Glossary and Bibliography
Articles and Tips: article
01 Nov 1997
Provides a glossary of security terms and a bibliography for sources used in this issue.
Glossary of Security Terms
A
Access. A specific type of interaction between a subject and an object that results in the flow of information from one to the other.
Access Control List (ACL). In NetWare, an NDS object property that stores information about who or what can access that object. An ACL contains trustee assignments that include object and property rights. The ACL also contains the Inherited Rights Filter. When you view an object's trustees or its Inherited Rights Filter, you are seeing the values of that object's ACL. An ACL for an object is like the list of trustees for a file or directory.
Account administrator. An administrative role or user assigned to maintain accounting files, tools, user accounts, and system statistics.
Accreditation. The official authorization that is granted to an information system to process sensitive information in its operational environment, based upon comprehensive security evaluation of the system's hardware, firmware, and software security design, configuration, and implementation and of the other system procedural, administrative, physical, TEMPEST, personnel, and communications security controls.
Administrative user. A user assigned to supervise all or a portion of an information system. Also known as Administrator.
Application Programming Interface (API). The defined function call interface by which an application program accesses operating system and other services.
Assurance. The confidence that may be held in security products and features that have been tested and certified secure by independent evaluation.
Audit. The procedure of capturing, storing, maintaining, and managing data concerning security-relevant events that occur on a computer system. The data recorded are intended for use in detecting security violations and tracing those violations to the responsible individual.
Audit trail. A chronological record of system activities that is sufficient to enable the reconstruction, reviewing, and examination of the sequence of environments and activities surrounding or leading to an operation, a procedure, or an event in a transaction from its inception to final results.
Auditable event. Any event that can be selected for inclusion in the audit trail. These events should include, in addition to security-relevant events, actions taken to recover the system after failure and any events that might prove to be security-relevant at a later time.
Auditor. An authorized individual, or role, with administrative duties, which include selecting the events to be audited on the system, setting up the audit parameters which enable the recording of those events, and analyzing the trail of audit events.
Authenticate. To verify the identity of a user, device, or other entity in a computer system, often as a prerequisite to allowing access to resources in a system.
Authenticated user. A user who has accessed an information system with a valid identifier and authentication combination.
Authorization. Permission which establishes right to access information.
AUTOEXEC.NCF file. A NetWare server executable batch file used to load modules, set the operating system configuration, store the IPX internal network number and server name, and run executable server commands (such as LOAD INSTALL or LOAD MONITOR).
Availability. The prevention of the unauthorized withholding of information or resources.
B
Bandwidth. A characteristic of a communication channel that is the amount of information that can be passed through it in a given amount of time, usually expressed in bits per second.
Basic Input/Output System (BIOS). The part of the operating system of IBM-compatible PCs that provides the lowest level interface to peripheral devices.
Bindery. A network database, in NetWare versions earlier than NetWare 4, that contains definitions for entities such as users, groups, and workgroups. In NetWare 4, the bindery has been replaced by the NetWare Directory database, under NDS. Bindery services provides NetWare 4 networks with backward compatibility to NetWare versions that used the bindery.
Biometrics. A device used to verify the identity of a person using biological characteristics such as voice, fingerprint, signature, etc.
C
C2. A security rating granted by the NCSC for products that have been evaluated against the Controlled Access implementation requirements specified by the TNI of the TCSEC. C2 is the minimum rating required by government agencies and by many corporations.
Category. A restrictive label that has been applied to classified or unclassified data as a means of increasing the protection of the data and further restricting access it.
Certification. The technical evaluation of a system's security features, made as part of and in support of the approval/accreditation process, that establishes the extent to which a particular computer system's design and implementation meet a set of specified security requirements.
Channel. An information transfer path within a system. May also refer to the mechanism by which the path is effected.
Classes. Security levels defined by the TCSEC. Seven classes exist: D, C1, C2, B1, B2, B3, and A1, with D being the lowest and A1 the highest.
Cleared. Term applied to a system, process, resource, or user to indicate the authority to process, handle, or have access to classified information.
Client. A workstation that uses networking software to gain access to the network. In NetWare, client types include DOS, Macintosh, OS/2, UNIX, and MS Windows. With the respective client software, users can perform networking tasks, such as mapping drives, capturing printer ports, sending messages, and accessing files.
Complete client component. An implementation of the functions that are typically found in a component that implements the majority of the client roles, and in some cases, server roles, defined for the NetWare Open Security Architecture.
Complete server component. An implementation of the functions that are typically found in a component that implements the majority of the server roles, and in some cases, client roles, defined for the NetWare Open Security Architecture.
Confidentiality. The prevention of the unauthorized disclosure of information.
Correctness. In the ITSEC, a property of a representation of a Target of Evaluation such that it accurately reflects the stated security target for that system or product.
Countermeasure. A process or device implemented to counter a security threat.
D
Data. Information with a specific physical representation.
Data Encryption Standard (DES). A standard encryption algorithm used by the U.S. government.
Data Integrity. The state that exists when computerized data is the same as that in the source documents and has not been exposed to accidental or malicious alteration or destruction.
Development Process. In the ITSEC, the set of phases and tasks whereby a Target of Evaluation is constructed, translating requirements into actual hardware and software.
Discretionary Access Control (DAC). A means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject (unless restrained by mandatory access control).
Domain. The set of objects that a subject has the ability to access.
Downgrading. Unclassified data that has been redesignated to a higher level is marked and returned to its proper security level after examination.
E
E2. An ITSEC rating of an evaluated system or product with regards to security. Level E2 is a measure of effectiveness, and Class F-C2 is a measure of functionality. A combined E2/F-C2 evaluation is similar in scope to a U.S. Class C2 evaluation using the TCSEC criteria.
Ease of use. In the ITSEC, an aspect of the assessment of the effectiveness of a Target of Evaluation, namely that it cannot be configured or used in a manner which is insecure but which an administrator or end-user would reasonably believe to be secure.
Effective rights. In NetWare, the rights that an object can actually exercise to see or modify a particular directory, file, or object. An object's effective rights to a directory, file, or object are calculated by NetWare each time that object attempts an action.
Effectiveness. In the ITSEC, a property of a Target of Evaluation representing how well it provides security in the context of its actual or proposed operational use.
Electronic Data Processing (EDP) system. An assembly of computer hardware, firmware, and software configured for the purpose of classifying, sorting, calculating, computing, summarizing, transmitting and receiving, storing, and retrieving data with a minimum of human intervention.
Evaluation. The assessment of an information system or product against defined evaluation criteria to determine the level of trust that can be placed in that system or product. Product evaluations do not consider the application of the product in the evaluation.
Evaluation level. One of the assurance levels ranging from E1 (lowest) to E6 (highest), as defined by the ITSEC. An Evaluation level of E0 signifies that no assurance is placed in the Target of Evaluation (i.e., it is unevaluated).
Exploitable channel. Any channel that is useable or detectable by subjects external to the Trusted Computing Base.
F
F-C2. An ITSEC rating of an evaluated system or product with regards to security. Class F-C2 is a measure of functionality, and Level E2 is a measure of effectiveness. A combined E2/F-C2 evaluation is similar in scope to a U.S. Class C2 evaluation using the TCSEC criteria.
File Transfer Protocol (FTP). A data transfer protocol that is is part of the TCP/IP protocol suite.
Flaw. An error of commission, omission, or oversight in a system that allows protection mechanisms to be bypassed.
Functional Testing. The portion of security testing in which the advertised features of a system are tested for correct operation.
Functionality Class. In the ITSEC, a predefined set of complementary security-enforcing functions capable of being implemented in a Target of Evaluation. The functionality classes are: F-C2 (derived from the functionality requirements of the U.S. TCSEC class C2), F-B1 (derived from the functionality requirements of the U.S. TCSEC class B1), F-B2 (derived from the functionality requirements of the U.S. TCSEC class B2), and F-DC (intended for Targets of Evaluation with high demands on the confidentiality of data during data exchange).
G
General-Purpose System. A computer system that is designed to aid in solving a wide variety of problems.
Granularity. The relative fineness or coarseness by which a mechanism can be adjusted.
H
Hardware attack. A type of attack in which an intruder attaches a physical device to the network to gather and siphon off data
I
Information Security Policy. The set of laws, rules and practices that regulate how assets including sensitive information are managed, protected and distributed within a user organization.
Information System. An assembly of computer hardware, software and/or firmware configured to collect, create, communicate, compute, disseminate, process, store, and/or control data or information.
Information Technology Evaluation Standards Criteria (ITSEC). A European criteria similar to the U.S. TCSEC, but which emphasizes the integrity and availability of products and systems, and introduces the distinctions of effectiveness and correctness.
Inherited Rights Filter (IRF). In NetWare, a list of rights created for every file, directory, and object. The IRF controls the rights that a trustee can inherit from parent directories and container objects.
Integrity. The prevention of the unauthorized modification of information.
Internetwork Packet Exchange (IPX). A Novell communication protocol that sends data packets to requested destinations (such as workstations or servers).
L
Least Privilege. This principle requires that each subject in a system be granted the most restrictive set of privileges (or lowest clearance) needed for the performance of authorized tasks. The application of this principle limits the damage that can result from accident, error, or unauthorized use.
Lightweight Directory Access Protocol (LDAP). A protocol defined by the Internet Engineering Task Force for accessing on-line directory services. LDAP defines a relatively simple protocol for updating and searching X.500-based directories running over TCP/IP.
Local Area Network (LAN). Computers and terminals connected through a network over a small geographical area.
M
Mandatory Access Control (MAC). A means of restricting access to objects based on the sensitivity (as represented by a label) of the information contained in the objects and the formal authorization (i.e., clearance) of subjects to access information of such sensitivity.
Masquerade attack. A type of attack in which the perpetrator uses the identity of an authorized user to obtain access to the network. Also referred to as spoofing.
Multilevel operating mode. Security mode where data of different levels of classification or sensitivity are contained within the same system and access is based on need-to-know as well as mandatory access controls using classification labels.
N
National Computer Security Center (NCSC). An arm of the U.S. government's National Security Agency. The NCSC administers security evaluations of products using criteria set forth in the TCSEC and TNI documents produced by the Department of Defense.
NCP Packet Signature. An enhanced security feature in NetWare that protects servers and workstations using NCP by preventing packet forgery.
Need-to-know. Users have access to classified data only after establishing a clear requirement for access approved by the owner of the data.
NetWare Core Protocol (NCP). Procedures that the NetWare operating system follows to accept and respond to workstation requests. NetWare Core Protocols exist for every service a workstation might request from a server. Common requests handled by NCP include creating or destroying a service connection, manipulating directories and files, opening semaphores, altering the Directory, and printing.
NetWare Loadable Module (NLM). A program that can be loaded and unloaded from NetWare server memory while the server is running. When loaded, an NLM program is dynamically linked to the operating system, and the NetWare server allocates a portion of memory to it. When an NLM is unloaded, all allocated resources are returned to the operating system.
NetWare/Novell Directory Services (NDS). A relational database that is distributed across your entire network. NDS provides you with global access to all network resources to which you have been given rights, regardless of where they are physically located. NDS treats all network resources as objects in a distributed database known as the NetWare Directory database, also referred to as the Directory. All users log in to a multiserver network and view the entire network as a single information system.
Network Interface Card (NIC). A circuit board installed in each workstation to allow stations to communicate with each other and with the NetWare server. NetWare documentation uses the term network board.
Network Trusted Computing Base (NTCB). The combination of hardware, software and other protective devices used to secure a network system.
O
Object. A passive entity that contains or receives information. Access to an object potentially implies access to the information it contains. Examples of objects are: records, blocks, pages, segments, files, directories, directory trees, and programs, as well as bits, bytes, words, fields, processors, video displays, keyboards, clocks, printers, network nodes, etc.
Orange Book. Another name for the Trusted Computer System Evaluation Criteria(TCSEC) or DOD85 document, published in December 1985.
Organization (O) object. In NDS, a container object at a level below the root of the tree and a level above the Organizational Unit (OU) object. An Organization object can be used to represent a company, or a university with various departments, or a department with several project teams.
Organizational Unit (OU) object. In NDS, a container object, a level below the Organization (O) object. An OU could be a division, a business unit, a project team, or a university department within your organization.
P
Password. A private character string that is used to authenticate an identity.
Printer Communications Protocol (PCP). In NetWare, an SPX-based protocol used by printer drivers to communicate with print servers.
Procedural security. Non-electronic controls implemented to keep sensitive information secure.
Process. A program in execution that is completely characterized by a single current execution point (represented by the machine state) and address space.
Protected system. In the context of computer security, a standalone computer system or a computer network to which a subsystem is attached to provide some security function.
R
Read. A fundamental operation that results only in the flow of information from an object to a subject.
Red Book. Another name for the Trusted Network Interpretation of the Trusted Computer System Evaluation Criteria or TNI document, published in July 1987.
Redesignation. Assignment of a different classification level than appropriate to the data due to system high or dedicated processing.
Rights. Qualities assigned to an object that control what the object can do with directories, files, or other objects. Creating, reading, and other operations can be done only if an object has rights to perform them.
Routing Information Protocol (RIP). A protocol that provides a way for routers to exchange routing information on a NetWare internetwork.
RSA encryption. A public-key cryptosystem for both encryption and authentication, named for its inventors Ron Rivest, Adi Shamir, and Leonard Adleman.
S
Security. In computing, the combination of confidentiality, integrity, and availability.
Security Level. A subject's security level is equal to the security level of the objects to which it has both read and write access. A subject's security level must always be dominated by the clearance of the user the subject is associated with.
Security Mechanism. The logic or algorithm that implements a particular security enforcing or security relevant function in hardware and software.
Security Objectives. In the ITSEC, the contribution to security which a Target of Evaluation is intended to achieve.
Security Target. In the ITSEC, a specification of the security required of a Target of Evaluation, used as a baseline for evaluation. The security target will specify the security enforcing functions of the Target of Evaluation. It will also specify the security objectives, the threats to those objectives, and any specific security mechanisms that will be employed.
Sensitive information. Information that, as determined by a competent authority, must be protected because its unauthorized disclosure, alteration, loss, or destruction will at least cause perceivable damage to someone or something.
Sensitivity Label. A piece of information that represents the security level of an object and that describes the sensitivity (e.g., classification) of the data in the object. Sensitivity labels are used by the TCB as the basis for mandatory access control decisions.
Sequenced Packet Exchange (SPX). A NetWare protocol that enhances the IPX protocol by supervising data sent out across the network. SPX verifies and acknowledges successful packet delivery to any network destination by requesting a verification from the destination that the data was received.
Server. A computer that runs network operating system software, such as NetWare. A NetWare server regulates communications among personal computers attached to it and to shared resources, such as printers.
Server console. The monitor and keyboard where you view and control NetWare server activity.
Service Advertising Protocol (SAP). A protocol that provides a way for servers to advertise their services on a NetWare internetwork.
Software attack. A type of attack where software modules (operating systems, terminate-and-stay-resident programs, or application software) are modified to gather data from the system and save it for later retrieval, or to deny data or network access.
Spoofing. An attempt to gain access to a system by posing as an authorized user. Also called masquerading or mimicking.
STARTUP.NCF file. A NetWare server boot file that loads the NetWare server's disk driver and name spaces and some SET parameters.
Strength of Mechanism. An aspect of the assessment of the effectiveness of a security product or feature, namely the ability of its security mechanisms to withstand direct attack against deficiencies in their underlying algorithms, principles, and properties.
Subject. An active entity, generally in the form of a person, process, or device that causes information to flow among objects or changes the system state. Technically, a process/domain pair.
Subsystem. In the context of computer security, hardware, firmware, and/or software which are added to a computer system to enhance the security of the overall system.
System. The combination of the protected system and the computer security subsystem.
System Fault Tolerance (SFT). A means of protecting data by providing procedures that allow you to recover from hardware failures.
System High operating mode. Security mode of operation where all users are cleared to the same maximum level of data classification but a need-to-know separation is maintained.
T
Threat. An action or event that might prejudice security.
Trap Door. A hidden software or hardware mechanism that permits system protection mechanisms to be circumvented. It is activated in some non-apparent manner (for example, by a special "random" key sequence).
Trojan Horse. A computer program with an apparently or actually useful function that contains additional (hidden) functions that surreptitiously exploit the legitimate authorizations of the invoking process to the detriment of security.
Trust. The amount of confidence that you have in a person, company, or other body. For example, confidence or trust is placed in administrators of a system, since they are in a position able to compromise security because of the administrative powers they have.
Trusted computer system. A system that employs sufficient hardware and software integrity measures to allow its use for processing simultaneously a range of sensitive or classified information.
Trusted Computer System Evaluation Criteria (TCSEC). A set of criteria produced by the U.S. Department of Defense for determining whether a system or software meets certain specified security standards. Also known as the "Orange Book" or DOD 5200.28-STD, published in December 1985.
Trusted Computing Base (TCB). The totality of protection mechanisms within a computer system--including hardware, firmware, and software--the combination of which is responsible for enforcing a security policy. A TCB consists of one or more components that together enforce a unified security policy over a product or system. The ability of a trusted computing base to correctly enforce a security policy depends solely on the mechanisms within the TCB and on the correct input by system administrative personnel of parameters (e.g., a user's clearance) related to the security policy.
Trusted NetWare. Term used to describe the complete network system submitted by Novell for security evaluation by the NCSC in the United States and for ITSEC evaluation in Europe. It is now known as NetWare Enhanced Security.
Trustee. A user or group granted rights to work with a directory, file, or object; the object is called a trustee of that directory, file, or object.
Trusted Network Interpretation (TNI). A document which interprets the TCSEC for network systems and specifies additional evaluation criteria for networks. Also known as the "Red Book."
Trusted Path. A mechanism by which a person at a terminal can communicate directly with the Trusted Computing Base. This mechanism can only be activated by the person or the Trusted Computing Base and cannot be imitated by untrusted software.
Trusted Workstation. A computer with special hardware added to provide a trusted, cohesive operating base that effectively prevents unauthorized tampering. An example is the Cordant Assure EC hardware that Novell specifies for clients in the Class C2 evaluated configuration of NetWare 4.11.
U
Uncleared. Term applied to a system, process, resource, or user to indicate there is no authority to process, handle, or have access to classified information.
User. Any person who interacts directly with a computer system.
V
Volume. A physical amount of hard disk storage space, fixed in size. A NetWare volume is the highest level in the NetWare directory structure (on the same level as a DOS root directory).
Vulnerability. A security weakness in a system, due to failures in analysis, design, implementation, or operation.
W
Wide Area Network (WAN). Computers and terminals connected through a network over a large geographical area
Workstation. A personal computer connected to a NetWare network and used to perform tasks through application programs or utilities. Also referred to as a client or shortened to station.
Write. A fundamental operation that results only in the flow of information from a subject to an object.
Y
Yellow Book. Another name for the Trusted Networks Interpretation Environments Guideline document, published in August 1990.
Bibliography
Books
Abrams, Marshall D. Sushil Jajodia, and Harold J. Podell (eds.). Information Security: An Integrated Collection of Essays. 1995, IEEE Computer Society Press. ISBN 0818636629
Bates, Regis J. "Bud". Disaster Recovery for LANs. 1993, McGraw-Hill, Inc. ISBN 0070044945
Berson, T.A. Local Area Network Security. 1989, Springer Verlag. ISBN 0387517545
Comer, Douglas E. Internetworking with TCP/IP - Principles, Protocols, and Architecture. 1995, Prentice Hall. ISBN 0132169878
Conard, James W., ed. Handbook of Communication Systems Management. 1995, National Book Network. ISBN 0791319318
Dam, Kenneth W. and Herbert S. Lin. Cryptography's Role in Securing the Information Society. 1996, National Academy Press. ISBN 0309054753
Fitzgerald, Jerry. Business Data Communications and Networking. 1996, John Wiley and Sons. ISBN 047112365X
Levy, Steven. Hackers - Heros of the Computer Revolution. 1994, Delta. ISBN 0385312105
Martin, James, et al. Local Area Networks - Architectures and Implementations. 1994, Prentice Hall. ISBN 0135330351
Mullender, Sape (ed.). Distributed Systems. 1993, Association for Computing Machinery Press. ISBN 0201624273
Pfleeger, Charles P. Security in Computing. 1996, Prentice Hall. ISBN 0133374866
Schneier, Bruce. Applied Cryptography: Protocols, Algorithms, and Source Code in C. 1995, John Wiley & Sons. ISBN 0471117099
Stallings, William. Practical Cryptography for Data Internetworks. 1996, IEEE Computer Society. ISBN 0818671408
U.S. Government Publications
5200.28-STD. Trusted Computer System Evaluation Criteria (TCSEC). U.S. Department of Defense, December 1985 (Orange Book).
CSC-STD-004-85. Technical Rationale Behind Computer Security Requirements. US Department of Defense, June 1985 (Yellow Book).
FIPS PUB 46-2. Data Encryption Standard (DES), Federal Information Processing Standards Publication, 1994.
NCSC-TG-001, A Guide to Understanding Audit in Trusted Systems. NCSC, June 1988 (Tan Book).
NCSC-TG-005. Trusted Network Interpretation of the Trusted Computer System Evaluation Criteria (TNI). NCSC, July 1987 (Red Book).
NCSC-TG-017, A Guide to Understanding Identification And Authentication in Trusted Systems. NCSC, September 1991 (Light Blue Book).
NCSC-TG-024, A Guide to Procurement of Trusted Systems: Language for RFP Specifications and Statements of Work - An Aid to Procurement Initiators. NCSC, June 1993 (Purple Book).
AppNotes
"An Introduction to Novell's Open Security Architecture," Rich Lee, Roger R. Schell, Carl F. Allen. Novell Application Notes, August 1994 (Part No. 164-000036-008)
Building and Auditing a Trusted Network Environment with NetWare 4. A Novell Cooperative Research Report, Novell Research, April 1994 (Part No. 164-000036-004)
NetWare Security: Configuring and Auditing a Trusted Environment. A Novell Cooperative Research Report, Novell Research, 1991 (Part No. 164-000030-015)
"NetWare Workstation Security Architecture," Rich Lee, Doug Hale. Novell Application Notes, March 1995 (Part No. 164-000047-003)
"Network Security: Determining Your Risk Index," Rich Lee, Novell Application Notes, August 1996 (Part No. 164-000050-008)
"Shaping the Infrastructure for Information Security in the 21st Century," Rich Lee, Roger R. Schell, Novell Application Notes, July 1996 (Part No. 164-000050-007)
Special NetWare 4.0 Edition, NetWare Application Notes. Novell Research, April 1993 (Part No. 164-000032-004)
"Understanding the Role of Identification and Authentication in NetWare 4," Rich Lee, Jay E. Israel. Novell Application Notes, October 1994 (Part No. 164-000036-010)
Conference Articles
"An Open Trusted Enterprise Network Architecture", Gary Grossman, Jeremy Epstein, and Roger Schell, in Proceedings of the 18th National Information Systems Security Conference, Baltimore MD, October 1995.
"An Unusual B3-Compliant Discretionary Access Control Policy", Jeremy Epstein, Gary Grossman, and Al Donaldson, in Proceedings of the 18th National Information Systems Security Conference, Baltimore MD, October 1995.
"Architectures for C2 DOS-Windows Based Workstations", Jeremy Epstein, et. al., in Proceedings of the 16th Annual National Computer Security Conference, Baltimore MD, October 1994.
Institute of Internal Auditors. Codification of Standards for The Professional Auditor. 1995, IIA.
Periodicals
EDP Auditor Journal. Published by the EDP Auditors Foundation, Inc.
Internal Auditor. Published by the Institute of Internal Auditors. To subscribe, call 407-830-7600, ext. 1.
IS Audit and Control Journal. Published by ISACA.
Web Sites
Computer Emergency Response Team (CERT) http://www.cert.org/
Federal Information Processing Standards (FIPS) http://www.itl.nist.gov/div897/pubs/
Information Security Blueprint Web Site http://www.securityinfo.com/index.html
Institute of Internal Auditors (IIA) http://www.rutgers.edu/Accounting/raw/iia
Information Systems Audit and Control Association (ISACA) http://www.isaca.org/
Library of Congress Internet Security Page http://lcweb.loc.gov/global/internet/security.html
National Computer Security Center (NCSC) http://www.radium.ncsc.mil/
NIST Computer Security Resources http://csrc.ncsl.nist.gov/
Novell, Inc. http://www.novell.com/
RSA Data Security, Inc. http://www.rsa.com/
* Originally published in Novell AppNotes
Disclaimer
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.