Text Only Version

InfoSec Glossary of Terms

Note: See also Telecommunications Glossary

Index: A B C D E F G H I J K L M N O P Q R S T U V W XYZ

A

  • Activation - The implementation of business continuity capabilities, procedures, activities, and plans in response to an emergency or disaster declaration; the execution of the recovery plan.
  • Access - The right to enter or make use of a computer system.
  • Access Control List (ACL) - List that contains a set of access control entries that define an object's permission settings and enables administrators to explicitly control access to resources.
  • Access Token - In Windows NT, an internal security card that is generated when users log on. It contains the security IDs (SIDs) for the user nd all the groups to which the user belongs. A copy of the access token is assigned to every process launched by the user.
  • Active Attack - An attack which results in an unauthorized state change, such as the manipulation of files, or the adding of unauthorized files. Administrative Security The management constraints and supplemental controls established to provide an acceptable level of protection for data.
  • AIS - Automated Information System - any equipment of an interconnected system or subsystems of equipment that is used in the automatic acquisition, storage, manipulation, control, display, transmission, or reception of data and includes software, firmware, and hardware.
  • Alert - A formatted message describing a circumstance relevant to network security. Alerts are often derived from critical audit events.
  • Ankle-Biter - A person who aspires to be a hacker/cracker but has very limited knowledge or skills related to AIS's. Usually associated with young teens who collect and use simple malicious programs obtained from the Internet.
  • Ambient Data - A forensic term which describes, in general terms, data stored in non-traditional computer storage areas and formats.
  • Anomaly Detection Model - A model where intrusions are detected by looking for activity that is different from the user's or system's normal behavior.
  • Antivirus - Type of program that protects a computer against a virus.
  • Applet - Small java program embedded in a HTML page.
  • Application Level Gateway - A firewall system in which service is provided by processes that maintain complete TCP connection state and sequencing. Application level firewalls often re-address traffic so that outgoing traffic appears to have originated from the firewall, rather than the internal host.
  • Architecture - Those characteristics of a network, operating system and/or application program which facilitate information interchange. May refer to either hardware or software or a combination of both.
  • Archival Data - Information no longer in use, but stored separately to free space on a drive and also includes "file clones.
  • ASIM - Automated Security Incident Measurement - Monitors network traffic and collects information on targeted unit networks by detecting unauthorized network activity.
  • Assessment - Surveys and Inspections; an analysis of the vulnerabilities of an AIS. Information acquisition and review process designed to assist a customer to determine how best to use resources to protect information in systems.
  • Assurance - A measure of confidence that the security features and architecture of an AIS accurately mediate and enforce the security policy.
  • Asynchronous Communication - A communication pattern in which the two (or more) parties involved are not communicating at the same time, as in e-mail messages.
  • Attack - An attempt to bypass security controls on a computer. The attack may alter, release, or deny data. Whether an attack will succeed depends on the vulnerability of the computer system and the effectiveness of existing countermeasures.
  • Audit Trail - In computer security systems, a chronological record of system resource usage. This includes user login, file access, other various activities, and whether any actual or attempted security violations occurred, legitimate and unauthorized.
  • Authentication - A method for confirming a users identify. Techniques are usually broken down into three categories: (1) something the user knows, such as a password or PIN; (2) something the user has, such as a smartcard or ATM card; and (3) something that's part of the user, such as a fingerprint or iris. The strongest authentication involves a combination of all three.
  • Authentication Header (AH) - A field that immediately follows the IP header in an IP datagram and provides authentication and integrity checking for the datagram.
  • Availability - Assuring information and communications services will be ready for use when expected.

B

  • Backbone - High-speed line or series of connections that forms a major pathway within a network.
  • Back Door - Secret (undocumented), hard-coded access codes or procedures for accessing information. Some back doors exist in commercially provided software packages; e.g., consistent (canonical) passwords for third-party software accounts and is designed to hide itself inside a target host and allows the user that installed it to access the system without using normal authorization. Alternatively, back doors can be inserted into an existing program or system to provide unauthorized access later.
  • Back Up - The action of copying (or mirroring) important data to a second location or onto removable media Information given to you when you log into or otherwise access a system.
  • Bad sectors - A sector is a group of bytes within a track. Bad sectors reside in clusters that are flagged in the FAT (File Allocation Table) as bad and thereafter the flagged cluster(s) are no longer available to normal access, however, DIRECT reads and writes may still be possible.
  • Bandwidth - Speed at which information can be transferred.
  • Bell-La Padula Security Model - Formal-state transition model of computer security policy that describes a formal set of access controls based on information sensitivity and subject authorizations.
  • Biba Integrity Model - A formal security model for the integrity of subjects and objects in a system.
  • Biometrics - The identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice or handwriting. Costs of biometrics authentication systems have been dropping and reliability improving, but many users are still wary of being identified by personal, unchangeable characteristics.
  • Biometric Scanner - A device connected to a computer system that recognizes physical characteristics of an individual (e.g., fingerprint, voice, retina).
  • BIOS (Basic Input Output System) - The set of routines stored in read-only memory that enable a computer to start the operating system and to communicate with the various devices in the system such as disk drives, keyboard, monitor, printer, and communication ports. The BIOS also stores the date, time and configuration of the hardware.
  • Bit Stream Backups - See Mirror Image Backups
  • Bomb - A general synonym for crash, normally of software or operating system failures.
  • Breach - The successful defeat of security controls which could result in a penetration of the system.A violation of controls of a particular information system such that information assets or system components are unduly exposed.
  • Buffer - An area of memory, often referred to as a "cache," used to speed up access to devices. It is used for temporary storage of data read from or waiting to be sent to a device such as a hard disk, CD-ROM, printer, or tape drive.
  • Buffer Overflow - This happens when more data is put into a buffer or holding area, then the buffer can handle. This is due to a mismatch in processing rates between the producing and consuming processes. This can result in system crashes or the creation of a back door leading to system access.
  • Bug - An unwanted and unintended property of a program or piece of hardware, especially one that causes it to malfunction.

C

  • Carnivore - A controversial email surveillance tool being developed by the FBI. When installed at an ISP, it monitors the communication that passes through the servers. Theoretically, it will pick out only information that falls under the strict bounds of a court order the "meat" of the data but critics fear that the tool will be misused or that the technology will not work correctly. Because the name "Carnivore" was unpopular, the FBI recently renamed the tool DCS1000.
  • CGI - Common Gateway Interface - CGI is the method that Web servers use to allow interaction between servers and programs.
  • CGI Scripts - Allows for the creation of dynamic and interactive web pages. They also tend to be the most vulnerable part of a web server (besides the underlying host security).
  • Chain of Custody - Verifies that information was not altered in the copying process and has not been altered during any analysis.
  • Check_Password - A hacking program used for cracking VMS passwords.
  • Chernobyl Packet - Also called Kamikaze Packet. A network packet that induces a broadcast storm and network meltdown. Typically an IP Ethernet datagram that passes through a gateway with both source and destination Ethernet and IP address set as the respective broadcast addresses for the subnetworks being gated between.
  • Circuit Level Gateway - One form of a firewall. Validates TCP and UDP sessions before opening a connection. Creates a handshake, and once that takes place passes everything through until the session is ended.
  • Clearing - Rendering stored information unrecoverable unless special utility software or techniques are used.
  • Client - Resides on the user's computer and communicates with a server(s).
  • Clipper Chip - A tamper-resistant VLSI chip designed by NSA for encrypting voice communications. It conforms to the Escrow Encryption Standard (EES) and implements the Skipjack encryption algorithm.
  • Cluster - Groupings of sectors which are used to allocate the data storage area in all Microsoft operating systems, i.e., DOS, Windows, Windows 95, Windows 98, Windows NT and Windows 2000. Clusters can be one sector in size to 128 sectors in size and cluster sizes vary depending on the size of the logical storage volume and the operating system involved.
  • COAST - Computer Operations, Audit, and Security Technology - is a multiple project, multiple investigator laboratory in computer security research in the Computer Sciences Department at Purdue University. It functions with close ties to researchers and engineers in major companies and government agencies. Its research is focused on real-world needs and limitations, with a special focus on security for legacy computing systems.
  • Coercivity - Defines the magnetic field necessary to reduce a magnetically saturated material's magnetization to zero. Coercivity strength of an applied magnetic field determines which type of degausser may be applied to a particular type of magnetic material. Demagnetizing the magnetic material of data storage media removes data remanence.
  • Compromise - An intrusion into a computer system where unauthorized disclosure, modification or destruction of sensitive information may have occurred.
  • Computer Abuse - The willful or negligent unauthorized activity that affects the availability, confidentiality, or integrity of computer resources. Computer abuse includes fraud, embezzlement, theft, malicious damage, unauthorized use, denial of service, and misappropriation.
  • Computer-Created Files - Files such as backup files, configuration files, cookies, hidden files, history files, log files, printer spool files, swap files, system files, temporary files.
  • Computer Forensics - The act of looking for and preserving digital evidence of a crime for eventual use in court. Computer forensics is just starting to get widespread attention in the computing community.
  • Computer Fraud - Computer-related crimes involving deliberate misrepresentation or alteration of data in order to obtain something of value.
  • Computer Network Attack - (CNA) Operations to disrupt, deny, degrade, or destroy information resident in computers and computer networks, or the computers and networks themselves. (DODD S-3600. 1 of 9 Dec 96).
  • COMSEC (Communications Security) - Measures and controls taken to deny unauthorized person(s) information derived from telecommunications and ensure the authenticity of such telecommunications. NOTE: Communications security includes cryptosecurity, transmission security, emission security, and physical security of COMSEC material.
  • COMPUSEC (Computer Security) - Measures and controls that ensure confidentiality, integrity, and availability of the information processed and stored by a computer.
  • Computer Security Incident - Any intrusion or attempted intrusion into an automated information system (AIS). Incidents can include probes of multiple computer systems.
  • Computer Security Intrusion - Any event of unauthorized access or penetration to an automated information system (AIS).
  • Confidentiality - Assuring information will be kept secret, with access limited to appropriate persons.
  • Containment - The phase in Incident Handling that limits the scope and magnitude of an incident Information given to you when you log into or otherwise access a system.
  • Controller - Device that controls the transfer of data from a computer to a peripheral device and vice versa.
  • Cookie - Small file on your computer in which a web site may write data.
  • COPS - Computer Oracle and Password System - A computer network monitoring system for Unix machines. Software tool for checking security on shell scripts and C programs. Checks for security weaknesses and provides warnings.
  • Countermeasures - Action, device, procedure, technique, or other measure that reduces the vulnerability of an automated information system. Countermeasures that are aimed at specific threats and vulnerabilities involve more sophisticated techniques as well as activities traditionally perceived as security.
  • Cracker(ing) - A malicious, criminal hacker who uses tools to decode encrypted passwords to break into a computer system and makes an unauthorized penetration of computer systems and networks, abuse of privileges, or unauthorized use of services.
  • Crash - A sudden, usually drastic failure of a computer system.
  • Critical Infrastructure - A foundation of services that citizens and businesses rely on for their health, safety and well-being. Telecommunications, transportation, energy and banking services are part of the critical infrastructure, which is often privately owned but which citizens expect the government to protect.
  • Cybercrime - Internet-based illegal acts.
  • Cyber Security - Protecting a PC and personal information.
  • Cyber Ethics - Proper modes of behavior online.
  • Cyber Safety - Protecting aginst unscrupulous people online.
  • Cryptanalysis - Definition 1) The analysis of a cryptographic system and/or its inputs and outputs to derive confidential variables and/or sensitive data including cleartext. Definition 2) Operations performed in converting encrypted messages to plain text without initial knowledge of the crypto-algorithm and/or key employed in the encryption.
  • Cryptographic Hash Function - A process that computes a value (referred to as a hashword) from a particular data unit in a manner that, when a hashword is protected, manipulation of the data is detectable.
  • Cryptography - A coding method in which data is encrypted (translated into an unreadable format) and then decrypted (translated back into a readable format by someone with a secret key) using an algorithm. Cryptography is used to send or store information securely. See public key cryptography.
  • Cyberspace - Describes the world of connected computers and the society that gathers around them. Commonly known as the INTERNET.

D

  • DARPA - Defense Advanced Research Projects Agency.
  • Data Diddling - Modifying data for fun and profit; e.g., modifying grades, changing credit ratings, altering security clearance information, fixing salaries, or circumventing bookkeeping and audit regulations.
  • Data Driven Attack - A form of attack that is encoded in innocuous seeming data which is executed by a user or a process to implement an attack. A data driven attack is a concern for firewalls, since it may get through the firewall in data form and launch an attack against a system behind the firewall.
  • Data Encryption Standard - Definition 1) (DES) An unclassified crypto algorithm adopted by the National Bureau of Standards for public use. Definition 2) A cryptographic algorithm for the protection of unclassified data, published in Federal Information Processing Standard (FIPS) 46. The DES, which was approved by the National Institute of Standards and Technology (NIST), is intended for public and government use.
  • Data Leakage - Uncontrolled, unauthorized transmission of classified information from a data center or computer system to the outside. Such leakage can be accomplished by physical removal of data storage devices (diskettes, tapes, listings, printouts and photographs of screen copies or handwritten notes) or by more subtle means such as data hiding (steganography) or even plain old human memory.
  • Data Mapping - Going beyond basic search capabilities, data mapping is also called keyless searching. It finds or suggests associations between files within a large body of data, which may not be apparent using other techniques. Degaussing Degaussing (i.e., demagnetizing) is a procedure that reduces the magnetic flux to virtual zero by applying a reverse magnetizing field. Properly applied, degaussing renders any previously stored data on magnetic media unreadable and may be used as a method of sanitization. The computer is sanitized by reformatting the hard drive in a secure manner or by using a wipeout utility.
  • Deleted Files - Files that a subject deletes that in many instances a forensic examiner is able to recover all or part of the original data Demon Dialer A program which repeatedly calls the same telephone number. This is benign and legitimate for access to a BBS or malicious when used as a denial of service attack.
  • Denial-of-Service Attack (DoS) - An attack in which a mail server, Web Server or even telephone system is purposely overloaded with phony requests so that it cannot respond properly to valid ones. Prevents normal use of computer or network by valid users where the attacker can cause abnormal termination of the applications, flood the network with traffic, or block traffic. Usually involves spoofing.
  • Derf - The act of exploiting a terminal which someone else has absent mindedly left logged on.
  • Digital - Data that has been created, transmitted, or stored as a string of signals coded as "1" (on) or "0" (off). Data in digital form (text, numbers, graphics, voice, video, etc.) can be stored and processed by computers and communicated at high speed over electronic networks with complete accuracy and reliability. Exact copies of digital data can be made in which the copy is indistinguishable from the original.
  • Digital Evidence - Information stored or transmitted in binary form that may be relied upon in court.
  • Distributed Denial-of-Service Attack (DDoS) - A denial-of-service attack in which the attackers load their malignant code onto a host of other machines (often through Trojan horses). Distributed attacks can cause much more damage than an attack originating from a single machine, as the defending company needs to block dozens or even hundreds of IP addresses. Compromised hosts used to attack other Internet sites, altering system binaries, and exposing sensitive information to external parties.
  • Digital Certificate - The electronic equivalent of an ID card, which works in conjunction with public key encryption to sign digital signatures. A digital certificate, which may contain a users name and other information, is issued by a certification authority (CA), which also keeps track of digital certificates that have been revoked.
  • Digital Signature - A type of electronic signature that is generally considered the most reliable and secure. Digital signatures use public key infrastructure (PKI) to authenticate the sender and verify the information contained in the document. With the passage of the electronic signatures act, digital signatures are expected to become increasingly popular for exchanging information, conducting transactions and signing contracts over the Internet.
  • Disaster Recovery - Written plan describing the steps company would take to restore computer operations in the event of a disaster containing four components: the emergency plan, the backup plan, the recovery plan, and the test plan.
  • DNS Spoofing - Assuming the DNS name of another system by either corrupting the name service cache of a victim system, or by compromising a domain name server for a valid domain.
  • Dongle - A small device that plugs into a computer port that contains types of information similar to information on a smart card. Also called a hardware key, it hinders software duplication because each copy of the program is tied to a unique number, which is difficult to obtain, and the key has to be programmed with that number.
  • Dynamic Signature Verification (DSV) - Signature biometric, also known as dynamic signature verification.

E

  • Easter Egg - Undocumented, unauthorized program functions in a production program; a kind of Trojan Horse.
  • E-commerce - Transactions where money is exchanged for valuable goods and services with either the money and/or the goods and services transported over computer networks.
  • Electromagnetic Fields - The field of force associated with electric charge in motion having both electric and magnetic components and containing a definite amount of electromagnetic energy.
  • Electronic Evidence - Information and data of investigative value that is stored on or transmitted by an electronic device. Such evidence is acquired when data or physical items are collected and stored for examination purposes.
  • Electronic Signatures Act - Officially named the Electronic Signatures in Global and National Commerce Act, a law stating that electronic signatures may be legally binding for contracts and transactions. The law does not specify what type of technology can be used. Digital signatures are popular types of electronic signatures, but simple click-through agreements at web sites also may be legally binding. Electronic signatures also may involve biometrics or digitized versions of handwritten signatures.
  • Emergency Disk - Floppy disk that contains an unaffected copy of operating system.
  • EMSEC (Emission Security) - Protection resulting from all measures taken to deny unauthorized persons information of value which might be derived from intercept and analysis of compromising emanations from crypto-equipment, AIS, and telecommunications systems.
  • Encapsulating Security Payload (ESA) - A mechanism to provide confidentiality and integrity protection to IP datagrams.
  • Encryption - Process of encoding data to prevent unauthorized access, especially during transmission.
  • Eradication - The phase in Incident Handling that makes sure the problem is eliminated and the avenue of entry is closed off Information given to you when you log into or otherwise access a system.
  • Erasing - An ambiguous term, which can refer to purging, clearing, or removing file allocation.
  • Ethernet Sniffing - This is listening with software to the Ethernet interface for packets that interest the user. When the software sees a packet that fits certain criteria, it logs it to a file. The most common criteria for an interesting packet is one that contains words like login or password.
  • Evidence Grade Backups - See Mirror Image Backups Exploit A method for exploiting a vulnerability to take control of a system or otherwise compromise it. Exploits are sometimes automated in scripts.
  • Extra Tracks - Most hard disks have several more than the rated number of tracks. These extra tracks are used to make up for flaws that might occur during manufacture that would otherwise require that the entire disk be rejected for failing its quality control requirements. Most times they are not required or used but with DIRECT reads and writes they are accessible and provide a good place for hiding or storing sensitive data.
  • Extrinsic Data - Information about the file such as file signature, author, size, name, path, creation and modification dates. This data is the accumulation of what is in the file, on the media label, discovered by the operator, and contributed by the client. Collectively, it represents the real value of examining an electronic file as opposed to its printed version.

F

  • False Negative - Occurs when an actual intrusive action has occurred but the system allows it to pass as non-intrusive behavior.
  • False Positive - Occurs when the system classifies an action as anomalous (a possible intrusion) when it is a legitimate action.
  • Fault Tolerance - The ability of a system or component to continue normal operation despite the presence of hardware or software faults.
  • File Allocation Table (FAT) - A term used by DOS to describe the table that outlines the location of all of the files on disk. There are two FATs, and in a healthy computer they will be identical.
  • File Slack Space - The space between the logical end and the physical end of file and is called the file slack. The logical end of a file comes before the physical end of the cluster in which it is stored. The remaining bytes in the cluster are remnants of previous files or directories stored in that cluster File Virus Virus that attaches itself to program files. When the infected program is run the virus loads into memory. Sometimes called a program virus.
  • Firewall - A method of guarding a private network by analyzing the data leaving and entering. Firewalls can also provide network address translation, so the IP addresses of computers inside the firewall stay hidden from view. Packet-filtering firewalls use rules based on a packets source, destination, port or other basic information to determine whether or not to allow it into the network. More advanced stateful packet filtering firewalls have access to more information from which to make their decisions. Proxy firewalls, which look at content and can involve authentication and encryption, can be more flexible and secure but also tend to be far slower. Although firewalls are difficult to configure correctly, security experts generally agree that they are a critical component of network security.
  • Fishbowl - To contain, isolate and monitor an unauthorized user within a system in order to gain information about the user.
  • Follow-Up - The phase in Incident Handling that identifies lessons learned, improves incident handling capability, and tabulates finding in a report format Information given to you when you log into or otherwise access a system.
  • Fork Bomb - Also known as Logic Bomb - Code that can be written in one line of code on any Unix system; used to recursively spawn copies of itself, "explodes" eventually eating all the process table entries and effectively locks up the system.
  • Formatting Data - See Metadata Fuzzy logic - In searching for a word or phrase, a secondary analysis can take place which finds occurrences of that word or phrase that appear related, even if it is not an exact match. An example includes searching on the name "John J. Doe" and finding data associated with related terms such as "JJD", "John Jr.", etc. Fuzzy logic parameters are pre-loaded before searching documents associated with a case.

G

  • Gateway - Enables two technologically different networks to communicate.
  • Gopher - Protocol for menu-based information retrieval over the Internet.

H

  • Hacker - A person who enjoys exploring the details of computers and how to stretch their capabilities. A malicious or inquisitive meddler who tries to discover information by poking around. A person who enjoys learning the details of programming systems and how to stretch their capabilities, as opposed to most users who prefer to learn on the minimum necessary.
  • Hacking Run - A hack session extended long outside normal working times, especially one longer than 12 hours.
  • Hacktivism (sometimes spelled Hactivism) - Politically or ideologically motivated vandalism. Defacing a Web site for no particular reason is vandalism; the same defacement to post political propaganda or to cause harm to an ideological opponent is hacktivism.
  • Hash - Mathematical formula that generates code from a message.
  • Header - Potion of a packet (refer to packet definition), which contains the source and destination addresses, error checking information, message originator, date and time, and subject lines.
  • High-level Format - The process of formatting using the FORMAT command in Windows or DOS performs a high-level format. This does not destroy the data on the disk. This process simply resets the index in the file allocation table so that the operating system sees the disk as empty.
  • Hoax - E-mail messages that are usually untrue and flood the Internet. Instead of spreading from one computer to another by itself, hoaxes rely on people to pass them along.
  • Host - A single computer or workstation; it can be connected to a network.
  • Host Based - Information, such as audit data from a single host which may be used to detect intrusions.

I

  • IDEA - (International Data Encryption Algorithm) - A private key encryption-decryption algorithm that uses a key that is twice the length of a DES key.
  • IDIOT - Intrusion Detection In Our Time. A system that detects intrusions using pattern-matching.
  • Image Map - Picture that acts as a hyperlink to different pages.
  • Impersonation - Pretending to be authorized to enter a secure location. Examples include swaggering into a site equipped with what look like tool kits of a manufacturer of computer equipment, or pretending to be a janitor. Impersonation is a key element of social engineering.
  • Imposter - A person who deceives under an assumed identity.
  • Information Assurance (IA) - Information operations that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. This includes providing for restoration of information systems by incorporating protection, detection, and reaction capabilities. (Reference - NSTISSI 4009).
  • Information Operations (IO) - Actions taken to affect adversary information and information systems while defending one's own information and information systems. (DODD S-3600.1 of 9 Dec 96).
  • Information Security (InfoSec) - The protection of Information Systems security against unauthorized access to or modification of information, whether in storage, processing or transit, and against the denial of service to authorized users or the provision of service to unauthorized users, including those measures necessary to detect, document, and counter such threats. (Reference - NSTISSI 4009). Information Superiority The capability to collect, process, and disseminate an uninterrupted flow of information while exploiting or denying an adversary's ability to do the same. (DODD S-3600.1 of 9 Dec 96).
  • Information Warfare - Actions taken to achieve information superiority by affecting adversary information, information based processes, and information systems, while defending our own information, information based processes, and information systems. Any action to deny, exploit, corrupt, or destroy the enemy's information and its functions, protect themselves against those actions; and exploiting their own military information functions.
  • Integrity - Assuring information will not be accidentally or maliciously altered or destroyed.
  • Intellectual Property data - See Metadata
  • Interface - A program or device which connects programs and/or devices.
  • Internet Worm - A worm program (see: Worm) that was unleashed on the Internet in 1988. It was written by Robert T. Morris as an experiment that got out of hand.
  • Intruder - An unauthorized user or unauthorized program, generally considered to have malicious intent, on a computer or computer network.
  • Intrusion - Any set of actions that attempt to compromise the integrity, confidentiality or availability of a resource.
  • Intrusion Detection - Pertaining to techniques which attempt to detect intrusion into a computer or network by observation of actions, security logs, or audit data. Detection of break-ins or attempts either manually or via software expert systems that operate on logs or other information available on the network.
  • Intrusion Detection System - Detects Intrusions. Examples are Kane Security Monitor (KSM); OmniGuard/Intruder Alert; Real Secure; CyberCop Monitor.
  • IP address - A 32-bit binary address used to identify a hosts' network ID. The network portion can contain either a network ID or a network ID and a subnet.
  • IP Splicing / Hijacking - An action whereby an active, established, session is intercepted and co-opted by the unauthorized user. IP splicing attacks may occur after an authentication has been made, permitting the attacker to assume the role of an already authorized user. Primary protections against IP splicing rely on encryption at the session or network layer.
  • IP Spoofing - An attack whereby a system attempts to illicitly impersonate another system by using IP network address.
  • Iris Recognition - Eye biometric that focuses on the unique characteristics found in the iris.

K

  • Key - A symbol or sequence of symbols (or electrical or mechanical correlates of symbols) applied to text in order to encrypt or decrypt.
  • Keyboard Attack - Extracting information from data storage media by executing software utilities, keystrokes, or other system resource executed from a keyboard. For example, disk and file recovery utilities and memory scavenging procedures can be used to carry out keyboard attacks.
  • Key Escrow - The system of giving a piece of a key to each of a certain number of trustees such that the key can be recovered with the collaboration of all the trustees.
  • Keystroke Monitoring - A specialized form of audit trail software, or a specially designed device, that records every key struck by a user and every character of the response that the AIS returns to the user.

L

  • Laboratory Attack - Using sophisticated signal recovery equipment in a laboratory environment to recover stored information from data storage media.
  • LAN (Local Area Network) - Local Area Network - A computer communications system limited to no more than a few miles and using high-speed connections (2 to 100 megabits per second). A short-haul communications system that connects ADP devices in a building or group of buildings within a few square kilometers, including workstations, front-end processors, controllers, switches, and gateways.
  • LAWN (Local Area Wireless Network) - Local Area Wireless Network- A LAN that uses high frequency radio waves rather than wires to communicate between nodes.
  • Latency - The period during which a time bomb, logic bomb, virus or worm refrains from overt activity or damage (delivery of the payload). Long latency coupled with vigorous reproduction can result in severe consequences for infected or otherwise compromised systems.
  • LDAP (Lightweight Directory Access Protocol) - A standardized way to connect with a directory which might hold passwords, addresses, public encryption keys, and other exchange-facilitating data.
  • Leapfrog Attack - Use of userid and password information obtained illicitly from one host to compromise another host. The act of TELNETing through one or more hosts in order to preclude a trace (a standard cracker procedure).
  • Legacy System - Older software and hardware systems still in use and generally proprietary.
  • Letterbomb - A piece of email containing live data intended to do malicious things to the recipient's machine or terminal. Under UNIX, a letterbomb can also try to get part of its contents interpreted as a shell command to the mailer. The results of this could range from silly to denial of service.
  • LISTSERV - Commercial mailing list. Although LISTSERV refers to a specific mailing list server, the term is sometimes used incorrectly to refer to any mailing list server.
  • Log files - Files that show the status of the system and are accessed via Event Viewer, which lists the severity and a brief description of the logged event.
  • Logic Bomb(ing) - Also known as a Fork Bomb - A resident computer program which, when executed, checks for a particular condition or particular state of the system which, when satisfied, triggers the perpetration of an unauthorized act. Logic bombs are a kind of Trojan Horse; time bombs are a type of logic bomb.
  • Low-level Format - This process will destroy all data on the disk. The FORMAT command in DOS or Windows does not perform a low-level format.

M

  • Mail Bomb - The mail sent to urge others to send massive amounts of email to a single system or person, with the intent to crash the recipient's system, usually with angry messages. Mailbombing is widely regarded as a serious offense. To be distinguished from spamming.
  • Malicious Code - Viruses like Trojan horses, worms, and scripts used by crackers/hackers to gain privileges, capture passwords, and to modify audit logs to hide unauthorized activity Information given to you when you log into or otherwise access a system. Any hardware, software, of firmware that is intentionally included in a system for an unauthorized purpose.
  • Malware - Malicious software, including Trojan Horses, viruses, worms, logic bombs, exploits and time bombs.
  • Master Program - In distributed denial-of-service (DDoS) attacks, a program that communicates with implanted zombie or slave programs on compromised systems. The master program usually transmits encrypted instructions to zombies with details of which targeted system to swamp with junk transmissions at exactly what time.
  • Media - Short for storage media. Physical objects on which data can be stored, such as hard drives, floppy disks, CD-ROMs, and tapes.
  • Memory Cards - Removable electronic storage devices, which do not lose the information when power is removed from the card. It may even be possible to recover erased images from memory cards. Memory cards can store hundreds of images in a credit card-size module. Used in a variety of devices, including computers, digital cameras, and PDAs. Examples are memory sticks, smart cards, flash memory, and flash cards.
  • Memory Scavenging - Searching through data storage to collect residue thereby acquiring data. Data may be stored on records, blocks, pages, segments, files, directories, words, bytes, fields, or peripheral devices, such as printers or video displays.
  • Metadata - Data about data. Metadata describes how and when and by whom a particular set of data was collected, and how the data is formatted. There are at least three types of metadata: semantic data, which gives the meaning of the "raw" data; formatting data which describes the appearance of the data on-screen or on-page; and intellectual property data which describes data ownership conditions.
  • MIME (Multipurpose Internet Mail Extensions) - Multipurpose Internet Mail Extensions -A set of Internet standards used to express, in email format, data which does not fit the limitations of the basic standard.
  • Mimicking - Synonymous with Impersonation, Masquerading or Spoofing.
  • Mirror image backups - Backups that involve the backup of all areas of a computer hard disk drive or another type of storage media, e.g., Zip disks, floppy disks, Jazz disks, etc and exactly replicate all sectors on a given storage device. Thus, all files and ambient data storage areas are copied. Such backups are sometimes referred to as bit stream backups or 'evidence grade' backups and they differ substantially from standard file backups and network server backups.
  • Misnamed Files - A file disguised by changing the file's name to something innocuous.
  • Mockingbird - A computer program or process which mimics the legitimate behavior of a normal system feature (or other apparently useful function) but performs malicious activities once invoked by the user.
  • Modem - Acronym for Modulator and Demodulator. A modem is a device or program that enables a computer to transmit data over telephone lines.
  • Multihost Based Auditing - Audit data from multiple hosts may be used to detect intrusions.

N

  • Nak Attack - Negative Acknowledgment - A penetration technique which capitalizes on a potential weakness in an operating system that does not handle asynchronous interrupts properly and thus, leaves the system in an unprotected state during such interrupts.
  • Netcheque - Developed at the Information Sciences Institute of the University of Southern California.
  • Network - Two or more machines interconnected for communications.
  • Network Based - Network traffic data along with audit data from the hosts used to detect intrusions.
  • Network Level Firewall - A firewall in which traffic is examined at the network protocol (IP) packet level.
  • Network Mapping - A probe that uses SNMP or broadcast ICMP "ping" packets to determine the architecture of your network.
  • Network Security - Protection of networks and their services from unauthorized modification, destruction, or disclosure, and provision of assurance that the network performs its critical functions correctly and there are no harmful side-effects. Network security includes providing for data integrity.
  • Network Sniffer (or packet sniffer), - Potentially installed network-monitoring program on UNIX systems to capture user account and password information. For NT systems, remote administration programs would be more commonly used.
  • Network Weaving - Another name for "Leapfrogging".
  • Node - In a network, a node can be a computer or some other device such as a printer. Every node has a unique network address.
  • Noise - Any unwanted electrical signal.
  • Non-Repudiation - Method by which the sender of data is provided with proof of delivery and the recipient is assured of the sender's identity, so that neither can later deny having processed the data.
  • Neural Network - Beyond a basic search tool, this technology offers the ability to intelligently interpret content and make associations based on information provided in advance. The tool can be trained to recognize word patterns and associations. A good example of this is content filtering software designed to screen out inappropriate material from minors.

O

  • Oersted - A unit of magnetic field strength.
  • Open Security - Environment that does not provide environment sufficient assurance that applications and equipment are protected against the introduction of malicious logic prior to or during the operation of a system.
  • Open Systems Security - Provision of tools for the secure internetworking of open systems.
  • Operational Data Security - The protection of data from either accidental or unauthorized, intentional modification, destruction, or disclosure during input, processing, or output operations.
  • OPSEC (Operations Security) - A systematic and proved process by which an organization and its supporting contractors [or other activity/organization] can deny to potential adversaries information about capabilities and intentions by identifying, controlling, and protecting generally unclassified evidence of the planning and execution of sensitive activities.
  • Original electronic evidence - Physical items and those data objects that are associated with those items at the time of seizure.
  • OSI - Open Systems Interconnection. A set of internationally accepted and openly developed standards that meet the needs of network resource administration and integrated network utility.
  • Overwriting - Process of writing patterns of data on top of the data stored on a magnetic medium.

P

  • P3P (Platform for Privacy Preferences) - A project of the World Wide Web Consortium (W3C) that will give consumers an easy way to learn about and react to the way web sites may be using personal information. Essentially, a P3P-enabled web site would generate a snapshot of how it handles personal information. That snapshot would be compared automatically to preferences set by a consumer using a P3P-enabled browser.
  • Packet - Limited-length unit of data formed by the network, transport, presentation, or application layer (layers 3-7 of the OSI Model) in a networked computer system. Data is transported over the network, and larger amounts of data are broken into shorter units and placed into packets.
  • Packet Filtering - A feature incorporated into routers and bridges to limit the flow of information based on pre-determined communications such as source, destination, or type of service being provided by the network. Packet filters let the administrator limit protocol specific traffic to one network segment, isolate email domains, and perform many other traffic control functions. Best used in conjunction with IP packet filtering through Routing and Remote Access.
  • Packet Sniffer - A device or program that monitors the data traveling between computers on a network.
  • Packet Switching - The engineering mechanism that breaks up the transmitted data into individual units or "packets," each of which contains the destination address of the data. The packets are independently routed through the network and reassembled by the computer at the destination address. This allows data from multiple users to efficiently use the same path on the network.
  • Page File - Refer to Swap File Partition Waste Space After the boot sector of a partition, it is customary to skip the rest of the track and start the volume on the next track. This results in tens or even hundreds of sectors going to waste. However, since this area is inaccessible to all but low-level disk viewers, it is an excellent hiding spot for information.
  • Passive Attack - Attack which does not result in an unauthorized state change, such as an attack that only monitors and/or records data.
  • Passive Threat - The threat of unauthorized disclosure of information without changing the state of the system. A type of threat that involves the interception, not the alteration, of information.
  • Payload - The unauthorized activities of malicious software.
  • PEM (Privacy Enhanced Mail) - An IETF standard for secure electronic mail exchange.
  • Penetration - The successful unauthorized access to an automated system.
  • Penetration Signature - The description of a situation or set of conditions in which a penetration could occur or of system events which in conjunction can indicate the occurrence of a penetration in progress.
  • Penetration Testing - The portion of security testing in which the evaluators attempt to circumvent the security features of a system. The evaluators may be assumed to use all system design and implementation documentation, that may include listings of system source code, manuals, and circuit diagrams. The evaluators work under the same constraints applied to ordinary users.
  • Perimeter Based Security - The technique of securing a network by controlling access to all entry and exit points of the network. Usually associated with firewalls and/or filters.
  • Perpetrator - The entity from the external environment that is taken to be the cause of a risk. An entity in the external environment that performs an attack, i.e. hacker.
  • Personnel Security - The procedures established to ensure that all personnel who have access to any classified information have the required authorizations as well as the appropriate clearances.
  • PGP (Pretty Good Privacy) - A freeware program primarily for secure electronic mail.
  • Phage - A program that modifies other programs or databases in unauthorized ways; especially one that propagates a virus or Trojan horse.
  • PHF - Phone book file demonstration program that hackers use to gain access to a computer system and potentially read and capture password files.
  • PHF hack - A well-known and vulnerable CGI script which does not filter out special characters (such as a new line) input by a user.
  • Phracker - An individual who combines phone phreaking with computer hacking.
  • Phreak(er)(ing) - An individual fascinated by the telephone system. Commonly, an individual who uses his knowledge of the telephone system to make calls at the expense of another.
  • Physical Security - The measures used to provide physical protection of resources against deliberate and accidental threats.
  • Piggy Back(ing) - Entering secure premises by following an authorized person through the security grid; also unauthorized access to information by using a terminal that is already logged on with an authorized ID (identification).
  • Ping - A computer program that randomly identifies potential targets on the Internet.
  • Ping of Death - The use of Ping with a packet size higher than 65,507. This will cause a denial of service.
  • Plaintext - Unencrypted data.
  • Platform - Underlying hardware or software for a system. The term is often used as a synonym for operating system.
  • Polymorphic Virus - Virus that modifies itself each time it attaches to another program and cannot be detected by an anti-virus program.
  • Portal (or Internet Portal) - A gateway or single point of entry through which the user can access related information from a variety of sources.
  • Private Key Cryptography - An encryption methodology in which the encryptor and decryptor use the same key, which must be kept secret. This methodology is usually only used by a small group.
  • Probe - Unauthorized access attempts. The intruder may install sniffers to collect additional passwords and user ID's.
  • Procedural Security - See Administrative Security.
  • Profile - Patterns of a user's activity which can detect changes in normal routines.
  • Promiscuous Mode - Normally an Ethernet interface reads all address information and accepts follow-on packets only destined for itself, but when the interface is in promiscuous mode, it reads all information (sniffer), regardless of its destination.
  • Protocol - Agreed-upon methods of communications used by computers. A specification that describes the rules and procedures that products should follow to perform activities on a network, such as transmitting data. If they use the same protocols, products from different vendors should be able to communicate on the same network.
  • Prowler - A daemon that is run periodically to seek out and erase core files, truncate administrative logfiles, nuke lost+found directories, and otherwise clean up.
  • Proxy - A firewall mechanism that replaces the IP address of a host on the internal (protected) network with its own IP address for all traffic passing through it. A software agent that acts on behalf of a user, typical proxies accept a connection from a user, make a decision as to whether or not the user or client IP address is permitted to use the proxy, perhaps does additional authentication, and then completes a connection on behalf of the user to a remote destination.
  • Public Key Cryptography - A coding system in which encryption and decryption are done with public and private keys, allowing users who don't know each other to send secure or verifiable messages. Suppose Fred wants to send a message. He would encrypt it with his private key, which no one else knows; then, the recipient would decrypt it using Fred's publicly available key, thus verifying that the message came from Fred. Alternately, suppose Fred wants to receive an encrypted message. The sender would encrypt the message with Fred's public key, and only Fred would be able to decrypt it, using his private key. This method, also known as dual-key cryptography, contrasts with the older secret-key or symmetric cryptography, in which the sender and recipient must agree on and use the same private key for encryption and decryption.
  • Public Key Infrastructure (PKI) - A system for securely exchanging information within a company, group or worldwide that includes a method for publishing the public keys used in public key cryptography and for keeping track of keys that are no longer valid. Different industry and technical groups are developing PKI technology, and the National Institute for Standards and Technology (NIST) is working to make sure those technologies are compatible.

Q

R

  • RAM Slack - The space from the end of the file to the end of the containing sector. Before a sector is written to disk, it is stored in a buffer somewhere in RAM. If the buffer is only partially filled with information before being committed to disk, remnants from the end of the buffer will be written to disk. In this way, information that was never "saved" can be found in RAM slack on disk.
  • Recovery - The phase in Incident Handling that returns the system to a fully operational status.
  • Reference Monitor - A security control concept in which an abstract machine mediates accesses to objects by subjects. In principle, a reference monitor should be complete (in that it mediates every access), isolated from modification by system entities, and verifiable. A security kernel is an implementation of a reference monitor for a given hardware base.
  • Remanence - Residual information remaining on data storage media after clearing.
  • Replicator - Any program that acts to produce copies of itself examples include; a program, a worm, a fork bomb or virus. It is even claimed by some that UNIX and C are the symbiotic halves of an extremely successful replicator.
  • Residual Data - Information that appears to be gone, but is still recoverable from the computer system and includes "deleted" files still extant on a disk surface and data existing in other system hardware such as buffer memories of printers and fax machines.
  • Retro-Virus - A retro-virus is a virus that waits until all possible backup media are infected too, so that it is not possible to restore the system to an uninfected state.
  • Risk Assessment - A study of vulnerabilities, threats, likelihood, loss or impact, and theoretical effectiveness of security measures. The process of evaluating threats and vulnerabilities, known and postulated, to determine expected loss and establish the degree of acceptability to system operations.
  • Risk Management - The total process to identify, control, and minimize the impact of uncertain events. The objective of the risk management program is to reduce risk and obtain and maintain DAA (Designated Approving Authority) approval.
  • Root - The root directory of a computer system or a device is the directory that directly or indirectly contains all the other directories in the computer system or on the device.
  • Rootkit - A hacker security tool that captures passwords and message traffic to and from a computer. A collection of tools that allows a hacker to provide a backdoor into a system, collect information on other systems on the network, mask the fact that the system is compromised, and much more. Rootkit is a classic example of Trojan Horse software. Rootkit is available for a wide range of operating systems.
  • Router - An interconnection device that is similar to a bridge but serves packets or frames containing certain protocols. Routers link LANs at the network layer.
  • Routing Control - The application of rules during the process of routing so as to chose or avoid specific networks, links or relays.
  • RSA - A popular, highly secure algorithm for encrypting information using public and private keys, obscurely named for the initials of its creators. RSA Security's patent on the algorithm recently expired.
  • Rules Based Detection - The intrusion detection system detects intrusions by looking for activity that corresponds to known intrusion techniques (signatures) or system vulnerabilities. Also known as Misuse Detection.

S

  • Scalable - Describes how well a system can be adapted and expanded to meet increased demands.
  • Scan - Test ports (Port Scan) or host addresses (Host Scan) in an attempt to map facility or as a "war dial" to flood an organization looking for modems.
  • Sanitize - To expunge data from storage media (e.g., diskettes, CD-ROMs, and tapes) so that data recovery is impossible. Sanitizing includes overwriting, degaussing and destruction. Clearing data does not constitute sanitizing.
  • Secure Network Server - A device that acts as a gateway between a protected enclave and the outside world.
  • Secure Shell - A completely encrypted shell connection between two machines protected by a super long pass-phrase.
  • Security - A condition that results from the establishment and maintenance of protective measures that ensure a state of inviolability from hostile acts or influences.
  • Security Architecture - A detailed description of all aspects of the system that relate to security, along with a set of principles to guide the design. A security architecture describes how the system is put together to satisfy the security requirements.
  • Security Auditing Tools - Event Viewer (Refer to Log Files definition); files and folders that are on an NTFS volume can be audited which enables you to monitor successful and failed attempts to access the resources, audit printers, and track logon events, object access, system events, and account management.
  • Security Countermeasures - Countermeasures that are aimed at specific threats and vulnerabilities or involve more active techniques as well as activities traditionally perceived as security.
  • Security Domains - The sets of objects that a subject has the ability to access.
  • Security Features - The security-relevant functions, mechanisms, and characteristics of AIS hardware and software.
  • Security Incident - Any act or circumstance that involves classified information that deviates from the requirements of governing security publications. For example, compromise, possible compromise, inadvertent disclosure, and deviation.
  • Security Kernel - The hardware, firmware, and software elements of a Trusted Computing Base that implement the reference monitor concept. It must mediate all accesses, be protected from modification, and be verifiable as correct.
  • Security Perimeter - The boundary where security controls are in effect to protect assets.
  • Security Policies - The set of laws, rules, and practices that regulate how an organization manages, protects, and distributes sensitive information.
  • Security Policy Model - A formal presentation of the security policy enforced by the system. It must identify the set of rules and practices that regulate how a system manages, protects, and distributes sensitive information.
  • Security Requirements - Types and levels of protection necessary for equipment, data, information, applications, and facilities.
  • Security Service - A service, provided by a layer of communicating open systems, which ensures adequate security of the systems or of data transfers.
  • Security Violation - An instance in which a user or other person circumvents or defeats the controls of a system to obtain unauthorized access to information contained therein or to system resources.
  • Semantic Data - See Metadata
  • Sensitive Information - "Sensitive" information is any information the loss, misuse, or unauthorized access to, or modification of, could adversely affect the national interest or the conduct of Federal programs, or the privacy to which individuals are entitled under Section 552a of Title 5, United States Code (The Privacy Act), but which has not been specifically authorized under criteria established by Executive Order or an Act of Congress to be kept secret in the interest of national defense or foreign policy. This includes information in routine DoD payroll, finance, logistics, and personnel management systems. (Certain information that the disclosure of which would constitute an unwarranted invasion of personal privacy is exempt from mandatory disclosure under the Freedom of Information Act of 1974).
  • Server - A system that provides network service such as disk storage and file transfer, or a program that provides such a service. A kind of daemon which performs a service for the requester, which often runs on a computer other than the one which the server runs.
  • Smart Card - A device that is often the same size as a credit card but that is smart enough to hold its own data and applications and do its own processing. Smart cards, which are popular in Europe but have never really taken off in the United States, can be used to store personal information, hold digital cash or prove identity. They are often contrasted with dumb cards that have magnetic strips or barcodes and rely more heavily on networks.
  • Simple Network Management Protocol (SNMP) - Software used to control network communications devices using TCP/IP.
  • Skipjack - An NSA-developed encryption algorithm for the Clipper chip. The details of the algorithm are unpublished.
  • Smurfing - A denial of service attack in which an attacker spoofs the source address of an echo-request ICMP (ping) packet to the broadcast address for a network, causing the machines in the network to respond en masse to the victim thereby clogging its network.
  • Snarf - To grab a large document or file for the purpose of using it with or without the author's permission.
  • Sneaker - An individual hired to break into places in order to test their security; analogous to tiger team.
  • Sniffer - A program to capture data across a computer network. Used by hackers to capture user id names and passwords. Software tool that audits and identifies network traffic packets. Is also used legitimately by network operations and maintenance personnel to troubleshoot network problems.
  • Spam (or Spamming) - An inappropriate attempt to use a mailing list, or USENET or other networked communications facility as if it was a broadcast medium by sending the same message to a large number of people who didn't ask for it. The term comes from a famous Monty Python skit, which featured the word spam repeated over and over.
  • SPI - Secure Profile Inspector - A network monitoring tool for Unix, developed by the Department of Energy.
  • Spoofing (IP address spoofing) - The creation of IP packets with counterfeit (spoofed) IP source addresses. An attacker can use special programs to construct IP packets that to originate from valid addresses inside the corporate intranet. After gaining access to the network with a valid IP address, the attacker can modify, reroute, or delete your data and can also conduct other types of attacks. Impersonating, masquerading, and mimicking are forms of spoofing.
  • SSL (Secure Sockets Layer) - A session layer protocol that provides authentication and confidentiality to applications.
  • Steganography - The art and science of communicating in a way that hides the existence of the communication. It is used to hide a file inside another. For example, an image can be hidden inside another graphic image file, audio file, or other file format.
  • Stelath - Virus type that takes steps to avoid detection XXX Subversion Occurs when an intruder modifies the operation of the intrusion detector to force false negatives to occur.
  • Swap File - An area operating systems such as Windows uses to increase its RAM memory by writing to the disk "temporarily". Like other deleted files, the SWAP remains until overwritten. There is a potential that these files can contain remnants of online e-mail messages, Internet browsing activity, database entries passwords, pre-encrypted files and chat. In Windows NT and Windows 200 they are called "Page Files".
  • SYN Flood - When the SYN queue is flooded, no new connection can be opened.
  • System Binaries - Binaries are used for efficiently handling large quantities of untyped data. Check your system binaries for alterations.

T

  • TCP/IP - Transmission Control Protocol/Internetwork Protocol. The suite of protocols the Internet is based on.
  • Telnet - Protocol that allows you to connect across the Internet and to log onto another computer as of you were connected directly.
  • Term Rule-Based Security Policy - A security policy based on global rules imposed for all users. These rules usually rely on a comparison of the sensitivity of the resources being accessed and the possession of corresponding attributes of users, a group of users, or entities acting on behalf of users.
  • Terminal Hijacking - Allows an attacker, on a certain machine, to control any terminal session that is in progress. An attack hacker can send and receive terminal I/O while a user is on the terminal.
  • Threat - The means through which the ability or intent of a threat agent to adversely affect an automated system, facility, or operation can be manifest. A potential violation of security.
  • Threat Assessment - Process of formally evaluating the degree of threat to an information system and describing the nature of the threat.
  • Tiger Team - Government and industry - sponsored teams of computer experts who attempt to break down the defenses of computer systems in an effort to uncover, and eventually patch, security holes.
  • Timestamp - The date and time signature of when that specific file was saved to the computer's memory.
  • Tinkerbell Program - A monitoring program used to scan incoming network connections and generate alerts when calls are received from particular sites, or when logins are attempted using certain ID's.
  • Topology - The map or plan of the network. The physical topology describes how the wires or cables are laid out, and the logical or electrical topology describes how the information flows.
  • TQM (Total Quality Management) - A management philosophy that became popular in the 1980s and 1990s. TQM is focused on continuously improving the performance of all individuals and processes in achieving customer satisfaction.
  • Trace Packet - In a packet-switching network, a unique packet that causes a report of each stage of its progress to be sent to the network control center from each visited system element.
  • Traceroute - An operation of sending trace packets for determining information; traces the route of UDP packets for the local host to a remote host. Normally traceroute displays the time and location of the route taken to reach its destination computer.
  • Trapdoor - Hidden flaw in a system mechanism that can be triggered to circumvent the system's security.
  • Transmission Protocols - Provide the mechanism for the transfer of information XXX Tripwire A software tool for security. Basically, it works with a database that maintains information about the byte count of files. If the byte count has changed, it will identify it to the system security manager.
  • Trojan Horse - A malicious program that disguises itself as a beneficial or entertaining program but that actually damages a computer or installs code that can counteract security measures (perhaps by collecting passwords) or perform other tasks (such as launching a distributed denial of service attack). Unlike a computer virus, a Trojan horse does not replicate itself. Intruders use Trojan horse programs to hide their activity, capture username and password data, and create backdoors for future access to a compromised system. A "Time Bomb" is a Trojan horse set to trigger at a particular time.
  • Trusted Computer System Evaluation Criteria - (TCSEC) A system that employs sufficient hardware and software assurance measures to allow its use for simultaneous processing of a range of sensitive or classified information.
  • Trusted Computing Base (TCB) - The totality of protection mechanisms within a computer system including hardware, firmware, and software - the combination of which are responsible for enforcing a security policy. A TCB consists of one or more components that together enforce a unified security policy over a product or system.
  • Trusted Network Interpretation - The specific security features, the assurance requirements and the rating structure of the Orange Book as extended to networks of computers ranging from isolated LANs to WANs.
  • TTY Watcher - A hacker tool that allows hackers with even a small amount of skill to hijack terminals. It has a GUI interface.
  • Tunneling Attack - An attack that attempts to exploit a weakness in a system at a low level of abstraction.

U

  • Unallocated File Space - The content that remains when files are erased or deleted in DOS, Windows, Windows 95, Windows 98 and Windows NT, and as a result, the data remains behind for discovery through the use of data recovery and/or computer forensics software utilities.
  • Unauthorized Access - The use of a computer without permission
  • User - The organization with effective ownership or control of a hard drive, not an individual using a computer.
  • User-Created Files - Files that may contain important evidence such as address books, audio/video files, image/graphics files calendars, e-mail files, Internet bookmarks/favorites, and documents.
  • User-Protected Files - Files that are either compressed, encrypted files, hidden, misnamed files, password-protected, hidden with steganography, etc.
  • Uuencode - Method for converting files from Binary to ASCII (text) so that they can be sent across the Internet via e-mail.

V

  • Vaccine - A program that attempts to detect and disable viruses.
  • Verify - The process of insuring that information has not been changed in transit or in storage, either intentionally or accidentally.
  • Virus - A malicious program that replicates itself and may cause damage to a computer system by attacking or attaching itself to boot information, another program or a document that uses macros. It is typically hidden that attaches itself to other programs and has the ability to replicate. In general computer usage, viruses are likely to be self-replicating Trojan horses.
  • Volatile Memory - Memory that loses its content when power is turned off or lost.
  • VPN (Virtual Private Network) - Most often, a remote access system that is quickly replacing traditional dial-up modem pools. With a VPN, remote users typically connect to an Internet service provider (ISP) or a private IP-based network and from there establish a secure connection with network servers via an encrypted tunnel. VPNs can also be used for secure communication across a LAN or WAN.
  • Vulnerability Analysis - Systematic examination of a network or product to determine the adequacy of security measures, identify security deficiencies, provide data from which to predict the effectiveness of proposed security measures, and confirm the adequacy of such measures after implementation.
  • Vulnerability Exploited - A majority of compromises are a result of machines running vulnerable versions of software. Intruders often use tools to exploit known vulnerabilities and gain unauthorized access. These tools are often left behind on the system in "hidden" directories.

W

  • WAIS - Wide Area Information Service - An Internet service that allows you to search a large number of specially indexed databases.
  • WAN - Wide Area Network. A physical or logical network that provides capabilities for a number of independent devices to communicate with each other over a common transmission-interconnected topology in geographic areas larger than those served by local area networks.
  • War Dialer - A program that dials a given list or range of numbers and records those which answer with handshake tones, which might be entry points to computer or telecommunications systems.
  • Web Site Defacement - The malicious defacement of a Web site.
  • Wipe - Slang term for deliberately overwriting a piece of media and removing any trace of files or file fragments. (Also called Nuked)
  • Worm Attack - Independent program that replicates from machine to machine across network connections often clogging networks and information systems as it spreads, perhaps causing denial of service.