to an object. Access Control List. A list of resources and the permissions or authorizations allowed.
Active Code/Active Content
Alert
Analog Communications
ASCII
Assurance
Asymmetric Encryption
Attack
Audit
Audit Trail
Authenticate Authentication
Authorization Availability
Back Door
Biometrics
Black Hat Breach
Generic term for software delivered via the world Wide Web that executes directly on the user`s computer.
A formatted message describing a circumstance relevant to network security. Alerts are often derived from critical audit events.
Method of communications that involves continuous modification of energy waves.
American Standard Code for Information Interchange. The system of representing characters as fixed patterns of data bits.
A measure of confidence that the security features and architecture of a system or service accurately mediate and enforce the security policy.
The process of encoding information by using both a distributed public key and a secret, private key. See Public Key Cryptography.
An attempt to bypass security controls on a computer. The attack may alter, release, or deny data. Whether an attack will succeed depends on the vulnerability of the computer system and the effectiveness of existing countermeasures. The independent examination of records and activities to ensure compliance with established controls, policy, and operational procedures, and to recommend any indicated changes in controls, policy, or procedures.
In computer security systems, a chronological record of system resource usage. This includes user login, file access, other various activities, and whether any actual or attempted security violations occurred, legitimate and unauthorized.
To establish the validity of a claimed user or object.
To positively verify the identity of a user, device, or other entity in a computer system, often as a prerequisite to allowing access to resources in a system.
Granting a user, program, or process the right of access. Assuring information and communications services will be ready for use when expected.
A hole in the security of a computer system deliberately left in place by designers, maintainers or an attacker. Synonymous with trap door; a hidden software or hardware mechanism used to circumvent security controls. The science of identifying a person by using unique human characteristics such as voice, fingerprints or iris scan.
An unethical hacker.
The successful defeat of security controls which could result in a penetration of the system. A violation of controls of a particular information system such that information assets or system components are unduly exposed.
SANS GIAC Information Security KickStart ©2000 Page 1 of 13
Term Brute Force Attack
Buffer Overflow
Bug
Business Continuity
CA
Central Office
Certificate
Certificate Authority
CGI
Challenge Handshake Authentication Protocol
Challenge-Response
CHAP Checksum
Circuit Switching
COAST
Common Gateway Interface
Compromise
Definition
An attack method that uses every possible combination of keys or passwords in order to break a code or system. This happens when more data is put into a buffer or holding area than the buffer can handle. This is due to a mismatch in processing rates between the producing and consuming processes, or a system or program`s inability to correctly handle more data than it was designed to receive.
This can result in system crashes or the creation of a back door leading to system access.
An unwanted and unintended property of a program or piece of hardware, especially one that causes it to malfunction.
The activities required to keep an organzation operational during a period of displacement or interruption of normal operations.
See Certificate Authority
A telephone company building in which a phone switching system is located. A location where voice and data communications circuits are collected and managed.
A piece of code that binds an object`s name to a particular public encryption key.
An organization that assigns, manages, and revokes certificates.
See Common Gateway Interface.
Protocol the uses a Challenge-Response process for authentication.
Authentication protocol that combines a "challenge" sent by a server in combination with a "response" to that challenge to authenticate a user.
See Challenge Handshake Authentication Protocol.
A calculated value used to detect changes in an object. Checksums are typically used to detect errors in network transmissions or changes in system files. Communications method that relies on establishing
temporary circuits between two points and maintaining that circuit for the duration of the connection.
Computer Operations, Audit, and Security Technology - is a multiple project, multiple investigator laboratory in computer security research in the Computer Sciences Department at Purdue University. It functions with close ties to researchers and engineers
The method that Web servers use to allow interaction between servers and programs. Allows for the creation of dynamic and interactive web pages. They also tend to be the most vulnerable part of a web server (besides the underlying host security).
An intrusion into a computer system where unauthorized disclosure, modification or destruction of sensitive information may have occurred.
SANS GIAC Information Security KickStart ©2000 Page 2 of 13
Term Computer Abuse
Computer Fraud
Definition
The willful or negligent unauthorized activity that affects the availability, confidentiality, or integrity of computer resources. Computer abuse includes fraud, embezzlement, theft, malicious damage, unauthorized use, denial of service, and misappropriation.
Computer-related crimes involving deliberate misrepresentation or alteration of data in order to obtain something of value.
Computer Security
Computer Security Incident
Computer Security Intrusion
Confidentiality
Connectionless Protocol
Connection-Oriented Protocol
Cookie
COTS Software
Countermeasures
Crack
Cracker Cracking Crash Cryptanalysis
Technological and managerial procedures applied to computer systems to ensure the availability, integrity and confidentiality of information managed by the computer system.
Any intrusion or attempted intrusion into an automated information system. Incidents can include probes of multiple computer systems.
Any event of unauthorized access or penetration to an automated information system.
Assuring information will be kept secret, with access limited to appropriate persons.
Communication method that transfers information across a network but does not ensure or guarantee the receipt of the information.
Communication method that exchanges control information (usually referred to as a "handshake") prior to transmitting data and exchanges acknowledgement messages while the data is being exchanged.
A small bit of information sent by a Web server to a browser to enable a user to carry information from one Web session to another.
Commercial Off The Shelf - Software acquired through a commercial vendor. This software is a standard product, not developed by a vendor for a particular government or commercial project.
Action, device, procedure, technique, or other measure that reduces the vulnerability of an automated information system. Countermeasures that are aimed at specific threats and vulnerabilities involve more sophisticated techniques as well as activities traditionally perceived as security.
A popular hacking tool used to decode encrypted passwords. System administrators also use Crack to assess weak passwords by novice users in order to enhance the security of a system.
One who breaks security on a system.
The act of breaking into a computer system.
A sudden, usually drastic failure of a computer system. Definition 1) The analysis of a cryptographic system and/or its inputs and outputs to derive confidential variables and/or sensitive data including cleartext.
Definition 2) Operations performed in converting encrypted messages to plain text without initial knowledge of the crypto-algorithm and/or key employed in the encryption.
SANS GIAC Information Security KickStart ©2000 Page 3 of 13
Term Cryptography
Cryptology
Cyberspace
Dark-side Hacker
Definition
The practice concerning the principles, means, and methods for rendering plain text unintelligible and for converting encrypted messages into intelligible form. The science which deals with hidden, disguised, or encrypted communications.
Describes the world of connected computers and the society that gathers around them. Commonly known as the INTERNET.
A criminal or malicious hacker.
Data Encryption Standard
Decryption
Defense in Depth
Demilitarized Zone
Demon Dialer
Denial of Service
DES
Dial-Back Security
Dictionary Attack
Digital Communications
Digital Signature
Disaster Recovery
Discretionary Security
Distributed Denial of Service
DMZ
1) (DES) An unclassified crypto algorithm adopted by the National Bureau of Standards for public use. 2) A cryptographic algorithm for the protection of unclassified data, published in Federal Information Processing Standard (FIPS) 46. The DES, which was approved by the National Institute of Standards and Technology (NIST), is intended for public and government use.
The process of turning an encrypted message back into readable form
Security based on multiple mechanisms to present successive layers of protection. In this way, the failure of one security component will not result in the complete compromise of the system.
A network that is neither part of the internal network nor directly part of the Internet. Basically, a network sitting between two networks, usually used to host e-commerce or shared services. (Editor’s Note: the term screened subnet is sometimes used for this particular definition of DMZ. Where this definition refers to a screened subnet, a DMZ is defined as a network that is effectively part of the Internet. - JEK)
A program which repeatedly calls the same telephone number. This is benign and legitimate for access to a BBS or malicious when used as a denial of service attack. Action(s) which prevent any part of a system or service from functioning in accordance with its intended purpose. See Data Encryption Standard
The process whereby a user connects to a dial-up service, authenticates him/herself, then disconnects from the service. The service then dials the user back at a predetermined number.
The use of one or more common language dictionaries in a systematic attempt to guess passwords.
Method of communications that involves converting information into discrete numeric (typically binary) values. The use of cryptographic techniques to prove authenticity of a document or message.
The process of rebuilding an operation or infrastructure after a disaster.
Security that is applied at the discretion of a system operator or information owner.
A Denial of Service attack that uses multiple machine to amplify the effect of the attack.
See Demilitarized Zone
SANS GIAC Information Security KickStart ©2000 Page 4 of 13
Term DNS Spoofing
Domain Hijacking
Due Care
Dumpster Diving
Encryption
Ethernet Sniffing
Fault Tolerance
...
- tailieumienphi.vn
nguon tai.lieu . vn