Читаем CISSP Practice полностью

Application-based intrusion detection and prevention system

A host-based intrusion detection and prevention system (IDPS) that performs monitoring for a specific application service only, such as a Web server program or a database server program.

Application content filtering

It is performed by a software proxy agent to remove or quarantine viruses that may be contained in e-mail attachments, to block specific multipurpose Internet mail extension (MIME) types, or to filter other active content, such as Java, JavaScript, and Active-X® Controls.

Application controls

Preventive, detective, and corrective controls designed to ensure the completeness and accuracy of transaction processing, authorization, and data validity.

Application firewall

(1) A firewall that uses stateful protocol analysis to analyze network traffic for one or more applications. (2) A firewall system in which service is provided by processes that maintain complete Transmission Control Protocol (TCP) connection-state and sequencing. It often re-addresses traffic so that outgoing traffic appears to have originated from the firewall, rather than the internal host. In contrast to packet filtering firewalls, this firewall must have knowledge of the application data transfer protocol and often has rules about what may be transmitted.

Application layer

(1) That portion of an open system interconnection (OSI) system ultimately responsible for managing communication between application processes. (2) Provides security at the layer responsible for data that is sent and received for particular applications such as DNS, HTTP, and SMTP.

Application programming interface (API)

An interface between an application and software service module or operating system component. It is defined as a subroutine library.

Application-proxy gateway

(1) A firewall capability that combines lower-layer access control with upper- layer functionality, and includes a proxy agent that acts as an intermediary between two hosts that wish to communicate with each other. (2) An application system that forwards application traffic through a firewall. It is also called proxy server. Proxies tend to be specific to the protocol they are designed to forward and may provide increased access control or audit.

Application service provider (ASP)

An external organization provides online business application systems to customers for a fee to ensure continuity of business. ASP operates with a B2B e-commerce model.

Application software

Programs that perform specific tasks, such as word processing, database management, or payroll. Software that interacts directly with some non-software system (e.g., human or robot). A program or system intended to serve a business or non-business function, which has a specific input, processing, and output activities (e.g., accounts receivable and general ledger systems).

Application system partitioning

The information system should separate user functionality, including user interface services, from information system management functionality, including databases, network components, workstations, or servers. This separation is achieved through physical or logical methods using different computers, different CPUs, different instances of the operating system, different network addresses, or combination of these methods.

Application translation

A function that converts information from one protocol to another.

Architecture

A description of all functional activities performed to achieve the desired mission, the system elements needed to perform the functions, and the designation of performance levels of those system elements. Architecture also includes information on the technologies, interfaces, and location of functions and is considered an evolving description of an approach to achieving a desired mission.

Archiving

Moving electronic files no longer being used to less accessible and usually less expensive storage media for safekeeping. The practice of moving seldom used data or programs from the active database to secondary storage media such as magnetic tape or cartridge.

Assertion

A statement from a verifier to a relying party that contains identity information about a subscriber. Assertions may also contain verified attributes. Assertions may be digitally signed objects or they may be obtained from a trusted source by a secure protocol.

Assessment method

One of three types of actions (i.e., examine, interview, and test) taken by assessors in obtaining evidence during an assessment.

Assessment procedure