Cybersecurity Glossary

• Back Door : Security hole intentionally left in a system, often in the form of a hidden program, by an administrator or a hacker who has gained root access, in order to maintain this access without having to breach the system’s security again. See the movie “WarGames”.
• Biba Integrity Model : Formal security model for the integrity of subjects and objects within a system.
• Blacklist : List of addresses or domain names for which restrictive measures are justified. This can notably result in blocking the site in question.
• Bomb : Term designating any type of attack aimed at crashing the target system by exploiting software or protocol flaws.
• Botnet : A bot network (contraction of robot network) is a network of compromised machines at the disposal of a malicious individual (the master). This network is structured in a way that allows its owner to transmit orders to all or part of the machines in the botnet and to operate them at will. Remarks: Certain sets can reach considerable numbers of machines (several thousands). These can be the subject of illicit trade or malicious actions against other machines. They are often controlled by commands issued through a control channel like the IRC (Internet Relay Chat) service.
• Breach : Term used upon the success of an attack on a server, during the penetration of a system.
• Broadcast : Ping sent by the local computer to all other computers on the network. The local computer thus receives responses from everyone. This is useful when a newly connected computer wants to know the IP addresses of all other computers.
• Buffer Overflow : Phenomenon occurring when the buffer cannot correctly process all the incoming data it receives. This happens when the receiver’s data transfer rate is much lower than the sender’s. A buffer overflow very often causes the target system to crash; which is why it can be intentionally used by a hacker.
• Bug : Malfunction of a program or hardware due to an unintentional programming or manufacturing error.

• C2 : Abbreviation for Command and Control.
  
  
• Certification : Identification. Verification of the identity of a user or any other entity in a system, most often by password, to allow them to manage the resources they have access to.
• Certify : To establish the validity of a user or an object by creating an account granting them rights.
• CGI (Common Gateway Interface) : Method allowing web servers and programs to interact.
• CGI-scripts : Scripts allowing the creation of dynamic and interactive web pages. CGI-scripts are known to be highly vulnerable to attacks.
  
  
• Clipper Chip : VLSI chip created by the NSA for encrypting voice communications. This chip uses the EES (Escrow Encryption Standard) and adds the Skipjack encryption algorithm.
  
  
• COAST (Computer Operations, Audit, and Security Technology) : A multi-project worked on by several cybersecurity investigation laboratories in the computer science department at Purdue University. Researchers and engineers from major companies and governments also participate. Its research focuses on real-world needs and limitations, with a particular focus on computer system security.
• Compromise : Intrusion into a system resulting in the disclosure, modification, or destruction of confidential information.
  
  
• Computer Abuse : Intentional illegal activity that affects the availability, confidentiality, or integrity of a computer’s resources. Includes fraud, embezzlement, theft, damage, unauthorized use, and denial of service.
• Computer Fraud : Computer crimes involving the modification of data in order to extract something of value.
  
  
• Computer Network Attack (CNA) : Attack aimed at damaging, degrading, or destroying information residing in computers or computer networks, or even destroying the computers and networks themselves.
  
  
• Computer Security : Technological security procedures applied to computer systems to ensure the availability, integrity, and confidentiality of the information contained within the system.
  
  
• Computer Security Incident : Intrusion or attempted intrusion into an Automated Information System (AIS). These security incidents can lead to lengthy investigations across a large number of computer systems.
• Computer Security Intrusion : Unauthorized access or penetration of an Automated Information System (AIS).
  
  
• Confidentiality : Ensures that information remains secret and that only authorized persons will have access to it.
  
  
• COPS (Computer Oracle and Password System) : Management system for Unix servers; it is software testing the security of shell scripts and programs written in C. It searches for security weaknesses and reports them when found.
• Countermeasures : Action, hardware, procedure, technique, or any other measure reducing the vulnerability of an automated information system (AIS). Countermeasures designed for specific threats and vulnerabilities require more sophisticated techniques and can be identified as security systems.
  
  
• Crack : Hacking tool used to decode encrypted passwords. Administrators also use Crack to evaluate the weakness of inexperienced users’ passwords in order to increase system security.
• Cracker : Person who has breached a system’s security.
• Cracking : Act of breaking into a computer system.
• Crash : Sudden and severe failure in a computer system.
• Cryptanalysis : 1) Analysis of an encryption system and/or its inputs/outputs to extract confidential variables and sensitive data. 2) Act of decrypting messages without knowing the algorithm or the encryption key.
  
  
• Cryptographic Hash Function : Process transforming a value from a dataset so that any manipulation of this set is detectable.
• Cryptography : Term designating the science, principles, means, and methods for rendering text incomprehensible and for converting encrypted messages into comprehensible texts.
• Cryptology : Science relating to camouflaged, disguised, or encrypted communications.
• Cyberspace : Term designating all connected computers and the society assembled around them. Cyberspace is most often called the INTERNET.

• Dark Side Hacker : A criminal or malicious Hacker.
• DARPA (Defense Advanced Research Projects Agency) : Advanced research projects agency for defense.
• Data Driven Attack : Attack encoded in seemingly harmless data but which can prove dangerous once a system’s defenses are bypassed. The goal of this type of attack is most often to pass through a Firewall.
• Data Encryption Standard (DES) : 1) Encryption algorithm adopted by the National Bureau of Standards for public use. 2) Encryption algorithm for the protection of unclassified data. DES, approved by the National Institute of Standards and Technology (NIST), is intended for public and governmental use.
• Datagram : IP packet. This includes the IP header and the transported data.
• Defense Information Operations (DIO) : Process that integrates and coordinates policies with procedures, operations, personnel, and technologies to protect information and defend information systems. DIOs use information, physical security, operations security, anti-psychological and anti-intelligence operations, electronic protections, and special information operations to ensure accurate, rapid, and reliable access to information while protecting it from enemies who wish to exploit it.
• Demilitarized Zone (DMZ) : Also called a “perimeter network”, the demilitarized zone is a less secure area of a network, located between two components serving the application of network policies (e.g., between the Internet and internal networks). An organization uses a demilitarized zone to host its own Internet services while eliminating the risks of unauthorized access to its private network.
• Demon Dialer : Program that systematically calls the same telephone number. These programs can be authorized insofar as they are used to access BBSs, but they can also be illegal if used for Denial of Service attacks.
• Denial of Service (DoS) : Attack aimed at crashing a program by overflowing a fixed-size buffer with too much incoming data. Can also be used to flood a computer target.
• Derf : Act of exploiting a terminal on which someone has already authenticated and forgotten to log off.
• DES : See Data Encryption Standard.
• Distributed Denial of Service (DDoS) : Parallel denial of service attacks intended to flood a computer target.
• DNS Spoofing : Use of the DNS (Domain Name Server) of another system by corrupting the name service cache of a victim system, or by passing off a DNS for a valid domain.
• Domain Name System (DNS) : Database and server system ensuring the mapping between domain names or site names used by internet users and numerical addresses used by computers.

• Electronic Attack (EA) : Division of EW (Electronic Warfare) where electromagnetic, directed energy, or anti-radiation weapons are used to attack personnel, facilities, or equipment with the intent to degrade, neutralize, or destroy enemy combat capabilities. An EA includes actions executed to prevent or reduce enemy use of the electromagnetic spectrum, such as Jamming or the use of electromagnetic/directed energy weapons (lasers, radio frequencies, particle beams).
• Electronic Protection (EP) : Division of EW representing all measures taken to protect personnel, facilities, and equipment from the effects of enemy EW usage that degrades, neutralizes, or destroys allied combat capabilities.
• Electronic Warfare (EW) : Term designating all military actions involving the use of electromagnetic and directed energy to control the electromagnetic spectrum or attack the enemy. The three main divisions of Electronic Warfare are Electronic Attack (EA), Electronic Protection (EP), and Electronic Warfare Support (ES).
• Electronic Warfare Support (ES) : Division of EW involving tasks performed under the direct control of an operational Commander to search for, intercept, identify, and locate sources of electromagnetic energy intentionally or unintentionally emitted in order to detect threats. Therefore, ES provides necessary information for decisions regarding EW operations and other tactical operations such as evasion threats. ES data can be used to produce signal intelligence.
• Encapsulating Security Payload (ESP) : Mechanism providing protection for the confidentiality and integrity of IP datagrams.
• Ethernet Sniffing : Program listening to the Ethernet interface for packets of interest to the user. When the program spots a packet meeting certain criteria, it copies its content into a file. The most frequent criteria for an interesting packet are words like “login” or “password”.

• False Negative : Event occurring when an intrusion is identified as a non-intrusion by the system and is allowed to happen.
• False Positive : Event occurring when a system classifies a legitimate action as anomalous (e.g., an intrusion).
• Fault Tolerance : Capability of a system or component to continue functioning correctly despite the presence of hardware or software problems.
• Firewall : System or combination of systems reinforcing the boundary between two or more networks. It is a type of gateway restricting access between networks according to local security policy. This boundary is based on filtering the information transiting between the two networks. It is an indispensable security tool.
• Fishbowl : Containing, isolating, and subordinating an unauthorized user on a system in order to obtain information about this user.
• Flag : Binary indicator, generally encoded on one bit.
• Flood : Network attack consisting of sending a massive influx of packets or messages aimed at saturating the victim computer. This attack is only truly viable if the attacker’s bandwidth is higher than the victim’s.
• Fork Bomb : Also known as a “logic bomb”, code that can be written in a single line on a Unix system; based on infinite self-duplication, it can eventually “explode” by destroying all entries in the process table and effectively freezing the system.

• Hacker : Person who loves to explore the details of computer systems and how to extend their capabilities. A malicious or curious person interested in everything related to computing who tries to discover the maximum amount of information by searching everywhere. A person who likes to learn the details of programming systems, as opposed to most users who prefer to learn only the necessary minimum.
• Hacking : Unauthorized use or attempt to bypass or override security mechanisms on a computer or network.
• Hacking Run : Hacking session of a much longer duration than normal, particularly those lasting more than 12 hours.
• Host : A single computer or workstation; it can be connected to a network.
• Host Based : Information, such as audit data, originating from a single host that can be used to detect intrusions.

• IDEA (International Data Encryption Algorithm) : A key-based encryption/decryption algorithm using a key twice as long as a DES key.
• IDIOT (Intrusion Detection In Our Time) : System detecting intrusions using pattern-matching (detection of unusual operations).
• Information Assurance (IA) : Information operations that protect and defend information and information systems by ensuring their availability, confidentiality, integrity, and authenticity. This includes information system restoration by incorporating protection, detection, and reaction capabilities.
  
  
• Information Operations (IO) : Actions executed to affect enemy information or information systems, while defending one’s own.
• Information Security : Result of a system of rules and/or procedures to identify, control, and protect information whose protection is authorized by an executive order.
• Information Superiority : Capability to collect, process, and disseminate an uninterrupted flow of information while exploiting it and preventing an enemy from doing the same.
  
  
• Information Warfare : Actions carried out to achieve Information Security by affecting enemy information, information processes, and information systems while defending one’s own. Action of exploiting, corrupting, destroying, or preventing the functioning of enemy information and their functions, while protecting one’s own from these actions.
• Information Warfare (IW) : Information operations conducted during a crisis or conflict to achieve or advance specific objectives against one or more specific enemies.
• Integrity : Ensures that information will not be accidentally or intentionally altered or destroyed.
  
  
• Internet Worm : Worm-type program that appeared on the Internet in 1988. It was coded by Robert T. Morris for experimental purposes, but the experiment escaped his control.
  
  
• Intrusion : Series of actions attempting to compromise the integrity, confidentiality, or availability of a resource.
• Intrusion Detection : Techniques attempting to detect an intrusion into a computer or network through the observation of actions, security logs, or audit data. Detections of intrusions (or attempted intrusions) manually or using programs that utilize logs or other information available on the network.
  
  
• IP Splicing / Hijacking : Action by which an active established session is intercepted by an unauthorized user. IP Splicing type attacks occur after authentication, which allows the attacker to assume the role of an already authorized user. Primary protections against IP Splicing consist of encryption at the session or network level.
  
  
• IP Spoofing : Action by which a system illicitly attempts to impersonate another system by using its IP address.

Lorem ipsum dolor sit amet, consectetur adipisicing elit. Optio, neque qui velit. Magni dolorum quidem ipsam eligendi, totam, facilis laudantium cum accusamus ullam voluptatibus commodi numquam, error, est. Ea, consequatur.

• Key : Symbol or sequence of symbols applied to text to encrypt or decrypt it.
• Key Escrow : System consisting of giving a piece of a key to each depositary so that, with the collaboration of each of them, the key can be fully reconstituted.
• Keystroke Monitoring : Specialized form of audit trail, or specific hardware, that records every key typed by a user and every character of the response returned by the AIS to the user.

• LAN (Local Area Network) : Computer communications system limited to a few kilometers in distance and using a very fast connection (2 to 10 Megabytes per second). Short-distance communications system connecting ADP machines within a building or group of buildings over a few square kilometers, including workstations, processors, controllers, switches, and gateways.
• Leapfrog Attack : Use of user ID and password information illicitly obtained from one host to compromise another host. Action of establishing a TELNET connection through one or more hosts in order to minimize the traces left behind.
  
  
• Letterbomb : Part of an e-mail containing data aimed at affecting the receiver’s machine or terminal. Under Unix, a Letterbomb can also try to force its content to be interpreted as a shell command. The result of these attacks can range from a simple annoyance to a Denial of Service.
• Logic Bomb : Also known as a Fork Bomb, a program residing on a computer system which, when executed, searches for a particular condition or system state to execute an illicit action once this condition is found.

• Mailbomb : Mass e-mails sent to a single system or a single person with the intention of crashing the recipient’s machine. Mailbombing is very often considered scandalous.
  
  
• Malicious Code : Hardware, software, or firmware intentionally included in a system in order to carry out illegal operations (such as a Trojan Horse, for example).
• Metric : Randomly taken variable representing a quantitative measurement accumulated over a period.
• Mimicking : Synonym for camouflage or spoofing.
  
  
• Misuse Detection Model : The system detects intrusions by searching for activities that correspond to known intrusion techniques or system vulnerabilities. Also known as Rules Based Detection.
  
  
• Mockingbird : Computer program or process that imitates the authorized behavior (or any other apparently useful function) of a normal system but executes illegal activities once invoked by the user.
• Multihost Based Auditing : Audit system of multiple hosts that can serve to detect intrusions.

• NAK Attack : Penetration technique based on a potential weakness of an operating system that does not handle desynchronization interruptions well and thus leaves the system unprotected during these interruptions.
• NAT : Firewall-type mechanism that replaces the IP address of a host on an internal network with its own IP address for all circulating traffic.
• National Information Infrastructure (NII) : National interconnections of communication networks, computers, databases, and consumer electronics forming a large body of information available to users. The NII includes a wide range of equipment such as cameras, scanners, keyboards, facsimile machines, computers, CDs, audio and video cassettes, cables, telegrams, satellites, fiber optic transmission lines, networks, screens, printers…
  
  
• NCSC : See National Computer Security Center.
• Network : Two or more machines connected for communications.
• Network Based : Audit data traffic originating from hosts and used to detect intrusions.
• Network Level Firewall : Firewall analyzing traffic at the network protocol (IP) packet level.
• Network Security : Protection of networks and their services from illicit modification, destruction, or unauthorized access to resources; and precautionary measures ensuring the network correctly executes its critical functions and that there are no harmful effects. Network Security includes checking data integrity.
  
  
• Network Security Officer : Individual appointed by a designated authority to ensure that security measures and all applicable directives are implemented throughout the lifecycle of an AIS.
• Network Security Zone : Clearly delimited network environment falling under a network security zone authority and characterized by a standard level of vulnerability to threats. Types of zones are distinguished according to the security requirements applying to interfaces, traffic control, data protection, host configuration control, and network configuration control.
  
  
• Network Weaving : Another name for “Leapfrogging”.
• Non-Discretionary Security : Aspect of the DoD security policy restricting access to basic security levels. A security level consists of a read level and a category restriction setting. To read a resource, a user must have an identical or higher security level than the information and must also have access to all categories included in the specified categories for accessing this resource.
• Non-Repudiation : Method by which the sender of data provides proof of sending and the receiver is assured of the sender’s identity, so that no one can subsequently deny having processed this data.

• Open Security : Environment not providing a sufficient level of security for applications and equipment against system penetrations.
• Open Systems Security : Pool of tools for secure Internet work between open systems.
• Operational Data Security : Protection of data against accidental or illicit modification, destruction, or disclosure during input/output operations or data processing.
• Operational Security : 1/ Action of denying enemy information regarding allied intentions and capabilities by identifying, controlling, and protecting indicators of military operations or other activities. 2/ Analytical process by which a government can deny potential enemies information regarding its intentions and capabilities by identifying, controlling, and protecting indicators of sensitive operations and activities.
  
  
• Operations Security (OPSEC) : Process of identifying critical information and analyzing allied actions related to military operations and other activities, with the goal of: a) Identifying actions that can be observed by enemy information systems. b) Determining indicators that can be obtained by hostile information systems and interpreted or gathered to derive useful information for enemies. c) Selecting and executing measures that eliminate or reduce allied action vulnerabilities.
  
  
• Orange Book : See Trusted Computer Security Evaluation Criteria.
• OSI (Open Systems Interconnection) : Internationally recognized and openly developed set of standards needing to manage network resources.

• Packet : Block of data sent over the network transmitting source and destination station identities, error control information, and messages. Synonym for “frame”.
  
  
• Packet Filter : Inspects each packet to find a user-defined type of content, such as an IP address, but does not track session states. It is one of the least secure types of Firewall.
  
  
• Packet Filtering : Feature incorporated into routers limiting the flow of information based on predefined communications such as origin, destination, or the type of service provided by the network. Packet filters allow administrators to limit specific protocol traffic, isolate mail domains, and perform other traffic control functions.
  
  
• Packet Sniffer : Device or program that manages data exchanges between two computers on a network.
  
  
• Passive Attack : Attack not resulting in an illicit change of state; such as an attack that only observes and records data.
  
  
• Passive Threat : Threat of illicit information disclosure without a system state change. Type of threat involving the interception and not the alteration of information.
  
  
• PEM (Privacy Enhanced Mail) : IETF standard used to secure email exchanges.
  
  
• Penetration : Successful unauthorized access to an automated system.
• Penetration Signature : Description of a situation or series of conditions under which a penetration could occur, or system events which, when assembled, can indicate an ongoing penetration.
• Penetration Testing : Part of Security Testing in which evaluators attempt to bypass a system’s security. The evaluators must ensure the use of the entire system architecture and implemented documentation; this can include listing the system’s source code, manuals, and circuit diagrams. Evaluators work under the same constraints as ordinary users.
  
  
• Perimeter Based Security : Action of securing a network by controlling access at all entry and exit points of the network. This technique is often associated with firewalls and/or filters.
• Perpetrator : Entity from the external environment representing a risk. Entity from the external environment executing an attack; for example, a Hacker.
• Personnel Security : Procedures established to ensure that personnel with access to classified information hold the required clearances.
• PGP (Pretty Good Privacy) : Freeware program used primarily to secure email.
  
  
• Phage : Programs illicitly modifying other programs or databases; for example, a program propagating a virus or a trojan horse.
• PHF : Phone book file demonstration program that Hackers use to gain access to a computer system and to read and capture password files.
• PHF Hack : CGI script known for its vulnerability of not filtering special characters (adding a line, for example) typed by the user.
• Phraker : Person combining telephone phreaking and computer hacking.
  
  
• Phreak(er) : Person fascinated by telephone systems. It is usually a person using their knowledge of telephone systems to have their calls paid for by someone else.
• Phreaking : The art and science of hacking the telephone network.
• Physical Security : Measures used to provide physical protections to resources against deliberate and accidental threats.
• Piggybacking : Action of gaining unauthorized access to a system via the legitimate connection of another user.
  
  
• Ping : IP request sent by the local computer demanding a response from the remote computer. Used to find out if a computer is connected to a network and if it supports IP.
• Ping Of Death : Use of a ping with a packet size greater than 65507. This type of attack leads to a Denial of Service.
• Plain Text : Unencrypted data.
• Port : Logical communication interface between two computers. Example: in TCP/IP, port 21 is for FTP, 80 for HTTP, etc.
  
  
• Private Key Cryptography : Encryption method where the encrypter and decrypter use the same key which must remain secret. This method is usually only used by small groups.
  
  
• Probe : Effort aimed at gathering information on a machine or its users with the obvious goal of later gaining illicit access to the system.
• Procedural Security : See Administrative Security.
• Profile : Activity model for a user that can detect changes in habitual routines.
• Promiscuous Mode : Usually, an Ethernet interface reads all addressing information and only accepts packets exclusively destined for it; but when the interface is in Promiscuous Mode, it reads all information (sniffing) while paying little attention to the destination.
  
  
• Protocol : Universal methods of communication used by Computers. Specification describing the rules and procedures that products must follow to perform activities such as data transmission over a network. If they use the same protocols, products from different manufacturers must be able to communicate on the same network.
• Prowler : Robot regularly performing tasks such as searching for and deleting core files, truncating administrative log files, destroying lost directories, and cleaning up the system.
• Proxy : Software centralizing all network communications in order to control flows (authorize or forbid), log (connection archives), and sometimes authenticate a user (right to connect to the proxy). Primarily used for the HTTP protocol, but not exclusively.
• Psychological Operations (PSYOP) : Organized operations to transmit selected information and indicators to foreign governments, groups, organizations, or individuals with the goal of influencing their emotions, their motivations, their reasoning, and their behavior. The purpose of these psychological operations is to induce or reinforce foreign attitudes and behaviors favorable to the objectives of the initiator of these operations.
  
  
• Public Key Cryptography : Type of cryptography in which the encryption process is available to the public and unprotected; but in which the decryption key is protected such that only a group with knowledge of both parts of the decryption process can decrypt the encrypted text.

Lorem ipsum dolor sit amet, consectetur adipisicing elit. Optio, neque qui velit. Magni dolorum quidem ipsam eligendi, totam, facilis laudantium cum accusamus ullam voluptatibus commodi numquam, error, est. Ea, consequatur.

• Red Book : See Trusted Network Interpretation.
• Reference Monitor : Security control concept in which a virtual machine manages access to objects. In principle, a Reference Monitor should be complete (when it manages all accesses), isolated from modifications by system entities, and its state verifiable. A Security Kernel is an implementation of a Reference Monitor in a given hardware base.
  
  
• Replicator : Program acting to produce copies of itself, this can be for example a program, a Worm, a ForkBomb, or a virus. It is often said that Unix and C are the two halves that can lead to the creation of highly performant Replicators.
  
  
• Retro-Virus : A retro-virus is a virus that waits until all available media are also infected so that it is no longer possible to restore the normal state of the system.
• Rexd : This Unix command is that of the Sun RPC server for remote program execution. A bot launches the programs as soon as a request is made.
  
  
• Risk Assessment : Study of vulnerabilities, threats, probabilities, losses, and the theoretical effectiveness of security measures. Procedure for evaluating known threats and vulnerabilities to determine expected losses and to establish the degree of security for system operations.
  
  
• Risk Management : Procedure aimed at identifying, controlling, and minimizing the impact of variable events. The objectives of Risk Management programs are to reduce risks and obtain and maintain the DAA (Designated Approving Authority).
  
  
• Root Name Server : The root, in computing, is the starting point of a tree structure. There are currently 13 root name servers distributed around the world: these servers host the data enabling the proper functioning of the Domain Name System (DNS) and the services that use this system: internet, email…
• Rootkit : Security tools used by Hackers that capture passwords and message traffic to and from a computer. Set of tools allowing the Hacker to introduce a BackDoor into a system, to collect information on other systems on the network, to hide the modifications they have made to the system… A Rootkit is a classic example of Trojan Horse-type software. Rootkits are available for a wide range of operating systems.
  
  
• Router : Device connections similar to bridges but carrying packets and frames containing certain protocols. Routers link LANs at the network layer level.
  
  
• Routing Control : Application of rules during the execution of routing tasks in order to be able to choose to avoid specific networks, links, or relays.
• RSA Algorithm : Public-key encryption algorithm simulating a highly complex encryption system.
  
  
• Rules Based Detection : Intrusion detection system searching for activities corresponding to known intrusion techniques (signatures) or system vulnerabilities. Also known as Misuse Detection.

• Samurai : Hacker offering their services for legal cracking jobs or any other legitimate work requiring the intervention of an electronic locksmith.
• SATAN (Security Administration Tool For Analysing Networks) : Tool used to remotely probe and identify system vulnerabilities on IP networks. A powerful and free program helping to identify network security weaknesses.
  
  
• Secure Network Server : Device acting as a gateway between a protected enclave and the outside world.
• Secure Shell : Fully encrypted shell connection between two machines and protected by a very long passphrase.
• Security : Condition resulting from the establishment and maintenance of protective measures ensuring a state of inviolability against hostile acts or influences.
• Security Architecture : Detailed description of all aspects of the system relating to security, accompanied by a set of principles guiding projects. A Security Architecture describes how the system should be assembled to satisfy the required security level.
  
  
• Security Audit : Search conducted on a computer system aimed at discovering security problems and vulnerabilities.
  
  
• Security Countermeasures : Countermeasures destined for specific threats and vulnerabilities or leading to the implementation of new security activities.
• Security Domains : Set of objects that a subject has the ability to access.
  
  
• Security Features : Set of hardware and software mechanisms, functions, and characteristics of an AIS pertaining to security.
• Security Incident : Action or circumstance involving classified information whose conditions vary from those described by administrator security publications. For example, compromises, data disclosures, embezzlements.
  
  
• Security Kernel : Hardware, software, and firmware elements of a Trusted Computing Base that implement the references of a monitoring concept. A Security Kernel must manage all accesses, must be protected from external modifications, and its state must be verifiable.
  
  
• Security Label : Sensitive part of a subject or object’s information, such as its hierarchical classification (confidential, secret, top secret) or a non-hierarchical security category to which it belongs (e.g., compartment of sensitive information, critical information on nuclear weapons manufacturing).
  
  
• Security Level : Combination of a hierarchical classification and a set of non-hierarchical categories representing the sensitivity of information.
• Security Officer : Official ADP personnel responsible for the security of an ADP system.
  
  
• Security Perimeter : Boundary within which security controls are effective to protect the system.
  
  
• Security Policies : Set of laws, rules, and practices regulating how an organization manages, protects, and distributes sensitive information.
  
  
• Security Policy Model : Formal presentation of the security policies applied by a system. This model must identify the set of rules and practices regulating the means used to manage, protect, and distribute sensitive information.
• Security Requirement : Types and levels of protection required for equipment, data, information, applications, and facilities.
• Security Service : Service, provided by a set of communicating open systems, which ensures adequate security for systems or data transfers.
  
  
• Security Violation : Circumstance in which a user or another person bypasses or thwarts a system’s controls to gain unauthorized access to information contained on those systems or to system resources.
  
  
• SEFTI (Information Technology Fraud Investigation Service) : French police service.
• Server : System providing network services such as data storage and file transfer, or a program providing such services. A bot (which often runs on a system other than the server) executes a service for a person making a request.
  
  
• Signaling System 7 (SS-7) : Protocol used by telephone companies. It has three basic functions: supervise, alert, and address. Supervising consists of examining the status of a line or circuit to determine if they are busy, inactive, or requested. Alerting consists of indicating the origin of an incoming call. Addressing consists of transmitting routing and destination signals over the network in the form of tones or pulses.
  
  
• Simple Network Management Protocol (SNMP) : Protocol or Program used to control communications using TCP/IP.
  
  
• Single Sign-on (SSO) : Session and user authentication service that allows a user to use one set of login credentials (e.g., name and password) to access multiple applications. SSO can be used by enterprises, small organizations, and individuals to mitigate the management of various usernames and passwords.
  
  
• Skipjack : Encryption algorithm developed by the NSA for the Clipper Chip. The details of the algorithm were not made public until 1998, after 18 years of secrecy.
  
  
• Smurfing : Denial of Service type attack in which the attacker spoofs the source address of an ICMP Echo request (ping) packet to the broadcast address for a network, causing all machines on the network to respond en masse to the victim, thereby congesting the network.
  
  
• Snarf : Action of retrieving an important file or document in order to use it, with or without the author’s permission.
• Sneaker : Individual who attempts to penetrate systems to test their security; similar to a tiger team.
• Sniffer : Program capturing data across a computer network. Used by Hackers to capture logins and passwords. Software tool that monitors and identifies network packet traffic. A sniffer can also be used legally by network operations and maintenance personnel to troubleshoot network-related problems.
  
  
• SORM : Russian “Echelon”.
• Spam : Unsolicited email message, very often for lucrative purposes. Launched in 1978, spam still exists today despite effective filters to combat this scourge that fills our mailboxes.
  
  
• Special Information Operations (SIO) : Information operations which, due to their sensitive nature, their potential effect or impact, their security requirements, or the risks they may pose to the government, require special review and approval processes.
• SPI (Secure Profile Inspector) : Network monitoring tool for Unix, developed by the Department of Energy.
• Spoofing : Action of pretending to be someone else. Deliberate incitement of a user or resource to perform an incorrect action. Attempt to gain access to an AIS by impersonating an authorized user. Impersonating, Masquerading, and Mimicking are forms of spoofing.
  
  
• SSL (Secure Socket Layer) : Layered session protocol providing identification and confidentiality for applications.
  
  
• Subversion : Occurs when an intruder modifies the operations of the intrusion detection mechanism to force a False Negative.
• Syn Flood : When the SYN queue is flooded, no new connection can be opened.

• TCP/IP : Transmission Control Protocol / Internet Protocol. Suite of network-oriented protocols on which the Internet network is based.
  
  
• Tcpwrapper : Software tool providing additional forms of network identification, limiting access to services to authorized hosts.
  
  
• Term Rule Based Security Policy : Security policy based on global rules imposed on all users. These rules usually consist of a comparison between the sensitivity of the resources being accessed, and the possession of corresponding attributes for a user, a group of users, or entities acting upon user requests.
  
  
• Terminal Hijacking : Technique allowing an attacker, on a certain machine, to control any active terminal-type session. An attacking Hacker can thus send and receive terminal inputs/outputs while a user is on the terminal.
• Threat : Means by which the capabilities or intentions of a threat aimed at affecting systems, facilities, and enemy operations can be manifested.
• Threat Agent : Methods and objects used to exploit a vulnerability on an information system, an operation, or a facility.
• Threat Assessment : Routine process evaluating the degree of threat to a system and describing the nature of the threat.
• Tiger : Software tool that scans the system searching for weaknesses.
  
  
• Tiger Team : Teams of computer experts sponsored by governments and large industries who attempt to break computer system defenses in order to discover, and potentially correct, security holes.
• Tinkerbell Program : Monitoring program used to scan incoming network connections and to generate alerts when calls are received from a particular site, or when login attempts are made with certain logins.
  
  
• Topology : Map or plan of the network. Physical topology describes how cables and wires are installed, and logical or electrical topology describes how information flows.
  
  
• Trace Packet : In a packet communications network, a unique packet sending a report at each stage of its progression to the network control center from each element visited in the system.
• Traceroute : Action of sending trace-type packets to obtain information; of tracing the path taken by UDP packets from the local host to a remote host. Usually, a traceroute will display the duration and location of the path taken to reach the destination.
  
  
• Tranquillity : Security rule model corresponding to a state for an active object where the security level cannot be changed during the period of activity.
  
  
• Tripwire : Software tool for security. Usually, it works with a database that maintains information on file byte sizes. If the size changes, it alerts the system security manager.
  
  
• Trojan Horse : Apparently useful and harmless program but containing hidden additional code allowing the illicit harvesting, exploitation, falsification, or destruction of data.
  
  
• Trusted Computer System Evaluation Center (TCSEC) : System employing sufficient software and hardware security measures to authorize its use for simultaneous exchanges of sensitive information and data.
• Trusted Computing Base (TCB) : Set of protection mechanisms of a computer system including hardware, all software, and firmware. A TCB consists of one or more components that, put together, enforce a unified security policy over a product or system.
  
  
• Trusted Network Interpretation : Specific security features, sufficient protection, and evaluation structures from the Orange Book applied to isolated computer networks of the LAN or WAN type.
• TTY Watcher : Tool used by Hackers allowing them, even with weak knowledge, to perform Terminal Hijacking. TTY Watchers use a GUI interface.

Usurpation d’adresse (Address Spoofing):

Action malveillante qui consiste à utiliser délibérément l’adresse d’un autre système en lieu et place de la sienne. Remarques : Il faut rapprocher cette action de l’usurpation d’identité, considérée comme un délit par le droit pénal français. L’idée est de faire passer son système d’information pour un autre. L’adresse usurpée peut être une adresse MAC (pour Medium Access Control), une adresse IP, une adresse de messagerie, etc.

Vaccines : Programme s’injectant dans un fichier exécutable afin d’en vérifier l’authenticité et d’avertir si un changement est effectué.
Virus : Programme pouvant infecter d’autres programmes en les modifiant pour y ajouter, éventuellement, une copie de lui-même.
Vulnerability : Défaut matériel, logiciel, ou firmware laissant un AIS ouvert à une exploitation potentielle. Faiblesse dans les procédures de sécurité, les contrôles d’administration, les contrôles internes, et autres; sur un systèmes informatisé; pouvant être exploité par une attaque visant à gagner un accès illicite aux informations, ou pour interrompre des processus critiques en cours.
Vulnerability Analysis : Examination systématique d’un AIS ou d’un produit dans le but de déterminer les mesures de sécurité adéquates, identifier les déficiences de sécurité, analyser l’efficacité des mesures proposées, et pour confirmer que de telles mesures seront adéquates une fois implémentées.

• WAIS (Wide Area Information Service) : Internet service allowing searches across a large number of categorized databases.
• WAN (Wide Area Network) : Physical network allowing a certain number of independent machines to communicate with each other using common transmission protocols over larger geographical areas than local networks.
  
  
• War Dialer : Program dialing a list or series of telephone numbers and recording those that answer with special tones, which could be entry points to computers or telecommunication systems.
  
  
• Watering Hole Attack : This type of attack is intended to infect the personal computers of people working in a targeted sector of activity or organization. The “watering hole” technique consists of booby-trapping a legitimate website in order to infect the machines of visitors from the attacker’s domain of interest. There are many cases of insufficiently secured professional association or industry group websites whose vulnerabilities are exploited to infect their members, thereby allowing access to their most sensitive networks. The most strategic sectors are obviously the most targeted.
  
  
• Whitelist / Whitelisting : List of addresses or domain names which, according to the author of the list, are always trustworthy.
  
  
• Worm : Program replicating itself from machine to machine across network connections and information systems as it spreads.

Lorem ipsum dolor sit amet, consectetur adipisicing elit. Optio, neque qui velit. Magni dolorum quidem ipsam eligendi, totam, facilis laudantium cum accusamus ullam voluptatibus commodi numquam, error, est. Ea, consequatur.

Lorem ipsum dolor sit amet, consectetur adipisicing elit. Optio, neque qui velit. Magni dolorum quidem ipsam eligendi, totam, facilis laudantium cum accusamus ullam voluptatibus commodi numquam, error, est. Ea, consequatur.

Zombies (Botnet) : A bot network (contraction of robot network), is a network of compromised machines at the disposal of a malicious individual (the master). This network is structured in a way that allows its owner to transmit orders to all or part of the machines in the botnet and to operate them at will. Remarks: Certain sets can reach considerable numbers of machines (several thousands). These can be the subject of illicit trade or malicious actions against other machines. They are often controlled by commands issued through a control channel like the IRC (Internet Relay Chat) service.