1. Главная
  2. Книги
  3. Vallabhaneni S. Rao
  4. CISSP Practice
  5. Страница 367
Выбрать главу

XOT

X.25 over transmission control protocol (TCP).

XPath

Used to define the parts of an XML document, using path expressions.

XQuery

Provides functionality to query an XML document.

XSL

Extensible style language (XSL) file is used in dynamic content generation where Web pages can be written in XML and then converted to HTML.

Z

Zero-day attacks

A zero-day attack or threat is a computer threat that tries to exploit computer application vulnerabilities that are unknown to others, undisclosed to the software vendor, or for which no security fix is available. Zero-day attacks, exploits, and incidents are the same.

Zero-day backup

Similar to normal or full backup where it archives all selected files and marks each as having been backed up. An advantage of this method is the fastest restore operation because it contains the most recent files. A disadvantage is that it takes the longest time to perform the backup.

Zero-day exploits

Zero-day exploits (actual code that can use a security vulnerability to carry out an attack) are used or shared by attackers before the software vendor knows about the vulnerability. Zero-day attacks, exploits, and incidents are the same.

Zero-day incidents

Zero-day incidents are attacks through previously unknown weaknesses in computer networks. Zero-day attacks, exploits, and incidents are the same.

Zero day warez

Zero day warez (negative day) refers to software, games, videos, music, or data unlawfully released or obtained on the day of public release. Either a hacker or an employee of the releasing company is involved in copying on the day of the official release.

Zero fill

To fill unused storage locations in an information system with the representation of the character denoting “0.”

Zero-knowledge proof

One party proving something to another without revealing any additional information. This proof has applications in public-key encryption and smart card implementations.

Zero-knowledge password protocol

A password based authentication protocol that allows a claimant to authenticate to a verifier without revealing the password to the verifier. Examples of such protocols include EKE, SPEKE, and SRP.

Zero quantum theory

Zero quantum theory is based on the principles of quantum-mechanics where eavesdroppers can alter the quantum state of the cryptographic system.

Zeroize

To remove or eliminate the key from a cryptographic equipment or fill device.

Zeroization

A method of erasing electronically stored data, cryptographic keys, credentials service providers (CSPs), and initialization vectors by altering or deleting the contents of the data storage to prevent recovery of the data.

Zipf’s law

Applicable to storage management using video servers, where videos can be stored hierarchically in tape (low capacity) to DVD, magnetic disk, and RAM (high capacity). The Zipf’s law states that the most popular movie is seven times as popular as the number seventh movie, which can help in planning the storage space. An alternative to tape is optical storage.

Zombie

A computer program that is installed on a system to cause it to attack other computer systems in a chain-like manner.

Zone drift error

A zone drift error results in incorrect zone data at the secondary name servers when there is a mismatch of data between the primary and secondary name servers. The zone drift error is a threat due to domain name system (DNS) data contents.

Zone file

The primary type of domain name system (DNS) data is zone file, which contains information about various resources in that zone.

Zone of control

Three-dimensional space (expressed in feet of radius) surrounding equipment that processes classified and/or sensitive information within which TEMPEST exploitation is not considered practical. It also means legal authorities can identify and remove a potential TEMPEST exploitation.

Control zone deals with physical security over sensitive equipment containing sensitive information. It is synonymous with control zone.

Zone signing key (ZSK)

A zone signing key is an authentication key that corresponds to a private key used to sign a zone.

Zone transfer

Zone transfer is a part of domain name system (DNS) transactions. Zone transfer refers to the way a secondary (slave) name server refreshes the entire contents of its zone file from the primary (master) name server.

Sources and References

“Assessment of Access Control Systems (NIST IR7316),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, September 2006.

“Border Gateway Protocol Security (NIST SP 800-54),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, June 2007.

“Computer Security Incident Handling Guide (NIST SP 800-61 Revision 1),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, March 2008.

“Contingency Planning Guide for IT Systems (NIST SP 800-34),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, June 2002.

“Digital Signature Standard –DSS (NIST FIPS PUB 186-3),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, June 2009.

“Electronic Authentication Guidelines (NIST SP800-63-1 Draft),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, December 2008.

“A Framework for Designing Cryptographic Key Management Systems (NIST SP800-130 Draft),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, June 2010.

“Glossary of Key Information Security Terms” (NIST IR 7298 Revision 1), National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, February 2011.

“Guide for Assessing the Security Controls in Federal Information Systems (NIST SP 800-53A),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, July 2008.

“Guide to Enterprise Telework and Remote Access Security (NIST SP800-46 R1),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, June 2009.

“Guide to Intrusion Detection and Prevention Systems, IDPS, (NIST SP 800-94),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, February 2007.

“Guide to Secure Web Services (NIST SP 800-95),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, August 2007.

“Guide to SSL VPNs (NIST SP 800-113 Draft),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, August 2007.

“Guide to Storage Encryption Technologies for End User Devices (NIST SP 800-111 Draft),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, August 2007.

“Guidelines on Cell Phone Forensics (NIST SP 800-101),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, May 2007.

“Guidelines on Cell Phone and PDA Security (NIST SP800-124),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, October 2008.

~ 367 ~