Term
| Time-Based Model of Security |
|
Definition
| Implementing a set of preventitive, detective, and corrective controls that enable an organization to recognize that an attack is occuring and take steps to thwart it before any assets have been compromised. |
|
|
Term
|
Definition
| Employing multiple layers of controls in order to avoid having a single point-of-failure. The use of overlapping, complementary, and redundant controls buys time for the organization to detect and react to attacks; it also increases effectiveness because even if one procedure fails or is circumvented, another may function as planned. |
|
|
Term
|
Definition
| Verifying the identity of the person or device attempting to access the system. |
|
|
Term
|
Definition
| A physical characteristic (fingerprint, voice, etc.) used to autheticate the identity of a user. |
|
|
Term
| Multifactor Authentication |
|
Definition
| The use of two or more authentication methods (password, ID badges, biometrics, etc.) in conjuction to achieve a greater level of security. |
|
|
Term
|
Definition
| The empowerment of an employee to perform certain functions within an organization, such as purchase or sell on behalf of the company. |
|
|
Term
|
Definition
| An internally maintained table specifying which portions of the system users are permitted to access and what actions they can perform. The matrix contains a list of user codes, a list of all files and programs maintained on the system, and a list of the accesses each user is authorized to make. |
|
|
Term
|
Definition
| Checking to see whether a person attempting to access a particular information system resource is authorized to do so. |
|
|
Term
|
Definition
| Using deception to obtain unauthorized access to information resources. Access is usually obtained by fooling an employee. |
|
|
Term
|
Definition
| A device that connects an organization's information system to the internet. |
|
|
Term
|
Definition
| A combination of security algorithms and router communications protocols that pervent outsiders from tapping into corporate databases and e-mail systems. |
|
|
Term
|
Definition
| Placing the organization's Web servers and e-mail servers in a seperate network that sits outside the corporate network but is accessible from the Internet. |
|
|
Term
| Transmission Control Protocol (TCP) |
|
Definition
| The protocol enabling communications on the Internet. It creates what is called a packet-switching network. |
|
|
Term
|
Definition
| When the message is ready to be sent over the Internet, the TCP breaks it up into small packets. Each packet is then given a header, which contains the destination address, and he packets are then sent individually over the Internet. |
|
|
Term
|
Definition
| Special purpose devices that are designed to read the destination address fields in IP packet headers to decide where to send (route) the packet next. |
|
|
Term
| Access Control List (ACL) |
|
Definition
| A set of rules that determine which packets of information transmitted over a network, such as the Internet, are allowed entry and which are dropped. |
|
|
Term
|
Definition
A process that screens individual IP packets based solely on the contents of teh source and/or destination fields in the IP packet header. |
|
|
Term
| Stateful Packet Filtering |
|
Definition
| A technique employed by firewalls in which a table is maintained that lists all established connections between the organization's computers and the Internet. |
|
|
Term
|
Definition
| When the firewall examines the data in the body of an IP packet rather than only looking at the information in the IP header. |
|
|
Term
| Intrusion Prevention Systems (IPS) |
|
Definition
| A new type of filter designed to identify and drop packets that are part of an attack. |
|
|
Term
| Remote Authentication Dial-In User Service (RADIUS) |
|
Definition
| A standard method for verifying the identiy of users attempting to connect via dial-in access. Users connect to a remote server and submit their login credentials. |
|
|
Term
|
Definition
| Searching for an idle modem by programming a computer to dial thousands of phone lines. Finding an idle modem often enables a hacker to gain access to the network to which it is connected. |
|
|
Term
|
Definition
| The workstations, servers, printers, and other devices that comprise the organization's network. |
|
|
Term
|
Definition
| Flaws in programs which can be exploited to either crash the system or take control of it. |
|
|
Term
|
Definition
| The process of turning off unnecessary program features. |
|
|
Term
|
Definition
| The process of transforming normal text, called plain text, into unreadable gibberish, called ciphertext. Encryption is particularly important when confidential data is being transmitted from remote terminals because data transmission lines can be electronically monitored without the user's knowledge. |
|
|
Term
|
Definition
| Normal text that has not been encrypted. |
|
|
Term
|
Definition
| Plaintext that has been transformed into unreadable gibberish through the process of encryption. |
|
|
Term
|
Definition
| Transforming ciphertext back into plaintext. |
|
|
Term
|
Definition
| The process of storing a copy of an encryption key in a secure location. |
|
|
Term
| Symmetric Encryption Systems |
|
Definition
| Encyption systems that use the same key both to encrypt and to decrypt. |
|
|
Term
| Asymmetric Encryption Systems |
|
Definition
| An approach to encryption that uses two keys; a public key that is publicly available and a private key that is kept secret and known only by the owner of that pair of keys. |
|
|
Term
|
Definition
| An encryption system in which both the sender and the receiver has access to the key but do not allow others access to the same key. |
|
|
Term
|
Definition
| A process that takes plaintext of any length and transforms it into a short code called a hash. |
|
|
Term
|
Definition
| Plaintext that has been transformed into short code. |
|
|
Term
|
Definition
| (1) A piece of data signed on a document by a computer. A digital signiture cannot be forged and is useful in tracing authorization. (2) Information encrypted with the creator's private key. |
|
|
Term
|
Definition
| An electronic document, created and digitally signed by a trusted third party, that certifies the identity of the owner of a particlar public key. The digital certificate contains that party's public key. Thus, digital certificates provide an automated method for obtaining an organization's or individual's public key. |
|
|
Term
|
Definition
| An independent organization that issues public and private keys and records the public key in a digital certificate. |
|
|
