Vocab Week 3 Flashcards
Clean System
A computer system in which the OS and application system software and files have been freshly installed from trusted software distribution media
Configuration Control
Process of regulating changes to hardware, firmware, software, and documentation throughout the development and operational life of a system
Daemon
Computer program that is not invoked explicitly but waits until a specified condition occurs, and then runs with o associated user, usually for an administrative purpose
Evaluation Assurance Level
Predefined package of assurance components hat represents a point on the common criteria scale for rating confidence in the security of information technology products and systems.
handshake
Protocol dialogue between two systems for identifying ad authenticating themselves
Harden
To protect a system by configuring it to operate in a way that eliminates of mitigates known variables
Legacy System
System in operation hat is in operation but ill not be improved or expanded while a new system is being developed to supersede it
Misuse
The intentional use of system resources for other than authorized purposes.
POSIX
Portable Operating System Interface for Computer Environments. Defines and OS interface and environment to support application portability at the source code level.
Post Office Protocol, Version 3
An Internet Standard protocol by which a client workstation can dynamically access a mailbox on a server host to retrieve messages that the serves has received and is holding for the client
Repudiation
Denial by a system entity that was involved in an association (especially a communication association that transfers data) of having participated in the relationship.
A type of threat action whereby an entity deceives another by falsely denying responsibility for an act
Root
A CA [certification authority] that is directly trusted by an end entity
Secure Shell
Protocol for remote login and other secure network services
Sandbox
Restricted controlled execution environment that prevents potentially malicious software, such as mobile code from accessing any system resources except those for which the software is authorized.
Session
Computer usage. A continuous period of time, usually initiated by a login, during which a user accesses a computer system
System Integrity
An attribute of quality “that a system has when it can perform its intended function in a unimpaired manner, free from deliberate or inadvertent unauthorized manipulation
System User
a system entity that consumes a product or service provided by the system, or that accesses and employs system resources to produce a product or service of the system
Trust
A feeling of certainty either:
a) the system won’t fail
b) system meets specs
Trust Level
A characterization of standard of security protection to be met by an information system
Trusted Computer System Evaluation Criteria
Standard for evaluation the security provided by OS. Known as the Orange Book because of the color of its cover
Trusted Computing Base
The totality of protection mechanisms within a computer system, including hardware, firmware and software, the combination of which is responsible for enforcing a security policy.
Trustworthy Systems
System that is not only trusted but also warrants that tryst because the systems behavior can be validated in some convincing way such as through formal analysis or code review
Usurpation
and event that results in control of the system services or function by an unauthorized entity. This type of threat consequence can be caused by the following types of threat actions: misappropriation, misuse.
Zombie
Internet host computer that has been surreptitiously penetrated by an intruder that installed malicious daemon software to case the host to operate as an accomplice in attacking other hosts, particularly in distributed attacks that attempt denial of service though flooding
