Switches

Switches, in the form of routers, interconnect when the systems forming one workgroup are physically separated from the systems forming other workgroups. For example, Ethernet switches establish a data link in which a circuit or a channel is connected to an Ethernet network. Switches and bridges are used to interconnect different LANs. A switch operates in the Data Link Layer of the ISO/OSI reference model.

T

T- lines

High-speed data lines leased from communications providers such as T-1 lines.

Tailgating

Same as piggybacking.

Tailored security control baseline

A set of security controls resulting from the application of tailoring guidance to the security control baseline. Tailoring is the process by which a security control baseline is modified based on (1) the application of scoping guidance; (2) the specification of compensating security controls, if needed; and (3) the specification of organization-defined parameters in the security controls via explicit assignment and selection statements. In other words, the tailoring process modifies or aligns the baseline controls to fit the system conditions.

Tainted input

Input data that has not been examined or sanitized prior to use by an application.

Tamper

Unauthorized modification that alters the proper functioning of cryptographic or automated information system security equipment in a manner that degrades the security or functionality it provides.

Tamper detection

The automatic determination by a cryptographic module that an attempt has been made to compromise the physical security of the module.

Tamper evidence

The external indication that an attempt has been made to compromise the physical security of a cryptographic module. The evidence of the tamper attempt should be observable by an operator subsequent to the attempt.

Tamper response

The automatic action taken by a cryptographic module when a tamper attempt has been detected.

Tandem computing Tandem computers use single point tolerance system to create nonstop systems with uptimes measured in years. Single point tolerance means single backup where broken parts can be swapped out with new ones while the system is still operational (that is, hot swapping). The single point tolerant systems should have high mean time between failures (MTBF) and low mean time to repair (MTTR) before the backup fails (Wikipedia).

Tap

An analog device that permits signals to be inserted or removed from a twisted pair or coax cable.

Target of evaluation (TOE)

A Common Criteria (CC) term for an IT product or system and its associated administrator and user guidance documentation that is the subject of a security evaluation. A product that has been installed and is being operated according to its guidance.

Target identification and analysis techniques

Information security testing techniques, mostly active and generally conducted using automated tools, used to identify systems, ports, services, and potential vulnerabilities. These techniques include network discovery, network port and service identification, vulnerability scanning, wireless scanning, and application security testing.

Target vulnerability validation techniques

Active information security testing techniques that corroborate the existence of vulnerabilities. These techniques include password cracking, remote access testing, penetration testing, social engineering, and physical security testing.

TCP wrappers

Transmission control protocol (TCP) wrapper, a network security tool, allows the administrator to log connections to TCP service. It can also restrict incoming connections to these services from systems. These features are useful when tracking or controlling unwanted network connection attempts.

Teardrop attack

This freezes vulnerable hosts by exploiting a bug in the fragmented packet re-assembly routines. A countermeasure is to install software patches and upgrades.

Technical attack

An attack that can be perpetrated by circumventing or nullifying hardware and software protection mechanisms, rather than by subverting system personnel or other users.

Technical controls

(1) An automated security control employed by the system. (2) The security controls (i.e., safeguards or countermeasures) for an information system that are primarily implemented and executed by the information system through mechanisms contained in the hardware, software, or firmware components of the system.

Technical security

The set of hardware, firmware, software, and supporting controls that implement security policy, accountability, assurance, and documentation.

Technical vulnerability

A hardware, firmware, communication, or software flaw that leaves a computer processing system open for potential exploitation, either externally or internally, thereby resulting in risk for the owner, user, or manager of the system.

Technology convergence

It occurs when two or more specific and compatible technologies are combined to work in harmony. For example, in a data center physical facility, physical security controls (keys, locks, and visitor escort), logical security controls (biometrics and access controls), and environmental controls (heat and humidity) can be combined for effective implementation of controls. These controls can be based on

Technology gap

A technology that is needed to mitigate a threat at a sufficient level but is not available.

Telecommuting

The ability for an organization’s employees and contractors to conduct work from locations other than the organization’s facilities.

Telework

The ability for an organization’s employees and contractors to conduct work from locations other than the organization’s facilities.

Telework device

A consumer device or PC used for performing telework.

Telnet

Protocol used for (possibly for remote) login to a computer host.

TEMPEST

A short name referring to investigation, study, and control of compromising emanations from telecommunications and automated information systems equipment. (i.e., spurious electronic signals emitted by electrical equipment). A low signal-to-ratio is preferred to control the tempest shielded equipment.

TEMPEST attack

Based on leaked electromagnetic radiation, which can directly provide plaintext and other information that an attacker needs to attack. It is a general class of side channel attack (Wikipedia).

Test

A type of assessment method that is characterized by the process of exercising one or more assessment objects under specified conditions to compare actual with expected behavior, the results of which are used to support the determination of security control effectiveness over time.

Test design

The test approach and associated tests.

Test harness

Software that automates the software engineering testing process to test the software as thoroughly as possible before using it on a real application. If appropriate, the component should include the source code (for “white box” components) and a “management application” if the data managed by the component must be entered or updated independent of the consuming application. Finally, a component should be delivered with samples of consumption of the component to indicate how the component operates within an application environment.