Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.
NIST 800‐53
1.2
Integrity
Guarding against improper information modification or destruction, and includes ensuring information non‐repudiation and authenticity.
NIST 800‐53
1.2
Availability
Ensuring timely and reliable access to and use of information.
NIST 800‐53
1.2
Firewall
A device or program that controls the flow of network traffic between networks or hosts that employ differing security postures.
NIST SP 800‐41 Rev. 1
2
Application proxy
A firewall capability that combines lower‐layer access control with upper layer‐functionality, and includes a proxy agent that acts as an intermediary between two hosts that wish to communicate with each other.
NIST 800‐41
2.2, 2.3
Demilitarized zone (DMZ)
An interface on a routing firewall that is similar to the interfaces found on the firewall’s protected side. Traffic moving between the DMZ and other interfaces on the protected side of the firewall still goes through the firewall and can have firewall protection policies applied.
NIST 800‐41
2.1, 2.3
Network address translation(NAT)
A routing technology used by many firewalls to hide internal system addresses from an external network through use of an addressing schema.
NIST 800‐41
2.2
Packet filter
A routing device that provides access control functionality for host addresses and communication sessions.
NIST 800‐41
2.2, 2.3
Stateful inspection
Packet filtering that also tracks the state of connections and blocks packets that deviate from the expected state.
NIST 800‐41
2.2, 2.3
Virtual Private Network (VPN)
Protected information system link utilizing tunneling, security controls, and endpoint address translation giving the impression of a dedicated line.
NIST 800‐53
2.1, 2.3
Intrusion detection system (IDS)
A security service that monitors and analyzes network or system events for the purpose of finding, and providing real‐time or near real‐time warning of, attempts to access system resources in an unauthorized manner.
NIST 800‐82
3
Intrusion protection system (IPS)
A system that can detect an intrusive activity and can also attempt to stop the activity, ideally before it reaches its targets.
NIST 800‐82
Rule set
A collection of rules or signatures that network traffic or system activity is compared against to determine an action to take –such as forwarding or rejecting a packet, creating an alert, or allowing a system event.
NIST 800‐115
Ex. 3.1.
False negative or Missing attack
Incorrectly classifying malicious activity as benign.
NIST 800‐83
3.5
False positive or False alarm
Incorrectly classifying benign activity as malicious.
3.5
User authentication
Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system.
NIST 800‐53
5.3
Techniques and Technologies
Internet
The single interconnected worldwide system of commercial, government, educational, and other computer networks that share the set of protocols specified by the Internet Architecture Board (IAB) and the name and address spaces managed by the Internet Corporation for Assigned Names and Numbers (ICANN).
NIST SP 800‐82 Rev. 2 RFC 4949
Algorithm
Formulae given to a computer in order for it to complete a task (i.e. a set of rules for a computer).
Conventional Techniques
String pattern search
Aho–Corasick
Dictionary‐matching algorithm that locates elements of a finite set of strings (the “dictionary”) within an input text and attempts to match all strings simultaneously.
Ex. 4.20.
Boyer and Moore
An efficient string‐searching algorithm that is the standard benchmark for practical string‐search literature.
