Day-to-day procedures and mechanisms used to protect operational systems and applications. They include security controls (i.e., safeguards or countermeasures) for an information system that are primarily implemented and executed by people, as opposed to systems.
It includes standalone, managed or custom environments, where the latter is either a specialized security-limited functionality or a legacy environment.
The period of time in the crypto-period of a symmetric key during which cryptographic protection may be applied to data.
The period of time for which a communication service or an operation is unavailable.
A data block that is an output of either the forward cipher function or the inverse cipher function of the block cipher algorithm.
Refers to a system that is directly connected to the Internet.
Providing electronic key via over-the-air rekeying, over-the-air key transfer, or cooperative key generation.
Electronically distributing key without changing traffic encryption key used on the secured communications path over which the transfer is accomplished.
Changing traffic encryption key or transmission security key in remote cryptographic equipment by sending new key directly to the remote cryptographic equipment over the communications path it secures. OTAR is a key management protocol specified for digital mobile radios and designed for unclassified, sensitive communications. OTAR performs key distribution and transfer functions. Three types of keys are used in OTAR: a key-wrapping key, a traffic-encryption key, and a message authentication code (MAC).
A communication path within a computer system or network designed for the authorized transfer of data. Compare with covert channel.
Security testing performed with the knowledge and consent of the organization’s IT staff.
(1) A software process that replaces data previously stored on storage media with a predetermined set of meaningless data or random patterns. (2) The obliteration of recorded data by recording different data on the same storage surface. (3) Writing patterns of data on top of the data stored on a magnetic medium.
In out-of-band management, the communications device is accessed via a dial-up circuit with a modem, directly connected terminal device, or LANs dedicated to managing traffic.
The individual or group that has responsibility for specific data types and that is charged with the communication of the need for certain security-related handling procedures to both the users and custodians of this data.
P
Free and easily accessible software that poses risks to individuals and organizations.
According to the Platform for Privacy Preferences Project (P3P), users are given more control over personal information gathered on websites they visit.
Permutation box (P-box) is used to effect a transposition on an 8-bit input in a product cipher. This transposition, which is implemented with simple electrical circuits, is done so fast that it does not require any computation, just signal propagation. The P-box design, which is implemented in hardware for cryptographic algorithm, follows Kerckhoff’s principle (security-by-obscurity) in that an attacker knows that the general method is permuting the bits, but he does not know which bit goes where. Hence, there is no need to hide the permutation method. P-boxes and S-boxes are combined to form a product cipher, where wiring of the P-box is placed inside the S-box; the correct sequence is S-box first and P-box next (Tanenbaum).
A piece of a message, usually containing the destination address, transmitted over a network by communications software.
Rapid changes in packet forwarding disrupt packet delivery, possibly affecting congestion control.
(1) A routing device that provides access control functionality for host addresses and communication sessions. (2) A type of firewall that examines each packet and accepts or rejects it based on the security policy programmed into it in the form of traffic rules. (3) A router to block or filter protocols and addresses. Packet filtering specifies which types of traffic should be permitted or denied and how permitted traffic should be protected, if at all.
The time delay in processing voice packets as in Voice over Internet Protocol (VoIP).
Packets enter a looping path, so that the traffic is never delivered.