SANS GIAC Information Security KickStart ©2000 Page 1 of 13 SANS GIAC Information Security KickStart Glossary of Terms Term Definition Access Control Mechanism(s) used to restrict access to an object. ACL Access Control List. A list of resources and the permissions or authorizations allowed. Active Code/Active Content Generic term for software delivered via the world Wide Web that executes directly on the user's computer. Alert A formatted message describing a circumstance relevant to network security. Alerts are often derived from critical audit events. Analog Communications Method of communications that involves continuous modification of energy waves. ASCII American Standard Code for Information Interchange. The system of representing characters as fixed patterns of data bits. Assurance A measure of confidence that the security features and architecture of a system or service accurately mediate and enforce the security policy. Asymmetric Encryption The process of encoding information by using both a distributed public key and a secret, private key. See Public Key Cryptography. Attack An attempt to bypass security controls on a computer. The attack may alter, release, or deny data. Whether an attack will succeed depends on the vulnerability of the computer system and the effectiveness of existing countermeasures. Audit The independent examination of records and activities to ensure compliance with established controls, policy, and operational procedures, and to recommend any indicated changes in controls, policy, or procedures. Audit Trail In computer security systems, a chronological record of system resource usage. This includes user login, file access, other various activities, and whether any actual or attempted security violations occurred, legitimate and unauthorized. Authenticate To establish the validity of a claimed user or object. Authentication To positively verify the identity of a user, device, or other entity in a computer system, often as a prerequisite to allowing access to resources in a system. Authorization Granting a user, program, or process the right of access. Availability Assuring information and communications services will be ready for use when expected. Back Door A hole in the security of a computer system deliberately left in place by designers, maintainers or an attacker. Synonymous with trap door; a hidden software or hardware mechanism used to circumvent security controls. Biometrics The science of identifying a person by using unique human characteristics such as voice, fingerprints or iris scan. Black Hat An unethical hacker. Breach The successful defeat of security controls which could result in a penetration of the system. A violation of controls of a particular information system such that information assets or system components are unduly exposed. SANS GIAC Information Security KickStart ©2000 Page 2 of 13 Term Definition Brute Force Attack An attack method that uses every possible combination of keys or passwords in order to break a code or system. Buffer Overflow This happens when more data is put into a buffer or holding area than the buffer can handle. This is due to a mismatch in processing rates between the producing and consuming processes, or a system or program's inability to correctly handle more data than it was designed to receive. This can result in system crashes or the creation of a back door leading to system access. Bug An unwanted and unintended property of a program or piece of hardware, especially one that causes it to malfunction. Business Continuity The activities required to keep an organzation operational during a period of displacement or interruption of normal operations. CA See Certificate Authority Central Office A telephone company building in which a phone switching system is located. A location where voice and data communications circuits are collected and managed. Certificate A piece of code that binds an object's name to a particular public encryption key. Certificate Authority An organization that assigns, manages, and revokes certificates. CGI See Common Gateway Interface. Challenge Handshake Authentication Protocol Protocol the uses a Challenge-Response process for authentication. Challenge-Response Authentication protocol that combines a "challenge" sent by a server in combination with a "response" to that challenge to authenticate a user. CHAP See Challenge Handshake Authentication Protocol. Checksum A calculated value used to detect changes in an object. Checksums are typically used to detect errors in network transmissions or changes in system files. Circuit Switching Communications method that relies on establishing temporary circuits between two points and maintaining that circuit for the duration of the connection. COAST Computer Operations, Audit, and Security Technology - is a multiple project, multiple investigator laboratory in computer security research in the Computer Sciences Department at Purdue University. It functions with close ties to researchers and engineers Common Gateway Interface The method that Web servers use to allow interaction between servers and programs. Allows for the creation of dynamic and interactive web pages. They also tend to be the most vulnerable part of a web server (besides the underlying host security). Compromise An intrusion into a computer system where unauthorized disclosure, modification or destruction of sensitive information may have occurred. SANS GIAC Information Security KickStart ©2000 Page 3 of 13 Term Definition Computer Abuse The willful or negligent unauthorized activity that affects the availability, confidentiality, or integrity of computer resources. Computer abuse includes fraud, embezzlement, theft, malicious damage, unauthorized use, denial of service, and misappropriation. Computer Fraud Computer-related crimes involving deliberate misrepresentation or alteration of data in order to obtain something of value. Computer Security Technological and managerial procedures applied to computer systems to ensure the availability, integrity and confidentiality of information managed by the computer system. Computer Security Incident Any intrusion or attempted intrusion into an automated information system. Incidents can include probes of multiple computer systems. Computer Security Intrusion Any event of unauthorized access or penetration to an automated information system. Confidentiality Assuring information will be kept secret, with access limited to appropriate persons. Connectionless Protocol Communication method that transfers information across a network but does not ensure or guarantee the receipt of the information. Connection-Oriented Protocol Communication method that exchanges control information (usually referred to as a "handshake") prior to transmitting data and exchanges acknowledgement messages while the data is being exchanged. Cookie A small bit of information sent by a Web server to a browser to enable a user to carry information from one Web session to another. COTS Software Commercial Off The Shelf - Software acquired through a commercial vendor. This software is a standard product, not developed by a vendor for a particular government or commercial project. Countermeasures Action, device, procedure, technique, or other measure that reduces the vulnerability of an automated information system. Countermeasures that are aimed at specific threats and vulnerabilities involve more sophisticated techniques as well as activities traditionally perceived as security. Crack A popular hacking tool used to decode encrypted passwords. System administrators also use Crack to assess weak passwords by novice users in order to enhance the security of a system. Cracker One who breaks security on a system. Cracking The act of breaking into a computer system. Crash A sudden, usually drastic failure of a computer system. Cryptanalysis Definition 1) The analysis of a cryptographic system and/or its inputs and outputs to derive confidential variables and/or sensitive data including cleartext. Definition 2) Operations performed in converting encrypted messages to plain text without initial knowledge of the crypto-algorithm and/or key employed in the encryption. SANS GIAC Information Security KickStart ©2000 Page 4 of 13 Term Definition Cryptography The practice concerning the principles, means, and methods for rendering plain text unintelligible and for converting encrypted messages into intelligible form. Cryptology The science which deals with hidden, disguised, or encrypted communications. Cyberspace Describes the world of connected computers and the society that gathers around them. Commonly known as the INTERNET. Dark-side Hacker A criminal or malicious hacker. Data Encryption Standard 1) (DES) An unclassified crypto algorithm adopted by the National Bureau of Standards for public use. 2) A cryptographic algorithm for the protection of unclassified data, published in Federal Information Processing Standard (FIPS) 46. The DES, which was approved by the National Institute of Standards and Technology (NIST), is intended for public and government use. Decryption The process of turning an encrypted message back into readable form Defense in Depth Security based on multiple mechanisms to present successive layers of protection. In this way, the failure of one security component will not result in the complete compromise of the system. Demilitarized Zone A network that is neither part of the internal network nor directly part of the Internet. Basically, a network sitting between two networks, usually used to host e-commerce or shared services. (Editor’s Note: the term screened subnet is sometimes used for this particular definition of DMZ. Where this definition refers to a screened subnet, a DMZ is defined as a network that is effectively part of the Internet. - JEK) Demon Dialer A program which repeatedly calls the same telephone number. This is benign and legitimate for access to a BBS or malicious when used as a denial of service attack. Denial of Service Action(s) which prevent any part of a system or service from functioning in accordance with its intended purpose. DES See Data Encryption Standard Dial-Back Security The process whereby a user connects to a dial-up service, authenticates him/herself, then disconnects from the service. The service then dials the user back at a predetermined number. Dictionary Attack The use of one or more common language dictionaries in a systematic attempt to guess passwords. Digital Communications Method of communications that involves converting information into discrete numeric (typically binary) values. Digital Signature The use of cryptographic techniques to prove authenticity of a document or message. Disaster Recovery The process of rebuilding an operation or infrastructure after a disaster. Discretionary Security Security that is applied at the discretion of a system operator or information owner. Distributed Denial of Service A Denial of Service attack that uses multiple machine to amplify the effect of the attack. DMZ See Demilitarized Zone SANS GIAC Information Security KickStart ©2000 Page 5 of 13 Term Definition DNS Spoofing Assuming the DNS name of another system by either corrupting the name service cache of a victim system, or by compromising a domain name server for a valid domain. Domain Hijacking The unauthorized act of taking over an organization's domain name. Due Care Applying reasonable and customary measures to provide a minimum level of security controls. Dumpster Diving Searching through trash bins or waste receptacles looking for sensitive or valuable information. Encryption The process of disguising a message in such a way as to hide its substance. Ethernet Sniffing Listening with software to the Ethernet interface for packets that interest the user. When the software sees a packet that fits certain criteria, it logs it to a file. The most common criteria for an interesting packet is one that contains words like login or password. Fault Tolerance The ability of a system or component to continue normal operation despite the presence of hardware or software faults. Fingerprinting A method of determining the type of operating system a computer is using by sending specially crafted packets to it and examining the responses. Firewall A system or combination of systems that enforces a boundary between two or more networks. A gateway that limits access between networks in accordance with local security policy. Hacker A person who enjoys exploring the details of computers and how to stretch their capabilities. A malicious or inquisitive meddler who tries to discover information by poking around. A person who enjoys learning the details of programming systems and how to stretch their capabilities, as opposed to most users who prefer to learn on the minimum necessary. Hacking Unauthorized use, or attempts to circumvent or bypass the security mechanisms of a system or network. Hash A one-way transformation mechanism. The use of mathematical calculations to determine a unique value for a piece of data in such a way that the original data can not be derived directly from the hash value. Header The portion of a data packet that contains information about the source, destination, type and contents of the packet. Host A single computer or workstation; it can be connected to a network. HTML See HyperText Markup Language. HyperText Markup Language The encoding method used to create and display information on the World Wide Web. ICMP See Internet Control Message Protocol. IDEA See International Data Encryption Algorithm Identification The process of describing the identity of a person or process. SANS GIAC Information Security KickStart ©2000 Page 6 of 13 Term Definition Information Assurance Information Operations that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non- repudiation. This includes providing for restoration of information systems by incorporating protection, detection, and reaction capabilities. Information Security The result of any system of policies and/or procedures for identifying, controlling, and protecting from unauthorized disclosure, information whose protection is authorized by executive order or statute. Integrity Assuring information will not be accidentally or maliciously altered or destroyed. International Data Encryption Algorithm A private key encryption-decryption algorithm that uses a key that is twice the length of a DES key. Internet Control Message Protocol Protocol that uses datagrams to detect and analyze network traffic and routing problems. Internet Protocol Provides the basic packet delivery service upon which TCP/IP networks are built. Internet Worm A worm program that was unleashed on the Internet in 1988. It was written by Robert T. Morris as an experiment that got out of hand. See also Worm. Intrusion Any set of actions that attempt to compromise the integrity, confidentiality or availability of a resource. Intrusion Detection Techniques that attempt to detect intrusion into a computer or network by observation of actions, security logs, or audit data. Detection of break-ins or attempts either manually or via software expert systems that operate on logs or other information available on the network. IP See Internet Protocol. IP Address A network address used to identify and locate computers on a TCP/IP network. IPSec A mechanism for providing security to IP, TCP, and UDP protocols. IPv4 Internet Protocol Version 4. The currently implemented version of the Internet Protocol. IPv6 Internet Protocol Version 6. The next generation of the Internet Protocol that allows for more addresses and better network transmission. Kerberos A network security system that uses "tickets" to grant access to network resources and encryption to protect network communications. Key A symbol or sequence of symbols (or electrical or mechanical representations of symbols) applied to data in order to encrypt or decrypt that data. Key Escrow The system of giving a piece of a key to each of a certain number of trustees such that the key can be recovered with the collaboration of all the trustees. Key Management The process of creating, distributing, certifying, storing, and revoking encryption keys. LAN See Local Area Network Least Privilege The concept of only authorizing access to no more than the minimal amount of resources required for a function. SANS GIAC Information Security KickStart ©2000 Page 7 of 13 Term Definition Local Area Network A computer communications system limited to no more than a few miles and using high-speed connections (2 to 100 megabits per second). A short-haul communications system that connects devices in a building or group of buildings within a few square kilometers, including workstations, front-end processors, controllers, switches, and gateways. MAC Address Media Access Control address. A unique serial number given to every piece of network communications equipment. Malicious Code Hardware, software, of firmware that is intentionally included in a system for an unauthorized purpose; e.g. a Trojan horse. Malware A term used to denote malicious or harmful software, (e.g. viruses and trojan horse programs). Man in the Middle Attack A computer attack where the attacker is located on the network between two connected parties. The attacker can then monitor and/or alter all communications between the two parties. Mandatory Security Security that is required as part of the a system and can not be altered or bypassed. Modem MODulator/DEModulator. A device that converts digital computer signals into analog telephone signals, and back again. Used for transmission across analog-based telephone networks. NAT See Network Address Translation. Network Two or more machines interconnected for communications. Network Address Translation A method of allowing a network to use private addresses for local communications and converting those to public addresses for communications outside the network. Network Security Protection of networks and their services from unauthorized modification, destruction, or disclosure, and provision of assurance that the network performs its critical functions correctly and there are no harmful side-effects. Non-Repudiation Method by which the sender of data is provided with proof of delivery and the recipient is assured of the sender's identity, so that neither can later deny having processed the data. One-time Password A password scheme wherein the password is only used a single time and then discarded. Open Security Environment that does not provide sufficient assurance that applications and equipment are protected against the introduction of malicious logic prior to or during the operation of a system. Open Systems Interconnection A set of internationally accepted and openly developed standards that meet the needs of network resource administration and integrated network utility. Orange Book See Trusted Computer System Evaluation Criteria. OSI See Open Systems Interconnection. Packet A block of data sent over the network transmitting the identities of the sending and receiving stations, error- control information, and a message. SANS GIAC Information Security KickStart ©2000 Page 8 of 13 Term Definition Packet Filter A network traffic restriction device that inspects each packet for user defined content, such as an IP address, but does not track the state of sessions. This is one of the least secure types of firewall. Packet Filtering A feature incorporated into routers and bridges to limit the flow of information based on pre-determined communications such as source, destination, or type of service being provided by the network. Packet filters let the administrator limit protocol specific traffic to one network segment, isolate email domains, and perform many other traffic control functions. Packet Sniffer A device or program that monitors the data traveling between computers on a network. Packet Switching Communications method that breaks messages into pieces called packets. Each packet may travel a different route from the source to the destination. The packets are then reassembled at the destination. PAP See Password Authentication Protocol. Password A piece of information used to verify the identity of a user or process Password Authentication Protocol Protocol that uses static passwords for authentication. Payload The portion of a packet that carries the actual data. Penetration The successful unauthorized access to an automated system. Penetration Testing Testing in which the evaluators attempt to circumvent the security features of a system. The evaluators may be assumed to use all system design and implementation documentation, which may include listings of system source code, manuals, and circuit diagrams. The evaluators work under the same constraints applied to ordinary users. Perimeter Based Security The technique of securing a network by controlling access to all entry and exit points of the network. Usually associated with firewalls and/or filters. Personnel Security The procedures established to ensure that all personnel who have access to any classified or confidential information have the required authorizations as well as the appropriate clearances. PGP See Pretty Good Privacy. Phreaking The art and science of cracking the phone network. Physical Security The measures used to provide physical protection of resources against deliberate and accidental threats. Piggy Back The gaining of unauthorized access to a system via another user's legitimate connection. Ping of Death The use of Ping with a packet size higher than 65,507. This will cause a denial of service. Plaintext Unencrypted data. Point-to-Point Protocol A protocol for establishing network communications over dial-up connections. Point-To-Point Tunneling Protocol Network protocol that provides VPN services over PPP. SANS GIAC Information Security KickStart ©2000 Page 9 of 13 Term Definition Port A "logical connection place" and specifically, using the Internet's protocol, TCP/IP, the way a client program specifies a particular server program on a computer in a network. Higher-level applications that use TCP/IP such as the Web protocol, HTTP, have ports with pre-assigned numbers. These are known as "well-known ports" that have been assigned by the Internet Assigned Numbers Authority (IANA). Other application processes are given port numbers dynamically for each connection. When a service (server program) initially is started, it is said to bind to its designated port number. As any client program wants to use that server, it also must request to bind to the designated port number. PPP See Point-to-Point Protocol. PPTP See Point-To-Point Tunneling Protocol. Pretty Good Privacy A popular program used to encrypt information. Private Addressing Using a set of pre-defined non-routable IP addresses to create a private network area. See also NAT. Private Key Cryptography See Symmetric Cryptography. Promiscuous Mode Normally an Ethernet interface reads all address information and accepts packets only destined for itself. When the interface is in promiscuous mode, it reads all information, regardless of its destination. See also Sniffer. Protocol Agreed-upon methods of communications used by computers. A specification that describes the rules and procedures that products should follow to perform activities on a network, such as transmitting data. If they use the same protocols, products from different vendors should be able to communicate on the same network. Proxy A firewall mechanism that replaces the IP address of a host on the internal (protected) network with its own IP address for all traffic passing through it. A software agent that acts on behalf of a user, typical proxies accept a connection from a user, make a decision as to whether or not the user or client IP address is permitted to use the proxy, perhaps does additional authentication, and then completes a connection on behalf of the user to a remote destination. Public Key Cryptography Type of cryptography in which the encryption key is publicly available and unprotected, but in which the decryption key is protected so that only a party with knowledge of the decryption key can decrypt the cipher text. Public Key Infrastructure The systems and processes used to manage encryption keys and certificates. Qualitative Risk Assessment Analysis of the risk and potential losses associated with an area based on subjective criteria. Quantitative Risk Assessment Analysis of the risk and potential losses associated with an area based on objective numeric and measurable criteria. RADIUS See Remote Access Dial-In User Service. Remote Access Dial-In User Service Provides a central point of management for remote network access by allowing multiple remote access devices to share a common authentication database. See also TACACS. SANS GIAC Information Security KickStart ©2000 Page 10 of 13 Term Definition Request For Comment A formal specification for a service or protocol that is distrributed through the Internet community. The Internet and many information technology standards are created through the RFC process. RFC See Request For Comment. Risk The potential for loss or harm. Risk Analysis See Risk Assessment Risk Assessment A study of vulnerabilities, threats, likelihood, loss or impact, and theoretical effectiveness of security measures. The process of evaluating threats and vulnerabilities, known and postulated, to determine expected loss and establish the degree of acceptability to system operations. Risk Management The total process used to identify, control, and minimize the impact of uncertain events. The objective of the risk management program is to reduce risk to an acceptable level. Role-Based Security Access control based on the role a user plays in an organization. Rotation of Duties Forcing operations staff to rotate assignments to help detect fraud or abuse. Router An interconnection device that moves packets or frames containing certain protocols between networks. RSA Algorithm RSA stands for Rivest-Shamir-Aldeman. A public-key cryptographic algorithm that hinges on the assumption that the factoring of the product of two large primes is difficult. Sandbox Term used to indicate an area of a system or service where possible activities are checked and restricted, thus reducing the security threat of these activities. SATAN Security Administrator Tool for Analyzing Networks. A tool for remotely probing and identifying the vulnerabilities of systems on IP networks. A powerful freeware program that helps to identify system security weaknesses. Script Kiddie A junior hacker that runs automated procedures that have been created by other (generally more ingenious) hackers. Secure Electronic Transaction A protocol for handling payments in electronic commerce transactions Secure Shell A completely encrypted shell connection between two machines protected by a super long pass-phrase. Secure Sockets Layer A session layer protocol that provides authentication and confidentiality to applications. Security A subjective condition that results from the establishment and maintenance of protective measures that ensure a state of inviolability from hostile acts or influences. Security Domain The set of objects or resources that a system or user can securely access. Security Perimeter The boundary (real or imaginary) where security controls are in effect to protect assets. System elements in the security perimeter are "trusted". All elements outside the security perimeter are considered "untrusted". Security Policies The set of laws, rules, and practices that regulate how an organization manages, protects, and distributes sensitive information. [...]... falsification, or destruction of data SANS GIAC Information Security KickStart ©2000 Page 12 of 13 Term Trust Trusted Computer System Evaluation Criteria Two-Factor Authentication UDP User Datagram Protocol User-Based Security Virtual Private Network Virus VPN Vulnerability Vulnerability Analysis WAN War Dialer White Hat Wide Area Network Worm X.509 Definition A level of assurance given to a system... database See also RADIUS The means through which the ability or intent of a threat agent to adversely affect an automated system, facility, or operation can be manifested A potential violation of security Process of formally evaluating the degree of threat to an information system and describing the nature of the threat The process of using something you know, something you have, and something you are... person Government and industry - sponsored teams of computer experts who attempt to break down the defenses of computer systems in an effort to uncover, and eventually patch, security holes A hardware or software device used to provide additional security for user authentication An operation of sending trace packets for determining information; traces the route of packets for the local host to a remote host... attacks may occur after an authentication has been made, permitting the attacker to assume the role of an already authorized user Primary protections against IP splicing rely on encryption at the session or network layer See also Hijacking SANS GIAC Information Security KickStart ©2000 Page 11 of 13 Term Spoofing SSL Stack Symmetric Cryptography TACACS TCP TCP Fingerprinting TCP/IP TCSEC Terminal Access... Systematic examination of a system or product to determine the adequacy of security measures, identify security deficiencies, provide data from which to predict the effectiveness of proposed security measures, and confirm the adequacy of such measures after implementation See Wide Area Network A program that dials a given list or range of numbers and records those which answer with handshake tones, which... certificates must use in order to be universally accepted Revision history: v 1.0 – 1 Sept 2000 v 1.1 – 11 Sept 2000 – edited by J Kolde to correct several incomplete definitions SANS GIAC Information Security KickStart ©2000 Page 13 of 13 ... built-in processor and memory for storing information directly on the card A denial of service attack in which an attacker spoofs the source address of an ICMP echo-request (ping) packet to the broadcast address for a network, causing the machines in the network to respond en masse to the victim thereby clogging its network To grab a large document or file for the purpose of using it with or without the author's... in predictable ways, according to specifications, allows only authorized activities and contains no undocumented features A government standard for evaluating the security of a particular system The process of using two of the three factors of something you know, something you have, and something you are (i.e physical characteristics) to authenticate a person See User Datagram Protocol An unreliable,... evolved, copy of itself See Virtual Private Network Hardware, firmware, or software flaw that leaves a system open for potential exploitation A weakness in automated system security procedures, administrative controls, physical layout, internal controls, and so forth, that could be exploited by a threat to gain unauthorized access to information or disrupt critical processing Systematic examination of a system... inducement of a user or a resource to take an incorrect action Attempt to gain access to a system by pretending to be an authorized user Impersonating, masquerading, and mimicking are forms of spoofing 2) Falsifying information in a data packet in order to intentionally misdirect the packet or trick the system receiving the packet to perform unauthorized activities See Secure Sockets Layer The hierarchy of . SANS GIAC Information Security KickStart ©2000 Page 1 of 13 SANS GIAC Information Security KickStart Glossary of Terms Term Definition. of describing the identity of a person or process. SANS GIAC Information Security KickStart ©2000 Page 6 of 13 Term Definition Information Assurance Information