Network Security Defined - Glossary


To view, change, or communicate with data or a program on your computer or other computers on the network. Information exchange within a computer system or over the network. Example: a user reads a file, a program creates a directory.

access control
Restricted ability to use a system or network, or data on a system or network. Access is limited to authorized users only. See also discretionary access control arid mandatory access control.

access control list (ACL)
A list of users authorized to access a particular object. Usually indicates what type of access is allowed; for example, read, write, execute, modify, delete, and create.

active threat
A threat that involves altering information. See also passive threat.

An attempt to bypass security controls. An active attack alters data; a passive attack releases data.

Proof that a user is as claimed. Protects against fraudulent use and transmission of information. Authentication methods include a password, signature, or key.

Granting rights to a user, program, process. For example, some users are authorized to access certain nodes on the network while other users are not. The system manager could be the only person authorized to export data from a trusted system.

One of the items in the nonhierarchical portion of a sensitivity label. Represents a distinct area of information. In mandatory access control, used to limit access to those who need to know the information in that particular category. See also classification.

Issued by a Certification Authority. Consists of the user's unique name and public key, and is encrypted with the authority's private key. Every certificate has a finite lifetime, usually measured in months or years.

A technical evaluation that establishes the extent to which a particular computer system or network meets a prespecified set of security requirements.

A path used for information transfer between systems

See encryption

One of the hierarchical levels of a sensitivity label. For example, UNCLASSIFIED, CONFIDENTIAL, SECRET, TOP SECRET. The first level is less restricted than the next, and so on. Classifications are limited to users approved for that level.

In mandatory access control, the security level approved for a user. Typically, users with a particular clearance can access information with a sensitivity label equal to or lower than their security level.

See plaintext.

Unauthorized loss or disclosure of information.

Data Encryption Standard (DES)
A private key encryption algorithm. Used by the U. S. Federal Government and commercial organizations to protect sensitive unclassified information and data.

The transformation of encrypted text into human-readabletext, or “plaintext.”

denial of service
An action that prevents a system or its resources from functioning reliably and efficiently.

digital signature
An authentication tool used to verify the origin of a message and the identity of the sender and receiver. A digital signature is distinct for each transaction. It consists of applying a one-way hash function to the message and then encrypting the hash with the sender's private key.

discretionary access control
An access control policy that restricts access based on the identity of the users. A user with certain access permissions can pass those permissions to another user. See also mandatory access control.

As pertains to security access, this is the data or program that a user or system can access.

The transformation of human-readable text, or “plaintext,” into text that is unintelligible to a person.

Transferring information from one system to another, frequently from a trusted system to an untrusted system.

file security
Protection of files using discretionary or mandatory access control techniques.

A host designed to be the first defense against unauthorized users gaining access to a network while at the same time allowing authorized users access. The firewall is placed between the Internet connection and the network the host protects.

A device that enables communication between two networks or systems that is not otherwise possible. A gateway can be used to filter communications between trusted and untrusted systems.

Transfer of information into a system, frequently from an untrusted system to a trusted system.

A secret value used to encrypt and decrypt information and usually known only by the sender and receiver of the information.

The assignment of sensitivity labels to every user, file, and resource in a system that supports mandatory access control.

mandatory access control
An access policy that restricts access to files and resources based on the category of the information and the security level defined in the sensitivity label. The system enforces the policy; users cannot determine which other users can access the files and resources.

passive threat
A type of threat that involves the interception of information but not alteration of that information. See also active threat.

The type of interaction a user can have with a file or resource; for example, read, write, or execute.

In encryption, the original text that is being encrypted

private key encryption
A type of encryption using a single key to encrypt and decrypt information

A right granted to a user, program, or process.

A set of rules for the exchange of information over a network.

public key encryption
A type of encryption using two related keys: a private key and a public key. The public key is known within a group of users. The private key is known only to its owner.

The recording of a message and later, the unauthorized resending of that message over the network.

The denial by a sender of a message that the message was ever sent, or the denial of a receiver of a message that the message was ever received.

A security principle that keeps information from being disclosed to unauthorized users.

secure state
A condition in which no user of the system can access information in the system in an unauthorized manner.

security level
The representation of the sensitivity of information contained in the sensitivity label and consisting of the classification and category in the sensitivity label.

sensitivity label
A label that represents a security level and describes the sensitivity of the data. A label contains a hierarchical classification and a set of categories. In mandatory access control systems, the sensitivity label determines if a user can access a particular file or resource.

smart card
An access card containing encoded information and sometimes a microprocessor and user interface. The encoded information, or the information generated by the microprocessor is used to gain access to a facility or system.

The flow of information across a network. An eavesdropper can sometimes gain sensitive information by analyzing the traffic and contents.

trusted system
A system designed, developed, and evaluated according to Orange Book criteria.

A person or process who accesses a computer system or network.