SANS GIAC Information Security KickStart Glossary of Terms

SANS GIAC Information Security KickStart Glossary of Terms Access Control Mechanisms used to restrict access to an object.. Computer Security Intrusion Any event of unauthorized access

SANS GIAC Information Security KickStart

Glossary of Terms

Access Control Mechanism(s) used to restrict access to an object

permissions or authorizations allowed

Active Code/Active Content Generic term for software delivered via the world Wide

Web that executes directly on the user's computer

to network security Alerts are often derived from critical audit events

Analog Communications Method of communications that involves continuous

modification of energy waves

system of representing characters as fixed patterns of data bits

Assurance A measure of confidence that the security features and

architecture of a system or service accurately mediate and enforce the security policy

Asymmetric Encryption The process of encoding information by using both a

distributed public key and a secret, private key See Public Key Cryptography

attack may alter, release, or deny data Whether an attack will succeed depends on the vulnerability of the computer system and the effectiveness of existing countermeasures

ensure compliance with established controls, policy, and operational procedures, and to recommend any indicated changes in controls, policy, or procedures

Audit Trail In computer security systems, a chronological record of

system resource usage This includes user login, file access, other various activities, and whether any actual or attempted security violations occurred, legitimate and unauthorized

Authenticate To establish the validity of a claimed user or object

Authentication To positively verify the identity of a user, device, or other

entity in a computer system, often as a prerequisite to allowing access to resources in a system

Authorization Granting a user, program, or process the right of access Availability Assuring information and communications services will be

ready for use when expected

Back Door A hole in the security of a computer system deliberately left

in place by designers, maintainers or an attacker

Synonymous with trap door; a hidden software or hardware mechanism used to circumvent security controls Biometrics The science of identifying a person by using unique human

characteristics such as voice, fingerprints or iris scan

result in a penetration of the system A violation of controls

of a particular information system such that information assets or system components are unduly exposed

Term Definition

Brute Force Attack An attack method that uses every possible combination of

keys or passwords in order to break a code or system Buffer Overflow This happens when more data is put into a buffer or

holding area than the buffer can handle This is due to a mismatch in processing rates between the producing and consuming processes, or a system or program's inability to correctly handle more data than it was designed to receive This can result in system crashes or the creation of a back door leading to system access

piece of hardware, especially one that causes it to malfunction

Business Continuity The activities required to keep an organzation operational

during a period of displacement or interruption of normal operations

Central Office A telephone company building in which a phone switching

system is located A location where voice and data communications circuits are collected and managed Certificate A piece of code that binds an object's name to a particular

public encryption key

Certificate Authority An organization that assigns, manages, and revokes

certificates

Challenge Handshake Authentication

Protocol

Protocol the uses a Challenge-Response process for authentication

Challenge-Response Authentication protocol that combines a "challenge" sent

by a server in combination with a "response" to that challenge to authenticate a user

Checksum A calculated value used to detect changes in an object

Checksums are typically used to detect errors in network transmissions or changes in system files

Circuit Switching Communications method that relies on establishing

temporary circuits between two points and maintaining that circuit for the duration of the connection

a multiple project, multiple investigator laboratory in computer security research in the Computer Sciences Department at Purdue University It functions with close ties to researchers and engineers

Common Gateway Interface The method that Web servers use to allow interaction

between servers and programs Allows for the creation of dynamic and interactive web pages They also tend to be the most vulnerable part of a web server (besides the underlying host security)

Compromise An intrusion into a computer system where unauthorized

disclosure, modification or destruction of sensitive information may have occurred

Term Definition

Computer Abuse The willful or negligent unauthorized activity that affects

the availability, confidentiality, or integrity of computer resources Computer abuse includes fraud,

embezzlement, theft, malicious damage, unauthorized use, denial of service, and misappropriation

Computer Fraud Computer-related crimes involving deliberate

misrepresentation or alteration of data in order to obtain something of value

Computer Security Technological and managerial procedures applied to

computer systems to ensure the availability, integrity and confidentiality of information managed by the computer system

Computer Security Incident Any intrusion or attempted intrusion into an automated

information system Incidents can include probes of multiple computer systems

Computer Security Intrusion Any event of unauthorized access or penetration to an

automated information system

Confidentiality Assuring information will be kept secret, with access

limited to appropriate persons

Connectionless Protocol Communication method that transfers information across a

network but does not ensure or guarantee the receipt of the information

Connection-Oriented Protocol Communication method that exchanges control information

(usually referred to as a "handshake") prior to transmitting data and exchanges acknowledgement messages while the data is being exchanged

browser to enable a user to carry information from one Web session to another

COTS Software Commercial Off The Shelf - Software acquired through a

commercial vendor This software is a standard product, not developed by a vendor for a particular government or commercial project

Countermeasures Action, device, procedure, technique, or other measure

that reduces the vulnerability of an automated information system Countermeasures that are aimed at specific threats and vulnerabilities involve more sophisticated techniques as well as activities traditionally perceived as security

passwords System administrators also use Crack to assess weak passwords by novice users in order to enhance the security of a system

Cryptanalysis Definition 1) The analysis of a cryptographic system and/or

its inputs and outputs to derive confidential variables and/or sensitive data including cleartext

Definition 2) Operations performed in converting encrypted messages to plain text without initial knowledge of the crypto-algorithm and/or key employed in the encryption

Term Definition

Cryptography The practice concerning the principles, means, and

methods for rendering plain text unintelligible and for converting encrypted messages into intelligible form Cryptology The science which deals with hidden, disguised, or

encrypted communications

society that gathers around them Commonly known as the INTERNET

Dark-side Hacker A criminal or malicious hacker

Data Encryption Standard 1) (DES) An unclassified crypto algorithm adopted by the

National Bureau of Standards for public use 2) A cryptographic algorithm for the protection of unclassified data, published in Federal Information Processing Standard (FIPS) 46 The DES, which was approved by the National Institute of Standards and Technology (NIST), is intended for public and government use

Decryption The process of turning an encrypted message back into

readable form Defense in Depth Security based on multiple mechanisms to present

successive layers of protection In this way, the failure of one security component will not result in the complete compromise of the system

Demilitarized Zone A network that is neither part of the internal network nor

directly part of the Internet Basically, a network sitting between two networks, usually used to host e-commerce

or shared services (Editor’s Note: the term screened

subnet is sometimes used for this particular definition of

DMZ Where this definition refers to a screened subnet, a

DMZ is defined as a network that is effectively part of the

Internet - JEK)

Demon Dialer A program which repeatedly calls the same telephone

number This is benign and legitimate for access to a BBS

or malicious when used as a denial of service attack Denial of Service Action(s) which prevent any part of a system or service

from functioning in accordance with its intended purpose

Dial-Back Security The process whereby a user connects to a dial-up service,

authenticates him/herself, then disconnects from the service The service then dials the user back at a predetermined number

Dictionary Attack The use of one or more common language dictionaries in a

systematic attempt to guess passwords

Digital Communications Method of communications that involves converting

information into discrete numeric (typically binary) values Digital Signature The use of cryptographic techniques to prove authenticity

of a document or message

Disaster Recovery The process of rebuilding an operation or infrastructure

after a disaster

Discretionary Security Security that is applied at the discretion of a system

operator or information owner

Distributed Denial of Service A Denial of Service attack that uses multiple machine to

amplify the effect of the attack

Term Definition

corrupting the name service cache of a victim system, or

by compromising a domain name server for a valid domain

Domain Hijacking The unauthorized act of taking over an organization's

domain name

minimum level of security controls

Dumpster Diving Searching through trash bins or waste receptacles looking

for sensitive or valuable information

Encryption The process of disguising a message in such a way as to

hide its substance

Ethernet Sniffing Listening with software to the Ethernet interface for

packets that interest the user When the software sees a packet that fits certain criteria, it logs it to a file The most common criteria for an interesting packet is one that contains words like login or password

Fault Tolerance The ability of a system or component to continue normal

operation despite the presence of hardware or software faults

Fingerprinting A method of determining the type of operating system a

computer is using by sending specially crafted packets to it and examining the responses

boundary between two or more networks A gateway that limits access between networks in accordance with local security policy

and how to stretch their capabilities A malicious or inquisitive meddler who tries to discover information by poking around A person who enjoys learning the details of programming systems and how to stretch their capabilities,

as opposed to most users who prefer to learn on the minimum necessary

security mechanisms of a system or network

mathematical calculations to determine a unique value for

a piece of data in such a way that the original data can not

be derived directly from the hash value

about the source, destination, type and contents of the packet

network

HyperText Markup Language The encoding method used to create and display

information on the World Wide Web

Identification The process of describing the identity of a person or

process

Term Definition

Information Assurance Information Operations that protect and defend information

and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation This includes providing for restoration of information systems by incorporating protection, detection, and reaction capabilities

Information Security The result of any system of policies and/or procedures for

identifying, controlling, and protecting from unauthorized disclosure, information whose protection is authorized by executive order or statute

Integrity Assuring information will not be accidentally or maliciously

altered or destroyed

International Data Encryption Algorithm A private key encryption-decryption algorithm that uses a

key that is twice the length of a DES key

Internet Control Message Protocol Protocol that uses datagrams to detect and analyze

network traffic and routing problems

Internet Protocol Provides the basic packet delivery service upon which

TCP/IP networks are built

Internet Worm A worm program that was unleashed on the Internet in

1988 It was written by Robert T Morris as an experiment that got out of hand See also Worm

Intrusion Any set of actions that attempt to compromise the integrity,

confidentiality or availability of a resource

Intrusion Detection Techniques that attempt to detect intrusion into a computer

or network by observation of actions, security logs, or audit data Detection of break-ins or attempts either manually or via software expert systems that operate on logs or other information available on the network

IP Address A network address used to identify and locate computers

on a TCP/IP network

protocols

version of the Internet Protocol

Internet Protocol that allows for more addresses and better network transmission

Kerberos A network security system that uses "tickets" to grant

access to network resources and encryption to protect network communications

mechanical representations of symbols) applied to data in order to encrypt or decrypt that data

Key Escrow The system of giving a piece of a key to each of a certain

number of trustees such that the key can be recovered with the collaboration of all the trustees

Key Management The process of creating, distributing, certifying, storing,

and revoking encryption keys

Least Privilege The concept of only authorizing access to no more than

the minimal amount of resources required for a function

Term Definition

Local Area Network A computer communications system limited to no more

than a few miles and using high-speed connections (2 to

100 megabits per second) A short-haul communications system that connects devices in a building or group of buildings within a few square kilometers, including workstations, front-end processors, controllers, switches, and gateways

MAC Address Media Access Control address A unique serial number

given to every piece of network communications equipment

Malicious Code Hardware, software, of firmware that is intentionally

included in a system for an unauthorized purpose; e.g a Trojan horse

Malware A term used to denote malicious or harmful software, (e.g

viruses and trojan horse programs)

Man in the Middle Attack A computer attack where the attacker is located on the

network between two connected parties The attacker can then monitor and/or alter all communications between the two parties

Mandatory Security Security that is required as part of the a system and can

not be altered or bypassed

computer signals into analog telephone signals, and back again Used for transmission across analog-based telephone networks

communications

Network Address Translation A method of allowing a network to use private addresses

for local communications and converting those to public addresses for communications outside the network Network Security Protection of networks and their services from

unauthorized modification, destruction, or disclosure, and provision of assurance that the network performs its critical functions correctly and there are no harmful side-effects Non-Repudiation Method by which the sender of data is provided with proof

of delivery and the recipient is assured of the sender's identity, so that neither can later deny having processed the data

One-time Password A password scheme wherein the password is only used a

single time and then discarded

Open Security Environment that does not provide sufficient assurance

that applications and equipment are protected against the introduction of malicious logic prior to or during the operation of a system

Open Systems Interconnection A set of internationally accepted and openly developed

standards that meet the needs of network resource administration and integrated network utility

identities of the sending and receiving stations, error-control information, and a message

Term Definition

Packet Filter A network traffic restriction device that inspects each

packet for user defined content, such as an IP address, but does not track the state of sessions This is one of the least secure types of firewall

Packet Filtering A feature incorporated into routers and bridges to limit the

flow of information based on pre-determined communications such as source, destination, or type of service being provided by the network Packet filters let the administrator limit protocol specific traffic to one network segment, isolate email domains, and perform many other traffic control functions

Packet Sniffer A device or program that monitors the data traveling

between computers on a network

Packet Switching Communications method that breaks messages into

pieces called packets Each packet may travel a different route from the source to the destination The packets are then reassembled at the destination

Password A piece of information used to verify the identity of a user

or process Password Authentication Protocol Protocol that uses static passwords for authentication

system

Penetration Testing Testing in which the evaluators attempt to circumvent the

security features of a system The evaluators may be assumed to use all system design and implementation documentation, which may include listings of system source code, manuals, and circuit diagrams The evaluators work under the same constraints applied to ordinary users

Perimeter Based Security The technique of securing a network by controlling access

to all entry and exit points of the network Usually associated with firewalls and/or filters

Personnel Security The procedures established to ensure that all personnel

who have access to any classified or confidential information have the required authorizations as well as the appropriate clearances

Physical Security The measures used to provide physical protection of

resources against deliberate and accidental threats

another user's legitimate connection

Ping of Death The use of Ping with a packet size higher than 65,507

This will cause a denial of service

Point-to-Point Protocol A protocol for establishing network communications over

dial-up connections

Point-To-Point Tunneling Protocol Network protocol that provides VPN services over PPP

Term Definition

Port A "logical connection place" and specifically, using the

Internet's protocol, TCP/IP, the way a client program specifies a particular server program on a computer in a network Higher-level applications that use TCP/IP such as the Web protocol, HTTP, have ports with pre-assigned numbers These are known as "well-known ports" that have been assigned by the Internet Assigned Numbers Authority (IANA) Other application processes are given port numbers dynamically for each connection When a service (server program) initially is started, it is said to bind

to its designated port number As any client program wants

to use that server, it also must request to bind to the designated port number

Pretty Good Privacy A popular program used to encrypt information

Private Addressing Using a set of pre-defined non-routable IP addresses to

create a private network area See also NAT

Private Key Cryptography See Symmetric Cryptography

Promiscuous Mode Normally an Ethernet interface reads all address

information and accepts packets only destined for itself When the interface is in promiscuous mode, it reads all information, regardless of its destination See also Sniffer

computers A specification that describes the rules and procedures that products should follow to perform activities

on a network, such as transmitting data If they use the same protocols, products from different vendors should be able to communicate on the same network

host on the internal (protected) network with its own IP address for all traffic passing through it A software agent that acts on behalf of a user, typical proxies accept a connection from a user, make a decision as to whether or not the user or client IP address is permitted to use the proxy, perhaps does additional authentication, and then completes a connection on behalf of the user to a remote destination

Public Key Cryptography Type of cryptography in which the encryption key is

publicly available and unprotected, but in which the decryption key is protected so that only a party with knowledge of the decryption key can decrypt the cipher text

Public Key Infrastructure The systems and processes used to manage encryption

keys and certificates

Qualitative Risk Assessment Analysis of the risk and potential losses associated with an

area based on subjective criteria

Quantitative Risk Assessment Analysis of the risk and potential losses associated with an

area based on objective numeric and measurable criteria

Remote Access Dial-In User Service Provides a central point of management for remote

network access by allowing multiple remote access devices to share a common authentication database See also TACACS

Term Definition

Request For Comment A formal specification for a service or protocol that is

distrributed through the Internet community The Internet and many information technology standards are created through the RFC process

Risk Assessment A study of vulnerabilities, threats, likelihood, loss or impact,

and theoretical effectiveness of security measures The process of evaluating threats and vulnerabilities, known and postulated, to determine expected loss and establish the degree of acceptability to system operations

Risk Management The total process used to identify, control, and minimize

the impact of uncertain events The objective of the risk management program is to reduce risk to an acceptable level

Role-Based Security Access control based on the role a user plays in an

organization

Rotation of Duties Forcing operations staff to rotate assignments to help

detect fraud or abuse

containing certain protocols between networks

RSA Algorithm RSA stands for Rivest-Shamir-Aldeman A public-key

cryptographic algorithm that hinges on the assumption that the factoring of the product of two large primes is difficult

where possible activities are checked and restricted, thus reducing the security threat of these activities

for remotely probing and identifying the vulnerabilities of systems on IP networks A powerful freeware program that helps to identify system security weaknesses

Script Kiddie A junior hacker that runs automated procedures that have

been created by other (generally more ingenious) hackers Secure Electronic Transaction A protocol for handling payments in electronic commerce

transactions Secure Shell A completely encrypted shell connection between two

machines protected by a super long pass-phrase

Secure Sockets Layer A session layer protocol that provides authentication and

confidentiality to applications

Security A subjective condition that results from the establishment

and maintenance of protective measures that ensure a state of inviolability from hostile acts or influences

Security Domain The set of objects or resources that a system or user can

securely access

Security Perimeter The boundary (real or imaginary) where security controls

are in effect to protect assets System elements in the security perimeter are "trusted" All elements outside the security perimeter are considered "untrusted"

Security Policies The set of laws, rules, and practices that regulate how an

organization manages, protects, and distributes sensitive information