Computing [Home Page]
---------------------------------------------------------------------------

Glossary of Security and Internet Terms

accountability
The security principle that all parties concerned with the security of information systems (owners, providers, users, and others) should have explicit responsibilities and accountability.
active attack
Attacks which modify the target system or message, i.e. attacks which violate the integrity of the system or message are examples of an active attack. Another example in this category is an attack on the availability of a system or service, a so-called denial-of-service (DoS) attack.
authentication
The process of proving that a person or other agent has been correctly identified, or that a message is received as transmitted. Authentication supports the principle of accountability. Methods of authentication can be based on:
  • what you know, such as a logon password
  • what you have, such as a key or card
  • what you are; this includes various biometrics such as fingerprints, retina patterns, voice and face characteristics
availability
System and network services are available to authorized users when they are needed.
confidentiality (also secrecy or privacy)
Preventing the disclosure of information to unauthorized persons or (especially network confidentiality) making it incomprehensible to an electronic eavesdropper
electronic eavesdropping (also wiretapping or cable sniffing)
Monitoring network transmissions to gather information. This is a form of passive attack on data confidentiality and includes unauthorized interception of messages. Gathering unprotected passwords is often the primary reason for mounting an eavesdropping attack on a network.
integrity
Integrity refers to aspects of the quality of information and systems. For example, integrity means that the data or message is not destroyed or corrupted, and that systems operate correctly.
passive attack
When confidentiality is violated but the state of the system is not affected, an attack is passive. An example is the electronic eavesdropping on network transmissions to release message contents or to gather unprotected passwords.

Page modified: 13 Apr 2016 12:25:02 -0700

--------------------------------------------------
[Back to Top   [Home Page]