Are, Sweetcell Anne L.
BSA 5 letter in the original message (called the plaintext) is replaced with
o Access Control List (ACL) - a table that tells a computer operating
system which access rights each user has to a particular system
object, such as a file directory or individual file. Each object has a
security attribute that identifies its access control list. The list has an
entry for each system user with access privileges. The most common
privileges include the ability to read a file (or all the files in a
directory), to write to the file or files, and to execute the file (if it is
an executable file, or program). The list is implemented differently
by each operating system.
o Access Token - a small hardware device that the owner carries to
authorize access to a network service. The device may be in the form
of a smart card or may be embedded in a commonly used object
such as a key fob.
o Advance Encryption Standard - symmetric block cipher chosen
by the U.S. government to protect classified information and is
implemented in software and hardware throughout the world to
encrypt sensitive data.
o Algorithm - procedure or formula for solving a problem based
on conducting a sequence of specified actions.
o Application-level firewall - form of firewall that controls input,
output, and/or access from, to, or by an application or service. It
operates by monitoring and potentially blocking the input, output,
or system service calls that do not meet the configured policy of the
firewall.
o Botnets - are collections of internet-connected devices, which
may include PCs, servers, mobile devices and internet of things
devices that are infected and controlled by a common type of
malware. Users are often unaware of a botnet infecting their
system.
o Caesar cipher - also known as a shift cipher, is one of the
simplest forms of encryption. It is a substitution cipher where each
a letter corresponding to a certain number of letters up or down in
the alphabet.
o Call-back device - requires the dial-in user to enter a password
and be identified. The system then breaks the connection to
perform user authentication. If the caller is authorized, it dials the
callers number to establish a new connection. This restricts access
to authorized terminals or telephone numbers and prevents an
intruder masquerading as a legitimate user.
o Certification authority (CA) - is a trusted entity that issues
electronic documents that verify a digital entitys identity on the
Internet.
o Compiler a special program that processes statements written
in a particular programming language and turns them into machine
language or "code" that a computer's processor uses.
o Data Collision - a collision is the result of two devices on the same
Ethernet network attempting to transmit data at exactly the same
time.
Data Encryption Standard (DES) - an outdated symmetric-key
method of data encryption. DES works by using the same key to
encrypt and decrypt a message, so both the sender and the receiver
must know and use the same private key.
o Deep Packet Inspection (DPI) - is an advanced method of packet
filtering that functions at the Application layer of the OSI (Open
Systems Interconnection) reference model. The use of DPI makes it
possible to find, identify, classify, reroute or block packets with
specific data or code payloads that conventional packet filtering,
which examines only packet headers, cannot detect.
o Denial of Service attacks (Dos) - a type of attack on a network
that is designed to bring the network to its knees by flooding it with
useless traffic. Many DoS attacks, such as the Ping of Death and
Teardrop attacks, exploit limitations in the TCP/IP protocols.

o Digest - a mathematical value calculated from the text content of
the message. The digest is then encrypted using the senders private
key to produce the digital signature.
o Digital Certificate - an electronic "passport" that allows a person,
computer or organization to exchange information securely over the
Internet using the public key infrastructure (PKI). A digital certificate
may also be referred to as a public key certificate.
o Digital Envelope - secure electronic data container that is used to
protect a message through encryption and data authentication. A
digital envelope allows users to encrypt data with the speed of
secret key encryption and the convenience and security of public key
encryption.
o Digital Signature - is a mathematical technique used to validate
the authenticity and integrity of a message, software or digital
document.
o Discretionary Access Privileges - type of access control defined
by the Trusted Computer System Evaluation Criteria "as a means of
restricting access to objects based on the identity of subjects and/or
groups to which they belong.
o Distributed denial of service (DDos) attack occurs when multiple
systems flood the bandwidth or resources of a targeted system,
usually one or more web servers. Such an attack is often the result
of multiple compromised systems (for example, a botnet) flooding
the targeted system with traffic.
o Echo Check - a quality check and error-control technique for data
transferred over a computer network or other communications link,
in which the data received is stored and also transmitted back to its
point of origin, where it is compared with the original data.
o EDE3 - ses one key to encrypt, the second to decode and the third
to encrypt the garbled message
o Electronic data interchange (EDI) is the transfer of data from one
computer system to another by standardized message formatting,
without the need for human intervention. EDI permits multiple
companies -- possibly in different countries -- to exchange
documents electronically. Data can be exchanged through serial
links and peer-to-peer networks, though most exchanges currently
rely on the Internet for connectivity.
o Encryption - is the conversion of electronic data into another
form, called ciphertext, which cannot be easily understood by
anyone except authorized parties.
o Event Monitoring - the process of collecting, analyzing, and
signaling event occurrences to subscribers such as operating system
processes, active database rules as well as human operators.
Firewall - is a network security system, either hardware- or
software-based, that uses rules to control incoming and outgoing
network traffic.
- acts as a barrier between a trusted network and and an
untrusted network. A firewall controls access to the resources of a
network through a positive control model. This means that the only
traffic allowed onto the network is defined in the firewall policy; all
other traffic is denied.
o Hierarchical topology - made up of the following: A core layer of
high-end routers and switches optimized for network availability
and performance. A distribution layer of routers and switches
implementing forwarding decisions, an access layer connecting
users via hubs, bridges, switches, or routers.
o Internet relay chat (IRC) - a system for chatting that involves a set
of rules and conventions and client/server software. On the Web,
certain sites such as Talk City or IRC networks such as the Undernet
provide servers and help you download an IRC client to your PC. Talk
City also offers an IRC client applet that it downloads for you as part
of their home page so that you can start chatting right away.
o Interpreter - translates high-level instructions into an
intermediate form, which it then executes.
o Intranet - a network based on TCP/IP protocols belonging to an
organization, accessible only by the organization's members or
those with authorization.
o Intrusion Prevention Systems (IPS) - or intrusion prevention
system is used in computer security. It provides policies and rules for
network traffic along with an intrusion detection system for alerting
system or network administrators to suspicious traffic, but allows
the administrator to provide the action upon being alerted.
o IP broadcast address - a special Internet Protocol (IP) address
used to transmit messages and data packets to network systems.
o IP Spoofing - also known as IP address forgery or a host file hijack,
is a hijacking technique in which a cracker masquerades as a trusted
host to conceal his identity, spoof a Web site, hijack browsers, or
gain access to a network.
o Key - a variable value that is applied using an algorithm to a string
or block of unencrypted text to produce encrypted text, or to
decrypt encrypted text.
o Keystroke Monitoring - records both the users keystrokes and
system responses. May be used to reconstruct the details of an
event or as a real-time control to prevent unauthorized intrusion.
o Line error - the bit structure of the message can be corrupted
through noise on the communications lines.
o Log-on procedure - two requests are made from the individual
trying to gain access: a preauthorized account (or user) name and a
preset password. On a computer system used by more than one
individual, the logon procedure identifies the authorized users and
the protocols of users' access time.
o Message sequence numbering - through it, a sequence number
is inserted in each message and any such attempt will become
apparent at the receiving end.
o Message transaction logs - records the User ID, time of access
and the terminal location or phone number where the access
originated
o Multilevel password control - used to restrict employees who are
sharing the same computers to specific directories, programs and
data files. Different passwords are used to access different
functions.
o Network-level firewall - filter traffic between two or more
networks; they are either software appliances running on general-
purpose hardware, or hardware-based firewall computer
appliances. Host-based firewalls provide a layer of software on one
host that controls network traffic in and out of that single machine.
o Network topology - refers to the layout of a network and how
different nodes in a network are connected to each other and how
they communicate.
o One-time password - is a password that is valid for only one login
session or transaction, on a computer system or other digital device.
o Operating system - the most important program that runs on a
computer.
o Operating system security - is the process of ensuring OS
integrity, confidentiality and availability. OS security refers to
specified steps or measures used to protect the OS from threats,
viruses, worms, and malware or remote hacker intrusions. OS
security encompasses all preventive-control techniques, which
safeguard any computer assets capable of being stolen, edited or
deleted if OS security is compromised.
o Parity check - a technique that checks whether data has been lost
or written over when it is moved from one place in storage to
another or when it is transmitted between computers.
o Password - a string of characters used to verify the identity of a
user during the authentication process.
o Ping - is a utility to determine whether a specific IP address is
accessible.
o Polling - nodes can send data only when the master nodes
request, two nodes can never access the network at the same time
o Private Key - is a tiny bit of code that is paired with a public key
to set off algorithms for text encryption and decryption. It is created
as part of public key cryptography during asymmetric-key
encryption and used to decrypt and transform a message to a
readable format. Public and private keys are paired for secure
communication, such as email.
o Public key encryption - an encryption technique that uses a
paired public and private key (or asymmetric key) algorithm for
secure data communication. A message sender uses a recipient's
public key to encrypt a message. To decrypt the sender's message,
only the recipient's private key may be used.
o Public key infrastructure (PKI) - allows users of the Internet and
other public networks to engage in secure communication, data
exchange and money exchange. This is done through public and
private cryptographic key pairs provided by a certificate authority.
o Request-response technique - one party sends a request
message and the receiving party returns a response message.
o Reusable password - the user defines the password and reuses it
to gain future access.
o Ring topology a peer-to-peer arrangement in which all nodes
are of equal status thus, responsibility for managing
communications is distributed among nodes.
o RSA (Rivest-Shamir-Adleman) - encryption is a public-key
encryption technology developed by RSA Data Security. The RSA
algorithm is based on the difficulty in factoring very large numbers.
Based on this principle, the RSA encryption algorithm uses prime
factorization as the trap door for encryption. Deducing an RSA key,
therefore, takes a huge amount of time and processing power. RSA
is the standard encryption method for important data, especially
data that's transmitted over the Internet.RSA stands for the creators
of the technique, Rivest, Shamir and Adelman.
o Screening router - performs packet-filtering and is used as a
firewall. In some cases a screening router may be used as perimeter
protection for the internal network or as the entire firewall solution.
o Server - a computer program that provides services to other
computer programs (and their users) in the same or other
computers.
o Smurf attack - a type of denial of service attack in which a system
is flooded with spoofed ping messages.
o SYNchronize-ACKnowledge (SYN-ACK) - rely on the fact that web
servers will respond to apparently legitimate requests for web
pages, no matter how many requests are made. However, should an
attacker make lots of requests, which then leave the web server tied
up and unable to continue serving truly legitimate requests, disaster
will strike and the web server will fail.
o SYN flood attack is a type of Distributed Denial of Service (DDoS)
attack that exploits part of the normal TCP three-way handshake to
consume resources on the targeted server and render it
unresponsive. Essentially, with SYN flood DDoS, the offender sends
TCP connection requests faster than the targeted machine can
process them, causing network saturation.
o System audit trails is a chain of evidence in the form of hard or
electronic business transactions or communications resulting from
business processes, functions or programming executions.
o Token passing is a channel access method where a signal called a
token is passed between nodes to authorize that node to
communicate. In contrast to polling access methods, there is no pre-
defined "master" node.
o Triple-DES encryption is a type of computerized cryptography
where block cipher algorithms are applied three times to each data
block. The key size is increased in Triple DES to ensure additional
security through encryption capabilities. Each block contains 64 bits
of data. Three keys are referred to as bundle keys with 56 bits per
key. There are three keying options in data encryption standards: All
keys being independent, Key 1 and key 2 being independent keys,
All three keys being identical.
o Trojan horse - is a program whose purpose is to capture IDs and
passwords from unsuspecting users. They mimic the normal login
procedures of the OS. When user enters his or her ID and password,
the Trojan horse stores a copy of them in a secret file. At a later date,
the author uses these IDs and passwords to access the system and
masquerade as an authorized user.
o Virus - a program that attaches itself to a legitimate program to
penetrate the OS and destroy application programs, data files and
the OS itself.
o Worm - is a software program that virtually burrows into the
computers memory and replicates itself into areas of idle memory.
The worm systematically occupies idle memory and replicates itself
until memory is exhausted and the system fails. Replicated worm
modules remain in contact with the original worm that controls their
growth.
o Zombie - perpetrators of DDoS may employ a virtual army of
zombie or bot (computers) to launch the attack