S

A hacker who hires out for legal cracking jobs, snooping for factions in corporate political fights, lawyers pursuing privacy-rights and First Amendment cases, and other parties with legitimate reasons to need an electronic locksmith.

Security Administrator Tool for Analyzing Networks—a tool for remotely probing and identifying the vulnerabilities of systems on IP networks. A powerful, freeware program that helps to identify system security weaknesses.

A device that acts as a gateway between a protected enclave and the outside world.

A completely encrypted shell connection between two machines protected by a super long pass phrase.

A condition that results from the establishment and maintenance of protective measures that ensure a state of inviolability from hostile acts or influences.

A detailed description of all aspects of the system that relate to security, along with a set of principles to guide the design. A security architecture describes how the system is put together to satisfy the security requirements.

A search through a computer system for security problems and vulnerabilities.

Countermeasures that are aimed at specific threats and vulnerabilities or involve more active techniques, as well as activities traditionally perceived as security

The sets of objects that a subject has the ability to access.

The security-relevant functions, mechanisms, and characteristics of AIS hardware and software.

Any act or circumstance that involves classified information that deviates from the requirements of governing security publications. For example, compromise, possible compromise, inadvertent disclosure, and deviation.

The hardware, firmware, and software elements of a Trusted Computing Base that implement the reference monitor concept. It must mediate all accesses, be protected from modification, and be verifiable as correct.

Piece of information that represents the sensitivity of a subject or object, such as its hierarchical classification (e.g., CONFIDENTIAL, SECRET, TOP SECRET), together with any applicable nonhierarchical security categories (e.g., sensitive compartmented information, critical nuclear weapon design information).

The combination of a hierarchical classification and a set of nonhierarchical categories that represents the sensitivity of information.

The ADP official having the designated responsibility for the security of an ADP system.

The boundary where security controls are in effect to protect assets.

The set of laws, rules, and practices that regulate how an organization manages, protects, and distributes sensitive information.

A formal presentation of the security policy enforced by the system. It must identify the set of rules and practices that regulate how a system manages, protects, and distributes sensitive information.

Types and levels of protection necessary for equipment, data, information, applications, and facilities.

A service provided by a layer of communicating open systems that ensures adequate security of the systems or of data transfers.

An instance in which a user or other person circumvents or defeats the controls of a system to obtain unauthorized access to information contained therein or to system resources.

A system that provides network service, such as disk storage and file transfer, or a program that provides such a service. A kind of daemon that performs a service for the requester, which often runs on a computer other than the one which the server runs.

A protocol used by phone companies. That has three basic functions: supervising, alerting, and addressing. Supervising monitors the status of a line or circuit to see if it is busy, idle, or requesting service. Alerting indicates the arrival of an incoming call. Addressing is the transmission of routing and destination signals over the network in the form of dial tone or data pulses.

Software used to control network communications devices using TCP/IP

An NSA-developed encryption algorithm for the clipper chip. The details of the algorithm are unpublished.

A DoS attack in which an attacker spoofs the source address of an echo-request ICMP (ping) packet to the broadcast address for a network, causing the machines in the network to respond en masse to the victim, thereby clogging its network.

To grab a large document or file for the purpose of using it with or without the author's permission.

An individual hired to break into places in order to test their security; analogous to a tiger team.

A program to capture data across a computer network. Used by hackers to capture userid names and passwords. A software tool that audits and identifies network traffic packets. It is also used legitimately by network operations and maintenance personnel to troubleshoot network problems.

To crash a program by overrunning a fixed-site buffer with excessively large input data. Also, to cause a person or newsgroup to be flooded with irrelevant or inappropriate messages.

Information operations that by their sensitive nature, due to their potential effect or impact, security requirements, or risk to the national security of the United States, require a special review and approval process (DODD S-3600.1 of 9 Dec. 96).

Secure Profile Inspector—a network monitoring tool for UNIX, developed by the Department of Energy.

Pretending to be someone else. The deliberate inducement of a user or a resource to rake an incorrect action. Attempt to gain access to an AIS by pretending to be an authorized user. Impersonating, masquerading, and mimicking are forms of spoofing.

Secure Sockets Layer—A session layer protocol that provides authentication and confidentiality to applications.

Occurs when an intruder modifies the operation of the intrusion detector to force false negatives to occur.

The SYN queue is flooded and no new connection can be opened.