Spoofing attacks

Many spoofing attacks exist. An example is the Internet Protocol (IP) spoofing attack, which refers to sending a network packet that appears to come from a source other than its actual source. It involves (1) the ability to receive a message by masquerading as the legitimate receiving destination or (2) masquerading as the sending machine and sending a message to a destination.

Spread spectrum

Uses a wide band of frequencies to send radio signals. Instead of transmitting a signal on one channel, spread spectrum systems process the signal and spread it across a wider range of frequencies.

Spyware

(1) It is malware intended to violate a user’s privacy. (2) It is a program embedded within an application that collects information and periodically communicates back to its home site, unbeknownst to the user. Spyware programs have been discovered with many shareware or freeware programs and even some commercial products, without notification of this hidden functionality in the license agreement or elsewhere. Notification of this hidden functionality may not occur in the license agreement. News reports have accused various spyware programs of inventorying software on the user’s system, collecting or searching out private information, and periodically shipping the information back to the home site. (3) It is software that is secretly or surreptitiously installed into an information system to gather information on individuals or organizations without their knowledge. It is a type of malicious code and malware.

Spyware detection and removal utility

A program that monitors a computer to identify spyware and prevent or contain spyware incidents.

Stackguarding

Stackguarding technology makes it difficult for attackers to exploit buffer overflows and to prevent worms from gaining control of low-privilege accounts.

Standard

An established basis of performance used to determine quality and acceptability. A published statement on a topic specifying characteristics, usually measurable, that must be satisfied or achieved in order to comply with the standard.

Standalone system

A small office/home office (SOHO) environment.

Standard generalized markup language (SGML)

A markup language used to define the structure and to manage documents in electronic form.

Standard user account

A user account with limited privileges that will be used for general tasks such as reading e-mail and surfing the Web.

Star topology

Star topology is a network topology in which peripheral nodes are connected to a central node (station) in that all stations are connected to a central switch or hub. An active star network has an active central node that usually has the means to prevent echo-related problems.

State attacks

Asynchronous attacks that deal with timing differences and changing states. Examples include time-of-check to time-of-use (TOC-TOU) attack and race conditions.

Stateful inspection

Packet filtering that also tracks the state of connections and blocks packets that deviate from the expected state.

Stateful protocol analysis

A firewalling capability that improves upon standard stateful inspection by adding basic intrusion detection technology. This technology consists of an inspection engine that analyzes protocols at the application layer to compare vendor-developed profiles of benign protocol activity against observed events to identify deviations, allowing a firewall to allow or deny access based on how an application is running over a network.

Stateless inspection

See “Packet filtering.”

State transition diagram (STD)

It shows how a system moves from one state to another, or as a matrix in which the dimensions are state and input. STDs detects errors such as incomplete requirements specifications and inconsistent requirements. STDs represent a sequential, natural flow of business transactions. STD are used in real-time application systems to express concurrency of tasks. They are also called state charts.

Static key

It is a key that is intended for use for a relatively long period of time and is typically intended for use in many instances of a cryptographic key establishment scheme. Static key is in contrast with an ephemeral key, where the latter is used for a short period of time.

Static key agreement key pairs

Static key agreement key pairs are used to establish shared secrets between entities, often in conjunction with ephemeral key pairs. Each entity uses their private key agreement key(s), the other entity’s public key agreement key(s) and possibly their own public key agreement key(s) to determine the shared secret. The shared secret is subsequently used to derive shared keying material. Note that in some key agreement schemes, one or more of the entities may not have a static key agreement pair.

Static separation of duty (SSOD)

As a security mechanism, SSOD addresses two separate but related problems: static exclusivity and assurance principle.

Static exclusivity is the condition for which it is considered dangerous for any user to gain authorization for conflicting sets of capabilities (e.g., a cashier and a cashier supervisor). The motivations for exclusivity relations include, but are not limited to, reducing the likelihood of fraud or preventing the loss of user objectivity.

Assurance principle is the potential for collusion where the greater the number of individuals that are involved in the execution of a sensitive business function, such as purchasing an item or executing a trade, the less likely any one user will commit fraud or that any few users will collude in committing fraud.

Separation of duties constraints may require that two roles be mutually exclusive, because no user should have the privileges from both roles. Popular SSOD policies are the RBAC and RuBAC.

Static Web documents

Static Web documents (pages) are written in HTML, XHTML, ASCII, JPEG, XML, and XSL.

Stealth mode

Operating an intrusion detection and prevention sensor without IP addresses assigned to its monitoring network interfaces.

Steering committee

A group of management representatives from each user area of IT services that establishes plans and priorities and reviews project’s progress and problems for the purpose of making management decisions.

Steganography

Deals with hiding messages and obscuring who is sending or receiving them. The art and science of communicating in a way that hides the existence of the communication. For example, a child pornography image can be hidden inside another graphic image file, audio file, or other file format.

Step restart

A restart that begins at the beginning of a job step. The restart may be automatic or deferred, where deferral involves resubmitting the job.

Storage security

The process of allowing only authorized parties to access stored information.

Stream attack

The process of ending transmission control protocol (TCP) packets to a series of ports with random sequence numbers and random source Internet Protocol (IP) addresses. The result is high CPU usage leading to resource starvation effect. Once the attack subsided, the system returns to normal conditions.

Stream cipher algorithm

An algorithm that converts plaintext into ciphertext one bit at a time and its security depends entirely on the insides of the keystream generator. Stream ciphers are good for continuous streams of communication traffic.

Stress testing