Administrative Security: The management constraints and supplemental controls established to provide an acceptable level of protection for data.Attack: An attempt to bypass security controls on a computer. The attack may alter, release, or deny data. Whether an attack will succeed depends on the vulnerability of the computer system and the effectiveness of existing countermeasures.Automated Security Monitoring: All security features needed to provide an acceptable level of protection for hardware, software, and classified, sensitive, unclassified or critical data, material, or processes in the system.Breach: The successful defeat of security controls which could result in a penetration of the system. A violation of controls of a particular information system such that information assets or system components are unduly exposed.CGI: Common Gateway Interface – CGI is the method that Web servers use to allow interaction between servers and programs.Clipper Chip: A tamper-resistant VLSI chip designed by NSA for encrypting voice communications. It conforms to the Escrow Encryption Standard (EES) and implements the Skipjack encryption algorithm.COPS: Computer Oracle and Password System – A computer network monitoring system for Unix machines. Software tool for checking security on shell scripts and C programs. Checks for security weaknesses and provides warnings.Crack: A popular hacking tool used to decode encrypted passwords. System administrators also use Crack to assess weak passwords by novice users in order to enhance the security of the AIS.Data Driven Attack: A form of attack that is encoded in innocuous seeming data which is executed by a user or a process to implement an attack. A data driven attack is a concern for firewalls, since it may get through the firewall in data form and launch an attack against a system behind the firewall.Demon Dialer: A program which repeatedly calls the same telephone number. This is benign and legitimate for access to a BBS or malicious when used as a denial of service attack.Ethernet Sniffing: This is listening with software to the Ethernet interface for packets that interest the user. When the software sees a packet that fits certain criteria, it logs it to a file. The most common criteria for an interesting packet is one that contains words like login or password.False Negative: Occurs when an actual intrusive action has occurred but the system allows it to pass as non-intrusive behavior.False Positive: Occurs when the system classifies an action as anomalous (a possible intrusion) when it is a legitimate action.Fishbowl: To contain, isolate and monitor an unauthorized user within a system in order to gain information about the user.Hacking Run: A hack session extended long outside normal working times, especially one longer than 12 hours.Internet Worm: A worm program (see: Worm) that was unleashed on the Internet in 1988. It was written by Robert T. Morris as an experiment that got out of hand.Intrusion: Any set of actions that attempt to compromise the integrity, confidentiality or availability of a resource.Keystroke Monitoring: A specialized form of audit trail software, or a specially designed device, that records every key struck by a user and every character of the response that the AIS returns to the user.Leapfrog Attack: Use of user id and password information obtained illicitly from one host to compromise another host. The act of TELNETing through one or more hosts in order to preclude a trace (a standard cracker procedure).Logic Bomb: Also known as a Fork Bomb – A resident computer program which, when executed, checks for a particular condition or particular state of the system which, when satisfied, triggers the perpetration of an unauthorized act.