Recently updated

Someone who tries to break the security of, and gain unauthorized access to, someone else's system, often with malicious intent. (See: adversary, intruder, packet monkey, script kiddy. Compare: hacker.)

The part of the ISOC responsible for technical management of IETF activities and administration of the Internet Standards Process according to procedures approved by the ISOC Trustees. Directly responsible for actions along the "standards track", including final approval of specifications as Internet Standards. Composed of IETF Area Directors and the IETF chairperson, who also chairs the IESG. (RFC 2026)

When used in the first part of a URL (the part that precedes the colon and specifies an access scheme or protocol), this term specifies the use of HTTP enhanced by a security mechanism, which is usually SSL. (Compare: S HTTP.)

A circumstance in which an adversary has the technical and operational ability to detect and exploit a vulnerability and also has the demonstrated, presumed, or inferred intent to do so. (See: threat.)

Facts and ideas, which can be represented (encoded) as various forms of data.

Synonym for "certification path". (See: trust chain.)

See: Internet Open Trading Protocol.

See: Internet Control Message Protocol.

Synonym for a checksum based on cryptography. (Compare: Data Authentication Code, Message Authentication Code.)

The centralized CSIRT of the U.S. Department of Energy; a member of FIRST.

"An entity [that is] responsible for the issuance of certificates." [X509]

See: certificate revocation list.

Synonym for "system integrity"; this synonym emphasizes the actual performance of system functions rather than just the ability to perform them.

Rules issued by the U.S. State Department, by authority of the Arms Export Control Act (22 U.S.C. 2778), to control export and import of defense articles and defense services, including information security systems, such as cryptographic systems, and TEMPEST suppression technology. (See: type 1 product, Wassenaar Arrangement.)

See: Internet Architecture Board.

An attack that uses a brute force technique of successively trying all the words in some large, exhaustive list.

A security service that verifies an identity claimed by or for an entity. (See: authentication.)

Synonym for "fail secure".

See: mandatory access control, Message Authentication Code.

A data integrity service that preserves the integrity of data in a single, independent, packet; i.e., the service applies to datagrams one at a time. (See: data integrity. Compare: stream integrity service.)

A form of active wiretapping attack in which the attacker intercepts and selectively modifies communicated data to masquerade as one or more of the entities involved in a communication association. (See: hijack attack, piggyback attack.)

Apply a magnetic field to permanently remove data from a magnetic storage medium, such as a tape or disk [NCS25]. (Compare: erase, purge, sanitize.)

See: bank identification number.

Grant an authorization to a system entity.

See: secondary definition under "domain".

The part of the OSIRM [I7498 2] that specifies the security services and security mechanisms that can be applied to protect communications between two systems. (See: security architecture.)

Synonym for "data origin authentication". (See: authenticity, data origin authentication.)

See: secondary definition under "IPSO".

A block cipher mode that enhances ECB mode by chaining together the blocks of cipher text it produces and operating on plaintext segments of variable length less than or equal to the block length. [FP081] (See: block cipher, [SP38A].)

A type of access control other than (a) the rule based protections of mandatory access control and (b) the identity based protections of discretionary access control; usually involves administrative security.

A community name in the form of an octet string that serves as a cleartext password in SNMP version 1 (RFC 1157) and version 2 (RFC 1901). (See: password, Simple Network Management Protocol.)

A publicly available document [IATF], developed through a collaborative effort by organizations in the U.S. Government and industry, and issued by NSA. Intended for security managers and system security engineers as a tutorial and reference document about security problems in information systems and networks, to improve awareness of tradeoffs among available technology solutions and of desired characteristics of security approaches for particular problems. (See: ISO 17799, [SP14].)

Generic Upper Layer Security service element (ISO 11586), a five part standard for the exchange of security information and security transformation functions that protect confidentiality and integrity of application data.

A form of active wiretapping in which the attacker seizes control of a previously established communication association. (See: man in the middle attack, pagejacking, piggyback attack.)

See: extension.

A service operated by NIST is establishing a catalog for computer security objects to provide stable object definitions identified by unique names. The use of this register will enable the unambiguous specification of security parameters and algorithms to be used in secure data exchanges. (See: object identifier.)

The process of transforming ciphertext into its original plaintext.

Irreversible transformation of plain text to cipher text, such that the plain text cannot be recovered from the cipher text by other than exhaustive procedures even if the cryptographic key is known. (See: brute force, encryption.)

See: secondary definitions under "corruption", "exposure", and "incapacitation".

A process that encodes information in a way that minimizes the number of resulting code symbols and thus reduces storage space or transmission time.

A wiretapping attack that attempts to alter data being communicated or otherwise affect data flow. (See: wiretapping. Compare: active attack, passive wiretapping.)

"Cryptographic logic that uses previous cipher text to generate a key stream." [C4009, A1523] (See: KAK.)

See: secondary definition under "attack". Compare: outsider.)

See: distinguished name.

The GIG is "a globally interconnected, end to end set of information capabilities, associated processes and personnel for collecting, processing, storing, disseminating, and managing information on demand to war fighters, policy makers, and support personnel." [IATF] Usage: Formerly referred to as the DII.

An X.500 Directory entry or other information source that is named in a v3 X.509 public key certificate extension as a location from which to obtain a CRL that may list the certificate.

"A bundling of [security associations] (SAs) that together define how a group communicates securely. The [group SA] may include a registration protocol SA, a rekey protocol SA, and one or more data security protocol SAs." [R3740]

The defining constant in modular arithmetic, and usually a part of the public key in asymmetric cryptography that is based on modular arithmetic. (See: Diffie Hellman Merkle, RSA.)

See: Deprecated Usage under "attribute authority".

An advisory committee chartered by the U.S. Federal Communications Commission (FCC), with participation by network service providers and vendors, to provide recommendations to the FCC for assuring reliability, interoperability, robustness, and security of wireless, wireline, satellite, cable, and public data communication networks.