Acceptable Level of Risk - A judicious and carefully considered assessment by the appropriate authority that a computing activity or network meets the minimum requirements of applicable security directives. The assessment should take into account the value of assets; threats and vulnerabilities; countermeasures and operational requirements.

Access - The ability and the means to approach, communicate with (input to or receive output from), or otherwise make use of any material or component in a computer system.

Access Code - An identification number or a set of characters that is sometimes required to gain entry to a computer program or system. Often synonymous with password.

Access Control - The process of limiting access to the resources of a system only to authorized programs, processes, or other systems (in a network.) Synonymous with controlled access and limited access. See ACL.

Access Control List - A list of subjects authorized for specific access to an object. A list of entities, together with their access rights, which are authorized to have access to a resource.

Access Control Mechanism - Hardware or software features, operating procedures, management procedure, and various combinations of these designed to detect and prevent unauthorized access and to permit authorized access in an automated system.

Access Mode - The type of access right to an object (e.g. read, write, execute, append, modify, delete, or create.)

Access Port - A logical or physical identifier that a computer uses to distinguish terminal input/output data streams.

Accreditation - The official management authorization to operate an AIS; in a particular security mode; with a prescribed set of countermeasures, against a defined threat; with a given operational concept; with stated interconnections to other AISs; at an acceptable level of risk; and for a specified period of time.

Accreditation Authority - See Desgnated Approval Authority.

Accuracy - The principle that keeps information from being modified or otherwise corrupted either maliciously or accidentally. Accuracy protects against forgery or tampering. Usually synonymous with integrity.

ACL - Access Control List, a list normally used for controlling access to computer programs and services. Identifies the users who may access an object and the type of access to the object that a user is permitted.

ACK - Acknowledgement. See NAK.

ActiveX - Microsoft scripting language used for their Internet browser.

Address - An ASCII representation of the actual location of a computer account that lets people access that account (to send it electronic mail, or to connect to the account to transfer data.) See Email Address.

AFCERT - Air Force Computer Emergency Response Team, located at the Air Force Information Warfare Center, Kelly AFB, Texas.

AIS - Automated Information System; any equipment or interconnected system or subsystems of equipment that is used in the automatic acquisition, storage, manipulation, control, display, transmission, or reception of data and includes software, firmware, and hardware.

Alert - A formatted message describing a circumstance relevant to network security. Alerts are often derived from critical audit events.

Alias - A short name to represent a more complicated one, often used for Email addresses or host domain names.

Anonymous FTP - An anonymous file transfer protocol that will accept any user name and an anonymous or no password. This is a common way for hackers to gain access to a computer. This allows a user to log on a remote machine as anonymous, without having a user account on that system.

ANSI - American National Standards Institute.

Anti-Virus Program - Software program designed to protect an AIS from a virus attack.

Application Gateway - One form of a firewall. A firewall looks for valid application-level data before allowing a connection. An ftp server for example appears as a ftp server to the client and as a ftp client to the server.

Archie - This was once a powerful service; greatly expands the usefulness of anonymous ftp up until the World-wide web was established. This service helps to locate the file, program, or other information that you are looking for.

ARP (Address Resolution Protocol) - A protocol within the Transmission Control Protocol/Internet Protocol (TCP/IP) suite that maps IP addresses to Ethernet addresses. TCP/IP requires ARP for use with Ethernet. See RARP.

ARPANET (Advanced Reserch Projects Agency Network) - A network originally sponsored by DARPA to link universities and government research centers. The TCP/IP protocols were pioneered on ARPANET.

ARP Hack - Same as Proxy ARP. The technique on which one machine, usually a gateway, answers ARP requests intended for another by supplying its own physical address. By pretending to be another machine, the gateway accepts responsibility for routing packets to it. The purpose of proxy ARP is to allow a site to use a single IP network address with multiple physical networks.

ARQ - A control code that calls for the retransmission of a block of data.

ASCII (American Standard Code for Information Interchange) - The data alphabet used in the IBM PC to determine the composition of the 7-bit string of 0s and 1s that represents each character (alphabetic, numeric, or special.) See String of Characters.

ASIM (Automated Security Incident Measurement) - Automated security tool that monitors network traffic and collects information on targeted unit networks by detecting unauthorized network activity.

Assessment - Surveys, Inspections; An analysis of the vulnerabilities of AIS. Information acquisition and review process designed to assist a customer to determine how best to use resources to protect information in systems in order to be successful in the mission.

Assurance - A measure of confidence that the security features and architecture of an AIS accurately mediate and enforce the security policy.

Asynchronous - A method of transmission in which the time intervals between characters do not have to be equal. Start and stop bits are added to coordinate the transfer of characters.

Asynchronous Attacks - Attacks that take advantage of dynamic system actions and the ability to manipulate the timing of those actions.

ATM (Asynchronous Transfer Mode) - A new, high-speed form of networking that will support data communications, video, and voice communications on the same line. ATM will be used in both LANs and WANs more in the future.

Attack - An attempt to bypass security controls on a computer. An active attack alters data. A passive attack releases data. Whether an attack will succeed depends on the vulnerability of the computer system and the effectiveness of existing countermeasures.

Audit - The independent examination of records to access their veracity and completeness. To record independently and examine documents or system activity (e.g. logins and logouts, file accesses, security violations.)

Audit trail - In computer security systems, a chronological record of when users log in, how long they are engaged in various activities, what they were doing, whether any actual or attempted security violations occurred. An automated or manual set of chronological records of system activities that may enable the reconstruction and examination of a sequence of events and/or changes in an event.

AUP - Acceptable Use Policy, the restrictions a network places on traffic it carries.

AUSCERT - Australian Computer Emergency Response Team.

Authenticate - In networking, to establish the validity of a user or an object (i.e., communications server.)

Authentication - To positively verify the identity of a user, device, or other entity in a computer system, often as a prerequisite to allowing access to resources in a system. The verification of the integrity of data that have been stored, transmitted, or otherwise exposed to possible unauthorized modification.

Authenticity - The principle that ensures that a message is received in exactly the same form in which it was sent.

Authorization - The process of determining what types of activities are permitted. Usually, authorization is in the context of authentication. Once you have authenticated a user, the user may be authorized different types of access or activity.

Authorized Person - A person who has a need-to-know for classified information in the performance of official duties and who has been granted a personnel clearance at the required level.

Automated Data Processing - Data processing in an automated fashion (i.e. on a computer.) See AIS.

Automated Information System (AIS) - An assembly of computer hardware, software, and/or firmware configured to collect, create, communicate, compute, disseminate, process, store, and/or control data or information.

Automated Security Monitoring - All security features needed to provide an acceptable level of protection fro hardware, software, and classified sensitive unclassified or critical data, material, or processes in the system.

Availability - Computer hardware and software system working efficiently and the system is able to recover quickly and completely if a disaster occurs. The principle that ensures that computer systems and data are working and available to users. Denial of Service is an attack on availablitly.

awk - A rudimentary (Unix) programming language used mainly with text and database files through editing, sorting, and searching.

B

Back Door - A hole in the security of a computer system deliberately left in place by designers or maintainers. Synonymous with trap door; A hidden software or hardware mechanism used to circumvent security controls. A breach created intentionally for the purpose of collecting, altering or destroying data.

Backbone - The major communication lines of a network.

Backup - Copying of data to a medium from which the data can be restored if the original data are destroyed or compromised.

Bandwidth - The volume of information that can be sent over a network in a specific time period.

Bang - A slang term for an exclamation point (!.)

Banner - On interactive software, a first screen containing a logo and/or author credits and/or a copyright notice. DoD computers are required to have a warning banner.

Baseband - Characteristic of any network technology like Eternet that uses a single carrier frequency and requires all stations attached to the network to participate in every transmission.

BASH - Bourne Again Shell. This is a UNIX shell.

Bastion hosts - A system that has been hardened to resist attack, and which is installed on a network in such a way that it is expected to potentially come under attack. Often are components of firewalls.

Baud - An older term for Bits Per Second(bps.) The rate at which digital information is transferred over communication lines.

BBS - Bulletin Board System, a menu driven program which provides communications, email messaging, uploading and downloading of software. Typically used by amateurs for fun at home. Considered the low-rent district for the hacker culture.

BBN - (Bolt, Beranek, and Newman, Incorporated) The Cambridge, MA company responsible for development, operation, and monitoring of the ARPANET and, later, Internet core gateway system, CSNET Coordination and Information Center (CIC), and NSFNET Network Service Center (NNSC.) BBN works on DARPA research contracts and has contributed much to TCP/IP and the connected Internet.

Benign Environment - A nonhostile environment that may be protected from external hostile elements by physical, personnel, and procedural security countermeasures.

Between-the-lines-entry - Access that an unauthorized user gets, typically by tapping the terminal that is inactive at the time, of a legitimate user. See Piggy Back.

Binary - Data that may contain non-printable characters, including graphics, programs, and sound files. The lowest code format of digital information that only a machine understands.

Binary System - The base 2 number system in which only the digits 1 and 0 are used. This system lets us express any number, if we have enough bits, as a combination of 1s and 0s.

BIOS - Basic Input/Output System

BIP - Base Information Protection office.

Bit - The unit of information. A computational quantity that can tanke on one of two values, such as 0 and 1 or true and false.

BITNET - A worldwide academic and research network that connects many universities, colleges, and collaborating research centers. The name BITNET refers to the combined U.S. and Mexican constituencies, Canada, and EARN (European Academic Research Network.)

Black - Designation applied to telecommunications and automated information systems, and to associated areas, circuits, components, and equipment, in which only unclassified signals are processed.

BLOB - Binary Large Object, used to describe any random large block of bits, usually a picture or sound file; can be stored in a database but normally not interpretable by a database program. Can be used as a mild hacker threat (mailbomb) when mailed. Can also be used to hide malicious logic code.

Blue Box Devices - Created by crackers and phone hackers ("phreakers") to break into the telephone system to make calls that bypass billing procedures.

Bomb - A general synonym for crash, normally of software or operating system failures.

Boot - To load and initialize the operating system on a machine.

Bounce - An electronic mail message that is undeliverable and returns an error to the sender.

BPS - bits per second.

Breach - The successful defeat of security controls which could result in a penetration of the system. A violation of controls of a particular information system such that information assets or system components are unduly exposed.

Bridge - A functional unit that interconnects two local area networks that use the same control procedure.

Broadband - Characteristic of any network technology that multiplexes multiple, independent network carriers onto a single cable (usually using frequency division multiplexing.)

Broadcast - To send a message to all stations or an entire class of stations connected to the network. A packet delivery system that delivers a copy of a given packet to all hosts that attach to it is said to broadcast the packet. Broadcast may be implemented with hardware (e.g. as in Ethernet) or with software (e.g., as in Cypress.)

Broadcast Storm - See mail storm.

Brouter - A device that combines the functions of a bridge and a router. Brouters can route one or more protocols, such as TCP/IP and XNS, and bridge all other traffic.

Browser - A program designed to help users access, view and navigate on the Internet (World Wide Web.) Browsers are sometimes also called Web clients, since they get information from a server. Examples are Netscape, Mosaic, Microsoft Explorer, Apache.

Browsing - The act of searching through storage to locate or acquire information without necessarily knowing of the existence or the format of the information being sought.

Brute Force - A primitive programming style (ignorance), one in which the programmer relies on the computer's processing power instead of using his or her own intelligence to simplify the problem, often ignoring problems of scale and applying naive methods suited to small problems directly to large ones.

Buffer - A temporary storage space. Data may be stored in a buffer as it is received, before or after transmission. A buffer may be used to compensate for the differences between the speed of transmission and the speed of processing.

Buffer Overflow - This happens when more data is put into a buffer or holding area, then the buffer can handle. This is due to a mismatch in processing rates between the producing and consuming processes.

Bulk Encryption - Simultaneous encryption of all channedls of a multichannel telecommunications trunk.

Bulletproof - Technical speak for describing an algorithm or implementation considered extremely robust; lossage-resistant; capable of correctly recovering from any imaginable exception condition -- a rare and valued quality. Same as armor-plated.

Bug - An unwanted or unintended property of a program or piece of hardware that causes it to malfunction.

Bus - Transmission path or channel.

Bus Topology - A broadcast arrangement in which all network stations receive the same message through the cable at the same time.

Bypass - To breach the security of a system by going around the protection features provided by the system. A message stream data not encrypted, typicaly protocol header information. The hardware/software implementation of the mechanism which allows message stream information to bypass the cryptographic element.

Byte - A unit of memory or data equal to the amount used to represent one character. For most computers this is usually 8 bits.

C

C - A programming language used predominantly by professional programmers to write applications software. The name of a programming language designed by Dennis Ritchie during the early 1970s and immediately used to reimplement Unix; so called because many features derived from an earlier compiler named `B' in commemoration of its parent, BCPL.

C++ - An object-oriented programming language. An improved version of the C programming language.

Cache - An amount of RAM set aside to hold data that is expected to be accessed again. The second access, which finds the data in RAM, is very fast.

Cache Memory - A special buffer storage, smaller and faster than main storage, that is used to hold a copy of instructions and data in main storage that are likely to be needed next by the processor.

Call Back Security - Procedure for identifying a remote AIS terminal, whereby the host system disconnects the caller and then dials the authorized telephone number of the remote terminal to re-establish the connection.

cat - Short for catalog. A Unix command to list out (non-stop scrolling) the contents of a text file on the screen. see more.

Cathode Ray Tube - See CRT

cd - A DOS and Unix command to change into a different directory of a file system.

CDS - CSAP Database System. An AFCERT relational database system containing information ranging from detailed computer hardware and software specifications, vulnerabilities and countermeasures, malicious logic, and system connectivity descriptions.

CERT - Computer Emergency Response Team. Supports others in enhancing the security of their computing systems; develops standardized set of responses to security problems; provides a central point of contact for information about security incidents; assists in collecting and disseminating information on issues related to computer security, including information on configuration, management and bug fixes for systems.

Certificate - A relatively new option for client authentication, which forces use of password protection at the beginning of a session, and can be setup to prompt for password while logged in.

Certificate Authority (Workstation) - Establishes and manages user keys, privileges and certificates. Records the security information about an IS user. A workstation where certificates are generated, stored, protected, transferred, loaded, used, and destroyed.

CGI (Common Gateway Interface) - CGI is the method that Web servers use to allow interaction between servers and programs.

CGI Scripts - Allows for the creation of dynamic and interactive web pages. They also tend to be the most vulnerable part of a web server (besides the underlying host security.)

Challenge-response - A type of authentication in which a user responds correctly (usually by performing some calculation based on the time and/or the user's unclassified key) to a challenge (usually a numeric, unpredictable one.)

Channel - A path between sender and receiver that carries one stream of information.

Chat Group - A virtual meeting place where you can converse with other users from all parts of the globe. The chat groups are "live."

Check_Password - A hacking program used for cracking VMS passwords. see Guess_Password

Checksum - A small, integer value computed from a sequence of octets by treating them as integers and computing the sum. It is used to detect errors that result when the sequence of octets is transmitted from one machine to another. Typically, protocol software computes a checksum and appends it to a packet when transmitting. Upon reception, the protocol software verifies the contents of the packet by recomputing the checksum and comparing to the value sent.

Chernobyl Packet (Kamikaze Packet) - A network packet that induces a broadcast storm and network meltdown. Typically an IP Ethernet datagram that passes through a gateway with both source and destination Ether and IP address set as the respective broadcast addresses for the subnetworks being gated between.

chmod (change mode) - A Unix command to change the read, write, and execute privileges for files. See mode, and Permission flags.

chown (change owner) - A Unix command to change the ownership of a file from one user to another.

chgrp (change group) - A Unix command to change the group accessing a file from one group to another.

chrootuid - A software tool which runs network services with a lower authorization than root. Restricts file system access of network services.

CIAC (Computer Incident Advisory Capability) - An organization of the Department of Energy which provides computer security services.

Ciphertext - In cryptography, the unintelligible text that results from encrypting original text.

Circuit Level Gateway - One form of a firewall. Validates TCP and UDP sessions berfore opening a connection. Creates a handshake, and once that takes place passes everything thru until session is ended.

Client - In networking, a process that initiates contact with a server process in order to exchange data with it.

Client-Server - The model of interaction in a distributed system in which a request to a program at another site and awaits a response. The requesting program is called a client; the program satisfying the request is called the server. It is usually easier to build client software than server software.

COAST (Computer Operations, Audit, and Security Tools) - Organization at Purdue University which collects computer security tools.

Common Carrier - A transmission company that serves the general public (telephone company.)

Communications Security (COMSEC) - Procedures designed to ensure that telecommunications messages maintain their integrity and are not accessible by unauthorized individuals.

Compartmented Mode Workstation (CMW) - A secure workstation providing a high-resolution monitor, a window manager, and a detailed set of security functions. CMWs have enough built-in security to operate as trusted computers.

compress - A Unix command to compress a file, creating a filename with a .Z extension.

Compress/Compression - When used without a qualifier, generally refers to crunching of a file using a particular algorithm for minimizing the amount of space needed for the file or files to be stored.

Compromise - An intrusion into a computer system where root level access (superuser privileges) is gained and files have been altered or changed.

Computer Abuse - The willful or negligent unauthorized activity that affects the availability, confidentiality, or integrity of computer resources. Computer abuse includes fraud, embezzlement, theft, malicious damage, unauthorized use, denial of service, and misappropriation.

Computer Emergency Response Team (CERT) - Supports others in enhancing the security of their computing systems; develops standardized set of responses to security problems; provides a central point of contact for information about security incidents; assists in collecting and disseminating information on issues related to computer security, including information on configuration, management and bug fixes for systems.

Computer Fraud - Computer-related crimes involving deliberate misrepresentation or alteration of data in order to obtain something of value.

Computer Geek - One who eats computer bugs for a living. One who fulfills all the stereotypes about hackers.

Computer Program - A series of statements instructing the computer to perform a task or process data. The program may be in a high-level source code form, which requires intermediate processing before the computer can execute it, or it may be in an object form that can be directly executed by the computer.

Computer Related Crime - Any illegal act for which knowledge of computer technology is involved for its investigation, perpetration, or prosecution.

Computer Security (COMPUSEC) - Technological and managerial procedures applied to computer systems to ensure the availability, integrity and confidentiality of information managed by the computer system.

Computer Security Incident - Any intrusion or attempted intrusion into a computer system. Incidents can include probes of multiple computer systems.

Computer Security Intrusion - Any event of unauthorized access or penetration to a computer system.

Concentrator - See Wiring Hub.

Confidentiality - The principle that keeps information from being disclosed to anyone not authorized to access it. Synonymous with secrecy.

Connection - In networking, a temporary electrical circuit between the client and a server.

Connectionless Data Transfer (Mode Transmission) - In packet data transmission, a mode of operation in which each packet is encoded with a header containing a destination address sufficient to permit the independent delivery of the packet without the aid of additional instructions. A connectionless packet is frequently called a datagram. A connectionless service is inherently unreliable in the sense that the service provider usually cannot provide assurance against the loss, error, insertion, or misdelivery.

Contingency Plan - A plan for emergency response, backup operations, and post disaster recovery maintained by an activity as a part of its security program that will ensure the availability of critical resources and facilitate the continuity of operations in an emergency situation.

Control Zone - The space expressed in feet of radius, surrounding equipment processing classified information which is under sufficient physical and technical control to preclude a successful hostile intercept attack.

Controlled Access - Synonymous with access control

Cookie - A handle, transaction ID, or other token of agreement between cooperating programs.

COPS (Computer Oracle and Password System) - A computer network monitoring system for Unix machines. Software tool for checking security on shell scripts and C programs. Checks for security weaknesses and provides warnings.

Copy Protection - A class of methods for preventing incompetent pirates from stealing software and legitimate customers from using it.

Copyright - The legal, exclusive right tot he publication, production, or sale of the rights to a literary, dramatic, musical, or artistic work, or to the use of a commercial print or label, granted by law for a specified period of time to an author, artist, composer, programmer and so on. Current works are covered by copyright from the moement they are expressed in a fixed form (e.g. paper, diskette, CDROM, etc.) Registration is not required.

Core - The main storage of a computer system. A core dump captures data and files in memory. Main storage or RAM. Dates from the days of ferrite-core memory; now archaic.

Core Dump - A copy of the contents of core memory produced when a process is aborted by certain kinds of internal error.

Core Gateway - One of a set of gateways operated by the Internet Network Operations Center (INOC) at BBN. Gateways in the core system exchange routing tables remain consistent. The core forms a central part of Internet routing in that all groups must advertise paths to their networks to core gateways using the Exterior Gateway Protocol.

COTS Software - Software acquired by government contract through a commercial vendor. This software is a standard product, not developed by a vendor for a particular government project.

Countermeasures - Action, device, procedure, technique, or other measure that reduces the vulnerability of an automated information system. Countermeasures that are aimed at specific threats and vulnerabilities involve more active techniques as well as activities traditionally perceived as security.

Covert Channel - A communications channel that allows two cooperating processes to transfer information in a manner that violates the system's security policy.

cp - A Unix command to copy files.

CPS - character per second.

CPU (Central Processing Unit) - The function `brain' of the computer; the element that does the actual adding and subtracting of 0s and 1s that is essential to computing. Normally the main integrated circuit located on a motherboard in a computer.

Crack - A popular hacking tool used to crack passwords. System administrators also use Crack to assess weak passwords by novice users in order to better secure his/her system.

Crack Root - To defeat the security system of a UNIX machine and gain root system privileges thereby.

Cracker - One who breaks security on a system. A person who engages in computer and telecommunications intrusion.

Cracking - The act of breaking into a computer system.

Crash - A sudden, usually drastic failure of a computer system.

CRT (Cathode Ray Tube) - A device that presents data or graphics in visual form.

crypt - A Unix command that converts a text file and stores it in a new encrypted format.

Cryptographic Checksum - A one-way function applied to a file to produce a unique "fingerprint" of the file for later reference. Checksum systems are a primary means of detecting file system tampering on Unix.

Cryptography - The science and study of unclassified writing.

CSAP (Computer Security Assistance Program) - Program to implement information protection operations capabilities using a combination of administrative controls, reporting procedures, specially developed automated security tools, incident response, intelligence threat data, and special survey and analysis capabilities.

CSET (Computer Security Engineering Team) - The CSET focus on specific systems and networks. The team overtly surveys policy, procedures, training, awareness, connectivity and physical security of a specific system. CSETs document problems with policy and directives, operating procedures, configuration management, training and awareness, system connectivity, physical security, and unauthorized software.

Cyberspace - A term used to refer to the entire collection of sites that can be accessed electronically. Information-space of a computer system, or system of networks. The metaphoric location of the mind of a person in hack or cracking mode.

D

Daemon - A program that is executed automatically on the completion of specific operation on the knowledge base. A program that is not invoked explicitly, but lies dormant waiting for some condition to occur before it reacts. aka Disk and Execution Monitor.

Dark-side Hacker - A criminal or malicious hacker.

DARPA - Defense Advanced Research Projects Agency. The government agency that funded research and experimentation with the ARPANET, and later, the connected Internet. Formerly known as ARPA. The group within DARPA responsible for the ARPANET is ISTO, formerly IPTO, located at 1400 Wilson Blvd, Arlington, VA.

Data - A representation of facts, concepts, or instructions suitable for communication, interpretation, or processing by humans or computers.

Data Diddling - Altering of data in an unauthorized manner before, during, or after input into a computer system.

Data Driven Attack - A form of attack that is encoded in innocuous seeming data which is executed by a users or other software to implement an attack. In the case of firewalls, a data driven attack is a concern since it may get through the firewall in data form and launch an attack against a system behind the firewall.

Data Encryption Standard (DES) - An encryption standard developed by IBM and then tested and adopted by the National Bureau of Standards. Published in 1977, the DES standard has proven itself over nearly 20 years of use in both government and private sectors. Cryptographic algorithm designed for the protection of unclassified data and published by the National Institute of Standards and Technology.

Data Security - The protection of data from unauthorized (accidental or intentional) modification, destruction, or disclosure.

Data Stream - A sequence of digitally encoded signals used to represent information for transmission.

DCA - Defense Communication Agency. The government agency responsible for installation of Defense Data Network (e.g., ARPANET and MILNET) lines and PSNs.

DDN - Defense Data Network. Used loosely to refer to the MILNET, ARPANET, and the TCP/IP protocols they use. More literally, it is the MILNET and associated parts of the connected Internet that connect military installations.

Deadlock - A situation wherein two or more processes are unable to proceed because each is waiting for another to do something. See DEADLY EMBRACE.

Deadly Embrace - Same as DEADLOCK, though usually used only when exactly two processes are involved.

Dedicated Line - A leased communication line. A dedicated phone line used for network communications.

Decryption - The transformation of encrypted text (called ciphertext) into original text (called plaintext or cleartext.)

Degaussing - See Erasure.

Demon Dialer - A program which repeatedly calls the same telephone number. This is benign and legitimate for access to a BBS, or malign when used as a prank for denial of service attack. This includes any action that causes unauthorized destruction, modification, or delay of service. Delay or partial denial is more often called degradation of service. Synonymous with interdiction. See Scanning.

Denial of Service - Action(s) which prevent any part of an AIS from functioning in accordance with its intended purpose. See Availability.

Denial Time - The average length of time that an affected asset is denied to the organization.

Derf - The act of exploiting a terminal which someone else has absentmindedly left logged on.

DES - Data Encryption Standard. A national cryptographic standard based upon a 56-bit algorithm. This algoritm can be implemented in electronic hardware devices and used for the cryptographic protection of computer data.

Designated Approving Authority (DAA) - Official with the authority to formally assume responsibility for operating a system at an acceptable level of risk.

Dial-up line - A communications circuit established by dialing a destination over a commercial telephone system, used to communicate with a computer (or the Internet) over a modem.

Dial-Up Security - The service whereby a computer terminal can use the telephone to initiate and effect communication with a computer.

Dialed Number Recorder (DNR) - A device that records the telephone numbers of calls placed from a particular telephone. A DNR may help in tracing or documenting the actions of an intruder. See Pen Register.

dig - A service quite similar to nslookup, for querying and checking names of an IP address.

Digital - Type of communications used by computers, consisting of "on" and "off" pulses of electricity.

Disaster Recovery - See Contingency Plan.

Diskless Client - A system with no local disk drive that relies on an NFS server for the operating system, swap space, file storage, and other basic services.

DNS (Domain Name Service) - A distributed networked-based naming service on the Internet that associates IP addresses with the name of a user site.

DNS spoofing - Assuming the DNS name of another system by either corrupting the name service cache of a victim system, or by compromising a domain name server for a valid domain.

Domain - A part of the DNS naming heirarchy. Syntactically, a domain name consists of a sequence of names(labels) separated by periods (dots.) A directory structure for electronic mail addressing and network address naming. Within the US, top-level domains include .com, .edu, .gov, .mil, .net, .org. Subdomains designate the organization and the individual system.

Dot Address - The numeric (IP) Internet host address.

Down - Not working.

Download - To transfer data or code from a host system over a digital communication link to a client system.

Dragon - A program similar to a "daemon", except that it is not invoked at all, but is instead used by the system to perform various secondary tasks. A typical example would be an accounting program, which keeps track of who is logged in.

Dual homed gateway - A dual homed gateway is a system that has two or more network interfaces, each of which is connected to a different network. In firewall configuration, a dual homed gateway usually acts to block or filter some or all of the traffic trying to pass between the networks.

Dump - An undigested and large amount of information routed to an output device. Usually it is a backup of computer files and data.

Dumpster Diving - The practice of raiding the dumpsters behind buildings where producers and/or consumers of high-tech equipment are located with the expectation of finding discarded but still-valuable equipment or information. See Scavenging.