E-G

An attack in which an attacker listens to a private communication. The best way to thwart this attack is by making it very difficult for the attacker to make any sense of the communication by encrypting all messages.

A measure of the strength of a cryptographic algorithm, regardless of actual key length.

The process of blocking outgoing packets that use obviously false IP addresses, such as source addresses from internal networks.

A public key cryptosystem where the public and the private key are points on an elliptic curve. ECC is said to provide faster and stronger encryption than traditional public key cryptosystems (e.g., RSA).

This message header is designed to provide a mix of security services that provides confidentiality, data origin authentication, connectionless integrity, an antireplay service, and limited traffic flow confidentiality.

Deliberate placement of seemingly apparent holes or flaws in an information system in order to aid in detection of attempted penetrations.

One of seven increasingly rigorous packages of assurance requirements from the Common Criteria (CC), ISO 15408, Part 3. Each numbered package represents a point on the CC's predefined assurance scale. An EAL can be considered a level of confidence in the security functions of an IT product or system.

An occurrence that has yet to be assessed, but may affect the performance of an information system.

A condition whereby an intrusion has actually occurred, but the system allowed it to pass as if no intrusion ever occurred.

A condition whereby the system deems an action to be anomalous (indicating a possible intrusion) when it is actually an authorized, legitimate action.

A virus that attaches itself to a program file, such as a word processor, spreadsheet application, or game.

Software that generates, stores, and compares message digests for files to detect changes to the files.

A scenario whereby specific actions are taken in order to contain, isolate, and monitor an unauthorized user found in a system so information about the user can be obtained.

The unauthorized insertion of a large volume of data into an information system resulting in a denial-of-service condition.

FDMA is the division of the frequency band allocated for wireless cellular telephone communication into 30 channels, each of which can carry a voice conversation or, with digital service, digital data. FDMA is a basic technology in the analog Advanced Mobile Phone Service, the most widely installed cellular phone system in North America. With FDMA, each channel can be assigned to only one user at a time. FDMA is also used in the Total Access Communication System.

An end-to-end secure signaling protocol that will allow establishment of communications interoperability among communications devices that share the same communications capabilities but are not configured to communicate with each other. FNBDT sets the common configuration. It is a network-independent/transport-independent message layer. FNBDT operates in the narrow band portion (64 kbps and below) of the STE spectrum.

A programming interface that allows two applications to establish a security context independent of the underlying security mechanisms. GSS API is used to hide the details of the security mechanism. Typically, both applications use the same mechanism at any given time. The security context is used to mutually authenticate the parties as well as protect the privacy and integrity of the communication. Some mechanisms also allow nonrepudiation and delegation. The GSS API is fully defined in Internet RFCs 1508 and 1509. Various RFCs and proposed RFCs define the implementation of the GSS API using a specific mechanism.

A comprehensive, worldwide network of systems that provide the NCA, joint staff, combatant and functional unified commands, services, and defense agencies, joint task forces and their service components , and others with information processing and dissemination capabilities necessary to conduct C2 of forces.

A globally interconnected , end-to-end set of information capabilities, associated processes, and personnel for collecting, processing, storing, disseminating, and managing information on demand to war fighters, policy makers , and support personnel.

A composition of all information system technologies used to process, transmit, store, or display Department of Defense information. GNIE has been superceded by the Global Information Grid.

A set of processes designed to limit the exchange of information between systems. A device used to defend the network boundary by being subjected to a high degree of assurance in its development; supports few services; services at application level only; may support application data filtering; may support sanitization of data; and is often used to connect networks with differing levels of trust.