Читаем CISSP Practice полностью

IT security training strives to produce relevant and needed security skills and competencies by practitioners of functional specialties other than IT security (e.g., management, systems design and development, acquisition, and auditing). The most significant difference between training and awareness is that training seeks to teach skills, which allow a person to perform a specific function, whereas awareness seeks to focus an individual’s attention on an issue or set of issues. The skills acquired during training are built upon the awareness foundation, and in particular, upon the security basics and literacy material.

J

Jamming

An attack in which a device is used to emit electromagnetic energy on a wireless network’s frequency to make it unusable by the network.

Java

A programming language invented by Sun Microsystems. It can be used as a general-purpose application programming language with built-in networking libraries. It can also be used to write small applications called applets. The execution environment for Java applets is intended to be safe; executing an applet should not modify anything outside the WWW browser. Java is an object-oriented language similar to C++ but simplified to eliminate language features that cause common programming errors. Java source code files (files with a Java extension) are compiled into a format called bytecode (files with a .class extension), which can then be executed by a Java interpreter. Compiled Java code can run on most computers because Java interpreters and runtime environments, known as Java Virtual Machines (VMs), exist for most operating system, including UNIX, the Macintosh OS, and Windows. Bytecode can also be converted directly into machine language instructions by a just-in-time compiler.

JavaScript

A scripting language developed by Netscape to enable Web authors to design interactive sites. Although it shares many of the features and structures of the full Java language, it was developed independently. JavaScript can interact with HTML source code, enabling Web authors to spice up their sites with dynamic content. JavaScript is endorsed by a number of software companies and is an open language that anyone can use without purchasing a license. Recent browsers from Netscape and Microsoft support it, though Internet Explorer supports only a subset, which Microsoft calls Jscript.

Jitter

Non-uniform delays that can cause packets to arrive and be processed out of sequence.

Job rotation

A method of reducing the risk associated with a subject performing a (sensitive) task by limiting the amount of time the subject is assigned to perform the task before being moved to a different task. Both job rotation and job vacation practices make a person less vulnerable to fraud and abuse.

Joint photographic experts group (JPEG)

The JPEG is a multimedia standard for compressing continuous-tone still pictures or photographs. It is the result of joint efforts from ITU, ISO, and IEC.

Journal

It is an audit trail of system activities, which is useful for file/system recovery purposes. This is a technical and detective control.

K

Kerberos

Kerberos is an authentication tool used in local logins, remote authentication, and client-server requests. It is a means of verifying the identities of principals on an open network. Kerberos accomplishes this without relying on the authentication, trustworthiness, or physical security of hosts while assuming all packets can be read, modified, and inserted at will. Kerberos uses a trust broker model and symmetric cryptography to provide authentication and authorization of users and systems on the network. In classic Kerberos, users share a secret password with a key distribution center (KDC). The user, Alice, who wants to communicate with another user, Bob, authenticates to the KDC and is furnished a ticket by the KDC to use to authenticate with Bob. When Kerberos authentication is based on passwords, the protocol is known to be vulnerable to off-line dictionary attacks by eavesdroppers who capture the initial user-to-KDC exchange.

Kernel

The hardware, firmware, and software elements of a trusted computing base (TCB) that implements the reference monitor concept. It must mediate all accesses, be protected from modification, and be verifiable as correct. It is the most trusted portion of a system that enforces a fundamental property and on which the other portions of the system depend.

Key

(1) A parameter used in conjunction with a cryptographic algorithm that determines its operation. Examples include the computation of a digital signature from data and the verification of a digital signature. (2) A value used to control cryptographic operations, such as decryption, encryption, signature generation or signature verification.

Key agreement