Glossary for Fundamentals of Network Security

<$TFgFill=X;>Glossary01/10/2019

Glossary for Fundamentals of Network Security

18 US Code 1029 (Credit Card Fraud)—This federal statute makes it a federal crime for a person to possess 15 or more counterfeit credit cards. (Chapter 5)

18 US Code 1030 (Computer Fraud and Abuse)—This federal statute is the basis for federal intervention in computer crimes. (Chapter 5)

18 US Code 2319 (Copyrights)—This federal statute defines the criminal punishments for any person who violates a copyright. (Chapter 5)

18 US Code 2511 (Interception)—This federal statute is the wiretap law and makes it illegal to intercept telephone calls or other electronic communications. (Chapter 5)

18 US Code 2701 (Access to Electronic Information)—This federal statute prohibits unlawful access to stored communications and prohibits preventing authorized users from accessing systems that store electronic communications. (Chapter 5)

acceptable use of computers—Defines what activities are acceptable on computer systems owned by the organization. (Chapter 6)

access attack—The attempt to gain information the intruder is not authorized to see. (Chapter 2)

access control—A mechanism used to restrict access to files, folders, or systems based on the identification and authentication of the user. (Chapters 1, 4)

access point—The wireless network's main connection point to the wired network. (Chapter 20)

account lockout policy—The policy that determines the number of invalid logon attempts allowed before a user account is locked. (Chapters 16, 17)

account management procedures—The steps taken to add new users to systems, remove users in a timely manner, and determine what areas of the network the user will have access to. (Chapter 8)

accountability—The process administration uses to account for an individual's activities and to assign responsibility for actions that have taken place on an information system. (Chapter 4)

Active Directory (AD)—The directory service integrated with the Windows 2003 operating system (OS). (Chapter 17)

Active Directory Domains and Trusts—A tool used in Windows 2000/2003 to launch the Domain Manager, manage trust relationships, set OS mode, and define User Principal Name (UPN) suffixes for the forest. (Chapter 17)

Active Directory Sites and Services—A tool used in Windows 2000/2003 to administer replication topology, add and remove sites, move computers to a site, add a subnet to a site, associate a subnet with a site, and create a site link. (Chapter 17)

Active Directory Users and Computers—A tool used in Windows 2000/2003 to manage objects in a domain. This tool adds, moves, deletes, and modifies attributes for Active Directory. (Chapter 17)

active response—A response by an intrusion detection system (IDS) that directly attempts to impede an attacker's actions. (Chapter 13)

actual security environment—The actual compliance with security policy by management and employees. (Chapter 8)

Address Resolution Protocol (ARP) spoofing—A tactic used to forge the MAC address of a system to get packets directed to the attacking computer. (Chapter 3)

administrative security—Practices that fall under the areas of policies, procedures, resources, responsibility, education, and contingency plans. (Chapter 9)

administrative shares—Hidden shares established by default in Windows NT/2000/2003 to allow administrators access to the root of hard drives and the system folders for remote administration. (Chapters 16, 17)

administrator account—The primary account on Windows NT/2000/2003 used to administer the computer or network. (Chapter 16)

ADSIEdit—Tool used in Windows 2000/2003 that allows the use of LDAP operations against directory partitions. (Chapter 17)

agents—The people or organization originating a security threat. (Chapter 7)

anti-virus software—Software specifically designed to defend PCs against malicious code. (Chapter 14)

application behavior analyzer—A type of HIDS sensor that examines calls between applications and the OS to see if the application is allowed to perform the action. (Chapter 13)

application layer firewalls—Also known as proxy firewalls, software that sits on a general-purpose OS or a firewall appliance and enforces policy rules through the use of proxies. (Chapter 10)

ARP spoofing —See Address Resolution Protocol (ARP) spoofing.

asset classification and control—The process of protecting both physical and information assets. (Chapter 9)

audit—1. A function in an OS that provides administrators with a historic record of events and activities that occurred on an information system for future reference. (Chapter 4) 2. In the context of a security policy, the process used by an organization to examine systems for compliance with policies. (Chapter 6)

auditing—The process put in place to monitor the activities of users on a computer or a network. (Chapter 16)

authentication server—The centralized source of authentication services for 802.1X. (Chapter 20)

availability—In information systems, availability is the security service that provides services so users can access the information, applications, and systems to accomplish their responsibilities. (Chapter 4)

backup—The copies of critical information that are archived in the event of a system crash or a disaster. (Chapter 4)

backup policy—The policy an organization has in place documenting how backup operations will be conducted. (Chapter 8)

backup procedures—Derived from the backup policy, backup procedures identify when backups are run, and they specify the steps to be taken in making the backups and storing them securely. (Chapter 9)

best case—A method for measuring risk. In this scenario, the intrusion is immediately identified, the problem is corrected, and the overall damage to the organization is limited. (Chapter 7)

best practices—A set of recommendations that generally provides an appropriate level of security. A combination of those practices proved to be most effective at various organizations. (Chapter 9)

biometrics—The use of something related to the human body—for example, fingerprints, retina/iris prints, palm prints, hand geometry, facial geometry, or voice recognition—to authenticate an individual's access. (Chapter 1)

Blowfish—A private key encryption algorithm that allows for variable-length keys up to 448 bits and was optimized for execution on 32-bit processors. (Chapter 12)

broadband—Technology used to provide users with high-speed access to the Internet. (Chapter 14)

brute-force attack—An attempt by a hacker to gain access to a system by trying to log on to one or many accounts using different combinations of characters to guess or crack a password. (Chapter 16)

buffer overflow—The process of overwhelming a computer system with the intent of causing the system to be compromised or allowing the attacker to have elevated privileges
to the system. (Chapter 3)

business continuity management—Assessment of the risks of business interruptions and contingency plans to offset those risks to enable the business to survive. (Chapter 9)

business-to-business (B2B)—The segment of e-commerce in which businesses use the Internet and technology to reduce costs, place orders, and track materials and products ordered for transactions between businesses. (Chapter 19)

business-to-consumer (B2C)—The segment of e-commerce in which businesses use the Internet and technology to provide goods and services to customers. (Chapter 19)

CAST-128—A private key algorithm used in later versions of PGP that uses a 128-bit encryption key. (Chapter 12)

certificate authority (CA)—A central management entity that issues or verifies security credentials. (Chapter 12)

change control procedure—The process used by an organization to verify the current system configuration and provide for the testing and approval of a new configuration before
it is implemented. (Chapter 6)

Chief Information Security Officer (CISO)—An executive-level position responsible for managing information security risk. (Chapter 9)

chmod—The Unix command used to change the directory or file permissions. (Chapter 15)

ciphertext—Information after it has been obfuscated by an encryption algorithm. (Chapter 12)

client comfort—The trust in a company that a customer will feel regarding the company's capability to deliver the product that is ordered. (Chapter 19)

client-side security—The processes and procedures that are taken on the customer's computer to protect personal and account information. (Chapter 19)

communications and operations management—Documented procedures for computers and networks, as well as the security of information in transit. (Chapter 9)

communications security—The measures employed to secure information while it is in transit. (Chapters 1, 19)

compliance—Processes to ensure that users of an organization are following established policies and procedures. (Chapter 9)

computer security—The means used to protect information on computer systems. (Chapter 1)

computer use policy—Specifies who can use the organization's computer systems and how those systems can be used. (Chapter 6)

confidentiality—A service that provides an organization the environment of secrecy of information. When properly used, confidentially allows only authorized users access to that information. (Chapter 4)

confidentiality mechanisms—Mechanisms put in place to ensure the confidentiality of the information of an organization, which include physical controls, computer access controls, and file encryption. (Chapter 4)

configuration management—The process used by an organization to control authorized changes and identify unauthorized changes. (Chapters 6, 19)

configuration management procedures—The steps defined for making changes to production systems, including upgrading software and hardware, bringing new systems online, and removing systems that are no longer needed. (Chapter 9)

contingency plans—Plans developed based on risk assessment to allow for the quickest recovery and the least impact to business in recovering from an incident. (Chapter 9)

cookie—A file that is placed on a client's computer by a web server and used to identify the client. Cookies can be stored in cleartext or encrypted. (Chapter 19)

cost of downtime—The costs that an organization incurs, such as lost revenue, remediation, and loss of customer faith when operations are disrupted. (Chapter 19)

countermeasures—The measures taken by an organization to address the identified vulnerabilities of an information system. (Chapter 7)

cryptanalysis—The art of analyzing cryptographic algorithms with the intent of identifying weaknesses. (Chapter 12)

cryptographer—An individual who practices cryptography. (Chapter 12)

cryptography—The art of concealing information using encryption. (Chapter 12)

data archival procedures—These procedures specify how often backup media is to be reused and how the media is to be disposed of. (Chapter 9)

data center events—Disasters that affect data centers. A Disaster Recovery Plan should provide procedures for a major event within a data center. This plan should take into account procedures to follow if the data center is not usable and what steps should be taken to reconstitute it. (Chapter 6)

Data Encryption Standard (DES)—A private key encryption algorithm developed by IBM in the early 1970s that operates on 64-bit blocks of text and uses a 56-bit key. With today's hardware systems, it is possible to brute-force a DES key in 35 minutes. The United States National Institute of Standards and Technology (NIST) has stated “Single DES will be permitted for legacy systems only.” (12)

deception—An active response by an IDS that is intended to fool the attacker into believing he or she has been successful and not yet discovered, while the target system is actually being protected from the attacker. One example of a deception tactic is the use of a honey pot. (Chapter 13)

decryption—The process used by encryption systems to convert ciphertext into plaintext. (Chapter 12)

demilitarized zone (DMZ)—An isolated network area segregated from the internal network, usually by a firewall, containing systems that can be directly accessed by external users, such as Internet users or partner networks. (Chapters 15, 18)

denial of access to applications—The tactic of denying the user access to the application that displays or processes the information. (Chapter 2)

denial of access to information—The tactic of making information the user wants to see unavailable. (Chapter 2)

denial of access to systems—The tactic used by an attacker to make a computer system completely inaccessible by anyone. (Chapter 2)

denial-of-service (DoS) attack—The process of preventing the normal operation of a system (such as by flooding a server (e-mail, Web, or resource) with packets to use up bandwidth that would otherwise be allocated to normal traffic) and, thus, deny access to legitimate users. (Chapters 2, 3)

dial-back modems—Modems used to increase the security of dial-up systems by using preset numbers for the system to call to ensure the location of the user calling in. (Chapter 9)

Diffie-Hellman key exchange—A public key encryption algorithm developed in 1976 to solve the problem of key distribution for private key encryption systems. Diffie-Hellman cannot be used to encrypt or decrypt information, but it is used to exchange secret keys. (Chapter 12)

digital signature—A method of authenticating electronic information by using encryption. (Chapter 12)

Digital Signature Algorithm (DSA)—An algorithm developed by the United States government as a standard for digital signatures. (Chapter 12)

disaster recovery—The processes and procedures to protect systems, information, and capabilities from extensive disasters such as fire, flood, or extreme weather events. (Chapter 4)

disaster recovery plan—The procedure an organization uses to reconstitute a networked system after a disaster. (Chapter 8)

DMZ—See demilitarized zone.

DNS Spoofing—A tactic used by attackers that allows an attacker to intercept information from a target computer. (Chapter 3)

domain—Computers that are grouped together to form an administrative boundary for users, groups, computers, and organizational units. (Chapter 17)

Domain Name Service (DNS)—A service that is used to resolve domain names to actual Internet Protocol (IP) addresses. (Chapter 18)

downstream liability—The concept that an organization must take reasonable care and appropriate measures to secure its systems, so an attacker cannot easily penetrate those systems and use them as a platform for launching an attack against other organizations. (Chapter 5)

dual firewall—A network configuration that uses two firewalls, locating Internet-accessible systems between the firewalls and placing the internal network behind the second firewall. (Chapter 10)

dual-firewall architecture—Uses two firewalls to separate the DMZ from the external and internal networks. This gives the organization layered security and better protection against attack. (Chapter 18)

due diligence—The act of taking reasonable care or attention to a matter, which is sufficient to avoid a claim of negligence. (Chapter 5)

dynamic network address translation (NAT)—The process used to map multiple internal IP addresses to a single external IP address. (Chapter 18)

dynamic password—A password that changes each time a user logs on to the system. (Chapter 9)

eavesdropping—The process of obtaining information by being positioned in a location that information is likely to pass. (Chapter 2)

e-commerce—A technological means for businesses to conduct transactions across the Internet. (Chapter 19)

Elgamal—A variant of the Diffie-Hellman system enhanced to provide encryption, with one algorithm for encryption and another for authentication. (Chapter 12)

elliptic curve encryption—A public-key encryption system based on a mathematical problem related to elliptic curves. Because the elliptical curve problem is difficult, keys
are generally smaller and computations are faster for the same level of security over Rivest-Shamir-Adleman (RSA) and Diffie-Helman. (Chapter 12)

e-mail policy—Governs the activities of the e-mail systems used by organizations. (Chapter 6)

emergency repair disk (ERD)—A disk prepared from a computer to be used in case the computer crashes. The settings can be restored from the disk. (Chapter 16)

emissions security—The measures used to limit the release of electronic emissions. (Chapter 1)

Encrypting File System (EFS)—Encryption included in Windows 2000/2003 to provide better data protection. (Chapter 17)

encryption—The process of changing ciphertext into plaintext. (Chapter 12)

encryption algorithm—The procedures used for encrypting information systems data. (Chapter 11)

enforcement measures—Measures established by an organization used to deal with employees who fail to comply with organization policies. (Chapter 9)

event—In the context of a security risk, this is the type of action that poses a threat. (Chapter 7)

evidence collection—The process used by law enforcement officials to collect information and materials to help determine who is involved in an incident. (Chapter 5)

expectation of privacy—The right of a person to be free of unnecessary public scrutiny or to be let alone. (Chapter 5)

Extensible Authentication Protocol (EAP)—The protocol used in authentication exchange and defined by Request for Comments (RFC) 2284. (Chapter 20)

fail-over—Provisions for the reconstitution of information or a capability. Fail-over systems are put into place to detect failures, and then to reestablish capability by the use of redundant hardware. (Chapters 4, 11)

file integrity checker—A type of HIDS sensor that monitors files for changes by the use of checksums and digital signatures. (Chapter 13)

file permissions—The permissions granted to a user to allow access to files on the system. (Chapter 16)

file snooping—A reconnaissance event normally performed by an internal user to test file and folder permissions to see what they can access. (Chapter 13)

filter—In the context of a firewall, a filter watches the traffic traveling across the connection. The filter will not allow an unwanted packet into the internal network. (Chapter 10)

filtering—Using filters on a firewall to allow you to watch the traffic traveling across the connection and respond to packets in a certain way. If a particular type of packet is not allowed, the filter will catch that packet and deny it access to the internal network. (Chapter 10)

firewall—A network access control device (either hardware or software) designed to allow appropriate traffic to flow, while protecting access to an organization's network or computer system. (Chapters 1, 10)

firewall rule set—A set of rules installed on a firewall that determine if a firewall will reject or accept a packet. (Chapter 10)

generic services proxy (GSP)—The response by vendors of application layer firewalls
to allow the application layer firewall to handle protocols for which a specific proxy does not exist. The GSP allows application layer proxies to handle other protocols needed by security and network administrators. (Chapter 10)

Global Catalog (GC)—Servers containing partial replicas of all the domains in the AD
and the full replica of the schema and configuration naming contexts, so systems containing sensitive information are secure. (Chapter 17)

global time—The concept the Internet brings to the world where the customer can place orders from anywhere in the world at any time of the day. (Chapter 19)

Gnutella—A peer-to-peer sharing program that allows users to share their hard drives and files. (Chapter 14)