*-property | The security principle used in the Bell-LaPadula security model that states that no subject can write to an object with a lower security classification. (See Chapter 2)
|
|
|
|
2.4GHz band | The 2400MHz band that the FCC has allowed for unlicensed transmissions. (See Chapter 12)
|
|
|
|
802.1X | An IETF standard for performing authentication over networks. (See Chapter 11)
|
|
|
|
Access Control List | A list associated with an object such as a file) that identifies what level of access each subject such as a user) has, and what they can do to the object such as read, write, or execute). (See Chapter 14)
|
|
|
|
Access controls | Mechanisms or methods used to determine what access permissions subjects such as users) have for specific objects such as files). (See Chapter 2)
|
|
|
|
Access tokens | Items carried by the user that allow them to be authenticated by the system. (See Chapter 8)
|
|
|
|
Active IDS | An intrusion detection system IDS) that can react to the traffic it is analyzing. Reactions can be simple, such as running a script or sending a TCP reset, or complex, such as forcibly logging off offending users and terminating their processes. (See Chapter 13)
|
|
|
|
ActiveX | The name given to a broad collection of APIs, protocols, and programs developed by Microsoft to automatically download and execute code over an Internet-based channel. (See Chapter 17)
|
|
|
|
Address Resolution Protocol (ARP) | The protocol used to convert IP addresses into MAC addresses. (See Chapter 9)
|
|
|
|
Algorithm | A step-by-step procedure-typically an established computation for solving a problem within a set number of steps. (See Chapter 5)
|
|
|
|
Annualized loss expectancy (ALE) | How much an event is expected to cost the business per year, given the dollar cost of the loss and how often it is likely to occur. ALE = single loss expectancy * annualized rate of occurrence. (See Chapter 14)
|
|
|
|
Annualized rate of occurrence | On an annualized basis, the frequency with which an event is expected to occur. (See Chapter 20)
|
|
|
|
Anomaly detection model | A system that focuses on unusual or unexpected activity to detect attackers. (See Chapter 13)
|
|
|
|
AOL Instant Messenger | A popular instant messaging program distributed by America Online. (See Chapter 12)
|
|
|
|
Asset | Resources or information an organization needs to conduct its business. (See Chapter 20)
|
|
|
|
Audit files | Files containing records that show who accessed a computer system and what operations he or she has performed during a given period of time. (See Chapter 13)
|
|
|
|
Audit trail | A set of records or events, generally organized chronologically, that record what activity has occurred on a system. These records often computer files) are often used in an attempt to re-create what took place when an incident occurred. They can also be used to detect possible intruders. (See Chapter 22)
|
|
|
|
Auditing | The name given to any actions or processes used to verify the assigned privileges and rights of a user, as well as any capabilities used to create and maintain a record showing who accessed a particular system and what actions they performed. (See Chapter 22)
|
|
|
|
Authentication Header (AH) | A portion of the IPSec security protocol that provides authentication services and replay-detection ability. AH can be used either by itself or with Encapsulating Security Payload ESP). Refer to RFC 2402. (See Chapter 11)
|
|
|
|
Authentication | The process by which a subject's such as a user's) identity is verified. (See Chapter 2)
|
|
|
|
AuthentiCode | A set of functions developed by Microsoft to enable code signing and content-integrity protection. (See Chapter 17)
|
|
|
|
Auto-run | A function by which a CD-ROM media that has been inserted into amachine gets automatically mounted and a program is executed. (See Chapter 8)
|
|
|
|
Availability | Part of the CIA of security. Availability applies to hardware, software, and data. All of these should be present and accessible when the subject the user) wants to access or use them. (See Chapter 2)
|
|
|
|
Backdoor | Avenues that can be used to access a system while circumventing normal security mechanisms. (See Chapter 4)
|
|
|
|
Baseline | Describes a system or software as it is built and functioning at a point in time. Serves as a foundation for comparison or measurement, providing the necessary visibility to control change. (See Chapter 21)
|
|
|
|
Baselining | The process of establishing a system's security state. This process creates the "baseline." (See Chapter 14)
|
|
|
|
Beacon frames | The frames an access point sends out several times a second to let wireless clients know it exists. (See Chapter 12)
|
|
|
|
Bell-LaPadula security model | A security model developed by the U.S. military to enforce data confidentiality. (See Chapter 2)
|
|
|
|
Best evidence rule | Courts prefer original evidence rather than a copy to ensure that no alteration of the evidence whether intentional or unintentional) has occurred. (See Chapter 23)
|
|
|
|
Biba security model | An integrity-based security model that prevents direct or indirect modification of information without authorization. (See Chapter 2)
|
|
|
|
Biometrics | An access control mechanism in which a physical characteristic, such as a fingerprint or the geometry of an individual's hand, is used to uniquely identify users. (See Chapter 3)
|
|
|
|
BIOS passwords | A password used to protect the computer's BIOS from being edited. (See Chapter 8)
|
|
|
|
Block cipher | An encryption method that separates input text into blocks before encrypting it. (See Chapter 5)
|
|
|
|
Bluetooth | A wireless technology designed as a short range approximately ten meters) Personal Area Network PAN) cable replacement technology that may be built into a variety of devices such as mobile phones, PDAs, and laptop computers. (See Chapter 3)
|
|
|
|
Bootdisk | A removable media from which a computer can be booted into an operating system. (See Chapter 8)
|
|
|
|
Bridge | A device used to segregate sections of a LAN based on layer 2 addresses. (See Chapter 10)
|
|
|
|
Buffer overflow | When a user or process supplies more data than was expected and the additional data overflows the intended storage area into other areas. (See Chapter 14)
|
|
|
|
Bus topology | The network topology where all network devices are connected to the same cable or media, called the bus. (See Chapter 9)
|
|
|
|
Business continuity plan (BCP) | A plan that details how an organization will continue operations when a disruption occurs. It will generally outline the order in which critical functions should be returned to service. (See Chapter 19)
|
|
|
|
Business impact assessment (BIA) | An assessment of the impact that a loss of critical functions will have on the organization. (See Chapter 19)
|
|
|
|
CA certificate | A certificate issued to a Certificate Authority. (See Chapter 6)
|
|
|
|
Canonicalization error | An error in determining the true name for a resource, derived from one of many representations. (See Chapter 18)
|
|
|
|
Capability Maturity Model | A structured methodology helping organizations improve the maturity of their software processes by providing an evolutionary path from ad hoc processes to disciplined software management processes. Developed at Carnegie Mellon University's Software Engineering Institutes. (See Chapter 21)
|
|
|
|
Carnivore | A software program developed by the U.S. government to implement tap and trace activity over the Internet at ISP locations. (See Chapter 24)
|
|
|
|
Centralized management | A type of privilege management that brings the authority and responsibility for managing and maintaining rights and privileges into a single group, location, or area. (See Chapter 22)
|
|
|
|
Certificate authority | An entity that is responsible for issuing and revoking certificates. CAs are typically third parties, although they exist for internal company use as well. This term is also applied to server software that provides these services. (See Chapter 6)
|
|
|
|
Certificate repository | A centralized storage location to maintain copies of digital certificates for use by authorized entities. (See Chapter 6)
|
|
|
|
Certificate revocation list | A digitally signed object that lists all of the current but revoked certificates issued by a given CA. This allows users to verify whether a certificate is currently valid even if the expiration date hasn't passed. This is analogous to a list of stolen charge card numbers that allows stores to reject bad credit cards. (See Chapter 6)
|
|
|
|
Certificate server | The actual service that issues certificates based on the data provided during the initial registration process. (See Chapter 6)
|
|
|
|
Certificates | A cryptographically signed object that contains an identity and a public key associated with this identity. The certificate can be used to establish identity, analogous to a notarized written document. (See Chapter 2)
|
|
|
|
CGI (common gateway interface) | The original method of having a web server execute a program outside the web server process, yet on the same server. (See Chapter 17)
|
|
|
|
Challenge Handshake Authentication Protocol (CHAP) | Used to provide authentication across point-to-point links using the Point-to-Point Protocol PPP). (See Chapter 11)
|
|
|
|
Change control board | A body that oversees the change management process. Enables management to oversee and coordinate projects. (See Chapter 21)
|
|
|
|
Change/configuration management | A standard methodology for performing and recording changes during software development and operation. (See Chapter 21)
|
|
|
|
CHAP | See Challenge Handshake Authentication Protocol. (See Chapter 11)
|
|
|
|
Clark-Wilson security model | An integrity-based security model that centers its security on control of the processes that are allowed to modify critical data referred to as constrained data items. The model also enforces the principle of separation of duties to limit the ability of any one individual to modify critical data. (See Chapter 2)
|
|
|
|
Closed circuit television systems (CCTV) | Television systems where the camera and monitor are on a dedicated "closed" circuit; typically used in security systems. (See Chapter 8)
|
|
|
|
Code injection | A vulnerability where code is used for input to a computer application, causing the code to be executed instead of the input being acted upon. (See Chapter 18)
|
|
|
|
Cold site | A backup operating location that will have the basic environmental controls necessary to operate but will have few of the computing components needed for processing. (See Chapter 19)
|
|
|
|
Collision attack | An attack that attempts to find two input texts that hash to the same value. (See Chapter 5)
|
|
|
|
Competent evidence | Evidence that is legally qualified and reliable. (See Chapter 23)
|
|
|
|
Confidentiality | Part of the CIA of security. Refers to the security principle that states that information should not be disclosed to unauthorized individuals. (See Chapter 12)
|
|
|
|
Configuration auditing | The process of verifying that configuration items are built and maintained according to requirements, standards, or contractual agreements. (See Chapter 21)
|
|
|
|
Configuration control | The process of controlling changes to items that have been baselined. (See Chapter 21)
|
|
|
|
Configuration identification | The process of identifying which assets need to be managed and controlled. (See Chapter 21)
|
|
|
|
Configuration item | Assets identified during configuration identification which need to be managed or controlled. (See Chapter 21)
|
|
|
|
Configuration status accounting | Procedures for tracking and maintaining data relative to each configuration item in the baseline. (See Chapter 21)
|
|
|
|
Contactless access cards | A card that contains a radio frequency transmitter capable of sending a code. When passed near a reader, the code is transmitted, allowing the system to perform authentication. (See Chapter 8)
|
|
|
|
Content-based signatures | Signatures based on the contents of specific packets or groups of packets-for example, the phrase "/etc/passwd" inside a Telnet session. (See Chapter 13)
|
|
|
|
Context-based signatures | Signatures based on how a packet or group of packets fit together compared to the traffic around them-for example, a TCP port scan. (See Chapter 13)
|
|
|
|
Control (also called countermeasure or safeguard) | A measure taken to detect, prevent, or mitigate the risk associated with a threat. (See Chapter 20)
|
|
|
|
Cookie | Information stored on a user's computer by a web server to maintain the state of the connection to the web server. Used primarily so preferences or previously used information can be recalled on future requests to the server. (See Chapter 17)
|
|
|
|
Countermeasure | See Control. (See Chapter 20)
|
|
|
|
Critical infrastructures | Those infrastructures whose loss would have a severe detrimental impact on the nation. (See Chapter 1)
|
|
|
|
Cross-certificate | A mechanism through which one CA can issue a certificate allowing its users to trust another CA. (See Chapter 6)
|
|
|
|
Cryptanalysis | The process of attempting to break a cryptographic system. (See Chapter 5)
|
|
|
|
Cryptographically random | A random number from a sequence where the sequence itself is also random and cannot be duplicated or repeated. (See Chapter 18)
|
|
|
|
Cryptography | The art of secret writing that enables an individual to hide the contents of a message or file from all but the intended recipient. (See Chapter 5)
|
|
|
|
DAP (Directory Access Protocol) | The protocol for accessing directory-based data storage structures. (See Chapter 17)
|
|
|
|
Datagram | The name sometimes given to packets in an IP network. (See Chapter 9)
|
|
|
|
Decentralized management | A type of privilege management that spreads out the authority and capability to manage privileges and rights to multiple individuals and locations. (See Chapter 22)
|
|
|
|
Decision tree | A data structure where each element in the structure is attached to one or more structures directly beneath it. Making a decision carries you down a specific branch of the tree until you reach a structure with no more branches underneath it. (See Chapter 13)
|
|
|
|
Delta backup | A backup strategy where only the portions of the files that have been changed since the last delta or full backup will be stored. (See Chapter 19)
|
|
|
|
Demonstrative evidence | Used to aid the jury; may be in the form of a model, experiment, chart, and so on, offered to prove that an event occurred. (See Chapter 23)
|
|
|
|
Denial-of-Service (DoS) attack | An attack designed to prevent resources from being used for their intended purpose. (See Chapter 9)
|
|
|
|
DHCP (Dynamic Host Configuration Protocol) | A protocol used to dynamically configure IP addresses in networks. (See Chapter 10)
|
|
|
|
DIAMETER | The DIAMETER base protocol is intended to provide an authentication, authorization, and accounting AAA) framework for applications such as network access or IP mobility. DIAMETER is a draft IETF proposal. (See Chapter 11)
|
|
|
|
Differential backup | A backup strategy in which only the files and software that have changed since the last full backup was completed are stored. (See Chapter 19)
|
|
|
|
Differential cryptanalysis | Compares the input plaintext and the output ciphertext to try and determine the key. (See Chapter 5)
|
|
|
|
Digital certificate | A digital document that establishes an association between a user and their public key. (See Chapter 6)
|
|
|
|
Digital Millenium Copyright Act (DMCA) | A law passed to update copyright issues; includes provisions restricting reverse engineering and the circumvention of encryption and security mechanisms. (See Chapter 24)
|
|
|
|
Digital rights management | A term used to denote the activities associated with the enforcement of copyright and owner rights with respect to digital works. (See Chapter 24)
|
|
|
|
Direct evidence | Oral testimony or other evidence that proves a specific fact such as an eyewitness's statement, fingerprint, photo, and so on). The knowledge of the facts is obtained through the five senses of the witness. There are no inferences or presumptions. (See Chapter 23)
|
|
|
|
Direct-sequence spread spectrum (DSSS) | A method of distributing a communication over multiple frequencies to avoid interference and detection. (See Chapter 12)
|
|
|
|
Disaster recovery plan (DRP) | A written plan developed to address how an organization will react to a natural or man-made disaster in order to ensure business continuity. Related to the concept of a business continuity plan BCP). (See Chapter 19)
|
|
|
|
Discretionary access control | An access control mechanism in which the owner of an object such as a file) can decide which other subjects such as other users) may have access to the object, and what access read, write, execute) these objects may have. (See Chapter 2)
|
|
|
|
Discretionary access control | An access control mechanism in which the owner of an object such as a file) can decide which other subjects such as other users) may have access to the object, and what access read, write, execute) these subjects may have. (See Chapter 22)
|
|
|
|
Diversity of defense | The approach of creating dissimilar security layers so that an intruder who is able to breach one layer will be faced with an entirely different set of defenses at the next layer. (See Chapter 2)
|
|
|
|
DMZ (demilitarized zone) | An area between the Internet and intranet, separated by firewalls. (See Chapter 10)
|
|
|
|
DOCSIS (Data Over Cable Service Interface Specification) | A standard for carrying digital traffic over cable TV circuits. (See Chapter 10)
|
|
|
|
Documentary evidence | Evidence in the form of business records, printouts, manuals, and the like. Much of the evidence relating to computer crimes is documentary evidence. (See Chapter 23)
|
|
|
|
Domain Name System (DNS) | The service that translates domain and system names, such as www.cnn.com, to IP addresses. (See Chapter 9)
|
|
|
|
Drive imaging | A technique that makes a complete bit-by-bit copy of a hard drive onto some other media. (See Chapter 8)
|
|
|
|
DSL (digital subscriber line) | A local phone circuit designed to directly carry digital communications. (See Chapter 10)
|
|
|
|
Dual control | The process of requiring more than one individual to recover a key. (See Chapter 6)
|
|
|
|
Due care | The legal duty for a party to act reasonably and responsibly to avoid causing loss or injury to another. (See Chapter 19)
|
|
|
|
Due diligence | The legal duty of investigating and ensuring that due care has been used. (See Chapter 19)
|
|
|
|
Dumpster diving | The process of going through a target's trash searching for information that can be used in an attack, or to gain knowledge about a system or network. (See Chapter 4)
|
|
|
|
Dynamic Host Configuration Protocol (DHCP) | A protocol for dynamically and temporarily assigning IP addresses to network devices. (See Chapter 9)
|
|
|
|
EAPOL | Extensible Authentication Protocol EAPOL) over LAN is an encapsulated method of passing EAP messages over 802 frames. (See Chapter 11)
|
|
|
|
Electronic Communications Privacy Act (ECPA) | Congressional law designed to address the myriad legal privacy issues that resulted from the increasing use of computers and other technology specific to telecommunications, e-mail, cellular communications, workplace privacy, and various other electronic communication areas. (See Chapter 24)
|
|
|
|
Elite hackers | The most technically competent of individuals conducting intrusive activity on the Internet. These individuals not only can exploit vulnerabilities that are discovered but are also the ones that are usually responsible for finding these vulnerabilities. (See Chapter 1)
|
|
|
|
E-mail hoax | An e-mail that has a compelling story, seemingly true, but that is almost invariably false, and which requests you to send it to others. (See Chapter 16)
|
|
|
|
Encryption | The art of obscuring data by making it cryptic as in scrambling data). (See Chapter 16)
|
|
|
|
Escalation auditing | The process of looking for an increase in privileges, such as when an ordinary user obtains administrator-level privileges. (See Chapter 22)
|
|
|
|
E-Sign law | Common name for the Electronic Signatures in Global and National Commerce Act, a law that enables digital signatures to be legally recognized when used with contracts. (See Chapter 24)
|
|
|
|
ESP | ESP is a portion of the IPSec implementation that provides for data confidentiality with optional authentication and replay-detection services. ESP completely encapsulates user data in the datagram. ESP can be used either by itself or in conjunction with Authentication Headers for varying degrees of IPsec services. (See Chapter 11)
|
|
|
|
European Union (EU) | A governmental association of the states that comprise the countries of Europe. (See Chapter 24)
|
|
|
|
Evidence | The documents, verbal statements, and material objects admissible in a court of law. (See Chapter 23)
|
|
|
|
Exclusionary rule | Evidence collected in violation of the Fourth Amendment of the United States Constitution, the Electronic Communications Privacy Act ECPA), or other aspects of the United States Code, may not be admissible in court. (See Chapter 23)
|
|
|
|
Exposure factor | A measure of the magnitude of loss of an asset. Used in the calculation of single loss expectancy SLE). (See Chapter 20)
|
|
|
|
Extranet | An extension of a company's intranet functionality to select groups of people for specific business purposes. (See Chapter 10)
|
|
|
|
False negatives | Term used to define when a system denies the existence of an object that is there. The commonest use of the term concerns a biometric system that denies access to an authorized individual. (See Chapter 8)
|
|
|
|
False positive | Term used when a security system makes an error and incorrectly reports the existence of a searched-for object. Examples include when an intrusion detection system misidentifies benign traffic as hostile, an antivirus program reports the existence of a virus in software that actually is not infected, or a biometric system allows access to a system to an unauthorized individual. (See Chapter 8)
|
|
|
|
Family Education Records and Privacy Act (FERPA) | Congressional law created to protect student records in higher education. (See Chapter 24)
|
|
|
|
Fault tolerance | A method to ensure high availability is accomplished through the mirroring of data and systems. Should a "fault" occur, causing disruption in a device, the mirrored system provides the requested data with no apparent interruption in service. (See Chapter 19)
|
|
|
|
File Transfer Protocol (FTP) | File Transfer Protocol is an application level protocol used to transfer files over a network connection. (See Chapter 17)
|
|
|
|
Firmware update | The process of updating software stored in non-volatile memory such as EPROMS). The hardware and software used to run routers, switches, and many network devices is called firmware. (See Chapter 14)
|
|
|
|
Forensics | The preservation, identification, documentation, and interpretation of computer data for use in legal proceedings. (See Chapter 23)
|
|
|
|
Free space | Sectors on a storage medium that are available for the operating system to use. (See Chapter 23)
|
|
|
|
Full backup | A backup strategy in which all files and software are copied onto the storage media. (See Chapter 19)
|
|
|
|
Gramm Leach Bliley Act (GLB) | Congressional law dealing with privacy issues in the financial industry. (See Chapter 24)
|
|
|
|
Group | A group of users with a common, shared criteria or trait. (See Chapter 22)
|
|
|
|
Guidelines | Recommendations relating to a policy. They are not mandatory steps. (See Chapter 3)
|
|
|
|
Hacker | The term used most often to refer to individuals who attempt to gain unauthorized access to computer systems or networks. An alternative term, offered by many in the security community, is cracker. (See Chapter 2)
|
|
|
|
Hacktivist | A hacker whose activities are motivated by a personal cause or position. (See Chapter 1)
|
|
|
|
Hardening | The process of securing and preparing a system for the production environment. (See Chapter 14)
|
|
|
|
Hash | Form of encryption that creates a digest of the data put into the algorithm. These algorithms are referred to as one-way algorithms because there is no feasible way to decrypt what has been encrypted. (See Chapter 5)
|
|
|
|
Health Insurance Portability Accountability Act (HIPAA) | Congressional law regulating privacy associated with medical records. (See Chapter 24)
|
|
|
|
Hearsay rule | Second-hand evidence not gathered from the personal knowledge of a witness. (See Chapter 23)
|
|
|
|
Hierarchical trust mode | A trust model in which CAs are subordinate to other CAs, forming a hierarchy. (See Chapter 6)
|
|
|
|
High availability | The ability to maintain availability of data and operational processing despite a disrupting event of any sort. (See Chapter 19)
|
|
|
|
Highly structured threat | Threats characterized by a much longer period of preparation years is not uncommon), tremendous financial backing, and a large and organized group of attackers. It may include efforts to subvert insiders as well as plant individuals inside a potential target in advance of an attack. (See Chapter 1)
|
|
|
|
Honeypot/honeynet | A computer system or portion of a network that has been set up to attract potential intruders to it in the hope that they will leave the other systems alone. Since there is no legitimate user of this system, any attempt to access it is an indication of unauthorized activity and provides an easy mechanism to spot attacks. (See Chapter 13)
|
|
|
|
Host security | Takes a granular view of security by focusing on protecting each computer and device individually instead of addressing protection of the network as a whole. (See Chapter 2)
|
|
|
|
Host-based IDS | An intrusion detection system running on a single system that only examines and reports activity for that specific system. (See Chapter 13)
|
|
|
|
Hot site | A fully configured backup environment similar to the normal operating environment that can be operational within a few hours. (See Chapter 19)
|
|
|
|
Hotfix | A small software update designed to address a specific problem, such as a buffer overflow in an application that exposes the system to attack. (See Chapter 14)
|
|
|
|
HTML (Hypertext Markup Language) | The protocol designated for the transfer of hypertext-linked data over the Internet, from web servers to browsers. (See Chapter 17)
|
|
|
|
Hub | A device that makes connections between devices at the physical layer. (See Chapter 10)
|
|
|
|
HVAC | Heating, Ventilation, and Air Conditioning systems. (See Chapter 3)
|
|
|
|
Hybrid trust model | A trust model that is a combination of hierarchical and peer-to-peer in nature. (See Chapter 6)
|
|
|
|
IEEE 802.11 | A set of standards for wireless networks which are well suited for the local area network environment. The normal mode for this standard is to have computers with 802.11 network cards communicate with a wireless access point. (See Chapter 3)
|
|
|
|
IKE | See Internet Key Exchange. (See Chapter 11)
|
|
|
|
Impact | The result of a vulnerability being exploited by a threat, resulting in a loss. (See Chapter 20)
|
|
|
|
Incident response | The process of responding to, containing, analyzing, and recovering from an incident. (See Chapter 13)
|
|
|
|
Incremental backups | A backup strategy in which files that have changed since the last full or incremental backup occurred are stored. (See Chapter 19)
|
|
|
|
Inetd | The master services daemon used by many UNIX operating systems. This daemon listens for incoming connections and then activates the appropriate service to handle those incoming connections. (See Chapter 14)
|
|
|
|
Information warfare | Warfare conducted against the information and information processing equipment used by an adversary. (See Chapter 1)
|
|
|
|
initialization vector | The initializing input for the algorithm, designed to enhance security by adding additional variance. (See Chapter 12)
|
|
|
|
Intangible asset | An asset for which a monetary equivalent cannot be determined. Examples are brand recognition and goodwill. (See Chapter 20)
|
|
|
|
Integrity | Part of the CIA of security, the security principle that requires that information is not modified except by individuals authorized to do so. (See Chapter 2)
|
|
|
|
Internet Control Message Protocol (ICMP) | The protocol designed to carry error, network control and availability, and traffic flow messages. (See Chapter 9)
|
|
|
|
Internet Key Exchange (IKE) | The protocol formerly known as ISAKMP/ Oakley, defined in RFC 2409. A hybrid protocol that uses part Oakley and part of SKEME protocol suites inside the Internet Security Association and Key Management Protocol ISAKMP) framework. IKE is used to establish a shared security policy and authenticated keys for services that require keys such as IPSec). (See Chapter 11)
|
|
|
|
Internet Protocol (IP) | The protocol responsible for moving packets around the Internet. (See Chapter 9)
|
|
|
|
Internet Security Association and Key Management Protocol (ISAKMP) | A protocol framework that defines the mechanics of implementing a key exchange protocol and negotiation of a security policy. (See Chapter 7)
|
|
|
|
Internet | The global connection of networks. (See Chapter 10)
|
|
|
|
Intranet | An internal network utilizing TCP/IP protocols, but limited to direct company personnel access. (See Chapter 10)
|
|
|
|
Intrusion detection system | A system to identify suspicious, malicious, or undesirable activity that indicates a breach in computer security. (See Chapter 13)
|
|
|
|
IPSec | IP Security, a protocol used to secure IP packets during transmission across a network. IPSec offers authentication, integrity, and confidentiality services. It uses Authentication Headers AHs) and Encapsulating Security Payload ESP) to accomplish this functionality. (See Chapter 7)
|
|
|
|
Key archiving system | A method of maintaining backups and historical records of private keys. (See Chapter 6)
|
|
|
|
Key escrow | A method to allow governmental access to your encrypted information with a court order, by which both you and the government have a copy of your private key. (See Chapter 5)
|
|
|
|
Key management | The name of the process that keeps the shared secrets from being exposed to unauthorized parties. (See Chapter 5)
|
|
|
|
Key recovery | The process or retrieving a key from a key escrow system. (See Chapter 6)
|
|
|
|
Key | In cryptography, a sequence of characters or bits used by an algorithm to encrypt or decrypt a message. (See Chapter 5)
|
|
|
|
Keyspace | The entire set of all possible keys for a specific encryption algorithm. (See Chapter 5)
|
|
|
|
Layer Two Tunneling Protocol (L2TP) | L2TP is a Cisco switching protocol that operates at the data-link layer. (See Chapter 11)
|
|
|
|
Layered access | The concept of making users pass through multiple types of security to reach critical assets that make those assets harder to attack. (See Chapter 8)
|
|
|
|
Layered security | An approach to security which provides multiple layers of protection so that if one layer is breached, other protective layers still exist to defeat the attacker. (See Chapter 2)
|
|
|
|
LDAP (Lightweight Directory Access Protocol) | A subset of DAP providing the most commonly used functionality. (See Chapter 17)
|
|
|
|
Least privilege | A security principle in which a subject is provided with the minimum set of rights and privileges that the subject needs in order to perform its function. The goal is to limit the potential damage that any subject can cause. (See Chapter 2)
|
|
|
|
Linear cryptanalysis | Puts the plaintext through a simple version of the algorithm to try and retrieve the key. (See Chapter 5)
|
|
|
|
Local Area Network (LAN) | A small, typically local network covering a relatively small area such as a single floor of an office building. (See Chapter 9)
|
|
|
|
Logic bomb | A piece of code that sits dormant for a period of time until some event invokes its payload. (See Chapter 15)
|
|
|
|
Low-Water-Mark policy | A policy useful in integrity-based security models that prevents subjects from modifying objects of a higher integrity level. This policy has the unfortunate side effect of lowering the subject's integrity level each time an object of a lower level is accessed, thus forcing the subject's level to the lowest possible on the system. (See Chapter 2)
|
|
|
|
Mail relaying | Many Internet e-mail servers, by default, allow any host to send e-mail to any other host-this is called using the server as a mail relay. E-mail servers should disallow this and only permit mail to be sent from their individual domain (See Chapter 16)
|
|
|
|
Malware | Also known as malicious code, this refers to software that has been designed for some nefarious purpose. (See Chapter 15)
|
|
|
|
Mandatory access control | An access control mechanism in which the security mechanism controls access to all objects files), and individual subjects processes or users) cannot change that access. (See Chapter 2)
|
|
|
|
Man-in-the-middle attack | A type of attack that generally occurs when attackers are able to place themselves in the middle of two other hosts that are communicating in order to view and/or modify the traffic. (See Chapter 15)
|
|
|
|
Media Access Control (MAC) address | The hardware address used to uniquely identify each device on a network. (See Chapter 9)
|
|
|
|
Misuse detection model | A system that looks for suspicious activity or activity that violates specific policies or matches pre-defined, undesirable patterns. (See Chapter 13)
|
|
|
|
Mitigate | Action taken to reduce the likelihood of a threat occurring. (See Chapter 20)
|
|
|
|
Modem (modulator-demodulator) | A device used to convert digital to analog and back for signal transmission over analog circuits. (See Chapter 10)
|
|
|
|
Multifactor | Using more than one authentication mechanism at the same time. (See Chapter 2)
|
|
|
|
Multiple encryption | An encryption method that runs the input through the algorithm multiple times with different keys to improve security. (See Chapter 5)
|
|
|
|
Multiple-factor authentication | An authentication scheme in which a user must use a combination of something they have, something they know, and something they are biometrics). (See Chapter 8)
|
|
|
|
Mutual aid agreements | An agreement in which similar organizations agree to assume the processing for the other in the event a disaster occurs. (See Chapter 19)
|
|
|
|
Mutual authentication | A process in which each side of an electronic communication verifies the authenticity of the other. (See Chapter 2)
|
|
|
|
Network Address Translation (NAT) | The protocol that allows the use of private, internal IP addresses for internal traffic and public IP addresses for external traffic. (See Chapter 9)
|
|
|
|
Network interface card (NIC) | The specific hardware interface for a network connection. (See Chapter 10)
|
|
|
|
Network operating system | An operating system that includes additional functions and capabilities to assist in connecting computers and devices, such as printers, to a local area network. (See Chapter 14)
|
|
|
|
Network operations center (NOC) | The point from which network functionality is monitored and controlled. (See Chapter 10)
|
|
|
|
Network security | Places an emphasis on controlling access to internal computers from external entities. (See Chapter 2)
|
|
|
|
Network | A group of two or more devices linked together to share data and resources. (See Chapter 9)
|
|
|
|
Network-based IDS | An intrusion detection system that collects network traffic, much like a sniffer, and analyzes it for suspicious, malicious, or anomalous activity. (See Chapter 13)
|
|
|
|
Nonrepudiation | The ability to verify that a message has been sent and received. This is a property of a system that prevents the parties to a transaction from subsequently denying involvement in the transaction. (See Chapter 2)
|
|
|
|
Operating system | The basic software on a computer that handles things such as input, output, display, memory management, and all the other highly detailed tasks required to support the user environment and associated applications. (See Chapter 14)
|
|
|
|
Operational model of computer security | Protection = Prevention + Detection + Response) (See Chapter 2)
|
|
|
|
Packet | A small chunk of data transmitted from one device to another. (See Chapter 9)
|
|
|
|
Passive IDS | An IDS that merely monitors traffic and does not interact with, nor interfere with, the traffic it examines. (See Chapter 13)
|
|
|
|
Passphrase | A password created from a phrase, selection of text, song lyrics, and so on. (See Chapter 14)
|
|
|
|
Password policy | A policy that covers all aspects of password management, such as password selection criteria, aging, lockouts, rotation, and dissemination. (See Chapter 14)
|
|
|
|
Patch | A formal, usually large, software update that may address one or more software problems. (See Chapter 14)
|
|
|
|
Patriot Act | A law passed post-9/11 to increase government surveillance powers and facilitate the fight against terrorism. (See Chapter 24)
|
|
|
|
Peer-to-peer model | A trust model characterized by CAs trusting each other in a flat structure, where individual trust relationships occur at the same level. (See Chapter 6)
|
|
|
|
Permissions | Authorized actions a subject can perform on an object. See also access control. (See Chapter 22)
|
|
|
|
Phreaking | Used in the media to refer to the hacking of computer systems and networks associated with the phone company. See also cracking. (See Chapter 2)
|
|
|
|
Physical security | Consists of all mechanisms used to ensure that physical access to the computer systems and networks is restricted to only authorized users. (See Chapter 3)
|
|
|
|
Piggybacking | The simple tactic of following closely behind a person who has just used their own access card or PIN to gain physical access to a room or building. (See Chapter 4)
|
|
|
|
Ping sweep | The systematic "pinging" of IP addresses to determine which is assigned to a currently active computer system. (See Chapter 1)
|
|
|
|
Plug-in | Small application programs that increase a browser's ability to handle new data types and add new functionality. (See Chapter 17)
|
|
|
|
Policies and procedures | Written guidelines for employees. (See Chapter 8)
|
|
|
|
Policies | High-level statements made by management laying out the organization's position on some issue. (See Chapter 3)
|
|
|
|
Port scan | The systematic scanning of ports on a specific system to determine which ports currently are active/open with an application listening on it/responding to connection requests. (See Chapter 1)
|
|
|
|
Pretty Good Privacy (PGP) | A popular encryption program. It has the ability to encrypt and digitally sign e-mail and files. (See Chapter 16)
|
|
|
|
Preventative IDS | An intrusion detection system designed to detect and prevent malicious activity from occurring, usually by closing, rejecting, or resetting connections containing suspicious or malicious traffic. (See Chapter 13)
|
|
|
|
Privilege auditing | The process of checking the rights and privileges assigned to a specific account or group of accounts. (See Chapter 22)
|
|
|
|
Procedures | Step-by-step instructions that describe exactly how employees are expected to act in a given situation or to accomplish a specific task. (See Chapter 3)
|
|
|
|
Process identifier | A unique number given to each running process or program). (See Chapter 14)
|
|
|
|
Protocol | An agreed-upon format for exchanging information between systems. (See Chapter 9)
|
|
|
|
PTPP | PPTP is a network protocol that enables the secure transfer of data from a remote PC to a server by creating a VPN across a TCP/IP network. (See Chapter 11)
|
|
|
|
Public Key Infrastructure (PKI) | Infrastructure for binding a public key to a known user through a trusted intermediary, typically a certificate authority. (See Chapter 6)
|
|
|
|
Qualitative risk assessment | The process of subjectively determining the impact of an event that affects a project, program, or business. Qualitative risk assessment usually involves the use of expert judgment, experience, or group consensus to complete the assessment. (See Chapter 20)
|
|
|
|
Quantitative risk assessment | The process of objectively determining the impact of an event that affects a project, program, or business. Quanitative risk assessment usually involves the use of metrics and models to complete the assessment. (See Chapter 20)
|
|
|
|
RADIUS | Remote Authentication Dial-In User Service is a standard protocol for providing authentication services. It is commonly used in dial-up, wireless, and PPP environments. (See Chapter 11)
|
|
|
|
RC4 stream cipher | Rivest's Cipher 4 RC4) is a symmetric encryption method that works in a stream mode instead of a block mode. (See Chapter 12)
|
|
|
|
Real evidence | Also known as associative or physical evidence, real evidence consists of tangible objects that prove or disprove a fact. Physical evidence links the suspect to the scene of a crime. (See Chapter 23)
|
|
|
|
Realtime Blackhole List | A list of hosts known to relay or produce spam e-mails that is maintained in real time. This is used by many mail servers to auto-reject mail from hosts on the list. (See Chapter 16)
|
|
|
|
Registration authority (RA) | The component of a PKI that accepts a request for a digital certificate and performs the necessary steps of registering and authenticating the person requesting the certificate. (See Chapter 6)
|
|
|
|
Relaying | When a mail server handles a message and neither the sender nor the recipient is a local user. (See Chapter 14)
|
|
|
|
Relevant evidence | Evidence that is material to the case or has a bearing on the matter at hand. (See Chapter 23)
|
|
|
|
Replay attack | An attack in which the attacker captures a portion of network traffic between two parties and retransmits it at a later time. (See Chapter 15)
|
|
|
|
Requirements phase | A step in the software development process where all the requirements for the end product are documented. (See Chapter 18)
|
|
|
|
Residual risk | Risks remaining after an iteration of risk management. (See Chapter 20)
|
|
|
|
Reverse social engineering | This technique is similar to social engineering in that attackers are attempting to obtain information that can be used in an attack, but in this case, the attacker uses techniques to convince the target to initiate the contact. (See Chapter 4)
|
|
|
|
Ring policy | A policy useful in integrity-based security models that prevents subjects from modifying objects of a higher integrity level. It does not have the same side effect that the Low-Water-Mark policy has of lowering the subject's integrity level whenever the subject accesses an object with a lower integrity level. (See Chapter 2)
|
|
|
|
Ring topology | The network topology where each device is connected to two other devices so that all the devices are connected together in a ring. (See Chapter 9)
|
|
|
|
Risk assessment (or risk analysis) | The process of analyzing an environment to identify the threats, vulnerabilities, and mitigating actions to determine either quan- titatively or qualitatively) the impact of an event that would affect a project, program, or business. (See Chapter 20)
|
|
|
|
Risk management | Overall decision-making process of identifying threats and vulnerabilities and their potential impacts, determining the costs to mitigate such events, and deciding what actions are cost-effective to take to control these risks. (See Chapter 20)
|
|
|
|
Risk | The possibility of suffering harm or loss. (See Chapter 20)
|
|
|
|
Role | A job or set of job functions and responsibilities needed to carry out specific tasks for example, backup operator). (See Chapter 22)
|
|
|
|
Role-based access control (RBAC) | An access control mechanism in which, instead of the users being assigned specific access permissions for the objects associated with the computer system or network, a set of roles that the user may perform will be assigned to each user. (See Chapter 2)
|
|
|
|
Router | A device used to direct traffic across a network based on layer 3 addresses (See Chapter 10)
|
|
|
|
Run level | The operating mode of a UNIX system such as single-user, multi-user without networking, or multi-user with networking. The run level determines what services are activated and available. (See Chapter 14)
|
|
|
|
Routing | The process of moving packets from the source to the destination across multiple networks. (See Chapter 9)
|
|
|
|
Safe Harbor | A mechanism for self-regulation of EU privacy concerns that can be enforced through trade practice law via the Federal Trade Commission. (See Chapter 24)
|
|
|
|
Safeguard | See Control. (See Chapter 20)
|
|
|
|
Sarbanes-Oxley Act | Congressional law designed to combat issues of corporate governance and responsibility. (See Chapter 24)
|
|
|
|
Script kiddies | Individuals who do not have the technical expertise to develop scripts or discover new vulnerabilities in software but who have just enough understanding of computer systems to be able to download and run scripts that others have developed. (See Chapter 1)
|
|
|
|
Secure Sockets Layer (SSL) | SSL is an encrypting layer between the session and transport layer of the OSI model designed to encrypt above the transport layer, enabling secure sessions between hosts. (See Chapter 7)
|
|
|
|
Secure/Multipurpose Internet Mail Extensions (S/MIME) | Secure/Multipurpose Internet Mail Extensions is an encrypted implementation of the MIME Multipurpose Internet Mail Extensions) protocol specification. (See Chapter 7)
|
|
|
|
Security Association (SA) | An instance of security policy and keying material applied to a specific data flow. Both IKE and IPSec use SAs, although these SAs are independent of one another. IPSec SAs are unidirectional and they are unique in each security protocol, whereas IKE SAs are bidirectional. A set of SAs are needed for a protected data pipe, one per direction per protocol. SAs are uniquely identified by destination IPSec endpoint) address, security protocol AH or ESP), and security parameter index SPI). (See Chapter 11)
|
|
|
|
Security topology | The layout of a computer network from a security perspective, frequently including a DMZ between two sets of firewalls, isolating the internal network from the outside Internet. (See Chapter 10)
|
|
|
|
Segregation/separation of duties | A basic control that prevents or detects errors and irregularities by assigning responsibilities to different individuals such that no single individual can commit fraudulent or malicious actions. (See Chapter 21)
|
|
|
|
Senate Bill 1386 (SB1386) | A California law with implications for identity theft. (See Chapter 24)
|
|
|
|
Separation of duties | A principle employed in many organizations to ensure that no single individual has the ability to conduct transactions alone. (See Chapter 19)
|
|
|
|
Server | A machine that provides services to multiple users on a network. (See Chapter 10)
|
|
|
|
Service level agreements (SLAs) | Contractual agreements between entities describing specified levels of service that the servicing entity agrees to guarantee for the customer. (See Chapter 19)
|
|
|
|
Service pack | A bundled set of software updates, fixes, and additional functions contained in a self-installing package. (See Chapter 14)
|
|
|
|
Service set identifier (SSID) | Identifies a specific 802.11 wireless network. It transmits information about the access point that the wireless client is connecting to. (See Chapter 12)
|
|
|
|
Shared secret | A key value that needs to be known by both parties for them to communicate with symmetric encryption. (See Chapter 5)
|
|
|
|
Shift cipher | A cipher in which every letter is moved a number of places down the alphabet. (See Chapter 5)
|
|
|
|
Shoulder surfing | A procedure in which attackers position themselves in such a way as to be able to observe the authorized user entering the correct access code. (See Chapter 4)
|
|
|
|
Signature | A predefined pattern of behavior used by an IDS to identify suspicious or malicious activity. (See Chapter 13)
|
|
|
|
Simple Security Rule | The security principle used in the Bell-LaPadula security model that states that no subject can read from an object with a higher security classification. (See Chapter 2)
|
|
|
|
Single loss expectancy (SLE) | Monetary loss or impact of each occurrence of a threat. SLE = asset value * exposure factor. (See Chapter 20)
|
|
|
|
Single sign-on | An authentication process where the user can enter a single user ID and password and then be able to move from application to application or resource to resource without having to supply further authentication information. (See Chapter 22)
|
|
|
|
Slack space | Unused space on a disk drive created when a file is smaller than the allocated unit of storage such as a sector). (See Chapter 23)
|
|
|
|
Smart card | Card that possesses integrated circuits, allowing it to store information; especially useful for storing cryptographic information. (See Chapter 8)
|
|
|
|
SMTP | Simple Mail Transfer Protocol, the standard Internet protocol used to transfer e-mail between hosts. (See Chapter 16)
|
|
|
|
Sniffers | Software or hardware devices that are used to observe traffic as it passes through a network on shared broadcast media. (See Chapter 15)
|
|
|
|
SNMP (Simple Network Management Protocol) | The protocol used to control network devices and functionality across a network. (See Chapter 10)
|
|
|
|
SOAP (Simple Object Access Protocol) | A method of remote object access (See Chapter 17)
|
|
|
|
Social engineering | The art of deceiving another individual so that they reveal confidential information. This is often accomplished by posing as an individual who should be entitled to have access to the information. (See Chapter 3)
|
|
|
|
Software configuration item | See configuration item. (See Chapter 21)
|
|
|
|
Software exploitation | An attack that takes advantage of bugs or weaknesses in software. (See Chapter 15)
|
|
|
|
Software problem report | A document used by the change control board to track changes to software. (See Chapter 21)
|
|
|
|
Spam | E-mail that is not requested by the recipient and is typically of a commercial nature. Also known as unsolicited commercial e-mail UCE). (See Chapter 16)
|
|
|
|
Spiral model | A software engineering process model characterized by a repeating series of steps. (See Chapter 18)
|
|
|
|
Spoofing | A type of attack in which data is made to look like it has come from a different source. (See Chapter 15)
|
|
|
|
SSH | SSH is a set of protocols for establishing a secure remote connection to a computer. This protocol requires a client on each end of the connection and can use a variety of encryption protocols. (See Chapter 11)
|
|
|
|
SSL | SSL is an encrypting layer between the session and transport layer of the OSI model designed to encrypt above the transport layer, enabling secure sessions between hosts. (See Chapter 17)
|
|
|
|
Standards | Accepted specifications providing specific details on how a policy is to be enforced. (See Chapter 3)
|
|
|
|
Standards | Accepted specifications providing specific details on how a policy is to be enforced. (See Chapter 19)
|
|
|
|
Star topology | The network topology where all network devices are connected to a single, central point. (See Chapter 9)
|
|
|
|
Stream cipher | An encryption method that encrypts information in a stream-that is, bit by bit. (See Chapter 5)
|
|
|
|
Structured threat | A threat characterized by a greater amount of planning, a longer period of time to conduct the activity, more financial backing to accomplish it, and the possible corruption of, or collusion with, insiders. Criminal organizations or well-organized "hacking" groups fall into this category. (See Chapter 1)
|
|
|
|
Subnet mask | A mask used to indicate how to interpret a given IP address; the mask tells how much of the IP address is being used for the network portion and how much is being used for the host portion. (See Chapter 9)
|
|
|
|
Subnet | The prefix potion of an IP address used to describe the network portion of the IP address. (See Chapter 9)
|
|
|
|
Sufficient evidence | Evidence that is convincing or measures up without question (See Chapter 23)
|
|
|
|
Superuser | A title associated with user accounts that have broad administrative capabilities, such as "administrator" under Windows or "root" under UNIX. (See Chapter 22)
|
|
|
|
Switch | A device used to direct traffic in a network based on layer 2 addresses. (See Chapter 10)
|
|
|
|
TACACS+ | Terminal Access Controller Access Control System+ TACACS+) protocol is the current generation of the TACACS family. (See Chapter 11)
|
|
|
|
Tangible asset | An asset for which a monetary equivalent can be determined. Examples are inventory, buildings, cash, hardware, software, and so on. (See Chapter 20)
|
|
|
|
TCP wrappers | Software filters that can compare incoming and outgoing network connections to lists or authorized and unauthorized connections and then allow or reject the connections based on a defined policy. (See Chapter 14)
|
|
|
|
TCP/IP hijacking | Also called session hijacking, this refers to attacks designed to take control of an already existing session between a client and a server. (See Chapter 15)
|
|
|
|
TEMPEST | Transient Electromagnetic Pulse Emanation Standard. (See Chapter 3)
|
|
|
|
Testing phase | The point in the software development process where the end product is compared to the input requirements to validate proper functionality. (See Chapter 18)
|
|
|
|
Threat | Any circumstance or event with the potential to cause harm to an asset. (See Chapter 20)
|
|
|
|
Three-way handshake | The three-way packet exchange sequence SYN, SYN/ACK, ACK) that initiates a TCP connection. (See Chapter 9)
|
|
|
|
Token | A hardware device that can be used in a challenge-response authentication process. (See Chapter 2)
|
|
|
|
Topology | The shape or arrangement of a network, such as bus, star, ring, or mixed. (See Chapter 9)
|
|
|
|
Transmission Control Protocol (TCP) | A connection-oriented protocol that provides guaranteed, reliable delivery of data. (See Chapter 9)
|
|
|
|
Transport layer security (TLS) | A newer form of SSL being proposed as an Internet standard. (See Chapter 17)
|
|
|
|
Transposition cipher | A cipher where the same letters are used but the order has been changed. (See Chapter 5)
|
|
|
|
Trapdoor functions | A type of math problem that is very difficult to solve unless you know a certain value. (See Chapter 5)
|
|
|
|
Trojan horse | Sometimes known simply as Trojan, this is a piece of software that appears to do one thing and may, in fact, actually do that thing) but which hides some other functionality. (See Chapter 15)
|
|
|
|
Uniform Electronic Transactions Act (UETA) | Congressional law permitting the use of electronic signatures in communications with government. (See Chapter 24)
|
|
|
|
Uninterruptible power supplies | Devices designed to provide power to essential equipment for a period of time when normal power is lost. (See Chapter 3)
|
|
|
|
Unsolicited commercial e-mail | The more technical name for spam e-mail. It is e-mail trying to sell you something when you have not requested information about that particular product or service. (See Chapter 16)
|
|
|
|
Unstructured threat | A threat that is generally short-term in nature, does not involve a large group of individuals, does not have large financial backing, and does not generally include collusion with insiders. Individual attackers fall into this category of threat. (See Chapter 1)
|
|
|
|
URL (Uniform Resource Locator) | A unique Internet address for a resource. (See Chapter 17)
|
|
|
|
Usage auditing | The process of recording who did what and when on an information system. (See Chapter 22)
|
|
|
|
USB devices | Devices that utilize the Universal Serial Bus port to connect to the computer. (See Chapter 8)
|
|
|
|
Use case | A set of sample inputs and known correct responses to use in the testing of a section of functionality, whether module, subsystem, system, or application. (See Chapter 18)
|
|
|
|
User Datagram Protocol (UDP) | A connectionless protocol that provides no error correction or reliability, but is very lightweight and efficient. (See Chapter 9)
|
|
|
|
User ID | A unique alphanumeric identifier that identifies individuals when logging in or accessing a system. (See Chapter 22)
|
|
|
|
User | An individual that uses a computer or information system. (See Chapter 22)
|
|
|
|
Vigenère cipher | An early polyalphabetic substitution cipher. (See Chapter 5)
|
|
|
|
Virtual local area network (VLAN) | A broadcast domain inside a switched system. (See Chapter 10)
|
|
|
|
Virtual private network (VPN) | An encrypted network connection across another network, offering a private communication channel across a public medium. (See Chapter 11)
|
|
|
|
Virus | A piece of malicious code that replicates by attaching itself to another piece of executable code. (See Chapter 15)
|
|
|
|
Vulnerability | Characteristic of an asset that can be exploited by a threat to cause harm. (See Chapter 20)
|
|
|
|
WAP GAP | The transition point between the wireless network's encryption and the Internet's encryption protocols, leaving any data in the "gap" in plaintext. (See Chapter 12)
|
|
|
|
Wardialing | The term used to describe an attacker's attempt to discover unprotected modem connections to computer systems and networks. (See Chapter 15)
|
|
|
|
WarDriving | The term used to refer to the activity where attackers wander throughout an area often in a car) with a computer with wireless capability, searching for wireless networks they can access. (See Chapter 15)
|
|
|
|
Warm site | A partially configured backup processing facility usually having the peripherals and software but perhaps not the more expensive main processing computer. (See Chapter 19)
|
|
|
|
Waterfall model | A software engineering process model characterized by a linear series of steps in a sequential fashion. (See Chapter 18)
|
|
|
|
Web Service | A remote procedure invoked on a remote computer via common data formats and protocols. (See Chapter 17)
|
|
|
|
Wide area network (WAN) | A computer network that spans a large geographic area, such as a network connecting offices in different cities. (See Chapter 9)
|
|
|
|
Wired Equivalent Privacy (WEP) | The encryption scheme used to attempt to provide confidentiality and data integrity on 802.11 networks. (See Chapter 7)
|
|
|
|
Wireless Application Protocol (WAP) | A protocol for transmitting data to small handheld devices like cellular phones. (See Chapter 7)
|
|
|
|
Wireless Transport Layer Security (WTLS) | The encryption protocol that is used on WAP networks. (See Chapter 7)
|
|
|
|
Workstation | Typically, a client or end-user machine attached to a network. (See Chapter 10)
|
|
|
|
Worm | A piece of code that attempts to propagate through penetration of networks and computer systems. (See Chapter 15)
|
|
|
|
X.509 standard | The standard format for digital certificates. (See Chapter 6)
|
|
|
|
XML (Extensible Markup Language) | A protocol for describing data. (See Chapter 17)
|
|
|
|
XOR | Bitwise exclusive OR, an operation commonly used in cryptography. (See Chapter 5)
|