Читаем CISSP Practice полностью

The server-side scripts such as CGI, ASP, JSP, PHP, and Perl are used to generate dynamic Web pages.

Server software

Software that is run on a server to provide one or more services.

Service

A software component participating in a service-oriented architecture (SOA) that provides functionality or participates in realizing one or more capabilities.

Service-component

Modularized service-based applications that package and process together service interfaces with associated business logic into a single cohesive conceptual module. The aim of a service-component in a service-oriented architecture (SOA) is to raise the level of abstraction in software services by modularizing synthesized service functionality and by facilitating service reuse, service extension, specialization, and service inheritance. The desired features of a service component include encapsulation, consumability, extensibility, standards-based (reuse), industry best practices and patterns, well-documented, cohesive set of services, and well-defined and broadly available licensing or service-level agreement (SLA).

Service interface

The set of published services that the component supports. These technical interfaces must be aligned with the business services outlined in the service reference model.

Service-level agreement (SLA)

A service contract between a network service provider and a subscriber guaranteeing a particular service’s quality characteristics. These agreements are concerned about network availability and data-delivery reliability.

Service-oriented architecture (SOA)

A collection of services that communicate with each other. The communication can involve either simple data passing or it could involve two or more services coordinating some activity.

Service set identifier (SSID)

A name assigned to a wireless access point.

Session cookie

A temporary cookie that is valid only for a single website session. It is erased when the user closes the Web browser, and is stored in temporary memory.

Session hijack attack

An attack in which the attacker can insert himself between a claimant and a verifier subsequent to a successful authentication exchange between the latter two parties. The attacker can pose as a subscriber to the verifier or vice versa to control session data exchange.

Session initiation protocol (SIP)

SIP is a standard for initiating, modifying, and terminating an interactive user session that involves multimedia elements such as video, voice, instant messaging, online games, and virtual reality. It is one of the leading signaling protocols for Voice over IP (VoIP) along with H.323.

Session key

The cryptographic key used by a device (module) to encrypt and decrypt data during a session. A temporary symmetric key that is only valid for a short period. Session keys are typically random numbers that can be chosen by either party to a conversation, by both parties in cooperation with one another, or by a trusted third party.

Session layer

Portion of an OSI system responsible for adding control mechanisms to the data exchange.

Session locking

A feature that permits a user to lock a session upon demand or locks the session after it has been idle for a preset period of time.

Shared secret

A secret used in authentication that is known to the claimant and the verifier.

Shareware

Software distributed free of charge, often through electronic bulletin boards, may be freely copied, and for which a nominal fee is requested if the program is found useful.

Shim

A layer of host-based intrusion detection and prevention code placed between existing layers of code on a host that intercepts data and analyzes it.

Short message service (SMS)

A cellular network facility that allows users to send and receive text messages of up to 160 alphanumeric characters on their handset.

Shoulder surfing attack

Stealing passwords or personal identification numbers by looking over someone’s shoulder. It is also called a keyboard logging attack because a keyboard is used to enter passwords and identification numbers. Shoulder surfing attack can also be done at a distance using binoculars or other vision-enhancing devices, and these attacks are common when using automated teller machines and point-of-sale terminals. A simple and effective practice to avoid this attack is to shield the keypad with one hand while entering the required data with the other hand.

Shred

A method of sanitizing media; the act of cutting or tearing into small particles.

Shrink-wrapped software

Commercial software used “ out-of-the-box” without change (i.e., customization). The term derives from the plastic wrapping used to seal microcomputer software.