Читаем CISSP Practice полностью

Step restart

A restart that begins at the beginning of a job step. The restart may be automatic or deferred, where deferral involves resubmitting the job.

Storage security

The process of allowing only authorized parties to access stored information.

Stream attack

The process of ending transmission control protocol (TCP) packets to a series of ports with random sequence numbers and random source Internet Protocol (IP) addresses. The result is high CPU usage leading to resource starvation effect. Once the attack subsided, the system returns to normal conditions.

Stream cipher algorithm

An algorithm that converts plaintext into ciphertext one bit at a time and its security depends entirely on the insides of the keystream generator. Stream ciphers are good for continuous streams of communication traffic.

Stress testing

Application programs tested with test data chosen for maximum, minimum, and trivial values, or parameters. The purpose is to analyze system behavior under increasingly heavy workloads and severe operating conditions, and, in particular, to identify points of system failure.

Stretching (password)

The act of hashing each password and its salt thousands of times, which makes the creation of rainbow tables more time-consuming.

Striped core

A communications network architecture in which user data traversing a core IP network is decrypted, filtered, and re-encrypted one or more times in a red gateway. The core is striped because the data path is alternately black, red, and black.

Strongly bound credentials

Strongly bound credential mechanisms (e.g., a signed public key certificate) require little or no additional integrity protection.

Structure charts

A tool used to portray the logic of an application system on a hierarchical basis, showing the division of the system into modules and the interfaces among modules. Like data flow diagrams (DFDs), structure charts can be drawn at different levels of detail from the system level to a paragraph level within a program. Unlike DFDs, structure charts indicate decision points and explain how the data will be handled in the proposed system. A structure charts is derived directly from the DFD with separate branches for input, transformation, and output.

Subclass

A class that inherits from one or more classes.

Subject

Technically, subject is a process-domain pair. An active entity (e.g., a person, a process or device acting on behalf of user, or in some cases the actual user) that can make a request to perform an operation on an object (e.g., information to flow among objects or changes a system state). It is the person whose identity is bound in a particular credential.

Subject security level

A subject’s security level is equal to the security level of the objects to which it has both read and write access. A subject’s security level must always be dominated by the clearance of the user with which the subject is associated.

Subscriber

(1) An entity that has applied for and received a certificate from a certificate authority. (2) A party who receives a credential or token from a credential service provider (CSP) and becomes a claimant in an authentication protocol.

Subscriber identity module (SIM)

A smart card chip specialized for use in global system for mobile communications (GSM) equipment.

Subscriber station (WMAN/WiMAX)

A subscriber station (SS) is a fixed wireless node and is available in outdoor and indoor models and communicates only with BSs, except during mesh network operations.

Substitution table box

Nonlinear substitution table boxes (S-boxes) used in several byte substitution transformations and in the key expansion routine to perform a one-for-one substitution of a byte value. This substitution, which is implemented with simple electrical circuits, is done so fast in that it does not require any computation, just signal propagation. The S-box design, which is implemented in hardware for cryptographic algorithm, follows Kerckhoff’s principle (security-by-obscurity) in that an attacker knows that the general method is substituting the bits, but he does not know which bit goes where. Hence, there is no need to hide the substitution method. S-boxes and P-boxes are combined to form a product cipher, where wiring of the P-box is placed inside the S-box (i.e., S-box is first and P-box is next). S-boxes are used in the advanced encryption standard (AES).

Subsystem

A major subdivision or component of an information system consisting of information, information technology, and personnel that perform one or more specific functions.

Superuser

A user who is authorized to modify and control IT processes, devices, networks, and file systems.

Supervisor state