This is copyrighted material we can not use it. That said, I feel it is an
important part of the education process to define terms for those who do not
yet speak the language - the language in this case is security. I provide
this as an example of what I have in mind for the site.

What I had in mind was this, that anytime a "security word" appears in
documents that we produce as a part of this project that a person can click
on that "security word" and the definition will pop up in a little window
much the way that the bio's do now.

Any thoughts from the group?

dwgmac.com

> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>
> Example Glossary
> ================
>
> Definitions provided in this document are provided via references in various
> books and publications. Several of these references are included at the end
> of this section.
>
> access control
> --------------
> A mechanism for limiting use of some resource to authorized users [1]
>
> active attack
> -------------
> An attack which results in an unauthorized state change, such as the
> manipulation of files, or the adding of unauthorized files [3]
>
> AIS / Automated Information System
> ----------------------------------
> any equipment of an interconnected system or subsystems of equipment that is
> used in the automatic acquisition, storage, manipulation, control, display,
> transmission, or reception of data and includes software, firmware, and
> hardware. [3]
>
> asymmetric cryptography
> -----------------------
> A class of cryptographic algorithms that use separate keys for encryption
> and decryption. [2]
>
> attack
> ------
> An attempt to bypass security controls on a computer. The attack may alter,
> release, or deny data. Whether an attack will succeed depends on the
> vulnerability of the computer system and the effectiveness of existing
> countermeasures. [3]
>
> audit
> -----
> To keep a record of events that might have some security significance, such
> as when access to resources occurred [1]
>
> authenticate
> ------------
> To determine that something is genuine. To reliably determine the identity
> of a communicating party [1]
>
> authentication
> --------------
> The process of reliably determining the identity of a communicating party
> [1]
>
> authorization
> -------------
> Permission to access a resource [1]
>
> biometric device
> ----------------
> A device that authenticates people by measuring some hard-to-forge physical
> property, like a fingerprint or the strokes and timing of a signature
> biometrics Using physical characteristics of users such as fingerprints and
> retinal impressions to authenticate users. [2]
>
> buffer overflow
> ---------------
> This happens when more data is put into a buffer or holding area, then the
> buffer can handle. This is due to a mismatch in processing rates between the
> producing and consuming processes. This can result in system crashes or the
> creation of a back door leading to system access. [3]
>
> certificate
> -----------
> A message signed with a public key digital signature stating that a
> specified public key belongs to someone or something with a specified name
> [1]
>
> certification authority / (CA)
> ------------------------------
> Something trusted to sign certificates [1]
>
> certificate revocation list / (CRL)
> -----------------------------------
> A list containing names of users and roles that are no longer valid within a
> public key cryptography system [2]
>
> challenge-response
> ------------------
> An authentication mechanism in which the authentication process sends a
> challenge to a process that requests authentication; the latter is
> authenticated only if it sends the correct response to the authentication
> process [2]
>
> clear text
> ----------
> A message or data that is not encrypted client Something that accesses a
> service by communicating with it over a computer network [1]
>
> confidentiality
> ---------------
> The property of not being divulged to unauthorized parties [1]
>
> credential
> ----------
> A letter or certificate given to a person to show that he has a right to
> confidence or to the exercise of a certain position or authority [5]
>
> decrypt
> -------
> To undo the encryption process [1]
>
> digital signature
> -----------------
> Digital signatures are used to detect unauthorized modifications to data and
> to authenticate the identity of the signatory. In addition, the recipient of
> signed data can use a digital signature in proving to a third party that the
> signature was in fact generated by the signatory. A digital signature is
> represented in a computer as a string of binary digits. A digital signature
> is computed using a set of rules and a set of parameters such that the
> identity of the signatory and integrity of the data can be verified. An
> algorithm provides the capability to generate and verify signatures.
> Signature generation makes use of a private key to generate a digital
> signature. Signature verification makes use of a public key, which
> corresponds to, but is not the same as, the private key. Each user possesses
> a private and public key pair. [6]
>
> hash
> ----
> A cryptographic one-way function that takes an arbitrary-sized input and
> yields a fixed-size output [1]
>
> immutable
> ---------
> Unchangeable [2]
>
> integrity
> ---------
> The quality of being uncorrupted. Message integrity refers to the state of a
> message not being modified while in transit. File integrity refers to the
> state of files not being modified while in storage. [2]
>
> key escrow
> ----------
> The system of giving a piece of a key to each of a certain number of
> trustees such that the key can be recovered with the collaboration of all
> the trustees [3]
>
> log
> ---
> To record an action [2]
>
> log file
> --------
> A file that lists actions that have occurred [2]
>
> MAC Message Authentication Code
> -------------------------------
> a synonym of message integrity code (MIC) [1]
>
> message digest
> --------------
> An irreversible function that takes an arbitrary sized message and outputs a
> fixed length quantity. MD2, MD4, and MD5 are message digest algorithms [1]
>
>
> MIC Message Integrity Code
> --------------------------
> a fixed-length quantity generated cryptographically and associated with a
> message to reassure the recipient that the message is genuine [1]
>
> non-repudiation
> ---------------
> The property of a scheme in which there is proof of who sent a message that
> a recipient can show to a third party and the third party can independently
> verify the source [1]
>
> one-time passwords
> ------------------
> Passwords that can only be used one time [2]
>
> operator
> --------
> In the context of this document, ³operator² maintains similar relationships
> and functions as ³administrator² (see above), given different and/or
> additional privileges than a typical ³end user² of a system.
>
> orthogonal
> ----------
> Having to do with right angles; rectangular [5] passive attack Attack which
> does not result in an unauthorized state change, such as an attack that only
> monitors and/or records data [3]
>
> password
> --------
> A supposedly secret string used to prove one¹s identity [1] PIN Personal
> Identification Number ­ a short sequence of digits used as a password [1]
>
> PKCS Public Key Cryptography Standards
> --------------------------------------
> a set of standards, first introduced in 1991 by RSA Data Security, Inc., for
> implementing public key cryptographic algorithms and incorporating them in
> to applications [2]
>
> plaintext
> ---------
> Unencrypted data [3]
>
> pre-authentication
> ------------------
> A protocol for proving you know your password before you are allowed access
> to a high quality secret encrypted with that password [1].
>
> private key
> -----------
> The quantity in public key cryptography that must be kept secret [1]
>
> privileged user
> ---------------
> A user of a computer or system who is authorized to bypass normal access
> control mechanisms, usually to be able to perform system management
> functions [1]
>
> protected path
> --------------
> A mechanism that guarantees a mutually authenticated channel [4]
>
> public key
> ----------
> The quantity in public key cryptography that is safely divulged to as large
> an extent as is necessary or convenient [1]
>
> public key cryptography
> -----------------------
> A cryptographic system where encryption and decryption are performed using
> different keys ­ see Asymmetric key cryptography [2]
>
> repudiation
> -----------
> Denying that you did something or made some statement [1]
>
> revoke
> ------
> To withdraw, repeal, rescind, cancel, or annul [5]
>
> role
> ----
> A function or office assumed by someone [5]
>
> security domains
> ----------------
> The sets of objects that a subject has the ability to access [3]
>
> security features
> -----------------
> The security-relevant functions, mechanisms, and characteristics of AIS
> hardware and software [3]
>
> server
> ------
> Some resource available on the network to provide some service such as name
> lookup, file storage, or printing [1]
>
> signature
> ---------
> A quantity associated with a message which only someone with knowledge of
> your private key could have generated, but which can verified through
> knowledge of your public key [1]
>
> spoof
> -----
> To convince someone that you are some entity X when you are not X, without
> X¹s permission [1]
>
> strong authentication
> ---------------------
> Authentication performed in such a way that it cannot easily be performed.
> Examples of strong authentication include one-time passwords,
> challenge-response mechanisms, and cryptographic authentication [2]
>
> symmetric key cryptography
> --------------------------
> A class of cryptographic algorithms in which the same key is used for
> encryption and decryption. Examples of symmetric key algorithms include DES,
> IDEA, RC2, and RC4 [2]
>
> token device
> ------------
> A credit-card sized device that generates authentication tokens, such as
> one-time passwords [2]
>
> two-factor authentication
> -------------------------
> A process in which two pieces of information are required to prove one¹s
> identity (such as a password and a smart card) [2]
>
> Glossary Items are based on the following references:
>
> ¨ [1] Kaufman, C., Perlman R. and Speciner M., Network Security: Private
> Communication in a Public World, Prentice Hall, New Jersey, 1995
>
> ¨ [2] Bernstein, T., Bhimani A., Schultz E., and Siegel C., Internet
> Security for Business, John Wiley & Sons, Inc., New York, 1996
>
> ¨ [3] NSA Glossary of Terms used in Security and Intrusion Detection
>
> ¨ [4] Loscocco Peter A., Smalley Stephen D., Muckelbauer Patrick A., Taylor
> Ruth C., Turner S. Jeff, Farrell John F., The Inevitability of Failure: The
> Flawed Assumption of Security in Modern Computing Environments, 1998
>
> ¨ [5] Guralnkik, David Bernard (editor), Webster¹s New World dictionary of
> the American Language, Prentice Hall Press, 1986
>
> ¨ [6] FIPS PUB 186-2, DIGITAL SIGNATURE STANDARD (DSS), 27 January 2000
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]