Security Glossary
Access control list (ACL) - Identifies the users who may
access a resource, and the type of access to that resource, that
a user is permitted to have. Once a user is authenticated the ACL
controls what they are permitted to do.
Access management - The centralized or unified implementation
and management of user authentication and entitlement to a site's
secure resources.
Audit - An examination of records and activities to ensure
compliance with established security controls, policies, and procedures.
Authentication - Identifies an individual or application
through the use of username/password, profiles, digital certificates
or other means.
Authorization - Develops rules or policies relating to what
information users are allowed to view and manipulate.
Basic authentication - Base64-encoding the username and
password and transmitting the result to the server.
Biometric security - A security science where body or physical
attributes are used for secure identification and authentication.
Some of the common Biometric identifiers are fingerprints, voice
patterns, face geometry, hand geometry, retinal scans, signatures,
and typing patterns.
Certificate - A digital "passport." A certificate is a secure
electronic identity conforming to the X.509 standard. Certificates
typically contain a user's name and public key. A CA authorizes
certificates by signing the contents using its CA signing private
key.
Certificate expiry - The date after which a user's certificate
should no longer be trusted. The certificate expiry date is contained
within the certificate.
Certificate revocation - The act of identifying certificates
that are no longer trusted. Revoked certificates are identified
on Certificate Revocation Lists (CRLs).
Certification authority (CA) - The internal or trusted third
party responsible for issuing secure electronic identities to users
in the form of digital certificates.
Cryptography - The science of transforming readable text
into cipher text and back again.
Confidentiality - Keeps information private.
Cookies - Snippets of user information delivered by a Web
site to the user's browser to persist information during and between
sessions.
Decryption - The process of transforming cipher text into
readable text.
Digest authentication - Transmits username and password
information in a manner that cannot be easily decoded. The Digest
mechanism includes an encoding of the realm for which the credentials
are valid, so a separate credentials database must be provided for
each realm using the Digest method.
Digital ID - An encrypted file containing your personal
security data, including your private keys.
Digital certificate - An electronic document that verifies
the owner of a public key, issued by a certificate authority.
Digital signature - Any type of text or message, encrypted
with a private key, thereby identifying the source.
Discretionary Access Control (DAC) - Check the validity
of credentials given at the discretion of the user (e.g., username
and password).
Encryption - The process of turning readable text into cipher
text.
Encryption algorithm - A mathematical formula used to encrypt
or decrypt a string of text.
Entitlements - These are your rights and privileges, from
an application perspective, based on who you are.
Hash - A fixed-length value created mathematically to uniquely
identify data.
Integrity - Proves that information has not been manipulated.
Identity-management - The processes and procedures for administering
user authentication and authorization in the enterprise and between
domains over the Internet.
Kerberos - A system that provides a central authentication
mechanism for a variety of client/server applications, using passwords
and secret keys. Developed at the MIT.
Key - A single numeric value that is part of an algorithm
for encrypting text.
Lightweight directory access protocol (LDAP) - A client-server
protocol for accessing a directory service. It runs over TCP and
can be used to access a stand-alone LDAP directory service or to
access a directory service back-ended by X.509.
Mandatory Access Control (MAC) - Check the validity of credentials
that validate aspects that the user cannot control (e.g., IP address,
host name).
Non-repudiation - Ensures that information cannot be disowned.
Organization - A group of users and/or roles.
Public Key Infrastructure (PKI) - The infrastructure used
to create a secure chain of trust for Internet-based communications.
A PKI solution consists of a security policy, a Certificate Authority
(CA), a Registration Authority (RA), certificate distribution system,
and PKI-enabled applications.
Policy-based authorization - Enables development of rules
or policies that define what information users are allowed to view
and manipulate. Mirrors real-world business practices and policies
depending upon factors such as who is making the request, where
and when the request is generated, and why the user needs the data.
Policy-based provisioning - Policy-based provisioning automates
the deployment of access rights to applications based on the business'
policies to employees, contractors and business partners. It is
a single point of administration for the set-up, teardown and reconciliation
of access rights. It can maintain policies, assure privacy and reinforce
security in changing business environments throughout the enterprise
and beyond.
Private key - The key that a user keeps secret in asymmetric
encryption. It can encrypt or decrypt data for a single transaction
but cannot do both.
Public key - The key that a user allows the world to know
in asymmetric encryption. It can encrypt or decrypt data for a single
transaction but cannot do both.
Remote Authentication Dial-In User Service (RADIUS) - A
standard for authenticating the identity of remote dial-in users.
Realm - A unique name given to each protected area on a
server, whether it be a single document or an entire server.
Rights - The privileges a user or role has on a system.
Roles - A working description of a user. Roles are assigned
rights.
RSA Encryption (Rivest-Sharmir-Adelman) - A popular encryption
and authentication standard that uses asymmetric keys and was developed
by Rivest, Sharmir, and Adelman. Based on a public key system, every
user has 2 digital keys, one to encrypt information, and the other
to decrypt. Authentication of both sender and recipient is achieved
with this method.
Secret key encryption - A method in which a single key known
only to the participants encrypts and decrypts data.
Security Assertion Markup Language (SAML) - Protocol that
facilitates the secure exchange of authentication and authorization
information between partners regardless of their security systems
or e-commerce platforms.
Single Sign-On (SSO) - Users sign onto a site only once
and are given access to one or more applications in a single domain
or across multiple domains.
Smart card - A credit-card-size authentication device containing
a microprocessor and data, which is read by a smart-card reader
and sent across the network.
SSL (Secure Sockets Layer) - A transport-layer technology,
developed by Netscape, that allows secure transactions among compliant
browsers and servers, usually Web servers.
Sub administrator - Administrator with a limited set of
administration rights.
Super administrator - Administrator with rights to the entire
system.
Symmetric encryption - A method involving a single secret
key for both encryption and decryption.
Token - A credit card size or key FAB sized authentication
device that a user carries. It usually displays numbers that change
over time and synchronizes with an authentication server on the
network, and it may also use a challenge/response scheme with the
server. Tokens are based on something you know (a password or PIN)
and something you have (an authenticator - the token).
Two-factor authentication - Provides a higher level of trust
than passwords alone because it requires something a user knows,
such as a password, as well as something that person has, such as
a smart card or a token.
URL (Uniform Resource Locator) - A standard addressing system
used on the Internet. The URL describes everything that is necessary
for a Web Browser to locate the requested site.
Users - Accounts that are created to represent individuals.
X.509 - A standard for digital certificates developed by
the International Telecommunications Union (ITU).
|
