- Kerberos
-
A third-party trusted host authentication system devised at MIT within Project Athena. The Kerberos authentication server is a central system that knows about every principal and its passwords. It issues tickets to principals who successfully authenticate themselves . These tickets can be used to authenticate one principal (e.g., a user ) to another (e.g., a server application). Kerberos sets up a session key for the principals that can be used to protect the privacy and integrity of the communication. For this reason, the Kerberos system is also called a key distribution center.
- Key Management Infrastructure (KMI)
-
Framework established to issue, maintain, and revoke keys accommodating a variety of security technologies, including the use of software.
- Keystroke monitoring
-
A type of software used to record every key pressed by a user and every character that the system returns to the user.
- Labeling
-
Process of assigning a representation of the sensitivity of a subject or object.
- Layered solution
-
The judicious placement of security protections and attack countermeasures that can provide an effective set of safeguards that are tailored to the unique needs of a customer's situation.
- Leapfrog attack
-
The use of illicitly obtained logon ID and password used on one host in order to compromise another host. Using Telnet to go through multiple hosts in order to avoid a trace.
- Letterbomb
-
An e-mail containing data intended to do malicious acts to the recipient's system.
- Local Area Network (LAN)
-
A limited-distance, high-speed data communication system that links computers into a shared system (two to thousand) and is entirely owned by the user. Cabling typically connects these networks.
- Macro virus
-
A virus that attaches itself to documents and uses the macro programming capabilities of the document's application to execute and propagate.
- Malicious code
-
Software or firmware designed to initiate an unauthorized process on an information system (a.k.a. malware ); A virus, worm, Trojan horse, or other code-based entity that infects a host, typically with malicious intent.
- Man-in-the-middle attack
-
An attack in which an attacker inserts itself between two parties and pretends to be one of the parties. The best way to thwart this attack is for both parties to prove to each other that they know a secret that is only known to them. This is usually done by digitally signing a message and sending it to the other party, as well as asking the other party to send a digitally signed message.
- Masquerading
-
An attack in which an attacker pretends to be someone else. The best way to thwart this attack is to authenticate a principal by challenging it to prove its identity.
- MD5
-
A message digest algorithm that digests a message of arbitrary size to 128 bits. MD5 is a cryptographic checksum algorithm.
- Message digest
-
The result of applying a one-way function to a message. Depending on the cryptographic strength of the message digest algorithm, each message will have a reasonably unique digest. Furthermore, the slightest change to the original message will result in a different digest. Message digest functions are called "one-way" because knowing the message digest, one cannot reproduce the original message. Encrypted message digests result in integrity-protected messages.
- Mimicking
-
See Spoofing.
- Mission Needs Statement (MNS)
-
Describes the mission need or deficiency; identifies the threat and the projected threat environment.
- Mobile code
-
Software transferred across a network and executed on a local system without explicit installation or execution by the recipient. Such code usually has the intention of compromising performance or security, or it is used to grant unauthorized access in order to corrupt data, deny service, or steal data resources; examples of mobile code software are Java, JavaScript, VBScript, and ActiveX.
- Motivation
-
The specific technical goal that a potential adversary wants to achieve by an attack (e.g., gain unauthorized access; modify, destroy or prevent authorized access).
- Multiple component incident
-
A single incident that encompasses two or more incidents.
- Multipurpose Internet Mail Extensions (MIME)
-
A specification for formatting non-ASCII messages so that they can be sent over the Internet. MIME enables graphics, audio, and video files to be sent and received via the Internet mail system. In addition to e-mail applications, Web browsers also support various MIME types. This enables the browser to display or output files that are not in HTML format. The Internet Engineering Task Force (IETF) defined MIME in 1992.
See also Secure Multipurpose Internet Mail Extensions (S/MIME).