Glossary

A

Access Control Lists (ACLs)

Data typically made up of a list of principals, a list of resources, and a list of permissions.

ACL-based authorization

A scheme where the authorization agent consults an ACL to grant or deny access to a principal.

See also Centralized authorization.

Address spoofing

A type of attack in which the attacker steals a legitimate network address of a system and uses it to impersonate the system that owns the address.

Administrator

A person responsible for the day-to-day operation of system and network resources. This is most often several individuals or an organization comprised of several individuals with admin rights.

Advanced Mobile Phone Service (AMPS)

The standard system for analog cellular telephone service in the United States. AMPS allocates frequency ranges within the 800- to 900- MHz spectrum to cellular telephones. Signals cover an area called a cell . Signals are passed into adjacent cells as the user moves to another cell. The analog service of AMPS has been updated to include digital service.

Agent

A program used in DDoS attacks that sends malicious traffic to hosts based on the instructions of a handler.

Alert

Notification that a specific attack has been directed at the information system of an organization.

Anonymity

Anonymity is the act of being anonymous. To provide anonymity, a system uses a security service that prevents the disclosure of information that leads to the identification of the end users. An example is anonymous e-mail that has been directed to a recipient through a third-party server that does not identify the originator of the message.

Application gateway firewall

A type of firewall system that runs an application, called a proxy, that acts like the server to the Internet client. The proxy takes all requests from the Internet client and, if allowed, forwards them to the intranet server. Application gateways are used to ensure that the Internet client and the intranet server are using the proper application protocol for communicating. Popular proxies include Telnet, FTP, and HTTP. Building proxies requires knowledge of the application protocol.

Application-level firewall

A firewall system in which service is provided by processes that maintain complete TCP connection state and sequencing; application-level firewalls often readdress traffic so that outgoing traffic appears to have originated from the firewall, rather than the internal host. In contrast to packet-filtering firewalls, this firewall must have knowledge of the application data transfer protocol and often has rules about what may be transmitted and what may not.

Application Program Interface (API)

An API is the specific method prescribed by a computer operating system or by an application program by which a programmer writing an application program can make requests of the operating system or another application. An API can be a set of standard software interrupts, calls, and data formats that application programs use to initiate contact with network services, mainframe communications programs, telephone equipment, or program-to-program communications.

Application proxy

An application that forwards application traffic through a firewall. Proxies tend to be specific to the protocol they are designed to forward and may provide increased access control or audit.

Assurance

A measure of confidence that the security features and architecture of a secured site correctly mediate and enforce the security policy in place for that site.

Asymmetric algorithm

An encryption algorithm that requires two different keys for encryption and decryption. These keys are commonly referred to as the public and private keys. Asymmetric algorithms are slower than symmetric algorithms. Furthermore, speed of encryption may be different from the speed of decryption. Generally, asymmetric algorithms are either used to exchange symmetric session keys or to digitally sign a message. RSA, RPK, and ECC are examples of asymmetric algorithms.

Asynchronous Transfer Mode (ATM)

A fast cell-switched technology based on a fixed-length 53-byte cell. All broadband transmissions (whether audio, data, imaging, or video) are divided into a series of cells and routed across an ATM network consisting of links connected by ATM switches.

Attack

Intentional action taken to bypass one or more computer security controls.

Attribution

A determination based on evidence of probable responsibility for a computer network attack, intrusion, or other unauthorized activity. Responsibility can include planning, executing, or directing the unauthorized activity.

Audit

1. A service that keeps a detailed record of events. 2. The independent review of data records and processes to ensure compliance with established controls, policy, and operational procedures. Followed up with formal recommendations for improvements in controls, policy, or procedures.

Authenticate

To verify the identity of a user, user device, or other entity, or the integrity of data stored, transmitted, or otherwise exposed to unauthorized modification in an information system, or to establish the validity of a transmission.

Authentication

A secure process used to establish the validity of a transmission, message, message sender, or an individual's authorization to gain access to or receive specific information.

Authentication Header (AH)

An IP device used to provide connectionless integrity and data origin authentication for IP datagrams.

Authentication token

See Token.

Authorization

The process of determining what a given principal can do.

Availability

The timely access to data and information services for authorized users.