SANS GIAC Information Security KickStart ©2000 Page 1 of 13
SANS GIAC Information Security KickStart
Glossary of Terms
Term Definition
Access Control Mechanism(s) used to restrict access to an object.
ACL Access Control List. A list of resources and the
permissions or authorizations allowed.
Active Code/Active Content Generic term for software delivered via the world Wide
Web that executes directly on the user's computer.
Alert A formatted message describing a circumstance relevant
to network security. Alerts are often derived from critical
audit events.
Analog Communications Method of communications that involves continuous
modification of energy waves.
ASCII American Standard Code for Information Interchange. The
system of representing characters as fixed patterns of data
bits.
Assurance A measure of confidence that the security features and
architecture of a system or service accurately mediate and
enforce the security policy.
Asymmetric Encryption The process of encoding information by using both a
distributed public key and a secret, private key. See Public
Key Cryptography.
Attack An attempt to bypass security controls on a computer. The
attack may alter, release, or deny data. Whether an attack
will succeed depends on the vulnerability of the computer
system and the effectiveness of existing countermeasures.
Audit The independent examination of records and activities to
ensure compliance with established controls, policy, and
operational procedures, and to recommend any indicated
changes in controls, policy, or procedures.
Audit Trail In computer security systems, a chronological record of
system resource usage. This includes user login, file
access, other various activities, and whether any actual or
attempted security violations occurred, legitimate and
unauthorized.
Authenticate To establish the validity of a claimed user or object.
Authentication To positively verify the identity of a user, device, or other
entity in a computer system, often as a prerequisite to
allowing access to resources in a system.
Authorization Granting a user, program, or process the right of access.
Availability Assuring information and communications services will be
ready for use when expected.
Back Door A hole in the security of a computer system deliberately left
in place by designers, maintainers or an attacker.
Synonymous with trap door; a hidden software or
hardware mechanism used to circumvent security controls.
Biometrics The science of identifying a person by using unique human
characteristics such as voice, fingerprints or iris scan.
Black Hat An unethical hacker.
Breach The successful defeat of security controls which could
result in a penetration of the system. A violation of controls
of a particular information system such that information
assets or system components are unduly exposed.
SANS GIAC Information Security KickStart ©2000 Page 2 of 13
Term Definition
Brute Force Attack An attack method that uses every possible combination of
keys or passwords in order to break a code or system.
Buffer Overflow This happens when more data is put into a buffer or
holding area than the buffer can handle. This is due to a
mismatch in processing rates between the producing and
consuming processes, or a system or program's inability to
correctly handle more data than it was designed to receive.
This can result in system crashes or the creation of a back
door leading to system access.
Bug An unwanted and unintended property of a program or
piece of hardware, especially one that causes it to
malfunction.
Business Continuity The activities required to keep an organzation operational
during a period of displacement or interruption of normal
operations.
CA See Certificate Authority
Central Office A telephone company building in which a phone switching
system is located. A location where voice and data
communications circuits are collected and managed.
Certificate A piece of code that binds an object's name to a particular
public encryption key.
Certificate Authority An organization that assigns, manages, and revokes
certificates.
CGI See Common Gateway Interface.
Challenge Handshake Authentication
Protocol
Protocol the uses a Challenge-Response process for
authentication.
Challenge-Response Authentication protocol that combines a "challenge" sent
by a server in combination with a "response" to that
challenge to authenticate a user.
CHAP See Challenge Handshake Authentication Protocol.
Checksum A calculated value used to detect changes in an object.
Checksums are typically used to detect errors in network
transmissions or changes in system files.
Circuit Switching Communications method that relies on establishing
temporary circuits between two points and maintaining that
circuit for the duration of the connection.
COAST Computer Operations, Audit, and Security Technology - is
a multiple project, multiple investigator laboratory in
computer security research in the Computer Sciences
Department at Purdue University. It functions with close
ties to researchers and engineers
Common Gateway Interface The method that Web servers use to allow interaction
between servers and programs. Allows for the creation of
dynamic and interactive web pages. They also tend to be
the most vulnerable part of a web server (besides the
underlying host security).
Compromise An intrusion into a computer system where unauthorized
disclosure, modification or destruction of sensitive
information may have occurred.
SANS GIAC Information Security KickStart ©2000 Page 3 of 13
Term Definition
Computer Abuse The willful or negligent unauthorized activity that affects
the availability, confidentiality, or integrity of computer
resources. Computer abuse includes fraud,
embezzlement, theft, malicious damage, unauthorized use,
denial of service, and misappropriation.
Computer Fraud Computer-related crimes involving deliberate
misrepresentation or alteration of data in order to obtain
something of value.
Computer Security Technological and managerial procedures applied to
computer systems to ensure the availability, integrity and
confidentiality of information managed by the computer
system.
Computer Security Incident Any intrusion or attempted intrusion into an automated
information system. Incidents can include probes of
multiple computer systems.
Computer Security Intrusion Any event of unauthorized access or penetration to an
automated information system.
Confidentiality Assuring information will be kept secret, with access
limited to appropriate persons.
Connectionless Protocol Communication method that transfers information across a
network but does not ensure or guarantee the receipt of
the information.
Connection-Oriented Protocol Communication method that exchanges control information
(usually referred to as a "handshake") prior to transmitting
data and exchanges acknowledgement messages while
the data is being exchanged.
Cookie A small bit of information sent by a Web server to a
browser to enable a user to carry information from one
Web session to another.
COTS Software Commercial Off The Shelf - Software acquired through a
commercial vendor. This software is a standard product,
not developed by a vendor for a particular government or
commercial project.
Countermeasures Action, device, procedure, technique, or other measure
that reduces the vulnerability of an automated information
system. Countermeasures that are aimed at specific
threats and vulnerabilities involve more sophisticated
techniques as well as activities traditionally perceived as
security.
Crack A popular hacking tool used to decode encrypted
passwords. System administrators also use Crack to
assess weak passwords by novice users in order to
enhance the security of a system.
Cracker One who breaks security on a system.
Cracking The act of breaking into a computer system.
Crash A sudden, usually drastic failure of a computer system.
Cryptanalysis Definition 1) The analysis of a cryptographic system and/or
its inputs and outputs to derive confidential variables
and/or sensitive data including cleartext.
Definition 2) Operations performed in converting encrypted
messages to plain text without initial knowledge of the
crypto-algorithm and/or key employed in the encryption.
SANS GIAC Information Security KickStart ©2000 Page 4 of 13
Term Definition
Cryptography The practice concerning the principles, means, and
methods for rendering plain text unintelligible and for
converting encrypted messages into intelligible form.
Cryptology The science which deals with hidden, disguised, or
encrypted communications.
Cyberspace Describes the world of connected computers and the
society that gathers around them. Commonly known as the
INTERNET.
Dark-side Hacker A criminal or malicious hacker.
Data Encryption Standard 1) (DES) An unclassified crypto algorithm adopted by the
National Bureau of Standards for public use. 2) A
cryptographic algorithm for the protection of unclassified
data, published in Federal Information Processing
Standard (FIPS) 46. The DES, which was approved by the
National Institute of Standards and Technology (NIST), is
intended for public and government use.
Decryption The process of turning an encrypted message back into
readable form
Defense in Depth Security based on multiple mechanisms to present
successive layers of protection. In this way, the failure of
one security component will not result in the complete
compromise of the system.
Demilitarized Zone A network that is neither part of the internal network nor
directly part of the Internet. Basically, a network sitting
between two networks, usually used to host e-commerce
or shared services. (Editor’s Note: the term screened
subnet is sometimes used for this particular definition of
DMZ. Where this definition refers to a screened subnet, a
DMZ is defined as a network that is effectively part of the
Internet. - JEK)
Demon Dialer A program which repeatedly calls the same telephone
number. This is benign and legitimate for access to a BBS
or malicious when used as a denial of service attack.
Denial of Service Action(s) which prevent any part of a system or service
from functioning in accordance with its intended purpose.
DES See Data Encryption Standard
Dial-Back Security The process whereby a user connects to a dial-up service,
authenticates him/herself, then disconnects from the
service. The service then dials the user back at a
predetermined number.
Dictionary Attack The use of one or more common language dictionaries in a
systematic attempt to guess passwords.
Digital Communications Method of communications that involves converting
information into discrete numeric (typically binary) values.
Digital Signature The use of cryptographic techniques to prove authenticity
of a document or message.
Disaster Recovery The process of rebuilding an operation or infrastructure
after a disaster.
Discretionary Security Security that is applied at the discretion of a system
operator or information owner.
Distributed Denial of Service A Denial of Service attack that uses multiple machine to
amplify the effect of the attack.
DMZ See Demilitarized Zone
SANS GIAC Information Security KickStart ©2000 Page 5 of 13
Term Definition
DNS Spoofing Assuming the DNS name of another system by either
corrupting the name service cache of a victim system, or
by compromising a domain name server for a valid
domain.
Domain Hijacking The unauthorized act of taking over an organization's
domain name.
Due Care Applying reasonable and customary measures to provide a
minimum level of security controls.
Dumpster Diving Searching through trash bins or waste receptacles looking
for sensitive or valuable information.
Encryption The process of disguising a message in such a way as to
hide its substance.
Ethernet Sniffing Listening with software to the Ethernet interface for
packets that interest the user. When the software sees a
packet that fits certain criteria, it logs it to a file. The most
common criteria for an interesting packet is one that
contains words like login or password.
Fault Tolerance The ability of a system or component to continue normal
operation despite the presence of hardware or software
faults.
Fingerprinting A method of determining the type of operating system a
computer is using by sending specially crafted packets to it
and examining the responses.
Firewall A system or combination of systems that enforces a
boundary between two or more networks. A gateway that
limits access between networks in accordance with local
security policy.
Hacker A person who enjoys exploring the details of computers
and how to stretch their capabilities. A malicious or
inquisitive meddler who tries to discover information by
poking around. A person who enjoys learning the details of
programming systems and how to stretch their capabilities,
as opposed to most users who prefer to learn on the
minimum necessary.
Hacking Unauthorized use, or attempts to circumvent or bypass the
security mechanisms of a system or network.
Hash A one-way transformation mechanism. The use of
mathematical calculations to determine a unique value for
a piece of data in such a way that the original data can not
be derived directly from the hash value.
Header The portion of a data packet that contains information
about the source, destination, type and contents of the
packet.
Host A single computer or workstation; it can be connected to a
network.
HTML See HyperText Markup Language.
HyperText Markup Language The encoding method used to create and display
information on the World Wide Web.
ICMP See Internet Control Message Protocol.
IDEA See International Data Encryption Algorithm
Identification The process of describing the identity of a person or
process.