Access control list

A small program that typically is transmitted with a Web page.

An acceptable use policy.  It documents permitted system uses and activities for a specific user and the consequences of noncompliance.

The verification of identity by a system based on the presentation of unique credentials to that system.

The process of giving access to parts of a system, typically based on the business needs and the role of the individual within the business.

A message given by a Web server to a Web browser, stored by the Web browser, and returned to the Web server when requested.

Discovery of authenticators by encrypting likely authenticators and comparing the actual encrypted authenticator with the newly encrypted possible authenticators.

The conversion of information into a code or cipher.

A technique or code that uses a vulnerability to provide system access to the attacker.

A communications channel that carries data in both directions.

Financial Services Information Sharing and Analysis Center

Decreasing the capability of a device to the minimum required for its intended purpose.

A fixed length cryptographic output of variables, such as a message, being operated on by a formula or cryptographic algorithm.

The use of an authenticated user’s communication session to communicate with system components.

A computer that is accessed by a user from a remote location.

Input/Output

Version 6 of the Internet Protocol

Information Sharing and Analysis Center

International Organization for Standards

Intrusion Detection System

Intrusion Prevention System

A man-in-the-middle attack places the attacker’s computer in the communication line between the server and the client.  The attacker’s machine can monitor and change communications.

Physical objects that store data, such as paper, hard disk drives, tapes, and compact disks (CDs).

Ensuring that a transferred message has been sent and received by the parties claiming to have sent and received the message.  Non-repudiation is a way to guarantee that the sender of a message cannot later deny having sent the message and that the recipient cannot deny having received the message.

Peer-to-peer communication, the communications that travel from one user’s computer to another user’s computer without being stored for later access on a server.  E-mail is not a P2P communication since it travels from the sender to a server, and is retrieved by the recipient from the server.  On-line chat, however, is a P2P communication since messages travel directly from one user to another.

Software code that replaces or updates other code.  Frequently patches are used to correct security flaws.

Either an endpoint to a logical connection or a physical connection to a computer.

A format for transmitting data between devices.

The interception of communications, such as an authentication communication, and subsequently impersonation of the sender by retransmitting the intercepted communication.

The process of moving information from its source to the destination.

An event that compromises the confidentiality, integrity, availability, or accountability of an information system.

A computer or other device that manages a network service.  An example is a print server, a device that manages network printing.

The passive interception of data transmissions.

Obtaining information from individuals by trickery.

A form of masquerading where a trusted IP address is used instead of the true IP address as a means of gaining access to a computer system.

A firewall inspection technique that examines the claimed purpose of a communication for validity.  For example, a communication claiming to respond to a request is compared to a table of outstanding requests.

Capabilities that can be accessed by a user or program either on the user’s machine or across the network.  Capabilities can be services, such as file or print services, or devices, such as routers.

Malicious code that is hidden in software that has an apparently beneficial or harmless use.

A program used to configure or maintain systems, or to make changes to stored or transmitted data.

Malicious code that replicates itself within a computer.

Virtual local area network.

A flaw that allows a person to operate a computer system with authorization in excess of that which the system owner specifically granted to him or her.

The compromise of systems that store authenticators.

Malicious code that infects computers across a network without user intervention.