SANS GIAC Information Security KickStart Glossary of Terms

SANS GIAC Information Security KickStart Glossary of Terms Term Access Control ACL Definition Mechanism(s) used to restrict access to an object. Access Control List. A list of resources and the permissions or authorizations allowed. Active Code/Active Content Alert Analog Communications ASCII Assurance Asymmetric Encryption Attack Audit Audit Trail Authenticate Authentication Authorization Availability Back Door Biometrics Black Hat Breach Generic term for software delivered via the world Wide Web that executes directly on the user`s computer. A formatted message describing a circumstance relevant to network security. Alerts are often derived from critical audit events. Method of communications that involves continuous modification of energy waves. American Standard Code for Information Interchange. The system of representing characters as fixed patterns of data bits. A measure of confidence that the security features and architecture of a system or service accurately mediate and enforce the security policy. The process of encoding information by using both a distributed public key and a secret, private key. See Public Key Cryptography. An attempt to bypass security controls on a computer. The attack may alter, release, or deny data. Whether an attack will succeed depends on the vulnerability of the computer system and the effectiveness of existing countermeasures. The independent examination of records and activities to ensure compliance with established controls, policy, and operational procedures, and to recommend any indicated changes in controls, policy, or procedures. In computer security systems, a chronological record of system resource usage. This includes user login, file access, other various activities, and whether any actual or attempted security violations occurred, legitimate and unauthorized. To establish the validity of a claimed user or object. To positively verify the identity of a user, device, or other entity in a computer system, often as a prerequisite to allowing access to resources in a system. Granting a user, program, or process the right of access. Assuring information and communications services will be ready for use when expected. A hole in the security of a computer system deliberately left in place by designers, maintainers or an attacker. Synonymous with trap door; a hidden software or hardware mechanism used to circumvent security controls. The science of identifying a person by using unique human characteristics such as voice, fingerprints or iris scan. An unethical hacker. The successful defeat of security controls which could result in a penetration of the system. A violation of controls of a particular information system such that information assets or system components are unduly exposed. SANS GIAC Information Security KickStart ©2000 Page 1 of 13 Term Brute Force Attack Buffer Overflow Bug Business Continuity CA Central Office Certificate Certificate Authority CGI Challenge Handshake Authentication Protocol Challenge-Response CHAP Checksum Circuit Switching COAST Common Gateway Interface Compromise Definition An attack method that uses every possible combination of keys or passwords in order to break a code or system. This happens when more data is put into a buffer or holding area than the buffer can handle. This is due to a mismatch in processing rates between the producing and consuming processes, or a system or program`s inability to correctly handle more data than it was designed to receive. This can result in system crashes or the creation of a back door leading to system access. An unwanted and unintended property of a program or piece of hardware, especially one that causes it to malfunction. The activities required to keep an organzation operational during a period of displacement or interruption of normal operations. See Certificate Authority A telephone company building in which a phone switching system is located. A location where voice and data communications circuits are collected and managed. A piece of code that binds an object`s name to a particular public encryption key. An organization that assigns, manages, and revokes certificates. See Common Gateway Interface. Protocol the uses a Challenge-Response process for authentication. Authentication protocol that combines a "challenge" sent by a server in combination with a "response" to that challenge to authenticate a user. See Challenge Handshake Authentication Protocol. A calculated value used to detect changes in an object. Checksums are typically used to detect errors in network transmissions or changes in system files. Communications method that relies on establishing temporary circuits between two points and maintaining that circuit for the duration of the connection. Computer Operations, Audit, and Security Technology - is a multiple project, multiple investigator laboratory in computer security research in the Computer Sciences Department at Purdue University. It functions with close ties to researchers and engineers The method that Web servers use to allow interaction between servers and programs. Allows for the creation of dynamic and interactive web pages. They also tend to be the most vulnerable part of a web server (besides the underlying host security). An intrusion into a computer system where unauthorized disclosure, modification or destruction of sensitive information may have occurred. SANS GIAC Information Security KickStart ©2000 Page 2 of 13 Term Computer Abuse Computer Fraud Definition The willful or negligent unauthorized activity that affects the availability, confidentiality, or integrity of computer resources. Computer abuse includes fraud, embezzlement, theft, malicious damage, unauthorized use, denial of service, and misappropriation. Computer-related crimes involving deliberate misrepresentation or alteration of data in order to obtain something of value. Computer Security Computer Security Incident Computer Security Intrusion Confidentiality Connectionless Protocol Connection-Oriented Protocol Cookie COTS Software Countermeasures Crack Cracker Cracking Crash Cryptanalysis Technological and managerial procedures applied to computer systems to ensure the availability, integrity and confidentiality of information managed by the computer system. Any intrusion or attempted intrusion into an automated information system. Incidents can include probes of multiple computer systems. Any event of unauthorized access or penetration to an automated information system. Assuring information will be kept secret, with access limited to appropriate persons. Communication method that transfers information across a network but does not ensure or guarantee the receipt of the information. Communication method that exchanges control information (usually referred to as a "handshake") prior to transmitting data and exchanges acknowledgement messages while the data is being exchanged. A small bit of information sent by a Web server to a browser to enable a user to carry information from one Web session to another. Commercial Off The Shelf - Software acquired through a commercial vendor. This software is a standard product, not developed by a vendor for a particular government or commercial project. Action, device, procedure, technique, or other measure that reduces the vulnerability of an automated information system. Countermeasures that are aimed at specific threats and vulnerabilities involve more sophisticated techniques as well as activities traditionally perceived as security. A popular hacking tool used to decode encrypted passwords. System administrators also use Crack to assess weak passwords by novice users in order to enhance the security of a system. One who breaks security on a system. The act of breaking into a computer system. A sudden, usually drastic failure of a computer system. Definition 1) The analysis of a cryptographic system and/or its inputs and outputs to derive confidential variables and/or sensitive data including cleartext. Definition 2) Operations performed in converting encrypted messages to plain text without initial knowledge of the crypto-algorithm and/or key employed in the encryption. SANS GIAC Information Security KickStart ©2000 Page 3 of 13 Term Cryptography Cryptology Cyberspace Dark-side Hacker Definition The practice concerning the principles, means, and methods for rendering plain text unintelligible and for converting encrypted messages into intelligible form. The science which deals with hidden, disguised, or encrypted communications. Describes the world of connected computers and the society that gathers around them. Commonly known as the INTERNET. A criminal or malicious hacker. Data Encryption Standard Decryption Defense in Depth Demilitarized Zone Demon Dialer Denial of Service DES Dial-Back Security Dictionary Attack Digital Communications Digital Signature Disaster Recovery Discretionary Security Distributed Denial of Service DMZ 1) (DES) An unclassified crypto algorithm adopted by the National Bureau of Standards for public use. 2) A cryptographic algorithm for the protection of unclassified data, published in Federal Information Processing Standard (FIPS) 46. The DES, which was approved by the National Institute of Standards and Technology (NIST), is intended for public and government use. The process of turning an encrypted message back into readable form Security based on multiple mechanisms to present successive layers of protection. In this way, the failure of one security component will not result in the complete compromise of the system. A network that is neither part of the internal network nor directly part of the Internet. Basically, a network sitting between two networks, usually used to host e-commerce or shared services. (Editor’s Note: the term screened subnet is sometimes used for this particular definition of DMZ. Where this definition refers to a screened subnet, a DMZ is defined as a network that is effectively part of the Internet. - JEK) A program which repeatedly calls the same telephone number. This is benign and legitimate for access to a BBS or malicious when used as a denial of service attack. Action(s) which prevent any part of a system or service from functioning in accordance with its intended purpose. See Data Encryption Standard The process whereby a user connects to a dial-up service, authenticates him/herself, then disconnects from the service. The service then dials the user back at a predetermined number. The use of one or more common language dictionaries in a systematic attempt to guess passwords. Method of communications that involves converting information into discrete numeric (typically binary) values. The use of cryptographic techniques to prove authenticity of a document or message. The process of rebuilding an operation or infrastructure after a disaster. Security that is applied at the discretion of a system operator or information owner. A Denial of Service attack that uses multiple machine to amplify the effect of the attack. See Demilitarized Zone SANS GIAC Information Security KickStart ©2000 Page 4 of 13 Term DNS Spoofing Domain Hijacking Due Care Dumpster Diving Encryption Ethernet Sniffing Fault Tolerance ... - tailieumienphi.vn