Term
| Access Control Entries (ACEs) |
|
Definition
| An entry in an object’s access control list (ACL) that grants permissions to a user or group. Each ACE consists of a security principal (the name of the user, group, or computer being granted the permissions) and the specific permissions assigned to that security principal. When you manage permissions in any of the Windows Server 2008 permission systems, you are creating and modifying the ACEs in an ACL. |
|
|
Term
| Access Control List (ACL) |
|
Definition
| A collection of access control entries that defines the access that all users and groups have to an object. |
|
|
Term
|
Definition
| Group of technologies that enable computers to identify individuals based on physiological characteristics, such as fingerprints. |
|
|
Term
| BitLocker Drive Encryption |
|
Definition
| Windows Server 2008 feature that can encrypt entire volumes to prevent intruders from accessing their data. |
|
|
Term
| centralized authentication |
|
Definition
| Security model in which all of the servers on a network rely on a single authority to authenticate users. |
|
|
Term
| decentralized authentication |
|
Definition
| Security model in which each server maintains its own list of users and their credentials. |
|
|
Term
|
Definition
| Password penetration technique in which a list of common passwords is encrypted and the results compared with captured ciphertext. |
|
|
Term
|
Definition
| Software routine that acts as a virtual barrier between a computer and the attached network. A firewall is essentially a filter that enables certain types of incoming and outgoing traffic to pass through the barrier, while blocking other types. |
|
|
Term
|
Definition
| Combination of allowed, denied, inherited, and explicitly assigned permissions that provides a composite view of a security principal’s functional access to a resource. |
|
|
Term
|
Definition
| Ticket-based authentication protocol used by Windows computers that are members of an Active Directory domain. Unlike NTLM, which involves only the IIS7 server and the client, Kerberos authentication involves an Active Directory domain controller as well. |
|
|
Term
| Key Distribution Center (KDC) |
|
Definition
| Windows Server 2008 component, part of the Kerberos authentication protocol, that maintains a database of account information for all security principals in the domain. |
|
|
Term
|
Definition
In TCP/IP communications, the code numbers embedded in transport
layer protocol headers that identify the applications that generated and will receive a particular message. The most common firewall rules use port numbers to specify the types of application traffic the computer is allowed to send and receive. |
|
|
Term
|
Definition
| In Windows Firewall, a method for opening a communications port through the firewall. When you create a program exception, the specified port is open only while the program is running. When you terminate the program, the firewall closes the port. |
|
|
Term
|
Definition
| Security relationship in which participants are issued two keys: public and private. The participant keeps the private key secret, while the public key is freely available in the digital certificate. Data encrypted with the private key can be decrypted only using the public key, and data encrypted with the public key can be decrypted only using the private key. |
|
|
Term
|
Definition
| Cryptographic system in which one character is substituted for another. |
|
|
Term
| Security Accounts Manager (SAM) |
|
Definition
| Component of all Windows computers that enables them to maintain a list of local users and groups that function as a decentralized authentication system. When you log on to a Windows computer for the first time, you use the local Administrator account, which the computer authenticates using its own SAM. |
|
|
Term
| Security Identifiers (SIDs) |
|
Definition
|
|
Term
|
Definition
| User, group, or computer to which an administrator assigns permissions. |
|
|
Term
|
Definition
| Environment in which users can access all network resources with a single set of credentials. |
|
|
Term
|
Definition
| Credit card–sized device that contains memory and embedded circuitry that enables it to store data, such as a public encryption key. |
|
|
Term
|
Definition
|
|
Term
|
Definition
| Element providing a security principal with a specific degree of access to a resource. |
|
|
Term
|
Definition
| Common combination of special permissions used to provide a security principal with a level of access to a resource. |
|
|
Term
| Ticket Granting Tickets (TGTs) |
|
Definition
| In Kerberos authentication, a credential issued by the Authentication Service that supplies valid authentication credentials. Whenever the client requires access to a new network resource, it must present its TGT to the Key Distribution Center. |
|
|
Term
| Trusted Platform Module (TPM) |
|
Definition
| Dedicated cryptographic processor chip that a Windows Server 2008 computer uses to store BitLocker encryption keys. |
|
|
Term
|
Definition
| In Active Directory, relationships between domains that enable network resources in one domain to authorize users in another. |
|
|
Term
|
Definition
| Networking technique in which one protocol is encapsulated within another protocol. In virtual private networking (VPN), an entire client/server session is tunneled within another protocol. Because the internal, or payload, protocol is carried by another protocol, it is protected from most standard forms of attack. |
|
|
