Abuse of Privilege: When a user performs an action that they should not have, according to organizational policy or law.
Access: Generally, a specific type of interaction between a subject and an object that results in the flow of information from one to the other. More specifically: (1) A specific type of interaction between a subject and an object that results in the flow of information from one to the other. (2) The ability and the means necessary to approach, to store or retrieve data, to communicate with, or to make use of any resource of an ADP system.
Access Authorization: Permission granted to users, programs or workstations.
Access Control: Access controls are used by the system to implement (or enforce) system-specific security policy. More specifically: (1) The limiting of rights or capabilities of a subject to communicate with other subjects, or to use functions or services in a computer system or network; and (2) Restrictions controlling a subject's access to an object.
Access Control List: (1) A list of subjects authorized for specific access to an object. (2) A list of entities, together with their access rights, which are authorized to have access to a resource.
Access Sharing: Permitting two or more users simultaneous access to file servers or devices.
Accountability: Accountability generally refers to the ability to hold people responsible for their actions. Therefore, people could be responsible for their actions but not held accountable. For example, an anonymous user on a system is responsible for not compromising security but cannot be held accountable if a compromise occurs since the action cannot be traced to an individual. It also relates to the quality or state which enables actions on an ADP system to be traced to individuals who may then be held responsible. These actions include violations and attempted violations of the security policy, as well as allowed actions.
Accreditation: - The managerial authorization and approval, granted to an ADP system or network to process sensitive data in an operational environment, made on the basis of a certification by designated technical personnel of the extent to which design and implementation of the system meet pre-specified technical requirements, e.g., TCSEC, for achieving adequate data security. Management can accredit a system to operate at a higher/lower level than the risk level recommended (e.g., by the Requirements Guideline-) for the certification level of the system. If management accredits the system to operate at a higher level than is appropriate for the certification level, management is accepting the additional risk incurred.
Accreditation Range: A set of mandatory access control levels for data storage, processing, and transmission of a host with respect to a particular network. The accreditation range will generally reflect the sensitivity levels of data that the accreditation authority believes the host can reliably keep segregated with an acceptable level of risk in the context of the particular network for which the accreditation range is given. Thus, although a host system might be accredited to employ the mandatory access control levels CONFIDENTIAL, SECRET, and TOP SECRET in stand-alone operation, it might have an accreditation range consisting of the single value TOP SECRET for attachment to some network.
Active Content - Active content refers to electronic documents that can carry out or trigger actions automatically on a computer platform without the intervention of a user. Active content technologies allow mobile code associated with a document to execute as the document is rendered.
Alphanumeric Key: A sequence of letters, numbers, symbols and blank spaces from one to 80 characters long.
Application Content Filtering - Application content filtering is performed by a software proxy agent to remove or quarantine viruses that may be contained in email attachments, to block specific MIME types, or to filter other active content such as Java, JavaScript, and ActiveX Controls.
Application Level Gateway [Firewall]: A firewall system in which service is provided by processes that maintain complete TCP connection state and sequencing. Application level firewalls often re-address traffic so that outgoing traffic appears to have originated from the firewall, rather than the internal host.
Audit Trail: A set of records that collectively provide documentary evidence of processing used to aid in tracing from original transactions forward to related records and reports, and/or backwards from records and reports to their component source transactions. An audit trail or log is maintained on a computer system to effectively trace actions affecting the security of the system to the responsible individual. The log is protected from unauthorized modification, destruction, and access by the limited rights assigned by the system administrator using the operating system software. The audit logs are reviewed daily by the system administrator for instances of possible abuse.
The audit log records or has the capability to record the following events:
-
Use of identification and authentication mechanisms
-
Introduction of objects into a user's address space (e.g., file open, program initiation, etc.)
-
Deletion of objects
-
Actions taken by computer operators and system administrators and/or system security officers, and other security relevant events.
For each recorded event, the audit record identifies:
-
Date and time of the event
-
User ID
-
Origin of the event (e.g., terminal ID, MAC address, etc.)
-
Type of event
-
Success or failure of the event
Auditing - Auditing is the review and analysis of management, operational, and technical controls. The auditor can obtain valuable information about activity on a computer system from the audit trail. Audit trails improve the auditability of the computer system.
Automatic Data Processing (ADP) System: An assembly of computer hardware, firmware, and software configured for the purpose of classifying, sorting, calculating, computing, summarizing, transmitting and receiving, storing, and retrieving data with a minimum of human intervention.
Authentication: (1) To establish the validity or legitimacy of a user, an object, or a claimed identity. (2) To provide protection against fraudulent transactions by establishing the validity of message, station, individual, or originator.
Authentication Token: A portable device used for authenticating a user. Authentication tokens operate by challenge/response, time-based code sequences, or other techniques. This may include paper-based lists of one-time passwords.
Authentication Tool: A software or hand-held hardware "key" or "token" utilized during the user authentication process. See key and token.
Authorization: The process of determining what @ of activities are permitted. Usually, authorization is in the context of authentication. Once you have authenticated a user, the user may be authorized different @s of access or activity.
Availability: A requirement intended to assure that systems work promptly and service is not denied to authorized users.
Bandwidth: The capacity of a communication channel, network, or data connection, usually expressed in kilo bits per second (kbps).
Back Door: An entry point to a program or a system that is hidden or disguised, often created by the software's author for maintenance. A certain sequence of control characters permits access to the system manager account. If the back door becomes known, unauthorized users (or malicious software) can gain entry and cause damage.
Bastion Host - A bastion host is typically a firewall implemented on top of an operating system that has been specially configured and hardened to be resistant to attack, and which is installed on a network in such a way that it is expected to come under attack.
Bell-LaPadula Model: A formal state transition model of computer security policy that describes a set of access control rules. In this formal model, the entities in a computer system are divided into abstract sets of subjects and objects. The notion of a secure state is defined and it is proven that each state transition preserves security by moving from secure state to secure state; thus, inductively
Boundary Router - A boundary router is located at the organization's boundary to an external network. In the context of this document, a boundary router is configured to be a packet filter firewall.
- C -
Category: A grouping of objects to which an non-hierarchical restrictive label is applied (e.g., proprietary, compartmented information). Subjects must be privileged to access a category.
CERT: The Computer Emergency Response Team was established at Carnegie-Mellon University after the 1988 Internet worm attack.
Challenge/Response: A security procedure in which one communicator requests authentication of another communicator, and the latter replies with a pre-established appropriate reply.
Channel: An information transfer path within a system. May also refer to the mechanism by which the path is effected. Covert Channel - A communication channel that allows a process to transfer information in a manner that violates the system's security policy. See also: Covert Storage Channel, Covert Timing Channel.
Closed user group - a closed user group permits users belonging to a group to communicate with each other, but precludes communications with other users who are not members of the group.
Coded File: In encryption, a coded file contains unreadable information.
Communication channel - the physical media and devices which provide the means for transmitting information from one component of a network to (one or more) other components.
Communication link - the physical means of connecting one location to another for the purpose of transmitting and/or receiving data.
Compartment - a designation applied to a type of sensitive information, indicating the special handling procedures to be used for the information and the general class of people who may have access to the information. It can refer to the designation of information belonging to one or more categories.
Component - a device or set of devices, consisting of hardware, along with its firmware, and/or software that performs a specific function on a computer communications network. A component is a part of the larger system, and may itself consist of other components. Examples include modems, telecommunications controllers, message switches, technical control devices, host computers, gateways, communications subnets, etc.
Component Reference Monitor - an access control concept that refers to an abstract machine that mediates all access to objects within a component by subjects within the component.
Compromise: A violation of the security system such that an unauthorized disclosure of sensitive information may have occurred.
Computer Security: The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications).
Computer Security Assurance: The degree of confidence one has that the security measures, both technical and operational, work as intended to protect the system and the information it processes. Assurance is not, however, an absolute guarantee that the measures work as intended.
Computer Security Audit: An independent evaluation of the controls employed to ensure appropriate protection of an organization's information assets.
Confidentiality: A requirement or property that information not be disclosed or made available to unauthorized individuals, entities, or processes.
Configuration control: Management of changes made to a system's hardware, software, firmware, and documentation throughout the development and operational life of the system.
Connection: A liaison, in the sense of a network interrelationship, between two hosts for a period of time. The liaison is established (by an initiating host) for the purpose of information transfer (with the associated host); the period of time is the time required to carry out the intent of the liaison (e.g., transfer of a file, a chatter session, delivery of mail). In many cases, a connection (in the sense of this glossary) will coincide with a host-host connection (in a special technical sense) established via TCP or equivalent protocol. However a connection (liaison) can also exist when only a protocol such as IP is in use (IP has no concept of a connection that persists for a period of time). Hence, the notion of connection as used here is independent of the particular protocols in use during a liaison of two hosts.
Consequence Assessment: The consequence assessment estimates the degree of harm or loss that could occur.
Consequence: In risk assessment, refers to the overall, aggregate harm that occurs, not just to the near-term or immediate impacts. While such impacts often result in disclosure, modification, destruction, or denial of service, consequences are the more significant long‑term effects, such as lost business, failure to perform the system's mission, loss of reputation, violation of privacy, injury, or loss of life. The more severe the consequences of a threat, the greater the risk to the system (and, therefore, the organization).
Correctness: The extent to which a program satisfies its specifications.
Covert Channel: A communications channel that allows a process to transfer information in a manner that violates the system's security policy. A covert channel typically communicates by exploiting a mechanism not intended to be
Covert Storage Channel: A covert channel that involves the direct or indirect writing of a storage location by one process and the direct or indirect reading of the storage location by another process. Covert storage channels typically involve a finite resource (e.g., sectors on a disk) that is shared by two subjects at different security levels.
Covert Timing Channel: A covert channel in which one process signals information to another by modulating its own use of system resources (e.g., CPU time) in such a way that this manipulation affects the real response time observed by the second process.
Cracker: A term some prefer to use instead of Hacker, meaning one who enters computer system without authorization.
Cryptographic Checksum: A one-way function applied to a file to produce a unique "fingerprint" of the file for later reference. Checksum systems are a primary means of detecting file system tampering on UNIX.
Cryptography – Cryptography is traditionally associated only with keeping data secret. However, modern cryptography can be used to provide many security services, such as electronic signatures and ensuring that data has not been modified.
- D -
Data: Information with a specific physical representation. Data Integrity - The state that exists when computerized data is the same as that in the source documents and has not been exposed to accidental or malicious alteration or
Data Confidentiality: The state that exists when data is held in confidence and is protected from unauthorized disclosure.
Data Driven Attack: A form of attack in which the attack is encoded in innocuous-seeming data which is executed by a user or other software to implement an attack. In the case of firewalls, a data driven attack is a concern since it may get through the firewall in data form and launch an attack against a system behind the firewall.
Data Encryption: Encrypts the data contents only, and sends it to the destination machine.
Data Integrity: (1) The state that exists when computerized data is the same as that in the source documents and has not been exposed to accidental or malicious alteration or destruction. (2) The property that data has not been
Decode: Conversion of encoded text to plain text through the use of a code.
Decrypt: Conversion of either encoded or enciphered text into plaintext.
Dedicated: A special purpose device. Although it is capable of performing other duties, it is assigned to only one.
Dedicated Security Mode: The mode of operation in which the system is specifically and exclusively dedicated to and controlled for the processing of one particular type or classification of information, either for full-time operation or for a specific period of time. Compare Multilevel Security Mode, System High Security Mode.
Defense in Depth: The security approach whereby each system on the network is secured to the greatest possible degree. May be used in conjunction with firewalls.
Denial of Service (DOS): The prevention of authorized access to system assets or services, or the delaying of time critical operations.
DES: Data encryption standard.
Descriptive Top-Level Specification (DTLS): A top-level specification that is written in a natural language (e.g., English), an informal program design notation, or a combination of the two.
Digital Signatures: Digital signatures provide an extremely high level of integrity assurance and assure of the identity of the originator, that the originator cannot falsely deny having signed the file (non repudiation), that the file has not been modified after being signed, and that the originator intends to be bound by the contents of the file. Digital signatures are designed to meet the standards of proof required by law. They can replace a hand-written signature on a commitment document (e.g., contract, funds transfer document). Digital Signature software should utilize algorithms which provide adequate protection, non-repudiation, integrity, and verification of the information.
Discretionary Access Control (DAC): A means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject (unless restrained by mandatory access control). DAC is often employed to enforce need-to-know and it may be changed by an authorized individual. Compare to Mandatory Access Control.
DMZ - Demilitarized Zone, a network created by connecting two firewalls. Systems that are externally accessible but need some protections are usually located on DMZ networks.
DNS Spoofing: Assuming the DNS name of another system by either corrupting the name service cache of a victim system, or by compromising a domain name server for a valid domain.
Domain: The set of objects that a subject has the ability to access.
Dominated by (the relation): A security level A is dominated by security level B if the clearance/classification in A is less than or equal to the
Dominate: Security level S1 is said to dominate security level S2 if the hierarchical classification of S1 is greater than or equal to that of S2 and the non-hierarchical categories of S1 include all those of S2 as a subset. Security level B dominates security level A if A is dominated by B.
Dual Homed Gateway: 1) A system that has two or more network interfaces, each of which is connected to a different network. In firewall configurations, a dual homed gateway usually acts to block or filter some or all of the traffic trying to pass between the networks. 2) A firewall implement without the use of a screening router.
- E -
E-mail Bombs: Code that when executed sends many messages to the same address(s) for the purpose of using up disk space and/or overloading the E-mail or web server.
Encryption: The process of scrambling files or programs, changing one character string to another through an algorithm (such as the DES algorithm). Encrypted information can only be decrypted by those possessing the appropriate cryptographic key. While encryption can provide strong access control, it is accompanied by the need for strong key management.
Encrypting Router: See Tunneling Router and Virtual Network Perimeter.
End-to-End Encryption: Encryption at the point of origin in a network, followed by decryption at the destination.
Environment: The aggregate of external circumstances, conditions and events that affect the development, operation and maintenance of a system.
Ethics: A formal framework that the rights and legitimate interests of users of information systems are respected and not abused.
Exploitable Channel: Any channel that is useable or detectable by subjects external to the Trusted Computing Base.
Extranet: "Extranet" refers to extending the LAN via remote or Internet access to partners outside your organization such as frequent suppliers and purchasers. These connections usually use authentication to authorized segments of the LAN and are frequently encrypted for privacy.
- F -
Fault Tolerance: A design method that ensures continued systems operation in the event of individual failures by providing redundant system elements.
Firewall: a system or group of systems (router, proxy, gateway...) that implements a set of security rules to enforce access control between two networks to protect 'inside' networks from 'outside' networks. Commonly used between the Internet and an Intranet.
Types of Firewalls:
Packet Filter (Screening Router): Works in network layer (OSI) using a security policy rule to control the screening process based on IP addresses, port numbers, protocol type and traffic direction for both source and destination.
Proxy Server:
-
Circuit-Level: Hides the IP addresses of the users behind the firewall by caching the data to the proxy.
-
Application Gateway: Higher level of control; runs a program to filter connection for applications such as Telnet, FTP, or HTTP; based on firewall policy.
Firewall Environment - A firewall environment is a collection of systems at a point on a network that together constitute a firewall implementation. A firewall environment could consist of one device or many devices such as several firewalls, intrusion detection systems, and proxy servers.
Firewall Platform - A firewall platform is the system device upon which a firewall is implemented. An example of a firewall platform is a commercial operating system running on a personal computer.
Firewall Ruleset - A firewall ruleset is a table of instructions that the firewall uses for determining how packets should be routed between its interfaces. In routers, the ruleset can be a file that the router examines from top to bottom when making routing decisions.
Flooding programs: Code which when executed will bombard the selected system with requests in an effort to slow down or shut down the system.
Formal top-level specification (FTLS) - a Top-Level Specification that is written in a formal mathematical language to allow theorems showing the correspondence of the system specification to its formal requirements to be
Formal Verification - the process of using formal proofs to demonstrate the consistency (design verification) between a formal specification of a system and a formal security policy model or (implementation verification) between the formal specification and its program implementation.
Anonymous FTP: A guest account which allows anyone to login to the FTP Server. It can be a point to begin access on the host server.
Functional testing - the portion of security testing in which the advertised features of a system are tested for correct operation.
Flaw: An error of commission, omission, or oversight in a system that allows protection mechanisms to be bypassed.
Flaw Hypothesis Methodology: A system analysis and penetration technique where specifications and documentation for the system are analyzed and then flaws in the system are hypothesized. The list of hypothesized flaws is then
Formal Proof: A complete and convincing mathematical argument, presenting the full logical justification for each proof step, for the truth of a theorem or set of theorems. The formal verification process uses formal proofs to show the truth of certain properties of formal specification and for showing that computer programs satisfy their specifications. Automated tools may (but need not) be used to formulate and/or check the proof.
Formal Security Policy Model: A mathematically precise statement of a security policy. To be adequately precise, such a model must represent the initial state of a system, the way in which the system progresses from one state to another, and a definition of a "secure" state of the system. To be acceptable as a basis for a TCB, the model must be supported by a formal proof that if the initial state of the system satisfies the definition of a "secure" state and if all assumptions required by the model hold, then all future states of the system will be secure. Some formal modeling techniques include: state transition models, temporal logic models, denotational semantics models, algebraic specification models. An example is the model described by Bell and LaPadula in reference. See also: Bell-LaPadula Model, Security Policy Model.
Formal Top-Level Specification (FTLS): A Top-Level Specification that is written in a formal mathematical language to allow theorems showing the correspondence of the system specification to its formal requirements to be hypothesized and formally proven.
Formal Verification: The process of using formal proofs to demonstrate the consistency (design verification) between a formal specification of a system and a formal security policy model or (implementation verification) between the formal specification and its program implementation.
Front-End Security Filter: A process that is invoked to process data according to a specified security policy prior to releasing the data outside the processing environment or upon receiving data from an external source.
Functional Testing: The portion of security testing in which the advertised features of a system are tested for correct operation.
- G -
Gateway: A bridge between two networks.
General-Purpose System: A computer system that is designed to aid in solving a wide variety of problems. Granularity - The relative fineness or coarseness by which a mechanism can be adjusted. The phrase "the granularity of a single user" means the access control mechanism can be adjusted to include or exclude any single user.
Global Security: The ability of an access control package to permit protection across a variety of information system and network environments, providing users with a common security interface to all.
Guidelines: Guidelines assist users, systems personnel, and others in effectively securing their systems. The nature of guidelines, however, immediately recognizes that systems vary considerably, and imposition of standards is not always achievable, appropriate, or cost-effective. For example, an organizational guideline may be used to help develop system-specific standard procedures. Guidelines are often used to help ensure that specific security measures are not overlooked, although they can be implemented, and correctly so, in more than one way.
- H -
Hacker: Those who attempt and do access a computer network environment to which they are not entitled entry for whatever purpose, such as entertainment, profit, theft, prank, etc.. They use iterative techniques with more advanced methodologies and use devices to intercept proprietary communications data, etc. (See also Cracker.) The original denotation of this word is still used in the open source community, which means a skilled programmer who develops using elegant algorithms and expert programs that do not contain many defects.
Hierarchical Decomposition: The ordered, structured reduction of a system or a component to primitives.
Host: Any computer-based system connected to the network and containing the necessary protocol interpreter software to initiate network access and carry out information exchange across the communications network. This definition encompasses typical "mainframe" hosts, generic terminal support machines (e.g., ARPANET TAC, DoDIIS NTC), and workstations connected directly to the communications subnetwork and executing the intercomputer networking protocols. A terminal is not a host because it does not contain the protocol software needed to perform information exchange; a workstation (by definition) is a host because it does have such capability.
Host-based Security: The technique of securing an individual system from attack. Host-based security is operating system and version dependent.
Hot Standby: A backup system configured in such a way that it may be used if the system goes down.
Hybrid Gateways: An unusual configuration with routers that maintain the complete state of the TCP/IP connections or examine the traffic to try to detect and prevent attack [may involve bastion host]. If very complicated it is difficult to attach; and, difficult to maintain and audit.
- I -
Insider Attack: An attack originating from inside a protected network.
Integration: Measures, practices and procedures for the security of information systems should be coordinated and integrated with each other and other measures, practices and procedures of the organization so as to create a coherent system of security.
Integrity: In the computer security field, integrity is often discussed more narrowly as having two data integrity and system integrity. Data integrity is a requirement that information and programs are changed only in a specified and authorized manner. System integrity is a requirement that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.
Integrity Policy: A security policy to prevent unauthorized users from modifying, viz., writing, sensitive information. See also Security Policy.
Internal Subject: A subject which is not acting as direct surrogate for a user. A process which is not associated with any user but performs system-wide functions such as packet switching, line printer spooling, and so on. Also
IDS - Intrusion Detection System, a software application that can be implemented on host operating systems or as network devices to monitor for signs of intruder activity and attacks.
Intranet - An intranet is a network internal to an organization but that runs the same protocols as the network external to the organization. Every organizational network that runs the TCP/IP protocol suite is an intranet.
Intrusion Detection: Involves the detection, or discovery, of illegal activities and acquisition of privileges that normally would not be discovered through the flow of information and access control models. It is the process of identifying attempts to penetrate a system and gain unauthorized access.
IPSec - A standard consisting of IPv6 security features ported over to the current version of IP, IPv4. IPSec security features provide confidentiality, data integrity, and non-repudiation.
IP Sniffing: Stealing network addresses by reading the packets. Harmful data is then sent stamped with internal trusted addresses.
IP Spoofing: An attack whereby an active, established, session is intercepted and co-opted by the attacker by using its EP network. Primary protections against this rely on encryption at the session or network layer.
ISP - Internet Service Provider, an entity providing a network connection to the global Internet.
- K -
Key: In encryption, a key is a sequence of characters used to encode and decode a file. You can enter a key in two formats: alphanumeric and condensed (hexadecimal). In the network access security market, "key" often refers to the "token," or authentication tool, a device utilized to send and receive challenges and responses during the user authentication process. Keys may be small, hand-held hardware devices similar to pocket calculators or credit cards, or they may be loaded onto a PC as copy-protected, software.
- L -
Local Area Network (LAN): An interconnected system of computers and peripherals, LAN users share data stored on hard disks and can share printers connected to the network.
Lattice: A partially ordered set for which every pair of elements has a greatest lower bound and a least upper bound.
Least Privilege: This principle requires that each subject in a system be granted the most restrictive set of privileges (or lowest clearance) needed for the performance of authorized tasks. The application of this principle limits the damage that can result from accident, error, or unauthorized use.
Likelihood Assessment: Likelihood is an estimation of the frequency or chance of a threat happening. A likelihood assessment considers the presence, tenacity, and strengths of threats as well as the effectiveness of safeguards (or presence of vulnerabilities).
Logging: The process of storing information about events that occurred on the firewall or network.
Log Processing: How audit logs are processed, searched for key events, or summarized.
Log Retention: How long audit logs are retained and maintained.
- M -
Mandatory Access Control: A means of restricting access to objects based on the sensitivity (as represented by a label) of the information contained in the objects and the formal authorization (i.e., clearance) of subjects to access information of such sensitivity.
MIME - Multipurpose Internet Mail Extensions, an extensible mechanism for email. A variety of
Multilevel Device: A device that is used in a manner that permits it to simultaneously process data of two or more security levels without risk of compromise. To accomplish this, sensitivity labels are normally stored on the same physical medium and in the same form (i.e., machine-readable or human-readable) as the data being processed.
Multilevel Secure: A class of system containing information with different sensitivities that simultaneously permits access by users with different security clearances and needs-to- know, but prevents users from obtaining access to information for which they lack authorization.
Multilevel Security Mode: The mode of operation that allows two or more classification levels of information to be processed simultaneously within the same system when some users are not cleared for all levels of information present. Compare Dedicated Security Mode, System High Security Mode.
- N -
NAT, PAT - Network Address Translation and Port Address Translation, used to hide internal system addresses from an external network by mapping internal addresses to external addresses, by mapping internal addresses to a single external address, or by using port numbers to link external system addresses with internal systems.
Network Architecture: The set of layers and protocols (including formats and standards that different hardware/software must comply with to achieve stated objectives) which define a Network.
Network Component: A network subsystem which is can be evaluated for compliance with the trusted network interpretations, relative to that policy induced on the component by the overall network policy.
Network Connection: A network connection is any logical or physical path from one host to another that makes possible the transmission of information from one host to the other. An example is a TCP connection. But also, when
Network-Level Firewall: A firewall in which traffic is examined at the network protocol packet level.
Network Reference Monitor: An access control concept that refers to an abstract machine that mediates all access to objects within the network by subjects within the network.
Network Security: The protection of networks and their services from unauthorized modification, destruction, or disclosure. Providing an assurance that the network performs its critical functions correctly and there are no harmful side-effects. Includes providing for information accuracy.
Network Security Architecture: A subset of network architecture specifically addressing security-relevant issues.
Network Sponsor: The individual or organization that is responsible for stating the security policy enforced by the network, for designing the network security architecture to properly enforce that policy, and for ensuring that the network is implemented in such a way that the policy is enforced. For commercial, off-the- shelf systems, the network sponsor will normally be the vendor. For a fielded network system, the sponsor will normally be the project manager or system administrator.
Network System: A system which is implemented with a collection of interconnected network components. A network system is based on a coherent security architecture and design.
Network Trusted Computing Base (NTCB): The totality of protection mechanisms within a network system – including hardware, firmware, and software -- the combination of which is responsible for enforcing a security policy. (See also Trusted Computing Base.)
Network Worm: A program or command file that uses a computer network as a means for adversely affecting a system's integrity, reliability or availability, A network worm may attack from one system to another by establishing a network connection. It is usually a self-contained program that does not need to attach itself to a host file to infiltrate network after network.
NTCB Partition: The totality of mechanisms within a single network component for enforcing the network policy, as allocated to that component; the part of the NTCB within a single network component.
- O -
Object: A passive entity that contains or receives information. Access to an object potentially implies access to the information it contains. Examples of objects are: records, blocks, pages, segments, files, directories, directory trees, and programs, as well as bits, bytes, words, fields, processors, video displays, keyboards, clocks, printers, network nodes, etc.
Object Reuse: The reassignment of a medium (e.g., page frame, disk sector, magnetic tape) that contained one or more objects to some subject. To be securely reassigned, such media must contain no residual data from the previously contained object(s).
One-Time Password: In network security, a password issued only once as a result of a challenge-response authentication process. Cannot be "stolen" or reused for unauthorized access.
Orange Book: The Department of Defense Trusted Computer System Evaluation Criteria. It provides information to classify computer systems, defining the degree of trust that may be placed in them.
OSI Architecture: The International Organization for Standardization (ISO) provides a framework for defining the communications process between systems. This framework includes a network architecture, consisting of seven layers. The architecture is referred to as the Open Systems Interconnection (OSI) model or Reference Model. Services and the protocols to implement them for the different layers of the model are defined by international standards. From a systems viewpoint, the bottom three layers support the components of the network necessary to transmit a message, the next three layers generally pertain to the characteristics of the communicating end systems, and the top layer supports the end users. The seven layers are:
- Physical Layer: Includes the functions to activate, maintain, and deactivate the physical connection. It defines the functional and procedural characteristics of the interface to the physical circuit: the electrical and mechanical specifications are
- considered to be part of the medium itself.
- Data Link Layer: Formats the messages. Covers synchronization and error control for the information transmitted over the physical link, regardless of the content. "Point-to point
- error checking" is one way to describe this layer.
- Network Layer: Selects the appropriate facilities. Includes routing communications through network resources to the system where the communicating application is: segmentation and reassembly of data units (packets) ; and some error correction.
- Transport Layer: Includes such functions as multiplexing several independent message streams over a single connection, and segmenting data into appropriately sized packets for processing by the Network Layer. Provides end-
- Session Layer: Selects the type of service. Manages and synchronizes conversations between two application processes. Two main types of dialogue are provided: two-way simultaneous (full-duplex), or two-way alternating (half-duplex). Provides control functions similar to the control language in computer system.
- Presentation Layer: Ensures that information is delivered in a form that the receiving system can
- Application Layer: Supports distributed applications by manipulating information. Provides resource management for file transfer, virtual file and virtual terminal emulation, distributed processes and other applications.
Output: Information that has been exported by a TCB.
Overt Channel: An overt channel is a path within a network which is designed for the authorized transfer of data.
- P -
Packet Tunneling: Encapsulates the encrypted packet with its IP address and port number into a new packet with tunneling machine's IP address
 |
Passive: (1) A property of an object or network object that it lacks logical or computational capability and is unable to change the information it contains. (2) Those threats to the confidentiality of data which, if realized, would not result in any unauthorized change in the state of the intercommunicating systems (e.g., monitoring and/or recording of data).
Password: A private or secret character string that is used to authenticate an identity.
Penetration: The successful violation of a protected system.
Penetration Testing: The portion of security testing in which the penetrators attempt to circumvent the security features of a system. The penetrators may be assumed to use all system design and implementation documentation, which may include listings of system source code, manuals, and circuit diagrams. The penetrators work under no constraints other than those that would be applied to ordinary users.
Performance: A major factor in determining the overall productivity of a system, performance is primarily tied to availability, throughput and response time.
Perimeter-based Security: The technique of securing a network by controlling access to all entry and exit points of the network.
PIN: In computer security, a personal identification number used during the authentication process. Known only to the user. (See Challenge/Response, Two-Factor Authentication.)
Policy: When discussing computer security, the term 'policy' has more than one meaning. Policy is senior management's directives to create a computer security program, establish its goals, and assign responsibilities. The term policy is also used to refer to the specific security rules for particular systems. Additionally, policy may refer to entirely different matters, such as the specific managerial decisions setting an organization's e-mail privacy policy or fax security policy.
Privacy: (1) The ability of an individual or organization to control the collection, storage, sharing, and dissemination of personal and organizational information. (2) The right to insist on adequate security of, and to define authorized users of, information or systems. Note: The concept of privacy cannot be very precise and its use should be avoided in specifications except as a means to require security, because privacy relates to "rights" that depend on legislation.
Private Key: In encryption, one key (or password) is used to both lock and unlock data. Compare with public key.
Procedures: Procedures normally assist in complying with applicable security policies, standards, and guidelines. They are detailed steps to be followed by users, system operations personnel, or others to accomplish a particular task (e.g., preparing new user accounts and assigning the appropriate privileges).
Process: A program in execution. It is completely characterized by a single current execution point (represented by the machine state) and address space.
Proportionality: Security levels, costs, measures, practices and procedures should be appropriate and proportionate to the value of and degree of reliance on the information systems and to the severity, probability and extent of potential harm.
Protection-Critical Portions of the TCB - Those portions of the TCB whose normal function is to deal with the control of access between subjects and objects.
Protection Philosophy: An informal description of the overall design of a system that delineates each of the protection mechanisms employed. A combination (appropriate to the evaluation class) of formal and informal techniques is used to show that the mechanisms are adequate to enforce the security policy.
Proxy agent - A proxy agent is a software application running on a firewall or on a dedicated proxy server that is capable of filtering a protocol and routing it to between the interfaces of the device.
Proxy: An object or software agent that acts on behalf of a user. Typical proxies accept a connection from a user, make a decision as to whether or not the user or client IP address is permitted to use the proxy, perhaps does additional authentication, and then completes a connection on behalf of the user to a remote destination.
Public Key: In encryption a two-key system in which the key used to lock data is made public, so everyone can "lock." A second private key is used to unlock or decrypt.
- R -
Reassessment: - The security of information systems should be reassessed periodically, as information systems and the requirements for their security will change over time.
Read: A fundamental operation that results only in the flow of information from an object to a subject.
Read Access: Permission to read information.
Read-Only Memory (ROM): A storage area in which the contents can be read but not altered during normal computer processing.
Reference Monitor Concept: An access control concept that refers to an abstract machine that mediates all accesses to objects by subjects. See also Security Kernel.
Reliability: The extent to which a system can be expected to perform its intended function with required precision.
Remote Access: The hookup of a remote computing device via communications lines such as ordinary phone lines or wide area networks to access network applications and information.
Resource: Anything used or consumed while performing a function. The categories of resources are: time, information, objects (information containers), or processors (the ability to use information). Specific examples are: CPU time; terminal connect time; amount of directly-addressable memory; disk space; number of I/O requests per minute, etc.
Responsibility: In general, responsibility is a broader term than accountability. Responsibility deals with defining obligations and expected behavior, and implies a proactive stance on the part of the responsible party and a causal relationship between the responsible party and a given outcome.
Risk Analysis: The analysis of the vulnerabilities of an organization's information resources, existing controls and computer system. It establishes a potential level of damage in dollars and/or other assets.
Risk Assessment: The process of analyzing and interpreting risk. It is comprised of three basic activities: 1) determining the assessment's scope and methodology; 2) collecting and analyzing data; and 3) interpreting the risk analysis results. In general, the greater the likelihood of a threat occurring, the greater the risk.
Rogue program: Any program intended to damage programs or data. Encompasses malicious Trojan Horses.
RSA: A public key cryptosystem named by its inventors, Rivest, Shamir and Adelman, who hold the patent.
- S -
Safeguard: A safeguard is any action, device, procedure, technique, or other measure that reduces a system's vulnerability to a threat. Safeguard analysis should include an examination of the effectiveness of the existing security measures. It can also identify new safeguards that could be implemented in the system; however, this is normally performed later in the risk management process.
Sanitation: The removal of information from a storage medium (such as a hard disk or tape) is called sanitization. Different kinds of sanitization provide different levels of protection. A distinction can be made between clearing information (rendering it unrecoverable by keyboard attack) and purging (rendering information unrecoverable against laboratory attack). There are three general methods of purging media: overwriting, degaussing (for magnetic media only), and destruction.
Screened Host Gateway: A host on a network behind a screening router. The degree to which a screened host may be accessed depends on the screening rules in the router.
Screened Subnet: An isolated subnet created behind a screening router to protect the private network. The degree to which the subnet may be accessed depends on the screening rules in the router.
Screening Router: A router configured to permit or deny traffic using filtering techniques; based on a set of permission rules installed by the administrator. A component of many firewalls usually used to block traffic between the network and specific hosts on an IP port level. Not very secure; used when "speed" is the only decision criteria.
Secrecy Policy: A security policy to prevent unauthorized users from reading sensitive information. See also Security Policy
Security Accreditation: The formal authorization by the accrediting (management) official for system operation and an explicit acceptance of risk. It is usually supported by a review of the system, including its management, operational, and technical controls. This review may include a detailed technical evaluation (such as a Federal Information Processing Standard 102 certification, particularly for complex, critical, or high-risk systems), security evaluation, risk assessment, audit, or other such review.
Security Architecture: The subset of computer architecture dealing with the security of the computer or network system. See computer architecture, network architecture.
Security Certification: The technical evaluation of a system's security features, made as part of and in support of an approval/accreditation process that establishes the extent to which a particular computer system's design and implementation meet a set of specified security requirements. Certification is a formal process for testing components or systems against a specified set of security requirements. It is normally performed by an independent reviewer, rather than one involved in building the system. Certification can be performed at many stages of the system design and implementation process and can take place in a laboratory, operating environment, or both.
Security-Compliant Channel: A channel is Security-Compliant if the enforcement of the network policy depends only upon characteristics of the channel either (1) included in the evaluation, or (2) assumed as a installation constraint and clearly documented in the Trusted Facility Manual.
Security Kernel: The hardware, firmware, and software elements of a Trusted Computing Base (or Network Trusted Computing Base partition) that implement the reference monitor concept. It must mediate all accesses, be protected
Security Level: The combination of a hierarchical classification and a set of non-hierarchical categories that represents the sensitivity of information.
Security Policy: The set of laws, rules, and practices that regulate how an organization manages, protects, and distributes sensitive information.
Security Policy Model: An informal presentation of a formal security policy model.
Security Relevant Event: Any event that attempts to change the security state of the system, (e.g., change discretionary access controls, change the security level of the subject, change user password, etc.). Also, any event that attempts to violate the security policy of the system, (e.g., too many attempts to login, attempts to violate the mandatory access control limits of a defice, attempts to downgrade a file, etc.).
Security Testing: A process used to determine that the security features of a system are implemented as designed and that they are adequate for a proposed application environment. This process includes hands-on functional testing,
Sensitive: Sensitive is synonymous with important or valuable. Some data is sensitive because it must be kept confidential. Much more data, however, is sensitive because its integrity or availability must be assured. The Computer Security Act states that information is sensitive if its unauthorized disclosure, modification (i.e., loss of integrity), or unavailability would harm the agency. The more important a system is to the mission of the agency, the more sensitive it is.
Sensitivity Label: A piece of information that represents the security level of an object and that describes the sensitivity (e.g., classification) of the data in the object. Sensitivity labels are used by the TCB as the basis for mandatory access control decisions.
Simple Security Property (or Condition): A Bell-LaPadula security model rule allowing a subject read access to an object only if the security level of the subject dominates the security level of the object.
Single-Level Device: A device that is used to process data of a single security level at any one time. Since the device need not be trusted to separate data of different security levels, sensitivity labels do not have to be stored with the data being processed.
Smart Card: A credit-card-sized device with embedded microelectronics circuitry for storing information about an individual. This is not a key or token, as used in the remote access authentication process.
Social Engineering Attack: An attack based on deceiving users or administrators at the target site. Social engineering attacks are typically carried out by telephoning users or operators and pretending to be an authorized user, to attempt to gain illicit access to systems.
SSL - Secure Sockets Layer, based on public key cryptography, used to generate a cryptographic session that is private to a web server and a client browser.
*-Property (Star Property): A Bell-LaPadula security model rule allowing a subject write access to an object only if the security level of the subject is dominated by the security level of the object. Also known as the Confinement Property.
Standards: Organizational standards (not to be confused with American National Standards, FIPS, Federal Standards, or other national or international standards) specify uniform use of specific technologies, parameters, or procedures when such uniform use will benefit an organization. Standardization of organization-wide identification badges is a typical example, providing ease of employee mobility and automation of entry/exit systems. Standards are normally compulsory within an organization.
Storage Object: An object that supports both read and write accesses.
State Full Evaluation: Methodology using mixture of proxy or filtering technology intermittently depending upon perceived threat [and/or need for "speed"].
Subject: An active entity, generally in the form of a person, process, or device that causes information to flow among objects or changes the system state. Technically, a process/domain pair.
Subject Security Level: A subject's security level is equal to the security level of the objects to which it has both read and write access. A subject's security level must always be dominated by the clearance of the user the subject is associated with.
System: An assembly of computer and/or communications hardware, software, and firmware configured for the purpose of classifying, sorting, calculating, computing, summarizing, transmitting and receiving, storing and retrieving data with the purpose of supporting users.
System High: The highest security level supported by a system at a particular time or in a particular environment.
System High Security Mode: The mode of operation in which system hardware and software is only trusted to provide discretionary protection between users. In this mode, the entire system, to include all components electrically
System Low: The lowest security level supported by a system at a particular time or in a particular environment.
System Security Officer (SSO): The person responsible for the security of a system. The SSO is authorized to act in the "security administrator" role. Functions that the SSO is expected to perform include: auditing and changing
System Security Plan: The purpose of the system security plan is to provide a basic overview of the security and privacy requirements of the subject system and the agency's plan for meeting those requirements. The system security plan may also be viewed as documentation of the structured process of planning adequate, cost-effective security protection for a system.
- T -
TEMPEST: The study and control of spurious electronic signals emitted from ADP equipment.
Threat: A threat is an entity or event with the potential to harm the system. Typical threats are errors, fraud, disgruntled employees, fires, water damage, hackers, and viruses. Threats should be identified and analyzed to determine the likelihood of their occurrence and their potential to harm assets.
Timeliness: - Public and private parties, at both national and international levels, should act in a timely coordinated manner to prevent and to respond to breaches of security of information systems.
Token: A "token" is an authentication too, a device utilized to send and receive challenges and responses during the user authentication process. Tokens may be small, hand-held hardware devices similar to pocket calculators or credit cards. See key.
Top-Level Specification (TLS): A non-procedural description of system behavior at the most abstract level. Typically a functional specification that omits all implementation details.
Trap Door: A hidden software or hardware mechanism that permits system protection mechanisms to be circumvented. It is activated in some non-apparent manner (e.g., special "random" key sequence at a terminal).
Trojan Horse: A computer program with an apparently or actually useful function that contains additional (hidden) functions that surreptitiously exploit the legitimate authorizations of the invoking process to the detriment of security. For example, making a "blind copy" of a sensitive file for the creator of the Trojan Horse.
Trusted Channel: A mechanism by which two NTCB partitions can communicate directly. This mechanism can be activated by either of the NTCB partitions, cannot be imitated by untrusted software, and maintains the integrity of information that is sent over it. A trusted channel may be needed for the correct operation of other security mechanisms.
Trusted Computer System: A system that employs sufficient hardware and software integrity measures to allow its use for processing simultaneously a range of sensitive or classified information.
Trusted Computing Base (TCB): The totality of protection mechanisms within a computer system -- including hardware, firmware, and software -- the combination of which is responsible for enforcing a security policy. A TCB consists of one or more components that together enforce a unified security policy over a product or system. The ability of a trusted computing base to correctly enforce a security policy depends solely on the mechanisms within the
Trusted functionality: That which is determined to be correct with respect to some criteria, e.g. as established by a security policy. The functionality shall neither fall short of nor exceed the criteria.
Trusted Network: A trusted network is able to control both the reading and writing of shared sensitive information. Control of writing is used to protect against destruction of information. A network normally is expected to have policy requirements to protect both the secrecy and integrity of the information entrusted to it. In a network the integrity is frequently as important or more important than the secrecy requirements. Therefore the secrecy and/or integrity policy to be enforced by the network must be stated for each network regardless of its evaluation class. The assurance that the policy is faithfully enforced is reflected in the evaluation class of the network.
This control over modification is typically used to protect information so that it may be relied upon and to control the potential harm that would result if the information were corrupted. The overall network policy requirements for integrity includes the protection for data both while being processed in a component and while being transmitted in the network.
Trusted Path: A mechanism by which a person at a terminal can communicate directly with the Trusted Computing Base. This mechanism can only be activated by the person or the Trusted Computing Base and cannot be imitated by untrusted software.
Trusted Software: The software portion of a Trusted Computing Base.
Trusted Subject: A subject that is part of the TCB. It has the ability to violate the security policy, but is trusted not to actually do so. For example, in the Bell-
Tunneling Router: A router or system capable of routing traffic by encrypting it and encapsulating it for transmission across an untrusted network, for eventual de-encapsulation and decryption.
Two-Factor Authentication: Two-factor authentication is based on something a user knows (factor one) plus something the user has (factor two). In order to access a network, the user must have both "factors" - just as he/she must have an ATM card and a Personal Identification Number (PIN) to retrieve money from a bank account, In order to be authenticated during the challenge/response process, users must have this specific (private) information.
- U -
User Identification: User identification is the process by which a user identifies himself to the system as a valid user. (As opposed to authentication, which is the process of establishing that the user is indeed that user and has a right to use the system.)
User Interface: The part of an application that the user works with. User interfaces can be text-driven, such as DOS, or graphical, such as Windows.
User: Any person who interacts directly with a network system. This includes both those persons who are authorized to interact with the system and those people who interact without authorization (e.g., active or passive wiretappers).
Note that "users" does not include "operators," "system programmers," "technical control officers," "system security officers," and other system support personnel. Such individuals may change the system parameters of the network system, for example by defining membership of a group. These individuals may also have the separate role of users.
- V -
Verification: The process of comparing two levels of system specification for proper correspondence (e.g., security policy model with top-level specification , TLS with source code, or source code with object code). This process may or may not be automated.
Virtual Network Perimeter: A network that appears to be a single protected network behind firewalls, which actually encompasses encrypted virtual links over untrusted networks.
Virtual Private Network: A virtual private network (VPN) is an encrypted tunnel between two organizations (or hosts) that enable secured communication to occur over public networks. This tunnel allows a variety of different types of traffic, which distinguishes a VPN from an encrypted connection.
Virus: A code segment that replicates by attaching copies of itself to existing executables. The new copy of the virus is executed when a user executes the new host program. The virus may include an additional "payload" that triggers when specific conditions are met. For example, some viruses display a text string on a particular date. There are many types of viruses, including variants, overwriting, resident, stealth, and polymorphic.
Vulnerability: A vulnerability is a condition or weakness in (or absence of) security procedures, technical controls, physical controls, or other controls that could be exploited by a threat. Vulnerabilities are often analyzed in terms of missing safeguards. Vulnerabilities contribute to risk because they may "allow" a threat to harm the system.
- W -
Worm: A self-replicating program that is self-contained and does not require a host program. The program creates a copy of itself and causes it to execute; no user intervention is required. Worms commonly use network services to propagate to other host computer systems.
Write: A fundamental operation that results only in the flow of information from a subject to an object.
Write Access: Permission to write an object.
Acronyms:
ACL: Access Control List
ADP: Automatic Data Processing
AIS: Automated Information System
ANSI: The American National Standards Institute.
ARPANET: Advanced Research Projects Agency Network
CERT: The Computer Emergency Response Team was established at Carnegie-Mellon University after the 1988 Internet worm attack.
COMSEC: Communications Security
CPU: Central Processing Unit
CRC: Cyclic Redundancy Code or Cyclic Redundancy Check
DAA: Designated Approving Authority
DBMS: Data Base Management System
DAC: Discretionary Access Control
DES: Data encryption standard.
DMZ - Demilitarized Zone, a network created by connecting two firewalls.
DOS: Denial-of-service
DTLS: Descriptive Top-Level Specification
E3: End-to-end Encryption
FTLS: Formal Top-Level Specification
FTP: File Transfer Protocol
IDS - Intrusion Detection System1
IP: Internet Protocol
IETF: The Internet Engineering Task Force, a public forum that develops standards and resolves operational issues for the Internet.
ISDN: Integrated Services Digital Network
ISO: International Standards Organization, sets standards for data communications.
ISSA: Information Systems Security Association.
KDC: Key Distribution Center
LAN: Local Area Network
LRC: Longitudinal Redundancy Check
MAC: Mandatory Access Control
MDC: Manipulation Detection Code
MSM: Message Stream Modification
MWT: Maximum Waiting Time
NSA: National Security Agency
NTCB: Network Trusted Computing Base
OSI: Open System Interconnection
PDU: Protocol Data Unit (a.k.a. packet, datagram)
PKC: Public Key Cryptosystem
PWDS: Protected Wireline Distribution System
ROM: Read Only Memory
SSL - Secure Sockets Layer
TAC: Terminal Access Controller
TCB: Trusted Computer Base
TCP: Transmission Control Protocol
TELNET: Network Virtual Terminal Protocol
TLS: Top Level Specification
TCSEC: Trusted Computer System Evaluation Criteria
TFE: Trusted Front-end Processor
TIU: Trusted Network Interface Unit
TNI: Trusted Network Interpretations
VMM: Virtual Machine Monitor
1 comment:
Great article ! You have made an excellent glossary of the most common and important computer security terms. I am bookmarking this article. Thanks for sharing this highly informative post.
eSignature
Post a Comment