Читаем CISSP Practice полностью

A mechanism limiting the exchange of information between information systems or subsystems. It operates as a gatekeeper in the form of an application layer guard to implement firewall mechanisms, such as performing identification and authentication functions and enforcing security policies. Guard functionality includes such features as cryptographic invocation check on information that is allowed outside the protected enclave and data content filtering to support sensitivity regrade decisions. The guard functionality, although effective for non-real-time applications (e.g., e-mail) on networks with low sensitivity, has been difficult to scale to highly classified networks and real-time applications.

Guessing entropy

A measure of the difficulty that an attacker has to guess the average password used in a system. Entropy is stated in bits. The attacker is assumed to know the actual password frequency distribution.

Guessing (password)

The act of repeatedly attempting to authenticate using default passwords, dictionary words, and other possible passwords.

H

H.225

A gatekeeper telephony protocol used in the PC-to-gatekeeper channel (the International Telecommunications Union (ITU) standard).

H.245

A telephony protocol used to allow terminals to negotiate options (the ITU standard).

H.248

A protocol used in large deployment for gateway decomposition (the ITU standard).

H.323

A gateway protocol used in the Internet telephony systems operating with packet-switched networks providing voice and video calling and signaling (the ITU standard).

Hacker

Any unauthorized user who gains, or attempts to gain, access to an information system, regardless of motivation.

Handler

A type of program used in distributed denial-of-service (DDoS) attacks to control agents distributed throughout a network. Also refers to an incident handler, which refers to a person who performs computer-security incident response work.

Handshake

Involves passing special characters (XON/XOFF) between two devices or between two computers to control the flow of information. When the receiving computer cannot continue to receive data, it transmits an XOFF that tells the sending computer to stop transmitting. When transmission can resume, the receiving computer signals the sending computer with an XON. Two types of handshake exist: hardware and software. The hardware handshake uses non-data wires for transmission and the software handshake uses data wires as in modem-to-modem communications over telephone lines.

Handshaking procedure

A dialogue between two entities (e.g., a user and a computer, a computer and another computer, or a program and another program) for the purpose of identifying and authenticating the entities to one another.

Hardening

Configuring a host’s operating system and application systems to reduce the host’s security weaknesses.

Hardware and software monitors

Hardware monitors work by attaching probes to processor circuits and detecting and recording events at those probes. Software monitors are programs that execute in a computer system to observe and report on the behavior of the system.

Hardware segmentation

The principle of hardware segmentation provides hardware transparency when hardware is designed in a modular fashion and when it is interconnected. A failure in one module should not affect the operation of other modules. Similarly, a module attacked by an intruder should not compromise the entire system. System architecture should be arranged so that vulnerable networks or network segments can be quickly isolated or taken off-line in the event of an attack. Examples of hardware that need to be segmented includes network switches, physical circuits, and power supply equipment.

Hardware tokens

Hardware tokens (also called hard tokens or eTokens) are devices with computing capability integrated into the device.

Hash algorithm

Algorithm that creates a hash based on a message.

Hash-based message authentication code (HMAC)

(1) A symmetric key authentication method using hash function. (2) A message authentication code (MAC) that uses a cryptographic key in conjunction with a hash function. (3) A MAC that utilizes a keyed hash.

Hash code

The string of bits that is the output of a hash function.

Hash function