H-I


Hacker
An unauthorized user who attempts to or succeeds in gaining access to an information system.
Handler
A type of program used in DDoS attacks to control agents distributed throughout a network. Also refers to an incident handler, a person who performs incident response work.
Hijacking

See IP splicing.

Honey pot
1. A system or network resource designed to be attractive to potential crackers and intruders analogous to honey being attractive to bears. 2. A host that is designed to collect data on suspicious activity and has no authorized users other than its administrators.
Host-based firewall
A firewall where the security is implemented in software running on a general-purpose computer of some sort . Security in host-based firewalls is generally at the application level, rather than at a network level.
Host-based security
The technique of securing an individual system from attack; host-based security is operating system and version dependent.
Identification
The process of identifying a principal.
Identification and Authentication (I&A)
Identification of an entity with some level of assurance.
Impersonation

See Delegation.

Inappropriate usage
A user violates acceptable computing use policies.
Incident
1. A violation or imminent threat of violation of computer security policies, acceptable use policies, or standard computer security practices. 2. An occurrence that has been assessed and found to have adverse or potentially adverse effects on an information system.
Incident handling
The mitigation of violations of security policies and recommended practices.
Incident response

See Incident handling.

Indication
A sign that an incident may have occurred or may be currently occurring.
Information infrastructure
An infrastructure comprising communications networks, computers, databases, management, applications, and consumer electronics that can exist at the global, national, or local level.
Information protection policy

See Security policy.

Information system
The collection of infrastructure, organization, personnel, and components used for transmission, handling, and disposal of information.
Information Systems Security Engineering (ISSE)
The art and science of discovering user information protection needs and then designing and making information systems, with economy and elegance , so they can safely resist the forces to which they may be subjected.
Information Technology (IT)
The hardware, firmware, and software used as part of the information system to perform DoD information functions. This definition includes computers, telecommunications, automated information systems, and automatic data processing equipment, as well as any assembly of computer hardware, software, and/or firmware configured to collect, create, communicate, compute, disseminate, process, store, and/ or control data or information.
Ingress filtering
The process of blocking incoming packets that use obviously false IP addresses, such as reserved source addresses.
Insider attack
An attack originating from inside a protected network, usually initiated from inside the security perimeter by an authorized user attempting to gain access to system resources in an unauthorized manner.
International Data Encryption Algorithm (IDEA)
A symmetric encryption algorithm that is popular outside of the United States and Canada. However, DES is still the most popular symmetric algorithm anywhere .
Internet
A collection of myriad networks linked by a common set of protocols that make it possible for users in any one of the networks to gain access to or use resources located on any of the other networks.
Internet Control Message Protocol (ICMP)
A message control and error-reporting protocol between a host server and a gateway to the Internet. ICMP is used by a device, often a router, to report and acquire a wide range of communications- related information.
Intrusion
1. The act of bypassing the security mechanisms of a system without authorization in an attempt to obtain resources or to compromise the integrity, confidentiality, or availability of a resource. 2. An unauthorized act of circumventing security mechanisms enabled for protection of a system.
Intrusion detection
Detection of break-ins or break-in attempts either manually or via software expert systems that operate on logs or other information available on the network.
Intrusion detection system
1. Software that looks for suspicious activity and alerts administrators. 2. A system that detects and identifies unauthorized or unusual activity on the hosts and networks; this is accomplished by creating audit records and checking the audit log against the intrusion thresholds.
IP splicing
A situation whereby a network session is intercepted and taken over by an unauthorized user. IP splicing often happens after a user has already authenticated. This allows the hijacker to assume the role of an already authorized user. Protection is effected by using strong encryption (a.k.a. hijacking).
IPSEC
A security standard for protecting the privacy and integrity of IP packets.



Wireless Operational Security
Wireless Operational Security
ISBN: 1555583172
EAN: 2147483647
Year: 2004
Pages: 153

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net