IT Governance, Compliance, Security and Audit from the Pros: Glossary

PDA Logo.gif (6595 bytes)

Glossary of Computer & Security Terms

Privacy Test

Security & Audit Tools

CyberScribblings

Security & Audit Products

Top Ten Security Links

Security & Audit Checklists

Computer & Security

Glossary

Security & Audit Bibliography

Search Page

legal info

privacy info

[0] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z]

0

10Base2: 10 Mbps, baseband, in 185 meter segments, ThinWire, coaxial cable Ethernet.
10Base5: 10 Mbps, baseband, in 500 meter segments, ThickWire, coaxial cable Ethernet.
10BaseF: Baseband, in 1 kilometer segments, fibre optic Ethernet.
10BaseT: 10 Mbps, baseband, unshielded, twisted pair (UTP) Ethernet.
10BaseVG: 100 Mbps, baseband, four pair, CAT 3 Ethernet.
802.2: IEEE standard specifying the Logical Link Control (LLC) sub layer, which defines services for the transmission of data between two stations at the data link layer of the OSI model.
802.3: IEEE standard specifying the Carrier Sense Multiple Access/Collision Detection method used by Ethernet.
802.4: IEEE standard specifying the token bus network access method used by ARCnet.

802.5: IEEE standard specifying the logical ring network using a token passing method used by token ring and IBM LANs.
802.11: IEEE standard specifying wireless local area networks (WLANs). 802.11b refers to an over-the-air connection with a wireless client and a base station or Wireless Access Point (WAP) or between two wireless clients.

[Back to top]

Access: The ways and means you approach (physically), store or retrieve data, communicate with, and make use of any resource on a computer system.
Access Category: One of the classes whereto a user, a program or a process in a system may be assigned because of the resources or groups of resources that each user, program, or process is authorized to use.
Access Control Entry: An entry in an access control list (ACL). The entry contains a security ID (SID) and a set of access rights. A process with a matching security ID is either allowed access rights, denied rights, or allowed rights with auditing.
Access Control List: The part of a security descriptor that enumerates the protection (that is, permission) given to an object.
Access Control Mechanisms: Hardware or software features, operating procedures, management procedures, and various combinations of these designed to detect and prevent unauthorized access and to permit authorized access to a system.
Access Guidelines: Used here in the sense of guidelines for the modification of specific access rights. A general framework drawn up by the owner or custodian to instruct the data set security administrator on the degree latitude that exists for the modification of rights of access to a file without the specific authority of the owner or custodian.
Access List: A catalogue of users, programs, or processes and the specifications of access categories whereto each is assigned.
Access Period: A segment of time, generally expressed on a daily or weekly basis, when access rights prevail.
Access Right: A permission granted to a process to manipulate a particular object in a particular manner (for example, calling a service). Different object types support different access rights, which are stored in the object’s access control list (ACL).
Access Token: An object uniquely identifying a user who has logged on. An access token is attached to all the user’s processes and contains the user’s security ID (SID), the names of any groups to which the user belongs, any privileges the user owns, the default onwer of any objects the user’s processes create, and the default access control list (ACL) to be applied to any objects the user’s processes create.
Access Type: An access right to a particular device, program or file. For example, read, write, execute, append, allocate, modify, delete, create.
Accessibility: The ease with which information can be gotten.
Accidental: Outcome from the lack of care or any situation where the result is negatively different from that intended.
Accountability: The quality or state that enables violations or attempted violations of a system security to be traced to individuals who may then be held responsible.
Accuracy: Having no errors. Correct. Exact. Faithful. Precise. Proper. Right. True. Veracious. Vericidal.
ACE: The acronym for Access Control Entry. This contains a SID and the associated set of access control permissions for each object.
ACL: The acronym for Access Control List. This is the place where object permissions are kept. ACLs consist of access control entries.
ActiveX: Microsoft technology part of DCOM strategy. Allows the downloading of binary executables or controls for execution on the client. Replaces OLE.
Address: A number or group of numbers uniquely identifying a network node within its network (or internetwork).
ADSL: The acronym for Asymmetric Digital Subscriber Line, which is a broadband service delivering download rates of 1.5-1.9 Mbps and upload rates of 16-640 Kbps.
Administrator: The Administrator is the person responsible for the operation of the network. The Administrator maintains the network, reconfiguring and updating it as the need arises. With Windows NT Server, it also is the default user account created during setup.
Alert: (1) An audible or visual alarm that signals an error or serves as a warning of some sort. (2) An asynchronous notification that one thread sends to another.
Algorithm: A step-by-step procedure, usually mathematical, for doing a specific function, e.g., a PIN verification algorithm or an encryption algorithm.
American Wire Gauge (AWG): The adopted standard wire sizes, such as No. 12 wire and No. 14 wire. The larger the gauge number of the wire, the smaller the wire; therefore, a No. 14 wire is smaller than a No. 12 wire.
AMPS: The acronym for Advanced Mobile Phone Service. Basic cellular service in North and South America typically operating at 800 MHz and using FDMA transmission technology. With AMPS, when a person grabs a segment of frequency for a call, nobody else can use that frequency. Digital cellular technologies offer ways for carriers to allow more calls in a cell, using the same amount of bandwidth.
Analog: A system based on a continuous ratio, such as voltage or current values.
Analog Transmission: A communications scheme using a continuous signal, varied by amplification. Broadband networks use analog transmissions.
Analytical Attack: An attempt to break a code or cipher key by discovering flaws in its encryption algorithm. analytical attack An attempt to break a code or cipher key by discovering flaws in its encryption algorithm.
ANSI: The acronym for American National Standards Institute, which sets standards for many technical fields.
AppleTalk: Macintosh native protocol.
Application: The user's communication with the installation. A software program or program package enabling a user to perform a specific job, such as word processing or electronic mail.
Application Program/Software: A program written for or by a user that applies to the user's work.
Application Programming Interface (API): A set of routines that an application program uses to request and carry out lower-level services performed by the operating system.
Application System: A collection of programs and documentation used for an application.
Architecture: The general design of hardware or software, including how they fit together.
ARCnet (Attached Resource Computer Network): A local area network scheme developed by Datapoint.
ASCII: The acronym for American Standard Code for Information Interchange pronounced "ASK-ee."
Assembler: A language translator that converts a program written in assembly language into an equivalent program in machine language. The opposite of a disassembler.
Assembly Language: A low-level programming language in which individual machine-language instructions are written in a symbolic form that is easier to understand than machine language itself.
Asynchronous: A method of data communications in which transmissions are not synchronized with a signal. Local area networks transmit asynchronously.
Attach: To log a workstation into a server. Also, to log a workstation into another file server while the workstation remains logged into the first.
Attacks: The method used to commit security violations, such as masquerading and modification.
Attenuation: The difference in amplitude between a signal at transmission and at reception.
Audit Policy: Defines the type of security events logged for a domain or for an individual computer; determines what NT will do when the security log becomes full.
Audit Trail: A chronological record of system activities sufficient to enable the reconstruction, review, and examination of the sequence of environments and activities surrounding or leading to each event in the path of a transaction from its inception to the output of results.
Auditability: The physical or mental power to perform an examination or verification of financial records or accounts.
Auditing: The ability to detect and record security-related events, particularly any attempt to create, access, or delete objects. Windows NT uses security IDs (SIDs) to record which processes performed the action.
Authenticate: (1) To confirm that the object is what it purports being. To verify the identity of a person (or other agent external to the protection system) making a request. (2) The act of identifying or verifying the eligibility of a station, originator, or individual to access specific categories of information.
Authentication: The act of identifying or verifying the eligibility of a station, originator, or individual to access specific categories of information.
Authorization: The process that grants the necessary and sufficient permissions for the intended purpose.
Authorize: To grant the necessary and sufficient permissions for the intended purpose.
Automated Security Monitoring: The use of automated procedures to ensure that the security controls implemented within a system are not circumvented.

[Back to top]

B

Backbone: A central network cable system that connects other networks.
Background: A background task or program runs while the user is doing something else. The most common example is a print spooler program. Used in contrast to foreground.
Background Processing: The action of completing tasks in the background.
Backup: (n) A copy of a disk or of a file on a disk. (v) To make a spare copy of a disk or of a file on a disk.
Backup Domain Controller: For Windows NT Server domains, refers to a computer that receives a copy of the domain's security policy and domain database and authenticates network logons.
Backup Procedures: The provisions you make made for recovering your data files and programs, and for the restart or replacement of your system after the occurrence of a system failure or of a disaster.
Bandwidth: The range of frequencies available for signaling; the difference expressed in Hertz between the lowest and highest frequencies of a band. Or simplistically, the rate that a network can transfer data.
BASIC (Beginner's All-purpose Symbolic Instruction Code): A high-level programming language that is easy to use. It is used mainly for microcomputers.
Batch: The processing of a group of related transactions or other items at planned intervals.
Baud: A unit of signaling speed. The speed in baud is the number of discrete conditions or events per second.
BDC (Backup Domain Controller): A machine that is used to provide a degree of fault tolerance by maintaining a copy of the SAM.
Bit: A contraction of binary digit. The smallest unit of information that a computer can hold. The value of a bit (1 or 0) represents a simple two-way choice, such as yes or no, on or off, positive or negative, something or nothing.
Boot: To start up by loading the operating system into the computer. Starting up is often accomplished by first loading a small program which then reads a larger program into memory. The program is said to "pull itself up by its own bootstraps"—hence the term "bootstrapping" or "booting".
Boot Protocol (BOOTP): A protocol used for remotely booting systems on the network.
Bps (bits per second): A unit of data transmission rate.
Breach: A break in the system security that results in admittance of a person or program to an object.
Bridge: A device used to connect LANs by forwarding packets addressed to other similar networks across connections at the Media Access Control data link level. Routers, which operate at the protocol level, are also called bridges.
Broadband: A transmission system in which signals are encoded and modulated into different frequencies and then transmitted simultaneously with other signals.
Broadcast: A LAN data transmission scheme in which data packets are heard by all stations on the network.
Brute-Force Attack: A computerized trial-and-error attempt to decode a cipher or password by trying every possible combination. Also known as exhaustive attack.
Buffer: A temporary holding area of the computer's memory where information can be stored by one program or device and then read at a different rate by another, for example, a print buffer. Also, the printer's random access memory (RAM), measured in kilobytes. Because computer chips can transfer data much faster than mechanical printer mechanisms can reproduce it, small buffers are generally inserted between the two, to keep the data flow in check.
Bug: An error in a program that prevents its working as intended. The expression reportedly comes from the early days of computing when an itinerant moth shorted a connection and caused a breakdown in a room-sized computer.
Bulletin Board System (BBS): An electronic system that supports communication via modem among computers. Typically, a bulletin board system supports public and private electronic mail, uploading and downloading of public-domain files, and access to on-line databases. Large, commercial bulletin board systems, such as CompuServe and GEnie, can support many users simultaneously; smaller, local boards permit only one caller at a time.
Bus: A common connection. Networks that broadcast signals to all stations, such as Ethernet and ARCnet, are considered bus networks.
Byte: A unit of information having eight bits.

[Back to top]

C

Cabling System: The wiring used to connect networked computers together.
CACLS: A Windows NT command-line program specific to Windows NT that allows you to modify user permissions by using the DOS command prompt or by placing them within a file and running that file. A handy utility to manage large numbers of changes.
Callback: A procedure established for identifying a terminal dialing into a computer system by disconnecting the calling terminal and reestablishing the connection by the computer system’s dialing the telephone number of the calling number.
Card: Another name for board.
Catalog: A list of files stored on a disk. Sometimes called a directory.
CDFS: CD-ROM file system.
CDMA: The acronym for Code Division Multiple Access. The dominant PCS standard in North America, this spread-spectrum technology lets multiple callers share a segment of spectrum of frequencies. Compare to FDMA and TDMA.
CDPD: The acronym for Cellular Digital Packet Data. A packet-based technology, which allows either 9.6 Kbps or 19.2 Kbps data rates over standard analog channels in the 800-900 MHz range, by finding and employing unused channels.
Central Processing Unit (CPU): The "brain" of the computer; the microprocessor performing the actual computations in machine language.
Certification: The technical evaluation, made as part of and in support of the accreditation process, establishing the extent that a particular computer system or network design and implementation meet a specified set of security requirements.
Channel: An information transfer path within a system. May also refer to the mechanism by which the path is effected.
Character: Letter, numerical, punctuation or any other symbol contained in a message.
Chip: Slang for a silicon wafer imprinted with integrated circuits.
Clear Text: Information that is in its readable state (before encryption and after decryption).
CISC: Complex Instruction Set Computer.
Classified: Subject to prescribed asset protection controls, including controls associated with classifications.
Classify: To assign a level of sensitivity and priority and, hence, security control to data.
Clear Text: Information that is in its readable state (before encryption and after decryption).
Click: To quickly press and release the mouse button. For example, you often click an icon to start an application.
Client: A computer that accesses shared network resources provided by another computer (a server). In a client/server database system, this is the computer (usually a workstation) that makes service requests.
Client/Server: A network system design in which a processor or computer designated as a server (file server, database server, and so on) provides services to other client processors or computers.
Coax: Also known as coaxial, this is a cable that consists of two wires running inside a plastic sheath, insulated from each other.
Collision: A garbled transmission resulting from simultaneous transmissions by two or more workstations on the same network cable.
Command Prompt: The window in NT that provides DOS-like capabilities, letting you enter commands that execute within that window.
Commit Bytes: The actual amount of memory that all the applications need at any given moment.
Communication Link: An electrical and logical connection between two devices. On a local area network, a communication link is the point-to-point path between sender and recipient.
Communication Program: A program that enables the computer to transmit data to and receive data from distant computers through the telephone system or some other communication system.
Compartmentalization: The breaking down of sensitive data into small, isolated blocks for reducing the risk to the data.
Compiler: A language translator that converts a program written in a high-level programming language (source code) into an equivalent program in some lower-level language, such as machine language (object code) for later execution.
Completeness: Having all or necessary parts.
Compromise: The loss, misuse, or unauthorized disclosure of a data asset.
Computer Name: For Windows NT purposes, a unique name of up to 15 uppercase characters identifying a computer to the network. The name cannot be the same as any other computer or domain name in the network, and it cannot contain spaces.
Condition: An operating situation when a threat arises. The condition is necessary and desirable for operations.
Confidentiality: A parameter showing the privacy of the information (used particularly in costing functions involving information that has a security classification or is considered proprietary or sensitive).
Configuration: (1) The total combination of hardware components (central processing unit, video display device, keyboard, and peripheral devices) forming a computer system. (2) The software settings allowing various hardware components of a computer system to communicate with each other.
Configuration Registry: A database repository for information about a computer's configuration, for example, the computer hardware, the software installed on the system, and environment settings and other information entered by persons using the system.
Connect Time: The amount of time a user connects to the file server.
Console: In Windows NT, a text-based window managed by the Win32 subsystem. Environment subsystems direct the output of character-mode applications to consoles.
Control Codes: Nonprinting computer instructions such as carriage return and line feed.
Control Program: A program designed to schedule and supervise the performance of data processing work by a computing system.
Control Set: In Windows NT, a complete set of parameters for devices and services in the HKEY_LOCAL_ MACHINE\SYSTEM key in the NT Registry.
Controlled Sharing: The scope or domain where authorization can be reduced to an arbitrarily small set or sphere of activity.
Counter: As used with Microsoft's Performance Monitor, the measurement of activity for a particular object, such as bytes read per second.
Crash: A malfunction caused by hardware failure or an error in the program.
Critical: Data with this preservation classification is essential to the organization's continued existence. The loss of such data would cause a serious disruption of the organization's operation.
Criticality: A parameter indicating dependence of the organization on the information.
Crosstalk: The unwanted transmission of a signal on a channel that interfaces with another adjacent channel. Signal interference created by emissions passing from one cable element to another.
Cryptoanalysis: The steps and operations performed, in converting messages (cipher) into plain text (clear) without initial knowledge of the key employed in the encryption algorithm.
Cryptographic System: The documents, devices, equipment, and associated techniques that are used as a unit to provide a single means of encryption (enciphering or encoding).
Cryptography: Transformation of plain text into coded form (encryption) or from coded form into plain text (decryption).
Cryptology: The field that includes both cryptoanalysis and cryptography.
Customer-Related: Identifying or relating specifically to a customer of the organization.

[Back to top]

D

Damage: Impairment of the worth or usefulness of the information.
Data: Processable information with the associated documentation. The input that a program and its instructions perform on and that determines the results of processing.
Data Base: (1) A collection of information organized in a form that can be readily manipulated and sorted by a computer user. (2) Short for database management system.
Database Management System: A software system for organizing, storing, retrieving, analyzing and modifying information in a database.
Data Base Server: A database server is the "back end" processor that manages the database and fulfills database requests in a client/server database system.
Data Contamination: A deliberate or accidental process or act that results in a change in the integrity of the original data.
Data-Dependent Protection: Protection of data at a level commensurate with the sensitivity level of the individual data elements, rather than with the sensitivity of the entire file that includes the data elements.
Data Diddling: Unauthorized alteration of data as it is entered or stored in a computer.
Data Integrity: Verified correspondence between the computer representation of information and the real-world events that the information represents. The condition of being whole, complete, accurate and timely.
Data Leakage: The theft of data or software.
Data Link Control (DLC): A printer and host access protocol primarily used by PCs to communicate with IBM minicomputers and mainframes.
Data Protection: Measures to safeguard data from undesired occurrences that intentionally or unintentionally lead to modification, destruction or disclosure of data.
Data Security: Data security is the result achieved through implementing measures to protect data against unauthorized events leading to unintentional or intentional modification, destruction or disclosure of data.
Data Storage: The preservation of data in various data media for direct use by the system.
Debug: A colloquial term that means to find and correct an error or the cause of a problem or malfunction in a computer program. Usually synonymous with troubleshoot.
Debugger: A utility program that allows a programmer to see what is happening in the microprocessor and in memory while another program is running.
Decipher: To convert, by use of the appropriate key, cipher text (encoded, encrypted) into its equivalent plain text (clear).
Decrypt: Refer Decipher.
Dedicated File Server: A file server that is used as a user's workstation. The machine is devoted to file service.
Deficiency: A weakness in organization, administration, programs, or machines that results in the appearance of threats.
Deliberate: Actions intended to harm. The results of such deliberate actions might well be different from those expected by perpetrators or victims. For example, arson and vandalism.
Destruction: To render an asset ineffective or useless, it is a recognizable loss, for example, the file must be recovered from backup storage or reconstituted.
Device: A generic term for a computer subsystem, such as a printer, serial port, or disk drive. A device frequently requires its own controlling software, called a device driver.
Device Driver: A software component that enables a computer system to communicate with a device. For example, a printer driver is a device driver that translates computer data into a form understood by the intended printer. In most cases, the driver also manipulates the hardware to transmit the data to the device.
DHCP: The acronym for Dynamic Host Configuration Protocol. This is a tool that allows dynamic IP address allocation, simplifying machine configuration in your network.
Digital: A system based on discrete states, typically the binary conditions of on or off.
Digital Transmission: A communications system that passes information encoded as pulses. Baseband networks use digital transmissions, as do microcomputers.
Directory: A pictorial, alphabetical, or chronological list of the contents of a disk. A directory is sometimes called a catalog. It is used by the operating system to keep track of the contents of the disk.
Disclosure: The act or an instance of revelation or exposure. A disclosure can be obvious, such as the removal of a tape from a library or it can be concealed, such as the retrieval of a discarded report by an outsider or disgruntled employee.
Discretionary Access Control (DAC): The protection that the owner of an object applies to the object by assigning various access rights to various users or groups of users.
Disk: A data storage device in which data is recorded on a number of concentric circular tracks on magnetic medium.
Disk Drive: An electromechanical device that reads from and writes to disks. Two types of disk drives are in common use: floppy disk drives and hard disk drives.
Disk Mirroring: The procedure of duplicating a disk partition on two or more disks, preferably on disks attached to separate disk controllers so that data remains accessible when either a disk or a disk controller fails. Disk mirroring provides a measure of fault tolerance.
Disk Partition: A logical compartment on a physical disk drive. A single disk might have two or more logical disk partitions, each of which would be referenced with a different disk drive name.
Disk Striping: The procedure of combining a set of same-sized disk partitions residing on separate disks into a single volume, forming a virtual "stripe" across the disks. This fault-tolerance technique enables multiple I/O operations in the same volume to proceed concurrently.
Documentation: A complete and accurate description and authorization of a transaction and each operation a transaction passes through. The written (can be automated) description of a system or program and how it operates.
Domain: A collection of computers that share a common domain database and security policy. Each domain has a unique name.
Domain Controller: The server that authenticates domain logons and maintains the security policy and the master database for a domain.
Domain Name: A name assigned to a domain.
Domain Name System, or Server (DNS): A distributed database system that allows TCP/IP applications to resolve a host name into a correct IP address.
Double-Click: To quickly press and release the mouse button twice without moving the mouse. Double-clicking is a means of rapidly selecting and activating a program or program feature.
Download: To transfer a file from a large computer or BBS to a personal computer. "Upload" is the opposite operation.
DUN: The acronym for Dial-Up Networking. Easy to confuse with RAS because it is the newer version of RAS and it performs the same function. We think it was renamed to provide some consistency with Windows 95 terms.
Duplexing: The concept of using two disk drives and two disk controllers to store data, one serving as primary and the other for backup purposes.
Dynamic Host Configuration Protocol (DHCP): The protocol used by a server to dynamically allocate IP addresses on a network. Designed to allow networked hosts to access configuration information across the network, instead of having to be configured by hand directly.

[Back to top]

E

Eavesdropping: Unauthorized interception of data transmissions.
EISA: Enhanced Industry Standard Architecture. An older system data transfer bus architecture that was designed to manage 8-, 16- and 32-bit data transfers. Widely used; most expansion cards support this architecture.
Embarrassment: A parameter indicating the sensitivity of an organization to public knowledge of the information.
Employee-Related: Identifying or relating specifically to an employee of the organization.
Emulation: The imitation of a computer system, performed by a combination of hardware and software, that allows programs to run between incompatible systems.
Encipher: To convert plain text (clear) into unintelligible form by a cipher system.
Encrypt: See Encipher.
Enterprise-Network: A network bringing all sites together through a communications medium.
Error Log: An audit trail of system warning messages displayed for the file server.
Ethernet: A local area network protocol developed by Xerox in 1973 and formalized in 1980. It is the most widely used network protocol.
Event: Any significant occurrence in the system or in an application that requires users to be notified, or an entry to be added to a log.
Event Log Service: A service that records events in the system, security, and application logs.
Expected Lifetime: A parameter indicating the length of time the information is operative or has value to its owners.
Exposure: A quantitative rating (in dollars per year) expressing the organization’s vulnerability to a given risk.
Extended Partition: Free space on a hard disk that is used to allow the disk to be further partitioned into logical partitions or drives.

[Back to top]

F

Fail Safe: The automatic termination and protection of programs or other processing operations when a hardware or software failure is detected in a system.
Fail Soft: The selective termination of affected non-essential processing when a hardware or software failure is detected in a system.
FAT: The name given to the DOS file system. FAT stands for file allocation table and refers to the method of managing the files and directories on the DOS system.
Fault Tolerance: A computer and operating system's capability to respond gracefully to catastrophic events, such as a power outage or hardware failure. Usually, fault tolerance implies the capability either to continue the system's operation without loss of data or to shut down the system and restart it, recovering all processing in progress when the fault occurred.
FDMA: The acronym for Frequency Division Multiple Access. Used with AMPS, FDMA is a method for coordinating radio traffic to prevent interference between users sharing frequencies. Only one subscriber can access a given frequency at any time. Compare to CDMA and TDMA.
Fiber-Optic Cable: A cable constructed using a thin glass or plastic core that conducts light rather than electrical signals.
Field: A particular type or category of information in a database management program, for example, a variable. A location in a record where a particular type of data is stored. In other words, a field is a single unit of dats such as a name or address.
File: A single, named collection of related information stored on magnetic medium.
File Allocation Table (FAT): A table or list maintained by some operating systems, such as MS-DOS, to keep track of the status of various segments of disk space used for file storage.
File Attribute: A restrictive label attached to a file that describes and regulates its use, for example, archive, hidden, read-only, and system.
File Server: A computer that provides network stations with controlled access to shareable resources.
File Size: The length of a file, typically given in bytes.
File System: In an operating system, the overall structure by which files are named, stored, and organized.
Format: The process of setting up a drive space to allow an operating system to use the space. Each operating system, such as MAC, DOS, and NT, uses distinct file system formats, and a drive must be formatted in order for the system to be able to use it.
Fraud: A deliberate deception perpetrated for unlawful or unfair gain.
FTP: File transfer protocol. A program that enables clients to transfer files between computers.
Fully Qualified Domain Name (FQDN): The complete host name and domain name of a network host.

[Back to top]

G

Gateway: A device that provides routing and protocol conversion among physically dissimilar networks and computers, for example, LAN to host, LAN to LAN, X.25, and SNA gateways. That is, a multihomed host used to route network traffic from one network to another. Also used to pass network traffic from one protocol to another.
Grant: To authorize.
GSM: The acronym for Global System for Mobile Communications. A variant of TDMA, GSM is the closest thing to a world standard for cellular service. A single-frequency cellular handset may work compatibly in Europe, Asia, India and Africa, but not North America.
GUI: The acronym for Graphical user interface.

[Back to top]

H

Hacker: A computer enthusiast; also, one who seeks to gain unauthorized access to computer systems.
Handshaking: A dialog between a user and a computer, a computer and another computer, a program and another program for identifying a user and authenticating his identity, through a sequence of questions and answers based on information either previously stored in the computer or supplied to the computer by the initiator of the dialog. Also, when used in context, it refers to the controlled movement of bits between a computer and a printer.
Hardware: In computer terminology, the machinery that forms a computer system.
Hardware Abstraction Layer (HAL): A dynamic link library that encapsulates platform-dependent code. Think of it as a layer of software provided by the hardware manufacturer that hides, or abstracts, hardware differences from higher layers of the Windows NT operating system. Different hardware looks alike to the operating system, thus removing the need to tailor the operating system to each and every hardware type.
HCL: Microsoft's Hardware Compatibility List. This is a list of all hardware that is certified to run with NT. You can find the list on the Internet at the following address: http://www.microsoft.com/isapi/hwtest/hcl.idc.
Hertz: A measure of frequency or bandwidth. The same as cycles per second.
Hierarchical Database: A database organized in a treelike structure.
High Performance File System (HPFS): The file system designed for OS/2 Version 1.2.
Host Computer: The computer that receives information from and sends data to terminals over telecommunication lines. It is also the computer that is in control in a data communication network. The host computer can be a mainframe computer, minicomputer, or microcomputer.
Host Name Resolution: The process of determining a network address when presented with a network host name and domain name, usually by consulting the Domain Name System.
HPFS: The acronym for High Performance File System, provided by OS/2 operating systems. Files in this format can be read by NT.
Hub: (1) A device used on certain network topologies that modifies transmission signals, allowing the network to be lengthened or expanded with additional workstations. The hub is the central device in a star topology. (2) A computer that receives messages from other computers, stores them, and routes them to other computer destinations.

[Back to top]

I

I/O Device (input/output device): A device that transfers information into or out of a computer. icon In graphical environments, a small graphics image displayed on-screen to represent an object that can be manipulated by the user; for example, a recycle bin can represent a command for deleting unwanted text or files.
IDE: The acronym for Integrated Drive Electronics, the older disk drive architecture that usually integrates directly with the disk drive instead of using a separate card.
Identification: The process that enables, generally using unique machine-readable names, recognition of users or resources as identical with those previously described to a system.
IEEE (Institute of Electrical and Electronic Engineers): One of several groups whose members are drawn from industry and who attempt to establish industry standards. The IEEE 802 committee has published numerous definitive documents on local area network standards.
Information: Includes input, output, software, data and all related documentation.
Information Pool: Consists of data designated as accessible by authorized individuals.
Initialize: (1) To set to an initial state or value in preparation for some computation. (2) To prepare a blank disk to receive information by organizing its surface into tracks and sectors; same as format.
Input/Output (I/O): The process by which information is transferred between the computer’s memory and its keyboard or peripheral devices.
Instance: An NT term relating to particular tasks in each object. Objects often have more than one instance, such as the Processor and its %Interrupt Time or %User Time or %Processor Time.
Integrity: Freedom from errors.
Interface: A device or program that allows two systems or devices to communicate with each other. An interface provides a common boundary between the two systems, devices, or programs. Also, the cables, connectors, and electrical circuits allowing communication between computers and printers.
Interrupt Request Lines (IRQ): Hardware lines over which devices can send signals to get the attention of the processor when the device is ready to accept or send information. Typically, each device connected to the computer uses a separate IRQ.
Intruder: A user or another agent attempting to gain unauthorized access to the file server.
IP Address: A 32-bit network address that uniquely locates a host or network within its internetwork.
ISDN: The acronym for Integrated Services Digital Network. A digital phone line that allows faster transmission speeds (128Kbps) than analog phone lines (56Kbps) speeds.
ISP: The acronym for Internet Service Provider, a firm that offers connections to the Internet for a fee.

[Back to top]

J

Jitter: Instability of a signal for a brief period.
Job: A combined run of one or more application programs that are automatically processed in sequence in the computer.

[Back to top]

K

Kernel: The core of an operating system. The portion of the system that manages memory, files, and peripheral devices; maintains the time and date; launches applications; and allocates system resources.
Key: In cryptography, a sequence of symbols that controls the operations of encryption and decryption.
Key Generation: The origination of a key or of a set of distinct keys.

[Back to top]

L

Least Privilege: A principle that users should be assigned only the access needed to perform their business functions.
Local Area Network (LAN): A communications system using directly connected computers, printers, and hard disks allowing shared access to all resources on the network.
Local Security Authority (LSA): An integral subsystem of the Windows NT security system. The LSA manages the local security policy and provides interactive user authentication services. It also controls the generation of audit messages and enters audit messages into the audit log file. Creates a security access token for each user accessing the system.
Logic Bomb: Malicious action, initiated by software, that inhibits the normal system functions; a logic bomb takes effect only when specified conditions occur.
Logical Access: Access to the information content of a record or field.
Logical File: Refers to the data that a file contains.
Logical Partition: A subpartition of an extended partition on a drive, commonly called a logical drive. See extended partition.
Login: The process of accessing a file server or computer after physical connection has been established.
Logon: The process of identifying oneself to a computer after connecting to it over a communications line. During a logon procedure, the computer usually requests the user's name and a password. Also called login.

[Back to top]

M

Mainframe: The term used for very large computers that support thousands of users and huge databases.
Map: (1) To assign a workstation drive letter to a server directory. (2) To translate a virtual address into a physical address.
Media Access Control (MAC): Part of the physical layer of a network that identifies the actual physical link between two nodes.
Menu: A list of options from which users select.
Menu Option: An option on a menu that performs some action, prompts the user for additional information, or leads to another menu.
Microcomputer: A general term referring to a small computer having a microprocessor. In this book, you can use the term interchangeably with personal computer.
Mirroring: A method of ensuring data replication using two hard drives that are connected to the same disk controller. Less robust than duplexing because of the shared controller. Otherwise, duplexing and mirroring can be considered to be essentially the same thing.
Modem: A modulator-demodulator. A device that lets computers communicate over telephone lines by converting digital signals into the phone system's analog signals and vice versa.
Modification: An asset is altered partly so the form or quality of it has been changed somewhat. A file can appear intact and may be perfectly usable, but it can contain erroneous information.
Monitoring: The use of automated procedures to ensure that the controls implemented within a system are not circumvented.
Multihomed: A computer that has more than one network card, either physically or logically. Often used as a router for connecting two networks.

[Back to top]

N

Need-to-Know: The necessity for access to, knowledge of, or possession of sensitive information to fulfill official duties. Responsibility for determining whether a person's duties require that he have access to certain information, and whether he is authorized to receive it, rests on the owner of the information involved and not on the prospective recipient.
NetBIOS Extended User Interface (NetBEUI): A small, fast protocol that requires little memory but is not routable.
Network: A collection of inter-connected, individually controlled computers, printers and hard disks, with the hardware and software used to connect them.
Network Adapter: A circuit board that plugs into a slot in a PC and has one or more sockets to which you attach cables. Provides the physical link between the PC and the network cable. Also called network adapter card, network card, and network interface card (NIC). network address A unique identifier of an entity on a network, usually represented as a number or series of numbers.
Network Basic Input/Output Operating System (NetBIOS): A network file-sharing application designed for use with PC DOS personal computers, usually implemented under TCP/IP at the application layer.
Network Drive: An online storage device available to network users.
Network Interface Card: See network adapter.
Network Operating System: An operating system installed on a server in a local area network that coordinates the activities of providing services to the computers and other devices attached to the network.
Network Station: Any PC or other device connected to a network by means of a network interface board and some communications medium. A network station can be a workstation, bridge, or server.
Node: A point of interconnection to a network. Normally, a point at which a number of terminals are located.