previous  next  Title  Contents    Previous  Next  Top   Detailed TOC        Last Update: 17 Mrz 2000

23 Appendix E: References, Abbreviations

23.1 Referenced documents

Ref. Document number Title Date Author
[nt1] Technet CD Enterprise Planning Guide - Security May'95 Microsoft
[nt2] ISBN 1-55615-653-7 NT 3.5 resource Toolkit 1995 Microsoft
[nt3] ISBN 1-55615-814-9 Windows NT 3.5 Guidelines for Security, Audit and Control 1994 Microsoft
[nt4] Technet CD Enterprise Planning Guide - Domains May'95 Microsoft
[nt5] Technet CD /Backoffice The Microsoft Strategy for Distributed Computing and DCE Services May'95 Microsoft
[nt6]   NT Server "Concepts and Planning Guide"   Microsoft
  ISBN ? Windows for Workgroups 3.11 resource Toolkit   Microsoft
[unix1] ISBN 1-56592-148-8
2nd Edition
"Practical UNIX Security",
O'Reilly & Associates.
April 1996 Garfinkel / Spafford
  1st Edition "Practical UNIX Security",
O'Reilly & Associates.
June 1991 Garfinkel / Spafford
[unix2] Unixworld magazine Encrypting Shell Scripts Sept. 1992 R. Schwartz
[unix3] ISBN 0-201-63357-4 Firewalls Internet and Security 1994 Cheswick / Bellovin
[unix4] ISBN 0-13-149386-8 Panic! UNIX system crash dump analysis. 1995 Drake / Brown
[tcsec] DoD 5200.28-STD "Orange Book" TCSEC
- Trusted Computer Evaluation Criteria
American Department of Defence (DoD).
Local copy
26.12.85 DoD
[nsa1] List of NSA publications. Information Systems Security: Product and Services Catalog Spring 1996 NSA
[green] CSC-STD-002-85 "Green Book"
- Password management guideline
American Department of Defence (DoD).
12.4.85 DoD
[itsec] "European Orange Book" ITSEC Information Technology Security Evaluation Criteria
Local copy
June 1991 F/GB/D/ NL
[itsem] V1.0 ITSEM: Information Technology Security Evaluation Manual
Local copy
10.10.93 EC
[sql1] SY52433-0893 System Administrator's Guide: SQL 4.2 Server 1993 Microsoft
[winkler] 5th USENIX UNIX Security Symposium "Case Study: Social Engineers Wreak Havoc" 1995 Ira S. Winkler
[infowar1] ISBN
Information Warfare: Chaos on the Electronic Superhighway 1996 Winn Schwartau
[infowar2]   4th Infowarcon proceedings (Europe) 1996 NCSA
[java1] 1996 IEEE Symposium on Security and Privacy Java Security: From HotJava to Netscape and Beyond 5.1995 Princeton University
[uk1]   Brochure "IT Security - It's your business, A business guide to ITSEC"   DTI (UK ITSEC scheme)
[bsi1] ISBN 0-580-22536-4 A Code of Practice for Information Security Management 1993 BSI
[bund]   IT Baseline Protection Manual
[sans1]   Incident handling Step By Step
1998 Community
[sans2]   Windows NT Security Step By Step
1998 Community
[sans3]   Solaris Security Step By Step
1999 Community

23.2 Related documents

Document number Ver. Title Date Author
    SMS Schulungsdokumentation   Microsoft
Technet CD 5.95 Enterprise Planning Guide - Domains May'95 Microsoft
Technet CD /Backoffice 5.95 The Microsoft Strategy for Distributed Computing and DCE Services May'95 Microsoft
TechNet CD 9.95   Introducing Microsoft Exchange Part 1-6 1995 Microsoft
TechNet CD 9.95   MS Exchange Server: Using Industry Standards for Greater Compatibility   Microsoft
TechNet CD 9.95   MS SQL Server 6.0 Reviewer's Guide   Microsoft
    MS SQL V4.2 Documentation: System Administrator's Guide, ... 1993 Microsoft
RFC1244   Site Security Handbook   Internet
ISBN 0-13-151051-7   Unix System Administration Handbook,
Prentice Hall
1995 Nameth /Snyder....
399 8675-001 001 Host Integration Toolkit: Reference Guide 2.1994 Unisys
7431 0004-000
7430 9964-000
  U6000 Series Open/OLTP doc: "Conceptual Overview", "Installation and Administration" 4.1991 Unisys
    Open/OLTP4.2.1 NPIT 7.1993 Unisys
    "Unix-based OLTP: Architectures, Vendor Strategies and Issues"
Patricia Seybold's office computing Group
6.1991 Jonathan
ISBN 1-56592-124-0   "Building Internet Firewalls", O'Reilly & Associates 1995 Chapman /
ISBN 2-84177-005-2   "Introduction à Perl" (French)   Schwartz
ISBN   "Introduction to Perl" (English)   Schwartz
ISBN 0-937175-64-1   "Programming Perl" 1992 Schwartz
    Solaris 2.5 Documentation: "System Administration Guide, Vol1", Vol2, "SunSHIELD BSM Guide" 1995 SunSoft
RFC 2119
  "Key words for use in RFCs to Indicate Requirement Levels", BCP 1l4. March 1997 Bradner, S.
    IT Architect
Feb.'99 Sunworld

23.4 Definitions



Assurance: Confidence that a System behaves as expected (i.e. according to it's specification).
Identification / Authentication:
When users or programs communicate with each other, the two parties must identify each other, such that they know who they are communicating with.
Accountability/Audit Trail:
The ability to know who did what, when, where. Users are responsible and accountable for their actions. Automatic audit trail monitoring and analysis to detect security breaches.
Access Control:
Access to specified resources can be restricted to certain entities.
Object Reuse:
Objects used by one process may not be reused or manipulated by another process such that security may be violated.
Objects (information and processes) are accurate and complete.
Secure data exchange:

Confidentiality: data should remain private during transmission.
Integrity: data should remain accurate & complete during transmission. 
When sending email or when programs communicate with each other, authentication (see above) may be required.
In certain situations, it may be necessary to be able to prove where information came from. This is called non repudiation of origin. A sender may also require proof that the message was received by the intended receiver - non repudiation of receipt.

Reliability of service: Data and vital services are available as specified/when needed.

Miscellaneous definitions:

23.4 Glossary / Abbreviations

Abbreviation Meaning
ACL Access Control List
APSAD L'Assemblé Plénière de Sociétés d'Assurance Domage (France)
BDC Backup Domain Controller: A copy of PDC information is kept on a "backup" machine to ensure high availability and spread network/system load in Lan Manager domains.
CA Certification Authority
CERT Computer Emergency Response Team at Carnegie Mellon University, USA act a central distribution point for help on security matters (especially UNIX related).
CLUSIF Club de la Sécurité Informatique Francais
CORBA Common Object Request Broker Architecture. A new evolving, open standard for the use of distributed objects in a heterogeneous environment. Version 1.2 was available on the market in 1995 and V2.0 was to finalised in late 1995.
Cryptography is the translation of information (known as plaintext) into a coded form (known as cypertext) using a key. Cryptography is mostly used to protect the privacy of information (i.e. limit who can access the information).
CSP Cryptographic Service Providers (Security modules in the Windows NT Crypto API)
DAC Discretionary Access Control
DB Database
DCOM Distributed Common Object Model (Microsoft's response to CORBA).
dba see sa.
DES Data Encryption Standard
DHCP Dynamic Host Configuration Protocol
DNS Domain name service, allows the resolution of hostnames to IP addresses and vice versa in large networks.
DoD U.S. Department of Defense
DTP The X/Open Distributed Transaction Processing standard.
EMP electromagnetic Pulse
FDDI Fibre Distributed Data Interface, a 100MB/sec wide area fibre optic network.
FireWire A fast serial bus protocol (IEEE 1394) that may become an important standard for PC peripherals in 1998.
FTP File Transfer Protocol
GUI Graphical User Interface
HTTP Hypertext transfer protocol, the principal protocol used by the WWW
HW Hardware
ICAP Internet Calendar Access Protocol
IDL Interface Definition Language
IIOP Internet Interoperable ORB Protocol
IMAP Internet Mail Access Protocol
IRC Internet Relay Chat
ISDN Integrated services digital network
IT Information Technology, basically computerised / digital systems. (=Informatik in German)
ITSEC IT Security Evaluation Criteria, sometimes called the European Orange Book
LDAP Lightweight Directory Access Protocol (an Internet standard for directory services)
Linux A free UNIX-like operating system.
MAC Mandatory Access Control
MARION Méthodologie d'Analyse des Risques Informatique et d'Optimation par Niveau
MFT Multi Functional Terminal. A client/server system from Unisys (B38 terminal) which runs the CTOS operating system. Used for making contracts, accessing Terco and word-processing. 3270 and VT emulators are available.
NCSC U.S. National Computer Security Center (part of the NSA)
news see NNTP
NFS Network File System
NIS Network Information Service (also called Yellow pages)
NIS+ New hierarchical, more secure version of NIS
NIST U.S. National Institute for Standards and Technology
NNTP Network news transfer protocol
NSA National Security Agency (USA)
NT New Technology: New multitasking operating system from Microsoft. Also called Windows NT. Has lots of features from UNIX and VMS.
NTFS NT-File System
NTP Network Time Protocol
OLAP On-line Analytical Processing
OLTP On Line Transaction Processing. Open /OLTP Unisys transaction monitor, based on Tuxedo (USL)
OODA Observation, Orientation, Decision, Action loop (U.S. Military speak for making decisions)
Orange Book See TCSEC
ORB Object Request Broker
OS Operating System
PDC Primary Domain Controller: The principal NT server containing user account information in a domain.
PKCS Public Key Cryptography Standards, established by a consortium composed of RSA, Microsoft, Lotus, Apple, Novell, Digital Equipment Corporation, Sun Microsystems and MIT in 1991.
Proxy A service which is normally used to provide indirect access a particular Internet service. Proxies eliminate the need for direct access to the Internet for normal clients.
PSTN Public Switch Telephone Network (= POTS, Plain old telephone service)
RAID Redundant array of disks. RAID disks increase availability.
RAS Remote Access Service: Microsoft's utility for connecting computers over Dialup lines or for connecting laptops.
sa Database system administrator
SecurID Intelligent one-time generator (credit card sized) from Secure Dynamics.
SHS Secure Hashing Standard (from NIST)
S/MIME Secure/Multipurpose Internet Mail Extensions, S/MIME provides a standard way to send and receive secure electronic mail. Based on the popular Internet MIME standard (RFC 1521), S/MIME provides authentication, message integrity, privacy and non-repudiation of origin of electronic messages, using digital signatures and encryption.
SMS Systems Management Server: Microsoft's software distribution & centralised helpdesk system.
SMTP Simple Mail Transfer Protocol
SNMP Simple Network Management Protocol
SQL* Net An Oracle TNS based tool for using and managing Oracle7 databases. V2.1 is not compatible with 1.x.
SSH Secure Shell, a secure replacement for telnet, rlogin, rcp, rsh among other things.
SSL Secure Socket Layer
SSO System Security Officer
SW Software
TBD To Be Defined or To Be Done (means basically that I'd like to get around to giving some detail on a particular issue).
TCB Trusted Computing Base: The Orange Book (TCSEC) classes use the notion of a Trusted Computing Base (or TCB) extensively. This is the central part of the system (e.g. the kernel) which is trusted to carry out security functions.
TCP/IP Transmission Control Protocol / Internet Protocol: This suite of protocols, originally developed for the Internet, is now the standard enterprise network protocol.
TCSEC U.S. DoD Trusted Computer System Evaluation Criteria, also called the Orange Book
TIS Trusted Information Systems Inc.
TNS Transparent Network Substrate: is the name of Oracle's network architecture.
TTP Trusted Third Party
UC Under Construction: Some, but not information is given on this topic, needs to be finished.
USB Universal Serial Bus: a 12Mbps serial bus for PC peripherals designed for low and medium speed devices such as keyboards, monitors, tape drives, etc.
USL UNIX System Laboratories, now owned by Novell.
WfW Microsoft Windows for Workgroups V3.11
WINS Windows Internet Naming Service
WOSA Windows Open Services Architecture (basically means the networking services as delivered with the newer Microsoft OS's such as NT, Windows 95, WfW 3.11).
WWW World Wide Web (also called W3, pronounced W cubed)
X/Open International Open Standards Organisation, based in England.
X11 X11 is the standard GUI on UNIX machines. Also available on PC & MAC.

previous  next  Title  Contents    Previous  Next  Top   Detailed TOC        Last Update: 17 Mrz 2000