Computer
Terms and Definitions
A
Absolute Path
The full path of an object that begins with the root directory.
Abstract Syntax Notation One (
ASN
.1) In the Distributed Computing Environment (DCE), a data
representation scheme that enables complicated types to be defined and
enables values of these types to be specified.
Acceptance Inspection
The final inspection to determine whether or not a facility or system
meets the specified technical and performance standards.
Note: This inspection is held immediately after facility and software
testing and is the basis for commissioning or accepting the information
system.
Access
A condition or equipment mode that allows authorized entry into a
protected area without alarm by electronically or mechanically deactivating
a sensor or sensors; The ability and means to approach, store or retrieve
data, or to communicate with or make use of a resource of an automated data
processing system; and The ability and opportunity to obtain knowledge of
classified information. An individual is considered to have access to
classified information if he or she is admitted to an area where such
information is kept or handled and security measures do not prevent that
individual from gaining knowledge of such information.
Access
Control
An aspect of security that utilizes hardware systems and specialized
procedures to control and monitor the movement of individuals, vehicles, or
materials into, out of, or within designated areas. Access to various points
may be a function of authorization level, time, or a combination of the two;
and, The use of physical security as a means of controlling movement into or
out of secured areas.
Access Control List (
ACL
) A mechanism that implements access control for a system
resource by listing the identities of the system entities that are permitted
to access the resource.
Access
Control System An electronic, electro-mechanical, or mechanical system designed
to identify and/or admit authorized personnel to the secure area.
Identification may be based on any number of factors such as a sequencing of
combinations, special keys, badges, fingerprints, signature, voice, etc.
These systems are for personnel access control only and are not to be used
for the protection of stored information or materials.
Access Control Mechanism
Hardware or software features, operating procedures, management
procedures, and various combinations of these designed to detect and prevent
unauthorized access and to permit authorized access in an automated system.
Accessibility
The quality of a system incorporating hardware or software that makes it
usable by people with one or more physical disabilities, such as restricted
mobility, blindness, or deafness.
Access Level
The hierarchical portion of the security level used to identify the
sensitivity of data and the clearance or authorization of users.
Note: The access level, in conjunction with the nonhierarchical
categories, forms the sensitivity label of an object.
See category, security level, and sensitivity label.
Access List
A list of users, programs, and/or processes and the specifications of
access categories to which each is assigned.
Access Period
A segment of time, generally expressed on a daily or weekly basis,
during which access rights prevail.
Access Point (AP)
A device that connects to a wired network and sends and receives radio
signals enabling wireless access to a telecommunication network by wireless
devices.
Access
Port
A logical or physical
identifier that a computer uses to distinguish different terminal
input/output data streams.
Access Type
The nature of an access right to a particular device, program, or file
(e.g., read, write, execute, append, modify, delete, or create).
Accountability
The property that enables activities on a system to be traced to
individuals who may then be held responsible for their actions.
Account
Compromise An account compromise is the unauthorized use of a
computer account by someone other than the account owner, without involving
system-level or root-level privileges (privileges a system administrator or
network manager has). An account compromise might expose the victim to
serious data loss, data theft, or theft of services. The lack of root-level
access means that the damage can usually be contained, but a user-level
account is often an entry point for greater access to the system.
Active
Hyperlink
A hyperlink that is currently selected in a Web browser. Some
Web browsers indicate the active hyperlink by changing its color.
Active Window
The last program window you clicked on-the one thats currently
highlighted. Any keys you press
affect this window. *The color
of the title bar will change when a window is active*
ActiveX
An application programming interface (
API
) that allows web
browsers to download and execute Windows programs. For example,
Netscape Communicator's support for ActiveX lets users open an Excel
spreadsheet from within Netscape Navigator.
Adapter A
part that electrically or physically connects a device to a computer or to
another device.
Add-on Security
The retrofitting of protection mechanisms, implemented by hardware or
software.
Address
Like a street address, an email address gets email to one location, an
address for a web page takes you to a web location (and is also called a
URL)
Address Resolution
Protocol (ARP)
Address Resolution Protocol (ARP) is a protocol for mapping an Internet
Protocol address to a physical machine address that is recognized in the
local network. A table, usually
called the ARP cache, is used to maintain a correlation between each
MAC
address and its corresponding IP address.
ARP provides the protocol rules for making this correlation and
providing address conversion in both directions.
Adjudication
The adjudicative process is an examination of a sufficient period of a
persons life to make an affirmative determination that the person is
eligible for a security clearance.
Administration
The functions required to establish, manage, and maintain security.
Administrative Access
Access to servers or other devices with the intent to perform
administrative functions.
Administrative Profile
A profile with Administrator privileges.
Administrative Security
The management constraints and supplemental controls established to
provide an acceptable level of protection for data.
Synonymous with procedural security.
Administrator
A user with full access privileges to the computer. Administrators can
change any setting for any computer on a client/server network.
ADP
Facility
A facility, room, or area where computer processing and related
activities occur.
A drive
The slot on your computer where you put in a floppy disk
Advanced Encryption
Standard (
AES
) An encryption
standard established by NIST that is intended to specify an unclassified,
publicly-disclosed, symmetric encryption algorithm.
Advanced Research Projects Agency
Network (ARPANET) The first
"Internet", linked UCLA, Stanford and defense contractors
beginning in the late 1960's. Retired in 1990, its younger brother, the
Internet, was brought on-line.
Advertise
To describe (a product, etc.) in some medium in order to induce the
public to buy it. To call public
attention to.
Adware
A form of spyware that collects information about the user in order to
display advertisements in the web browser based on the information it
collects from the user's browsing patterns.
Agency
Any department, institution, commission, committee, board, division,
bureau, office, officer, or official of the State. A
state government agency, department, institution, commission, committee,
board, division, bureau, office, officer, or official of the State subject
to this security standard.
Agent
A program that creates a model of a computer user's personal interests
and tastes, and acts as a proxy in searching out and prioritizing
information for that user. Agent technology is often used to classify and
prioritize information for custom delivery via push
technology.
Algorithm A
finite set of well-defined rules for the solution of a problem in a finite
number of steps.
Aliases
An alias is another name for your computer's Internet Name. Traditionally,
aliases are created to direct services (like www) for your domain and have
them point to the name of the computer that is actually running that service
(i.e. the web server). That way you do not actually need to have a real
computer called www.
Aliasing
In computer graphics, the process by which smooth curves and other lines
become jagged because the resolution of the graphics device or file is not
high enough to represent a smooth curve. Smoothing and antialiasing
techniques can reduce the effect of aliasing.
American Standard Code for
Information Interchange (ASCII) Basically a set of numbers that represent all the normal
characters one would find on their keyboard. There are many variations on
this theme used for different languages or other purposes. Text saved in
ASCII (.txt) format can be read by all word processing programs on most
platforms.
Anchor
Synonymous with hyperlinks, anchor refers to non-linear links among
documents. Or more simply put, it's the word or phrase that can be selected
to connect to another page or resource.
Anchor
Color
You guessed it--the color on screen that represents the anchors. The
reason so many are blue is that is often the default color. This color can
be changed to any combination of red, green and blue.
Animated
GIF
A file containing a series of GIF (Graphics Interchange Format) graphics
that are displayed in rapid sequence in a Web browser, giving the appearance
of a moving picture. See also GIF.
APache eXtenSion (APXS) A
support program that simplifies the creation of dynamic shared object (DSO)
files for Apache modules (especially for third-party modules). It can be
used to build DSO-based modules outside of the Apache source tree.
Applet
Java programs; an application program that uses the client's web browser
to provide a user interface.
Application
A program or group of programs designed for
end users. Applications software includes database programs, word
processors, and spreadsheets.
See Program.
Application Access
Access to one application from another when applications reside on
different servers and must cross lower zones to connect.
Application Programming
Interface (
API
) A standard
interface built into a program that lets other programs communicate with it.
Used by web
browsers and databases as an alternative to CGI
gateways. The client-side
program is written in Java
or JavaScript,
and it downloads
and executes on the end user's computer rather than executing on the server.
Archie
Derived from the word archive, Archie is a Net-based service that allows you
to locate files that can be downloaded via FTP.
"A" Records
"A" (Address) records are host name records that match a name to
an address.
Argument
An expression that is passed to a function or subroutine for evaluation.
Asset
Any person, facility, material, or information that has a positive value
to the Department of Commerce and which is controlled by the Department of
Commerce.
Asset Management
Specific standards for the management of the networks, systems, and
applications that store, process and transmit information assets.
Assurance
A measure of confidence that the security features and architecture of
an AIS accurately mediate and enforce the security policy.
Asymmetric Keys
In computer security,
the two keys in a key pair. The keys are called asymmetric because one key
holds more of the encryption pattern than the other does.
Asymmetric Key
Cryptography A
method of cryptography in which different keys are used to encrypt and
decrypt, as contrasted with symmetric key cryptography.
Also called public key cryptography because one of the keys is
typically made public (the other is kept private).
Asynchronous
A lack of synchronization. A method of transmitting data over a network
using a start bit at the beginning of a character and a stop bit at the end.
The time intervak between characters may be varying lengths. In video, a
signal is asynchronous when its timing differs from that of the system
reference signal.
Asynchronous
Communication Networks Networks
that allow the exchange of information or written messages, but in a
slightly delayed fashion. Messages are exchanged among computers on a
network much like letters are exchanged within a postal system, only faster.
Email is an example of "asynchronous" communication. This is in
contrast with synchronous communication, such as Internet chat rooms, in
which exchanges take place in "real time" (See also Synchronous).
Asynchronous Distance Education
Education in which interaction between instructor and student does not
take place simultaneously, e.g., traditional correspondence courses.
Asynchronous Transfer Mode (ATM)
High Speed (up to 155 Mbps), high bandwidth, low-delay, transport
technology, integrating multiple data types (voice, video, and data),
International Telecommunications Union (
ITU
) has selected ATM as the basis for the future broadband network because of
its flexibility and suitability for both transmission and switching. It may
be used in the phone and computer networks of the future. It is also a
multiplexed information transfer technique of sending data in irregular time
intervals using a code such as ASCII. ATM allows most modern computers to
communicate with one another easily.
ATA AT Attachment same as
IDE
interface.
Attack
The act of trying to bypass security controls on a system.
An attack may be active, resulting in the alteration of data; or
passive, resulting in the release of data.
Note: The fact that an attack is made does not necessarily mean that
it will succeed. The degree of
success depends on the vulnerability of the system or activity and the
effectiveness of existing countermeasures.
Attribute A
characteristic that identifies and describes a managed object. The
characteristic can be determined, and possibly changed, through operations
on the managed object. It is
also information within a managed object that is visible at the object
boundary. An attribute has a type, which indicates the range of information
given by the attribute, and a value, which is within that range.
Audio Conference
Audio teleconference. An electronic meeting in which participants in
different locations use telephones or audioconferencing equipment to
interactively communicate with each other in real time.
Audit
The process of reviewing system activities that enables the
reconstruction and examination of events to determine if proper procedures
have been followed.
Audit Trail
A chronological record of system activities that is sufficient to enable
the reconstruction, reviewing, and examination of the sequence of
environments and activities surrounding or leading to an operation, a
procedure, or an event in a transaction from its inception to final results.
Authenticate
(1) To verify the identity of a user, device, or other entity in a
computer system, often as a prerequisite to allowing access to resources in
a system. (2) To verify the
integrity of data that have been stored, transmitted, or otherwise exposed
to possible unauthorized modification.
Authentication
The exchange of security information in order to verify the claimed
identity of a communications partner. The
act of identifying or verifying the eligibility of a workstation,
originator, or individual to access specific categories of information. It
is the process of determining whether someone or something is, in fact, who
or what it is declared to be, based upon credentials provided such as user
ID and password combination. It
is the process of determining whether someone or something is, in fact, who
or what it is declared to be. Examples
include supplying a user or account name and a password, presenting a smart
card and entering a PIN, having a thumbprint recognized, sending a
cryptographic certificate which matches one held by the other party or
responding to a challenge in the correct way. Note that in some situations
it may not be obvious which way round the roles are; when connecting to a
'secure' Web site using
SSL
it is the Web site that seeks to convince the human user's Web browser of
its identity. The purpose of
authentication is usually to support authorization, the granting or denial
of access to some resources.
Authentication and
Authorization Service
Founded in directory based services and is a core technology for
securing the states infrastructure.
Authenticator
The means used to confirm the identity or to verify the eligibility of a
station, originator, or individual.
Authoring
Software
This term refers to software that enables the creation of multimedia or
hypertext documents and presentations.
Authoring
Systems (or Language) This term refers to computer
languages (like HyperCard, SuperCard, ToolBook, or Inkway) that use
"real" language (in limited sense) to represent programming
commands. The intent of such systems is to make it easier for users to
program their computers without having to learn the more obscure terms and
syntax of most programming languages such as FORTRAN, Pascal, and C.
Authorized User
One who has been authenticated to an Information Technology (IT) system
and has been granted rights of access based on the users policy
attributes. A person, system,
application or defined group that has been authenticated to an IT system and
granted access only to those resources to which he has been granted
permission to use.
Authorization
Having the consent or permission of the owner or of the person licensed
or authorized by the owner to grant permission to access a computer,
computer system, or computer network in a manner not exceeding the consent
or permission. The granting of rights, this includes the granting of rights
based on access rights. The
process of granting a user access to information, a system or an
application. Often access
privileges are granted based on the role the user has in relation to the
organization and/or the system to be accessed.
Authorization and Access
Control The
means of establishing and enforcing rights and privileges allowed to users.
Automated Data Processing
Security
Synonymous with automated information systems security.
Automated Information
System (AIS) An
assembly of computer hardware, software and/or firmware configured to
collect, create, communicate, compute, disseminate, process, store, and/or
control data or information.
Automated Information
System Security
Measures and controls that protect an AIS against denial of service and
unauthorized (accidental or intentional) disclosure, modification, or
destruction of AISs and data. AIS
security includes consideration of all hardware and/or software functions,
characteristics and/or features; operational procedures, accountability
procedures, and access controls at the central computer facility, remote
computer, and terminal facilities; management constraints; physical
structures and devices; and personnel and communication controls needed to
provide an acceptable level of risk for the AIS and for the data and
information contained in the AIS. It
includes the totality of security safeguards needed to provide an acceptable
protection level for an AIS and for data handled by an AIS.
Automated Security
Monitoring The
use of automated procedures to ensure that security controls are not
circumvented.
Availability
Availability is the need to ensure that the business purpose of the
system can be met and that it is accessible to those who need to use it.
Availability of Data
The state when data are in the place needed by the user, at the time the
user needs them, and in the form needed by the user.
B
Backbones
The Central network infrastructure of the Internet is often referred to as
the backbone and its allows data to travel from one network to another.
Backdoor
A backdoor is a secret or undocumented means of getting into a computer
system. Many programs have
backdoors placed by the programmer to allow them to gain access to
troubleshoot or change the program. Some
backdoors are placed by kickers once they gain access to allow themselves an
easier way around any security mechanisms that are in place the next time
they enter or in case their original entrance is discovered.
Back Up
To create an extra copy of a file or files.
Backup Plan
Synonymous with contingency plan.
Back-Words Storage
In an 80x86 based PC, values are stored with the least-significant byte
of the word in the lower memory location and the most significant byte in
the higher memory location, sometimes called "back-words" storage.
For example the value A59C is stored as bytes 9C A5 if you are looking at a
hex dump as in the Hex views of the MBR and boot sector codes. Same with
Dwords, for example the value A59CE2F3 is stored as the bytes F3 E2 9C A5,
with F3 being at the lowest memory address and A5 being at the highest
memory address. Qwords are stored in the same manner. The op-code
establishes whether the value following it is a Byte, Word, Dword or Qword.
Band
A range of frequencies between defined upper and lower limits.
Bandwidth
A Term used to describe how much data you can send through a connection
to the Net. The transmission capacity of a given medium, in terms of how
much data the medium can transmit in a given amount of time. The greater the
bandwidth, the faster the rate of data transmission. Information carrying
capacity of a communication channel.
Banner
See page banner.
Basic Encoding Rules (
BER
) A set of rules
used to encode abstract syntax notation one (
ASN
.1) values as strings of octets.
Basic Input/Output System
(BIOS) A system
that controls how the central processing unit communicates with the disk
drives, the
RAM
, the keyboard, and the monitor. The BIOS is stored in a ROM chip known as
the Complementary Metal Oxide Semiconductor (
CMOS
).
Battery
Backup A standby battery that is kept fully charged
for use during a primary power failure.
The Battery Backup is an essential element of all electrically
operated security systems.
Baud
A unit of speed in data transmission, or the maximum speed at which data
can be sent down a channel. Baud is often equivalent to bits per second.
Baud Rate
The speed of a modem measured in bits per second, 56Kbps is the current
fastest speed.
Bell-La Padula Model
A formal state transition model of computer security policy that
describes a set of access control rules.
In this formal model, the entities in a computer system are divided
into abstract sets of subjects and objects.
The notion of a secure state is defined, and it is proven that each
state transition preserves security by moving from secure state to secure
state, thereby inductively proving that the system is secure.
A system state is defined to be "secure" if the only
permitted access modes of subjects to objects are in accordance with a
specific security policy. In
order to determine whether or not a specific access mode is allowed, the
clearance of a subject is compared to the classification of the object, and
a determination is made as to whether the subject is authorized for the
specific access mode. See star
property (*-property) and simple security property.
Benign Environment
A non-hostile environment that may be protected from external hostile
elements by physical, personnel, and procedural security countermeasures.
Between-The-lines Entry
Unauthorized access obtained by tapping the temporarily inactive
terminal of a legitimate user. See
piggyback.
Beyond A1
A level of trust defined by the DoD Trusted Computer System Evaluation
Criteria (TCSEC) that is beyond the state-of-the-art technology available at
the time the criteria were developed. It
includes all the A1-level features plus additional ones not required at the
A1 level.
Bin Hex
A file format commonly used in sending large files and images over the Internet.
Biometrics
Unique, measurable physical or behavioral characteristics of a human
being for automatically recognizing or verifying identity. Biometrics use
physical characteristics of the users to determine identity and access.
Bit
A contraction of binary digit, a bit is the smallest
unit of information that a computer can hold. Eight bits is equivalent to a
byte. The speed at which bits are transmitted or bit rate is usually
expressed as bits per second or bps. Assigned
one of two values, 0 or 1.
Bitmap
Image (BMP) The standard graphics file format on Windows-compatible computers.
Bits per second (bps)
a measurement of data transmission speed.
Blogs or Blogging
A blog (short for web log) is a way for someone to present a running
journal for a wide variety of readers. They have been made to be very simple
to create and maintain. Sometimes readers can add their own entries or
comments to the blog
Blue Screen (a.k.a. Blue
Screen of Death)
An error screen that appears after a serious Windows operating system
fault. The screen has a blue background and displays error messages in white
text.
Body
An HTML element which contains all the information which makes up the
main content of a Web document, as opposed to information about the document
itself.
Bolt
That part of a lock which, when actuated, is projected (or
"thrown") from the lock into a retaining member, such as a strike
plate, to prevent a door or window from moving or opening.
Breach The successful defeat of security
controls resulting in a penetration of the system.
Bookmark
A named location on a Web page that can be the target of a hyperlink.
Bookmarks allow authors to link to a specific section of a target page. In a
URL, a bookmark is preceded by the pound sign (#). Also called anchor.
Boolean
A value of 0 or 1 represented internally in binary notation. Any
operation in which each of the operands and the result take one of two
values.
Boot Up
To load a computers operating system.
Border Gateway Protocol (
BGP
) An inter-autonomous system routing protocol.
BGP
is used to exchange routing information for the Internet and is the protocol
used between Internet service providers (ISP).
Bridge
A product that connects a local area network (
LAN
) to another local area network that uses the same protocol (for example,
Ethernet or token ring).
Broadband
A transmission medium capable of supporting a wide range of frequencies. It
can carry multiple signals by dividing the total capacity of the medium into
multiple, independent bandwidth channels, where each channel operates only
on a specific range of frequencies. In a networking context the term means
at least 2Mbps in both directions.
The term has
been adopted in common usage to refer to connections to the Internet at
speeds of 128Kbps or greater. These may be asymmetric.
Broadcast
To simultaneously send the same message to multiple recipients. In
networking, a distinction is made between broadcasting and multicasting.
Broadcasting sends a message to everyone on the network, but multicasting
sends a message to a select list of recipients.
Broadcast Address
An address used to broadcast a datagram to all hosts on a given network
using UDP or ICMP protocol.
Broken
Hyperlink
A hyperlink that points to an incorrect URL or a missing page or file.
Browse
To scan a database, a list of files, or the Internet.
Browser
A Client program (software) that is used to look at various kinds of
Internet resources
Browser Safe
Colors/Palette
The 216 colors that will not get dithered
on monitors that only display 256 colors. A very large GIF
that contains a complete list of browser safe colors is here.
Buffer A
routine or an area of storage that compensates for the different speeds of
data flow or timings of events, when transferring data from one device to
another.
Bulletin
Boards (BBS) BBS are virtual "spaces," located within some
computer's memory, that are used to post and receive messages of interest to
various groups of people-hence, the analogy to traditional bulletin boards.
The messages on bulletin boards are generally directed at people with
something in common (a hobby, a profession, a chronological age, a problem)
and are transmitted and received within minutes for relatively little
expense. Users generally get access to these BBs through personal computers
equipped with modems and connected to telephones-users pay the phone costs.
Frequently, BBs can also be accessed through educational, governmental or
some business computer systems. BBs are popular because they provide virtual
spaces for users to talk about topics of general interest (e.g., problems
with specific computer platforms and/or software packages), a variety of
academic and scholarly projects (e.g., cold fusion research, the use of
computers in composition instruction), areas of personal commitment (e.g.,
abortion, environmental news), or personal concerns (e.g., computer dating,
vampires, alternative sexual practices).
Business Continuity Plan (
BCP
) A collection
of procedures and information which is developed, compiled and maintained in
readiness for use in the event of an emergency or disaster.
Business Continuity Risk
Management For
business continuity risk management, the focus of risk management is an
impact analysis for those risk outcomes that disrupt agency business.
Business Impact Analysis (BIA)
Management level analysis, which identifies the impacts of losing
organizational resources. The
BIA measures the effect of resource loss and escalating losses over time, in
order to provide senior management with reliable data upon which to base
decisions on risk mitigation and continuity planning.
Byte
A unit of information comprised of 8 bits (on microcomputers).
C
Cable Television
A broadband communications technology in which multiple television channels
as well as audio and data signals are transmitted either one way or both
ways through a direct by wire distribution system to single or multiple
locations.
Cache
To store on a computer user's hard disk a local copy of a web
page accessed via the Internet.
The web
browser compares the cached copy of the page to the original, and
if there have been no changes, the browser will use the cached copy rather
than reloading the page onto the client,
saving processing and download
time. Also refers to a web site's database generating static copies of
frequently requested dynamic
pages, reducing processing time.
Cache Accelerator Provides
support for caching on multiple Web servers and on servers with multiple IP
addresses.
Callback
A procedure for identifying a remote terminal.
In a call back, the host system disconnects the caller and then dials
the authorized telephone number of the remote terminal to reestablish the
connection. Synonymous with dial
back.
Capability
A protected identifier that both identifies the object and specifies the
access rights to be allowed to the accessor who possesses the capability.
In a capability-based system, access to protected objects such as
files is granted if the would-be accessor possesses a capability for the
object.
Card
Access
A type of access control system that uses a card with a coded area or
strip, on or inside the card, to activate a lock or other access control
device. To activate the device,
the card is inserted into or through a slot where the data in the coded area
is read. If the code is accepted, a signal will be transmitted to unlock the
device or perform some other access control function.
See definition of Card Reader for more information on types.
Card
Reader
A device that reads the information on a card key. Card readers may
obtain data from access cards by reading punched holes, magnetic spots,
stripes or wires, or any of several other methods that use punched,
embossed, or embedded information. The reader may be an integral part of the
lock or it can be located in the immediate vicinity. Card readers fall into
one of two categories, online or
intelligent. On-line readers must communicate with a central processor that
makes the entry/exit decision and transmits a signal back to the locking
device. The intelligent
card reader compares the data on the card with preprogrammed parameters and
entry or exit is granted or denied by the card reader itself at the reader
location. Intelligent readers are also called stand-alone or off-line
readers.
Cascading
Style Sheets (
CSS
)
An HTML feature that gives Web site developers and users more control
over how pages are displayed. Using
CSS
, designers and users can create style sheets that define how different
elements, such as headers and links, appear. These style sheets can then be
applied to any Web page. The term cascading derives from the fact that
multiple style sheets can be applied to the same Web page.
Category
A restrictive label that has been applied to classified or
Unclassified data as a means of increasing the protection of the
data and further restricting access to the data.
C Drive
The main storage area on a computer, also called a hard drive.
Cell
Padding
The space between the contents and inside edges of a table cell.
Cell
Spacing
The amount of space between cells in a table. Cell spacing is the thickness,
in pixels, of the walls surrounding each cell.
Centralized Authentication
and Authorization A set of products based on directory services to store user
credentials in a central directory.
Central
Processing Unit (CPU) The CPU is the brains of the computer and is
where most calculations take place.
CERT
See Computer Emergency Response Team
Certificate A
collection of data which indicates entitlement to some resources. A
certificate is typically unintelligible to a human reader and is produced
and read using cryptographic software. It may include the identity of the
person or object to whom it refers, some details of the resources to be made
available (such as a time limit), and some indication of a chain of trust.
Certificates are of value to persons or computers controlling resources
because those controllers can confirm that they were issued with the
authority of a party they have arranged to trust for that purpose (a
'Certificate Authority'). X.509 is the most widely accepted standard for
cryptographic certificates.
Certificate Authority (CA)
In computer
security, an organization that issues certificates. The certificate
authority authenticates the certificate owner's identity and the services
that the owner is authorized to use. It also manages the issuance of new
certificates and revokes certificates from unauthorized users who are no
longer authorized to use them. A certificate authority is considered to be
trusted when a user accepts any certificate issued by that certificate
authority as proof of the certificate owner's identity.
Certificate-Based
Authentication
Certificate-Based Authentication is the use of certificates to authenticate
and encrypt traffic.
Certificate Revocation List (
CRL
) A list of
certificates that need to be revoked before their expiration date.
Certification
The comprehensive evaluation of the technical and nontechnical security
features of an AIS and other safeguards, made in support of the
accreditation process that establishes the extent to which a particular
design and implementation meet a specified set of security requirements.
Challenge-Handshake
Authentication Protocol (CHAP) The Challenge-Handshake Authentication Protocol uses a
challenge/response authentication mechanism where the response varies every
challenge to prevent replay attacks.
Change
Key
A key that will operate only one lock or a group of keyed-alike locks,
as distinguished from a master key. See also keyed-alike cylinders and
master key system.
Channel
A
dynamic information-delivery source. A web
site becomes a web channel when it dynamically broadcasts its
content to users who have expressed an interest in receiving that
information. Users can select channels they want to receive so they do not
have to type the address for each site every time they want that
information. It's ready for them when they want it, stored in a cache
for easy viewing offline. See also Push.
Chat
A feature that lets you talk with other computer users in real-time
online sessions.
Cipher In
Cryptographic Support, data that is unintelligible to all except those who
have the key to decode it to plaintext.
Ciphertext In
Cryptographic Support, data that is unintelligible to all except those who
have the key to decode it to plaintext.
The output of an encryption function. Encryption transforms plaintext into
ciphertext.
Class in
object-oriented design or programming, a model or template that can be
instantiated to create objects with a common definition and therefore,
common properties, operations, and behavior. An object is an instance of a
class. In the AIX operating
system, pertaining to the I/O characteristics of a device. System devices
are classified as block or character devices
Classification
The act or process by which information is determined to be classified
information.
Client
In
network terminology, "client" can have two meanings. Sometimes it
is synonymous with "user". Other times it is used to denote a
relationship between two computers where one computer is a host and is
serving a client machine. In this situation, the client computer becomes a
guest on the host computer in order to use the host computer's resources.
The program on the client machine that provides the user interface for those
resources is typically called the client software.
Client-Server
Architecture An information-passing scheme that works as follows: a client
program, such as Mosaic, sends a request to a server. The server takes the
request, disconnects from the client and processes the request. When the
request is processed, the server reconnects to the client program and the
information is transferred to the client. This architecture differs from
traditional Internet databases where the client connects to the server and
runs the program from the remote site.
Client-Server
Interface A program that provides an interface to remote
programs (called clients), most commonly across a network, in order to
provide these clients with access to some service such as databases,
printing, etc. In general, the clients act on behalf of a human end-user
(perhaps indirectly).
Client-Side Program
A computer program that is downloaded
from a server
and executed or run using the end user's computer hardware. Java
and JavaScript
are examples of client-side programs.
Clipart
Ready-made, usually copyright-free, illustrations sold in books, as part
of a software package or on the Internet.
They may be cut and pasted or inserted as artwork into a document.
Clipboard
A special file or memory area (buffer) where data is
stored temporarily before being copied to another location. Many word
processors, for example, use a clipboard for cutting and pasting.
Clone
A computer, software product, or device that functions exactly like another,
better-known product. In practice, the term refers to any PC not produced by
one of the leading name-brand manufacturers, such as
IBM
and Compaq.
Closed Security
Environment An
environment in which both of the following conditions hold true:
1.
Application developers (including maintainers) have sufficient
clearances and authorizations to provide an acceptable presumption that they
have not introduced malicious logic.
2.
Configuration control provides
sufficient assurance that applications and the equipment are protected
against the introduction of malicious logic prior to and during the
operation of system applications.
Codec (COder/DECoder)
Device used to convert analog signals to digital signals for
transmission and reconvert signals upon reception at the remote site while
allowing for the signal to be compressed for less expensive transmission.
Commands and Filters
Commands and filters allow users to prioritize and organize incoming
email messages and discussion group postings.
Common Gateway Interface (
CGI
) A server-side
communication standard supported by all web servers for accessing external
programs. Since HTML
allows only one-way communication from the server,
which is read by the web browser or client,
CGI
permits communication and interaction from the client to the server for
two-way, dynamic
web pages.
Common Vulnerabilities and
Exposures (CVE) Vulnerability Naming Scheme
As described in NIST SP 800-51, the Common Vulnerabilities and Exposures
(CVE) vulnerability naming scheme is a dictionary of common names for
publicly known IT system vulnerabilities. It
is an emerging industry standard that has achieved wide acceptance by the
security industry and a number of government organizations.
Technical vulnerability experts from 31 industry, academia, and
government organizations vote on the common names.
CVE provides the computer security community with:
