Security Glossary
Access control list (ACL) -
Identifies the users who may access a resource, and the type of access
to that resource, that a user is permitted to have. Once a user is
authenticated the ACL controls what they are permitted to do.
Access management - The centralized or unified implementation and management of user authentication and entitlement to a site's secure resources.
Audit - An examination of records and activities to ensure compliance with established security controls, policies, and procedures.
Authentication - Identifies an individual or application through the use of username/password, profiles, digital certificates or other means.
Authorization - Develops rules or policies relating to what information users are allowed to view and manipulate.
Basic authentication - Base64-encoding the username and password and transmitting the result to the server.
Biometric security - A security
science where body or physical attributes are used for secure
identification and authentication. Some of the common Biometric
identifiers are fingerprints, voice patterns, face geometry, hand
geometry, retinal scans, signatures, and typing patterns.
Certificate - A digital
"passport." A certificate is a secure electronic identity conforming to
the X.509 standard. Certificates typically contain a user's name and
public key. A CA authorizes certificates by signing the contents using
its CA signing private key.
Certificate expiry - The date
after which a user's certificate should no longer be trusted. The
certificate expiry date is contained within the certificate.
Certificate revocation - The
act of identifying certificates that are no longer trusted. Revoked
certificates are identified on Certificate Revocation Lists (CRLs).
Certification authority (CA) -
The internal or trusted third party responsible for issuing secure
electronic identities to users in the form of digital certificates.
Cryptography - The science of transforming readable text into cipher text and back again.
Confidentiality - Keeps information private.
Cookies - Snippets of user
information delivered by a Web site to the user's browser to persist
information during and between sessions.
Decryption - The process of transforming cipher text into readable text.
Digest authentication -
Transmits username and password information in a manner that cannot be
easily decoded. The Digest mechanism includes an encoding of the realm
for which the credentials are valid, so a separate credentials database
must be provided for each realm using the Digest method.
Digital ID - An encrypted file containing your personal security data, including your private keys.
Digital certificate - An electronic document that verifies the owner of a public key, issued by a certificate authority.
Digital signature - Any type of text or message, encrypted with a private key, thereby identifying the source.
Discretionary Access Control (DAC) - Check the validity of credentials given at the discretion of the user (e.g., username and password).
Encryption - The process of turning readable text into cipher text.
Encryption algorithm - A mathematical formula used to encrypt or decrypt a string of text.
Entitlements - These are your rights and privileges, from an application perspective, based on who you are.
Hash - A fixed-length value created mathematically to uniquely identify data.
Integrity - Proves that information has not been manipulated.
Identity-management - The
processes and procedures for administering user authentication and
authorization in the enterprise and between domains over the Internet.
Kerberos - A system that
provides a central authentication mechanism for a variety of
client/server applications, using passwords and secret keys. Developed
at the MIT.
Key - A single numeric value that is part of an algorithm for encrypting text.
Lightweight directory access protocol (LDAP)
- A client-server protocol for accessing a directory service. It runs
over TCP and can be used to access a stand-alone LDAP directory service
or to access a directory service back-ended by X.509.
Mandatory Access Control (MAC) - Check the validity of credentials that validate aspects that the user cannot control (e.g., IP address, host name).
Non-repudiation - Ensures that information cannot be disowned.
Organization - A group of users and/or roles.
Public Key Infrastructure (PKI)
- The infrastructure used to create a secure chain of trust for
Internet-based communications. A PKI solution consists of a security
policy, a Certificate Authority (CA), a Registration Authority (RA),
certificate distribution system, and PKI-enabled applications.
Policy-based authorization -
Enables development of rules or policies that define what information
users are allowed to view and manipulate. Mirrors real-world business
practices and policies depending upon factors such as who is making the
request, where and when the request is generated, and why the user
needs the data.
Policy-based provisioning -
Policy-based provisioning automates the deployment of access rights to
applications based on the business' policies to employees, contractors
and business partners. It is a single point of administration for the
set-up, teardown and reconciliation of access rights. It can maintain
policies, assure privacy and reinforce security in changing business
environments throughout the enterprise and beyond.
Private key - The key that a user keeps secret in
asymmetric encryption. It can encrypt or decrypt data for a single
transaction but cannot do both.
Public key - The key that a user allows the world to know
in asymmetric encryption. It can encrypt or decrypt data for a single
transaction but cannot do both.
Remote Authentication Dial-In User Service (RADIUS) - A standard for authenticating the identity of remote dial-in users.
Realm - A unique name given to each protected area on a server, whether it be a single document or an entire server.
Rights - The privileges a user or role has on a system.
Roles - A working description of a user. Roles are assigned rights.
RSA Encryption (Rivest-Sharmir-Adelman)
- A popular encryption and authentication standard that uses asymmetric
keys and was developed by Rivest, Sharmir, and Adelman. Based on a
public key system, every user has 2 digital keys, one to encrypt
information, and the other to decrypt. Authentication of both sender
and recipient is achieved with this method.
Secret key encryption - A method in which a single key known only to the participants encrypts and decrypts data.
Security Assertion Markup Language (SAML) -
Protocol that facilitates the secure exchange of authentication and
authorization information between partners regardless of their security
systems or e-commerce platforms.
Single Sign-On (SSO) - Users
sign onto a site only once and are given access to one or more
applications in a single domain or across multiple domains.
Smart card - A credit-card-size
authentication device containing a microprocessor and data, which is
read by a smart-card reader and sent across the network.
SSL (Secure Sockets Layer) - A
transport-layer technology, developed by Netscape, that allows secure
transactions among compliant browsers and servers, usually Web servers.
Sub administrator - Administrator with a limited set of administration rights.
Super administrator - Administrator with rights to the entire system.
Symmetric encryption - A method involving a single secret key for both encryption and decryption.
Token - A credit card size or
key FAB sized authentication device that a user carries. It usually
displays numbers that change over time and synchronizes with an
authentication server on the network, and it may also use a
challenge/response scheme with the server. Tokens are based on
something you know (a password or PIN) and something you have (an
authenticator - the token).
Two-factor authentication -
Provides a higher level of trust than passwords alone because it
requires something a user knows, such as a password, as well as
something that person has, such as a smart card or a token.
URL (Uniform Resource Locator)
- A standard addressing system used on the Internet. The URL describes
everything that is necessary for a Web Browser to locate the requested
site.
Users - Accounts that are created to represent individuals.
X.509 - A standard for digital certificates developed by the International Telecommunications Union (ITU).
_________________
|