S

SAM

See Security Accounts Manager (SAM).

sandbox

A set of rules used when creating a Java applet that prevents certain functions when the applet is sent as part of a web page.

scanning

The process that attackers use to gather information about how a network is configured.

screened host

A router that is in front of a server on the private network. Typically, this server does packet filtering before reaching the firewall/proxy server that services the internal network.

secret key

See private key.

Secure Electronic Transaction (SET)

A protocol developed by Visa and MasterCard for secure credit card transactions. The protocol is becoming an accepted standard by many companies. SET provides encrypted credit card numbers over the Internet, and it's most suited to small amounts of data transmission.

Secure Hash Algorithm (SHA)

A one-way hash algorithm designed to ensure the integrity of a message.

Secure Hypertext Transfer Protocol (S-HTTP)

A protocol used for secure communications between a web server and a web browser.

Secure Shell (SSH)

A replacement for rlogin in Unix/Linux that includes security. rlogin allowed one host to establish a connection with another with no real security being employed; SSH replaces it with slogin and digital certificates.

Secure Sockets Layer (SSL)

A protocol that secures messages by operating between the Application layer (HTTP) and the Transport layer.

Secure WLAN Protocol (SWP)

A method of securing wireless networks that is beginning to gain momentum and acceptance.

Security Accounts Manager (SAM)

A database within Windows NT–based operating systems that contains information about all users and groups and their associated rights and settings within a domain.

security audit

An audit of the system (host, network, and so on) for security vulnerabilities and holes.

security log

A log file used in Windows NT to keep track of security events specified by the domain's audit policy.

security policies

Rules set in place by a company to ensure the security of a network. These may include how often a password must be changed or how many characters a password should be.

security professionals

Individuals who make their living working with computer security.

security token

A piece of data that contains the rights and access privileges of the token bearer as part of the token.

security zone

A method of isolating a system from other systems or networks.

segment

A unit of data transmission found at the Transport layer of the Open Systems Interconnection (OSI) model and used by TCP.

sensor

A device that collects data from the data source and passes it on to the analyzer.

separation of duties

A set of policies designed to reduce the risk of fraud and prevent other losses in an organization.

sequence number

A number used to determine the order in which parts of a packet are to be reassembled after the packet has been split into sections.

Sequenced Packet Exchange (SPX)

A connection-oriented protocol that is part of the Internetwork Packet Exchange (IPX) protocol suite. It operates at the Transport layer of the OSI model. It initiates the connection between the sender and receiver, transmits the data, and then terminates the connection. See also Internetwork Packet Exchange (IPX), Open Systems Interconnection (OSI) model.

Serial Line Internet Protocol (SLIP)

An older protocol that was used in early remote-access environments. SLIP was originally designed to connect Unix systems together in a dial-up environment, and it supports only serial communications.

server

A computer that provides resources to the clients on the network.

server and client configuration

A network in which the resources are located on a server and accessed by clients.

server authentication

A process that requires the workstation to authenticate against the server.

service

An item that adds functionality to a network by providing resources or doing tasks for other computers. In Windows-based operating systems, services include file and printer sharing for Microsoft or Novell networks.

service account

An account created on a server for a user to perform special services, such as a backup operator, an account operator, and a server operator.

service-level agreement (SLA)

An agreement that specifies performance requirements for a vendor. This agreement may use mean time before failure (MTBF) and mean time to repair (MTTR) as performance measures in the SLA.

service pack

Operating system updates from Microsoft.

session key

The agreed-upon (during connection) key used between a client and a server during a session. This key is generated by encrypting the server's digital ID (after validity has been established). The asymmetric key pair is then used to encrypt and verify the session key that is passed back and forth between client and server during the length of the connection.

Session layer

The fifth layer of the OSI model. It determines how two computers establish, use, and end a session. Security authentication and network naming functions required for applications occur here. The Session layer establishes, maintains, and breaks dialogs between two stations. See also Open Systems Interconnection (OSI) model.

SHA

See Secure Hash Algorithm (SHA).

share-level security

A network security method that assigns passwords to individual files or other network resources (such as printers) instead of assigning rights to network resources to users. The passwords are then given to all users that need access to these resources. All resources are visible from anywhere in the network, and any user who knows the password for a particular network resource can make changes to it.

Shielded Twisted Pair (STP)

Network cabling media that has a shield, similar to coax, wrapped over the wires.

shoulder surfing

Watching someone when they enter their username/password/sensitive data.

S-HTTP

See Secure Hypertext Transfer Protocol (S-HTTP).

signal

Transmission from one PC to another. A signal could be a notification to start a session or end a session.

signal encoding

The process whereby a protocol at the Physical layer receives information from the upper layers and translates all the data into signals that can be transmitted on a transmission medium.

signaling method

The process of transmitting data across the medium. Two types of signaling are digital and analog.

signed applet

An applet that doesn't run in the Java sandbox and has higher system access capabilities. Signed applets aren't usually downloaded from the Internet but are provided by in-house or custom programming efforts.

Simple Mail Transfer Protocol (SMTP)

A protocol for sending e-mail between SMTP servers.

Simple Network Management Protocol (SNMP)

The management protocol created for sending information about the health of the network-to-network management consoles.

single loss expectancy (SLE)

The cost of a single loss when it occurs. This loss can be a critical failure, or it can be the result of an attack.

single sign-on (SSO)

A relationship between the client and the network wherein the client is allowed to log on one time, and all resource access is based on that logon (as opposed to needing to log on to each individual server to access the resources there).

site survey

A generic site survey involves listening in on an existing wireless network using commercially available technologies. A wireless site survey, or wireless survey, is the process of planning and designing a wireless network, in particular an 802.11.

SLIP

See Serial Line Internet Protocol (SLIP).

SMTP

See Simple Mail Transfer Protocol (SMTP).

SMTP relay

A feature designed into many e-mail servers that allows them to forward e-mail to other e-mail servers. While the ability to act as a relay exists to allow networks to grow, the possibility exists for rogue servers to also participate.

smurf attack

An attack in which large volumes of ICMP echo requests (pings) are broadcast to all other machines on the network and in which the source address of the broadcast system has been spoofed to appear as though it came from the target computer. When all the machines that received the broadcast respond, they flood the target with more data than it can handle.

snapshot backup

A method of performing backups that creates a compressed file of a database as it exists at the moment, without taking the users offline. A snapshot backup can take the place of other backups. It's often run on mirrored servers, but the snapshot captures only the most recent version of files.

sniffer

A physical device that listens in (sniffs) on network traffic and looks for items it can make sense of. There is a legitimate purpose for these devices: Administrators use them to analyze traffic. However, when they're used by sources other than the administrator, they become security risks.

sniffing

Analyzing data to look for passwords and anything else of value. Sniffing is also known as wiretapping, eavesdropping, and a number of other terms (packet sniffing, network sniffing, and so on).

SNMP

See Simple Network Management Protocol (SNMP).

snooping

Looking through files in hopes of finding something interesting.

social engineering

An attack that uses others by deceiving them.

socket

The primary method used to communicate with services and applications such as the Web and Telnet. The socket is a programming construct that enables communication by mapping between ports and addresses.

software exploitation

An attack launched against applications and higher-level services.

spam

Unwanted, unsolicited e-mail sent in bulk.

spike

A momentary or instantaneous increase in power over a power line.

spoofing attack

An attempt by someone or something to masquerade as someone else.

SPX

See Sequenced Packet Exchange (SPX).

spyware

Software programs that work—often actively—on behalf of a third party.

SSH

See Secure Shell (SSH).

SSL

See Secure Sockets Layer (SSL).

state table

A firewall security method that monitors the status of all the connections through the firewall.

stateful packet filtering

Inspections that occur at all levels of the network and provide additional security using a state table that tracks every communications channel.

static Address Resolution Protocol (ARP) table entry

An entry in the Address Resolution Protocol (ARP) table that a user adds manually when a PC will be accessed often.

static routing

A method of routing packets where the router's routing table is updated manually by the network administrator instead of automatically by a route discovery protocol.

stealth port

A port that is open but might not be obvious (invisible to those who don't know it exists). Trojan horses often exploit them.

stealth virus

A virus that attempts to avoid detection by masking itself from applications.

steganography

The science of hiding information within other information, such as a picture.

strength

The effectiveness of a cryptographic system in preventing unauthorized decryption.

subscriber

An individual who is attempting to present a certificate proving authenticity.

surge protector

A device that protects electrical components from momentary or instantaneous increases (called spikes) in a power line.

switched

A network that has multiple routes to get from a source to a destination. Switching allows for higher speeds.

SWP

See Secure WLAN Protocol (SWP).

symmetrical keys

The keys used when the same key encrypts and decrypts data.

SYN flood

A denial of service attack in which the hacker sends a barrage of spoofed SYN packets. The receiving station tries to respond to each SYN request for a connection, thereby tying up all the resources. All incoming connections are rejected until all current connections can be established.

system architecture

Documents that provide you with the blueprint of your organization's software and hardware infrastructure.