Glossary

Send comments to Gail Johnson

Access

Ability and means to communicate with (i.e. input to or receive output from), or otherwise make use of any information, resource, or component in an AIS. NOTE: An individual does not have "access" if the proper authority or a physical, technical, or procedural measure prevents them from obtaining knowledge or having an opportunity to alter information, material, resources, or components.

Authentication

Security measure designed to establish the validity of a transmission, message, or originator, or a means of verifying an individual's eligibility to receive specific categories of information.

Authorization

Access rights granted to a user, program, or process.

Backbone

A central high speed network that connects smaller, independent networks. the NSFnet is an example. The connections between the primary computers in a network. Stub networks branch off the backbone.

Bandwidth

Used to express the maximum possible throughput of a data link in bits per second. A T1 line has a bandwidth of 1.544 Mbps. A 28.8k baud modem has a nominal bandwidth of 0.0288 Mbps.

Certification

(1) Comprehensive evaluation of the technical and nontechnical security features of an AIS (automated information system) and other safeguards, made in support of the approval/accreditation process, to establish the extent to which a particular design and implementation meet a set of specified security requirements. Note: There remain two other definitions in active common usage that differ according to circumstances. (2) The issue of a formal statement confirming the results of an evaluation, and that the evaluation criteria used were correctly applied. Synonym for IT (information technology) security certification.

Challenge and Reply Authentication

Prearranged procedure in which one communicator requests authentication of another and the latter establishes his/her validity with a correct reply.

CORBA (Common Object Request Broker Architecture)

A set of standard mechanisms for naming, locating, and defining objects in a distributed computing environment.

Data Access Middleware

Applies the standard relational database language, normally SQL, and the standard database transport interface. The standard database transport packages application requests for data and transports them across the network to a specific server system, which handles the request. After processing the requested data, the middleware returns the data to the end user.

DCE (Distributed Computing Environment)

DCE is "middleware" or "enabling technology." It is not intended to exist alone, but instead should be bundled into a vendor's operating system offering, or integrated in by a third-party vendor. DCE's security and distributed filesystem, for example, can completely replace their current, non-network, analogs. DCE is not an application in itself, but is used to build custom applications or to support purchased applications.

DCE consists of multiple components which have been integrated to work closely together. They are the Remote Procedure Call (RPC), the Cell and Global Directory Services (CDS and GDS), the Security Service, DCE Threads, Distributed Time Service (DTS),and Distributed File Service (DFS). The Threads, RPC, CDS, Security, and DTS components are commonly referred to as the "secure core" and are the required components of any DCE installation. DFS is an optional component. DCE also includes administration tools to manage these components.

DES (Data Encryption Standard)

The national encryption standard that has been prominent in all but the most secret agencies and is offered in the products of most federal contractors. For example, DES is embedded in all of the government's secure telephones; the Energy Department has multiple networks that use DES; it is the basis for the Treasury Department's electronic funds transfer program; and the Federal Reserve uses DES to encrypt connections between the depository financial institutions and Federal Reserve banks.

Digital Signature

Process that operates on a message to assure message source authenticity and integrity, and source non-repudiation.

EC (Electronic Commerce)

The end-to-end digital exchange of all information needed to conduct business. Examples include EDI transactions, electronic mail, archives, audit trails, and all forms of records, including graphical images. Electronic Data Interchange (EDI), Electronic Funds Transfer, (EFT) and Continuous Acquisition and Life-cycle Support (CALS).

Electronic Bulletin Board

A shared file where users can enter information for other users to read or download. Many bulletin boards are set up according to general topics and are accessible throughout a network.

EDI (Electronic Data Interchange)

The inter-organizational, computer-to-computer exchange of structured information in a standard, machine-processible format.

EFT (Electronic Funds Transfer)

A technology (one of the electronic commerce technologies) that allows the transfer of funds from the bank account of one person or organization to that of another. EFT is also used to refer to the action of using this technology. It is an important addition in the organization that implements EDI in their organization.

Encryption

A method of ensuring data secrecy. The message is coded using a key available only to the sender and the receiver. The coded message is sent to the receiver and then decoded upon receipt.

FTP (File Transfer Protocol)

A way of transferring files between computers. A protocol that describes file transfers between a host and a remote computer. It is also used to program based on this protocol.

Firewall

A computer system that sits between the Internet and a company's LAN. It is a means of automatically limiting what a company's computer system will pass along to outside computer systems. It acts as an active gateway to keep non-company entities from accessing company confidential data.

IP Address

The numeric address of a computer connected to the Internet; also called Internet address.

IP (Internet protocol)

The Internet standard protocol that provides a common layer over dissimilar networks, used to move packets among host computers and through gateways if necessary.

ISDN (Integrated Services Digital Network)

The technical standards and design philosophy according to which digital networks will be designed. ISDN provides high-speed, high-bandwidth channels to every subscriber on the network, achieving end-to-end digital functions with standard equipment interface devices. The networks will enable a variety of mixed digital transmission services to be accommodated at a single interface (including voice and circuit and packet switched data).

Key

Information (usually a sequence of random or pseudo-random binary digits) used initially to set up and periodically change the operations performed in crypto-equipment for the purpose of encrypting or decrypting electronic signals, for determining electronic counter-countermeasures patterns (e.g., frequency hopping or spread spectrum), or for producing other key. NOTE: "Key" has replaced the terms "variable," "key(ing) variable," and "cryptovariable."

LAN ( Local Area Network )

A user-owned and operated data transmission facility connecting a number of communicating devices (e.g. computers, terminals, word processors, printers, and mass storage units) within a single building or campus of buildings.

Message-Oriented Middleware (MOM) Products

Products which offer a very basic set of commands for sending and receiving data over a network in real-time. Typically, application developers create application-specific functions on top of MOM services. Examples of MOM products include IBM MQ Series and Digital DECmessage.

Messaging

The use of electronic mail (e-mail), voice mail, fax, electronic data interchange (EDI), and other messaging technologies for secure global electronic commerce.

Middleware

Middleware processes network application requests for data, which can be stored in a variety of database types. Because some middleware is designed to be specific for a single type of application/ database connection, different middleware to manage each application/ database combination may be necessary. This means that managing middleware in environments with diverse database types can be complex.

MIME (Multipurpose Internet Mail Extensions)

The standard for how to send multi-part, multimedia, and binary data using the world-wide Internet e-mail system. Typical uses of MIME include sending images, audio, wordprocessing documents, programs, or even plain text files when it is important that the mail system does not modify any part of the file. MIME also allows for labeling message parts so that a recipient (or mail program) may determine what to do with them.

Node

A termination point for two or more communication links. The Node serves as the control location for forwarding data among the elements of a network or multiple networks, as well as perform other networking, and in some cases, local processing functions. In systems network architecture, a node is an end point of a link or a junction common to two or more links in a network. Nodes can be host processors, communications controllers, cluster controllers, work group computers or terminals.

PGP (Pretty Good Privacy)



A method of data-encryption that allows people to communicate on the internet without fear of their private messages being read by high-tech eavesdroppers. A simple message will be encrypted using the recipient's public key. It will be sent encrypted to the recipient, who is able to decrypt the message using a private key only known to her or him.

Public Key Cryptography

Type of cryptography in which the encryption process is publicly available and unprotected, but in which a part of the decryption key is protected so that only a party with knowledge of both parts of the decryption process can decrypt the cipher text. NOTE: Commonly called non-secret encryption in professional cryptology circles.

SSL (Secure Socket Layer)

A low level encryption protocol developed by Netscape Communications Corporation. It can be used for any type of Internet traffic, including FTP, GOPHER and NNTP (USENET News), but currently the most popular use is for World Wide Web traffic. The SSL protocol includes provisions for server authentication (verifying the server's identity to the client), encryption of data in transit, and optional client authentication (verifying the client's identity to the server).

Transaction Processing

The hardware and software that is needed to successfully complete an process or event invoked by an individual or software program. Features include transaction commitment to respective database files with a database management command signaling that the transaction has "ended" successfully has occurred or a roll-back of a transaction from one or more database files when an interruption occurred, preventing successful updating.

WAN (Wide-Area Network)

A data transmission facility that connects geographically dispersed sites using long-haul networking facilities.