Читаем CISSP Practice полностью

(1) A real machine is the physical computer in a virtual machine environment. A real-time system is a computer and/or software that reacts to events before the events become obsolete. For example, airline collision avoidance systems must process radar input, detect a possible collision, and warn air traffic controllers or pilots while they still have time to react. (2) A virtual machine is a functional simulation of a computer and its associated devices, including an operating system. (3) Multi-user machines have at least two execution states or modes of operation: privileged and unprivileged. The execution state must be maintained in such a way that it is protected from the actions of untrusted users. Some common privileged domains are those referred to as: executive, master, system, kernel, or supervisor, modes; unprivileged domains are sometimes called user, application, or problem states. In a two-state machine, processes running in a privileged domain may execute any machine instruction and access any location in memory. Processes running in the unprivileged domain are prevented from executing certain machine instructions and accessing certain areas of memory. Examples of machines include Turing, Mealy, and Moore machines.

Macro virus

(1) A specific type of computer virus that is encoded as a macro embedded in some document and activated when the document is handled. (2) A virus that attaches itself to application documents, such as word processing files and spreadsheets, and uses the application’s macro-programming language to execute and propagate.

Magnetic remanence

A measure of the magnetic flux density remaining after removal of the applied magnetic force. It refers to any data remaining on magnetic storage media after removal of the electrical power.

Mail server

A host that provides “electronic post office” facilities. It stores incoming mail for distribution to users and forwards outgoing mail. The term may refer to just the application that performs this service, which can reside on a machine with other services. This term also refers to the entire host including the mail server application, the host operating system, and the supporting hardware. Mail server administrators are system architects responsible for the overall design and implementation of mail servers.

Mail transfer agent (MTA)

A program running on a mail server that receives messages from mail user agents (MUAs) or other MTAs and either forwards them to another MTA or, if the recipient is on the MTA, delivers the message to the local delivery agent (LDA) for delivery to the recipient (e.g., Microsoft Exchange).

Mail user agent (MUA)

A mail client application used by an end user to access a mail server to read, compose, and send e-mail messages (e.g., Microsoft Outlook).

Mailbombing

Flooding a site with enough mail to overwhelm its electronic mail (e-mail) system. Used to hide or prevent receipt of e-mail during an attack, or as retaliation against a website.

Main mode

Mode used in IPsec phase 1 to negotiate the establishment of an Internet key exchange security association (IKESA) through three pairs of messages.

Maintainability

The effort required locating and fixing an error in an operational program or the effort required to modify an operational program (flexibility).

Maintenance hook

Special instructions in software to allow easy maintenance and additional feature development. These are not clearly defined during access for design specification. Hooks frequently allow entry into the code at unusual points or without the usual checks, so they are a serious security risk if they are not removed prior to live implementation. Maintenance hooks are special types of trapdoors.

Major application

An application that requires special attention to security because of the risk and magnitude of the harm resulting from the loss, misuse, or unauthorized access to, or modification of, the information in the application. A breach in a major application might comprise many individual application programs and hardware, software, and telecommunications components. Major applications can be either a major application system or a combination of hardware and software in which the only purpose of the system is to support a specific mission-related function.

Malicious code

(1) Software or firmware intended to perform an unauthorized process that will have adverse impact on the confidentiality, integrity, or availability of an information system. (2) A program that is written intentionally to carry out annoying or harmful actions, which includes viruses, worms, Trojan horses, or other code-based entity that successfully infects a host. Same as malware.

Malicious code attacks