Term
|
Definition
| to ensure that one person acting alone cannot compromise the company’s security in any way.High-risk activities should be broken up into different parts and distributed to differentindividuals or departments. |
|
|
Term
|
Definition
| over time, more than one person fulfills the tasks of oneposition within the company. This enables the company to have more than one personwho understands the tasks and responsibilities of a specific job title, which providesbackup and redundancy if a person leaves the company or is absent. Job rotation alsohelps identify fraudulent activities, |
|
|
Term
|
Definition
| an individualshould have just enough permissions and rights to fulfill his role in the company andno more. |
|
|
Term
|
Definition
Reasons include being able to identify fraudulent activities and
enabling job rotation to take place. |
|
|
Term
|
Definition
predefined thresholds for the number of certain types of errors
that will be allowed before the activity is considered suspicious. The threshold is a baseline
for violation activities that may be normal for a user to commit before alarms are
raised |
|
|
Term
|
Definition
concentrates on the product’s architecture, embedded features,
and functionality that enable a customer to continually obtain the necessary level of
protection when using the product. Examples of operational assurances examined in
the evaluation process are access control mechanisms, the separation of privileged and
user program code, auditing and monitoring capabilities, covert channel analysis, and
trusted recovery when the product experiences unexpected circumstances. |
|
|
Term
|
Definition
pertains to how the product was developed and maintained.
Each stage of the product’s life cycle has standards and expectations it must fulfill before
it can be deemed a highly trusted product. Examples of life-cycle assurance standards
are design specifications, clipping-level configurations, unit and integration
testing, configuration management, and trusted distribution. |
|
|
Term
| Initial Program Load (IPL) |
|
Definition
| a mainframe term for loading the operating system’s kernel into the computer’s main memory. On a personal computer, booting into the operating system is the equivalent to IPLing. This activity takes place to prepare the computer for user operation |
|
|
Term
|
Definition
includes knowing and keeping up-to-date this
complete inventory of hardware (systems and networks) and software. |
|
|
Term
|
Definition
takes place after the system shuts itself down in a controlled manner
in response to a kernel (trusted computing base) failure. If the system finds inconsistent
object data structures or if there is not enough space in some critical tables, a system
reboot may take place. This releases resources and returns the system to a more stable
and safer state. |
|
|
Term
|
Definition
takes place after a system failure happens in an uncontrolled
manner |
|
|
Term
|
Definition
takes place when an unexpected kernel or media failure happens
and the regular recovery procedure cannot recover the system to a more consistent state. |
|
|
Term
|
Definition
When media is erased (cleared of its contents), In military/
government classified systems terms, this means erasing information so it is not readily
retrieved using routine operating system commands or commercially available forensic/
data recovery software |
|
|
Term
|
Definition
making information unrecoverable even with extraordinary effort
such as physical forensics in a laboratory. |
|
|
Term
|
Definition
(overwriting with a pattern designed to ensure that the data
formerly on the media are not practically recoverable), |
|
|
Term
|
Definition
magnetic scrambling
of the patterns on a tape or disk that represent the information stored there), |
|
|
Term
|
Definition
the residual physical representation of information that was
saved and then erased in some fashion. This remanence may be enough to enable the
data to be reconstructed and restored to a readable form. This can pose a security threat
to a company that thinks it has properly erased confidential data from its media |
|
|
Term
| Mean Time Between Failures (MTBF) |
|
Definition
| the estimated lifespan of a piece of equipment. |
|
|
Term
| Mean Time To Repair (MTTR) |
|
Definition
| the amount of time it will be expected to take to get a device fixed and back into production. |
|
|
Term
|
Definition
poses a lot of potential risk to a network, because if the device
fails, a segment or even the entire network is negatively affected. Devices that could
represent single points of failure are firewalls, routers, network access servers, T1 lines,
switches, bridges, hubs, and authentication servers—to name a few. |
|
|
Term
| Direct Access Storage Device (DASD) |
|
Definition
| a general term for magnetic disk storage devices, which historically have been used in mainframe and minicomputer (mid-range computer) environments. RAID is a type of DASD. |
|
|
Term
| Redundant Array Of Independent Disks (Raid) |
|
Definition
a technology used for redundancy
and/or performance improvement. It combines several physical disks and aggregates
them into logical arrays. When data are saved, the information is written across all
drives |
|
|
Term
|
Definition
Striping - Data striped over several drives. No redundancy or
parity is involved. If one volume fails, the entire volume
can be unusable. It is used for performance only. |
|
|
Term
|
Definition
Mirroring - Mirroring of drives. Data are written to two drives at
once. If one drive fails, the other drive has the exact
same data available. |
|
|
Term
|
Definition
Hamming code parity - Data striping over all drives at the bit level. Parity data
are created with a hamming code, which identifies any
errors. This level specifies that up to 39 disks can be
used: 32 for storage and 7 for error recovery data.
This is not used in production today. |
|
|
Term
|
Definition
Byte-level parity - Data striping over all drives and parity data held on
one drive. If a drive fails, it can be reconstructed from
the parity drive. |
|
|
Term
|
Definition
Block-level parity - Same as level 3, except parity is created at the block
level instead of the byte level. |
|
|
Term
|
Definition
Interleave parity - Data are written in disk sector units to all drives.
Parity is written to all drives also, which ensures there
is no single point of failure. |
|
|
Term
|
Definition
Second parity data (ordouble parity) - Similar to level 5 but with added fault tolerance, which
is a second set of parity data written to all drives. |
|
|
Term
|
Definition
Striping and mirroring - Data are simultaneously mirrored and striped across
several drives and can support multiple drive failures. |
|
|
Term
| Massive Array Of Inactive Disks. MAID |
|
Definition
| Lots of RAIDS. Disk activates only when needed. |
|
|
Term
| RAIT (Redundant Array Of Independent Tapes |
|
Definition
| similar to RAID, but uses tape drives instead of disk drives. |
|
|
Term
| Storage Area Network (SAN) |
|
Definition
| consists of large amounts of storage devices linked together by a high-speed private network and storage-specific switches |
|
|
Term
|
Definition
a fault-tolerant server technology that is similar to redundant servers,
except each server takes part in processing services that are requested. A server cluster is
a group of servers that are viewed logically as one server to users and can be managed
as a single logical system. |
|
|
Term
|
Definition
another load-balanced parallel means of massive computation,
similar to clusters, but implemented with loosely coupled systems that may join and
leave the grid randomly |
|
|
Term
| HSM (Hierarchical Storage Management) |
|
Definition
| provides continuous online backup functionality. It combines hard disk technology with the cheaper and slower optical or tape jukeboxes. |
|
|
Term
|
Definition
| mainframes tend to be highly reliableand available. That is, the developers of mainframes trade off the development effort that makes lower-end systems so fast for the reliability that lower-end systems almost universally lack |
|
|
Term
|
Definition
where mainframes are designed for very high quantities of
general processing, supercomputers are optimized for extremely complex central processing |
|
|
Term
| Operating System Fingerprinting. |
|
Definition
| network-mapping that maps operating systems, applications,and versions to the type of responses and message fields they use. |
|
|
Term
|
Definition
a general technique used by intruders to obtain information they are
not authorized to access. This type of attack takes place when an attacker is looking for
sensitive data but does not know the format of the data (word processing document,
spreadsheet, database, piece of paper) |
|
|
Term
|
Definition
| a tool that monitors traffic as it traverses a network. |
|
|
Term
|
Definition
a program that is installed by an attacker to enable her to come back
into the computer at a later date without having to supply login credentials or go
through any type of authorization process. |
|
|
Term
| Denial-Of-Service (Dos) Attack |
|
Definition
| An attacker sends multiple service requests to the victim’s computer until they eventually overwhelm the system, causing it to freeze, reboot, and ultimately not be able to carry out regular tasks. |
|
|
Term
|
Definition
| An intruder injects herself into an ongoing dialog between two computers so she can intercept and read messages being passed back and forth. These attacks can be countered with digital signatures and mutual authentication techniques. |
|
|
Term
|
Definition
| This is an attack used to overwhelm mail servers and clients with unrequested e-mails. Using e-mail filtering and properly configuring e-mail relay functionality on mail servers can be used to protect against this type of DoS attack. |
|
|
Term
|
Definition
This is a brute force attack in which an attacker has a program
that systematically dials a large bank of phone numbers with the goal of
finding ones that belong to modems instead of telephones. These modems
can provide easy access into an environment. The countermeasures are to not
publicize these telephone numbers and to implement tight access control for
modems and modem pools. |
|
|
Term
|
Definition
This is a type of DoS attack in which oversized ICMP packets
are sent to the victim. Systems that are vulnerable to this type of attack do
not know how to handle ICMP packets over a specific size and may freeze
or reboot. Countermeasures are to patch the systems and implement ingress
filtering to detect these types of packets. |
|
|
Term
|
Definition
A fake login screen is created and installed on the
victim’s system. When the user attempts to log into the system, this fake screen
is presented to the user, requesting he enter his credentials. |
|
|
Term
|
Definition
| This attack sends malformed fragmented packets to a victim. The victim’s system usually cannot reassemble the packets correctly and freezes as a result. Countermeasures to this attack are to patch the system and use ingress filtering to detect these packet types. |
|
|
Term
|
Definition
This is a method of uncovering information by watching
traffic patterns on a network. For example, heavy traffic between the HR
department and headquarters could indicate an upcoming layoff. Traffic
padding can be used to counter this kind of attack, in which decoy traffic is
sent out over the network to disguise patterns and make it more difficult to
uncover them. |
|
|
Term
|
Definition
Slamming is when a user’s service provider has
been changed without that user’s consent. Cramming is adding on charges
that are bogus in nature that the user did not request. Properly monitoring
charges on bills is really the only countermeasure to these types of attacks. |
|
|
Term
|
Definition
the process of simulating attacks on a network and its systems
at the request of the owner, senior management. Penetration testing uses a set of procedures
and tools designed to test and possibly bypass the security controls of a system.
Its goal is to measure an organization’s level of resistance to an attack and to uncover
any weaknesses within the environment. |
|
|
Term
| Penetration Test - Five-Step Process |
|
Definition
1. Discovery - Footprinting and gathering information about the target
2. Enumeration - Performing port scans and resource identification methods
3. Vulnerability - mapping Identifying vulnerabilities in identified systems and resources
4. Exploitation - Attempting to gain unauthorized access by exploiting vulnerabilities
5. Report to management - Delivering to management documentation of test findings along with suggested countermeasures |
|
|
