A

Agreed-upon principles set forth by a company to govern how the employees of that company may use resources such as computers and Internet access.

An attack aimed at gaining access to your resources.

The means of giving or restricting user access to network resources. This is usually accomplished through the use of an ACL (Access Control List).

Controls, or restrictions, determining who can access a system and its resources.

List of rights that an object has to resources in the network. Also a type of firewall. In this case, the list resides on a router and determines which machines can use the router and in what direction.

The point at which access to a network is accomplished. This is often used in relation to WAP (Wireless Access Point).

The act of being responsible for an item. The administrator is often accountable for the network and the resources on it.

The act of keeping track of activity. Most often, this is used to refer to tracking users' interaction with network resources via log files that are routinely scanned and checked.

See acknowledgment.

A message confirming that the data packet was received. This occurs at the Transport layer of the OSI model.

See Access Control List.

The replacement for NT Directory Service (NTDS) that is included with Windows 2000. It acts similarly to NDS (Novell Directory Services), which is now known as eDirectory in NetWare 6, because it is a true X.500-based directory service.

A response generated in real time.

Also known as TCP/IP hijacking. This involves the attacker gaining access to a host in the network and logically disconnecting it from the network.

A technology implemented by Microsoft that allows customized controls, icons, and other features to increase the usability of web-enabled systems.

Any action undertaken by a user.

Anomaly Detection-Intrusion Detection Systems work by looking for deviations from a pattern of "normal" network traffic.

A network created when two RF-capable devices are brought within transmission range of each other. A common example is handheld PDAs beaming data to each other.

A set of rules that govern administrative usage of the system.

The user who is accountable and responsible for the network.

A FIPS publication that specifies a cryptographic algorithm for use by the U.S. government. See also FIPS.

See Advanced Encryption Standard.

A header used to provide connectionless integrity and data origin authentication for IP datagrams, and used to provide protection against replays.

See annualized loss expectancy.

A notification that an unusual condition exists and should be investigated.

The series of steps/formula/ process that is followed to arrive at a result.

The component or process that analyzes the data collected by the sensor.

A calculation that is used to identify risks and calculate the expected loss each year.

A calculation of how often a threat will occur. For example, a threat that occurs once every five years would have an annualized rate of occurrence of 1/5, or 0.2.

The act of looking for variations from normal operations (anomalies) and reacting to them.

Authentication that does not require a user to provide a username, password, or any other identification before accessing resources.

A category of software that uses various methods to eliminate viruses in a computer. It typically also protects against future infection. See also virus.

The core program that runs the virus-scanning process.

Software that identifies the presence of a virus and is capable of removing or quarantining the virus.

See Application Programming Interfaces.

Networking capability included with all Macintosh computers.

Freestanding devices that operate in a largely self-contained manner.

The seventh layer of the OSI model. The layer that deals with how applications access the network and describe application functionality, such as file transfer, messaging, and so on.

An abstract interface to the services and protocols provided by an operating system.

A virus that is protected in such a way to make disassembling it difficult. This makes it "armored" against antivirus programs that have trouble getting to, and understanding, its code.

See Annualized Rate of Occurrence.

See Address Resolution Protocol.

The Address Resolution Protocol is used to map MAC (physical) addresses to IP addresses.

A table used by the ARP protocol. Contains a list of known TCP/IP addresses and their associated MAC addresses. The table is cached in memory so that ARP lookups do not have to be performed for frequently accessed TCP/IP and MAC addresses. See also media access control, Transmission Control Protocol/Internet Protocol.

Any resource of value.

Algorithms that utilize two keys.

Encryption in which two keys must be used (not one). One key is used to encrypt data and the other is needed to decrypt the data. This is the opposite of symmetric, where a single key serves both purposes.

Any authorized intrusion into the normal operations of a computer or computer network.

Files that hold information about a resource's access by users.

The act of tracking resource usage by users.

Individuals involved in auditing log and security files.

Verifying that the logs and other resources collected are legitimate. A technique that can be useful in verifying that an attack has occurred.

The means of verifying someone to be who they say they are.

The time period during which a resource can be accessed. Many networks limit users' ability to access network resources to working hours as a security precaution.

Being cognizant of details.