ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzalx_5.4.0.1/rzalxsecterms.htm

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
  PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="reference" />
<meta name="DC.Title" content="Security terminology" />
<meta name="abstract" content="This topic includes terms and definitions related to security information." />
<meta name="description" content="This topic includes terms and definitions related to security information." />
<meta name="copyright" content="(C) Copyright IBM Corporation 2004, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2004, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzalxsecterms" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Security terminology</title>
</head>
<body id="rzalxsecterms"><a name="rzalxsecterms"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Security terminology</h1>
<div><p>This topic includes terms and definitions related to security information.</p>
<div class="section"><p><a href="#rzalxsecterms__A">A</a>   <a href="#rzalxsecterms__B">B</a>    <a href="#rzalxsecterms__C">C</a>    <a href="#rzalxsecterms__D">D</a>   <a href="#rzalxsecterms__E">E</a>    <a href="#rzalxsecterms__F">F</a>   <a href="#rzalxsecterms__G">G</a>   <a href="#rzalxsecterms__H">H</a>    <a href="#rzalxsecterms__I">I</a>   <a href="#rzalxsecterms__J">J</a>  <a href="#rzalxsecterms__K">K</a>   <a href="#rzalxsecterms__L">L</a>   <a href="#rzalxsecterms__M">M</a>    <a href="#rzalxsecterms__N">N</a>   <a href="#rzalxsecterms__O">O</a>    <a href="#rzalxsecterms__P">P</a>   <a href="#rzalxsecterms__Q">Q</a>    <a href="#rzalxsecterms__R">R</a>    <a href="#rzalxsecterms__S">S</a>    <a href="#rzalxsecterms__T">T</a>   <a href="#rzalxsecterms__U">U</a>    <a href="#rzalxsecterms__V">V</a>    <a href="#rzalxsecterms__W">W</a>   <a href="#rzalxsecterms__X">X</a>   <a href="#rzalxsecterms__Y">Y</a>   <a href="#rzalxsecterms__Z">Z</a>   </p>
<dl class="dlexpand"><dt class="dltermexpand"><a name="rzalxsecterms__A"><!-- --></a>A</dt>
<dd></dd>
<dt class="dltermexpand"><a name="rzalxsecterms__Aa"><!-- --></a>authentication</dt>
<dd>Verification that a remote client or server is actually who they claim
to be. Authenticating ensures that you trust the remote peer to which you
are connecting.</dd>
<dt class="dltermexpand"><a name="rzalxsecterms__B"><!-- --></a>B</dt>
<dd></dd>
<dt class="dltermexpand"><a name="rzalxsecterms__C"><!-- --></a>C</dt>
<dd></dd>
<dt class="dltermexpand"><a name="rzalxsecterms__Cc"><!-- --></a>certificate authority (CA)</dt>
<dd>A trusted authority that issues and manages security credentials called
digital certificates.</dd>
<dt class="dltermexpand">cipher</dt>
<dd>Another term for encryption algorithm.</dd>
<dt class="dltermexpand">ciphertext</dt>
<dd>Encrypted text or data.</dd>
<dt class="dltermexpand">cracker</dt>
<dd>A hacker with malicious intent.</dd>
<dt class="dltermexpand">cryptography</dt>
<dd>The science of keeping data secure. Cryptography allows you to store information
or to communicate with other parties while preventing non-involved parties
from understanding the stored information or understanding the communication.
Encryption transforms understandable text into an unintelligible piece of
data (ciphertext). Decrypting restores the understandable text from the unintelligible
data. Both processes involve a mathematical formula or algorithm and a secret
sequence of data (the key). <p>There are two types of cryptography:</p>
<ul><li><span class="uicontrol">Symmetric</span>: Communicating parties share a secret
key that they use for both encryption and decryption. Also called shared key
cryptography.</li>
<li><span class="uicontrol">Asymmetric</span>: Each member of a communicating party
has two keys: A public key and a private key. The two keys are mathematically
related, but it is virtually impossible to derive the private key from the
public key. A message that is encrypted with someone's public key can be decrypted
only with the associated private key. Alternatively, a server or user can
use a private key to "sign" a document and use a public key to decrypt a digital
signature. <span><img src="./delta.gif" alt="Start of change" />If the hash resulting from the decryption of the
signature using the public key matches a real-time hash of the document itself,
the signature is considered valid and the document's source is considered
verified.<img src="./deltaend.gif" alt="End of change" /></span> Also known as public key cryptography.</li>
</ul>
</dd>
<dt class="dltermexpand"><a name="rzalxsecterms__D"><!-- --></a>D</dt>
<dd></dd>
<dt class="dltermexpand"><a name="rzalxsecterms__Dd"><!-- --></a>data confidentiality</dt>
<dd>Conceals the content of a message, typically by using encryption.</dd>
<dt class="dltermexpand">data integrity</dt>
<dd>Verifies that the contents of a datagram were not changed in transit,
either deliberately or due to random errors.</dd>
<dt class="dltermexpand">data origin authentication</dt>
<dd>Verifies that an IP datagram was originated by the claimed sender.</dd>
<dt class="dltermexpand">denial of service attack</dt>
<dd>Also known as DoS attack. Causes a service, such as a Web server, to become
unavailable or unusable by overloading a network with useless IP traffic.</dd>
<dt class="dltermexpand">digital certificate</dt>
<dd>A digital document that validates the identity of the certificate's owner,
much as a passport does. A trusted party, called a Certificate Authority (CA)
issues digital certificates to users and servers. The trust in the CA is the
foundation of trust in the certificate as a valid credential. You can use
them for the following: <ul><li>Identification - shows who is the user.</li>
<li>Authentication - ensures that the user is who he says that he is.</li>
<li>Integrity - determines whether the contents of a document have been altered
by verifying the sender's digital signature.</li>
<li>Non-repudiation - guarantees that a user cannot claim to not have performed
some action. For example, the user cannot dispute that he authorized an electronic
purchase with a credit card.</li>
</ul>
</dd>
<dt class="dltermexpand">digital signature</dt>
<dd>Equivalent to a personal signature on a written document. A digital signature
provides proof of the document's origin. The certificate owner "signs" a document
by using the private key that is associated with the certificate. The recipient
of the document uses the corresponding public key to decrypt the signature,
which verifies the sender as the source.</dd>
<dt class="dltermexpand">Digital Certificate Manager (DCM)</dt>
<dd>Allows an iSeries™ to
be a local Certificate Authority (CA). You can use DCM to create digital certificates
for use by servers or users. You can import digital certificates that other
CAs issue. You can also associate a digital certificate with an i5/OS™ user profile.
You also use DCM to configure applications to use Secure Sockets Layer (SSL)
for secure communications.</dd>
<dt class="dltermexpand">distinguished name</dt>
<dd>The name of the person or server to whom a Certificate Authority (CA)
issues a digital certificate. The certificate provides this name to indicate
certificate ownership. Depending on the policy of the CA that issues a certificate,
the distinguished name can include other authorization information.</dd>
<dt class="dltermexpand"><img src="./delta.gif" alt="Start of change" />Domain Name System (DNS)<img src="./deltaend.gif" alt="End of change" /></dt>
<dd><img src="./delta.gif" alt="Start of change" />The set of data used to identify an individual digital certificate holder.
Within a Class 1 Digital Certificate, this will be information such as your
name and your e-mail address, and the issuer of the digital certificate (VeriSign,
Inc.).<p>When you attach to the Internet, your Internet client uses a DNS
server to determine the IP address for the host system with which you want
to communicate.</p>
<img src="./deltaend.gif" alt="End of change" /></dd>
<dt class="dltermexpand"><a name="rzalxsecterms__E"><!-- --></a>E</dt>
<dd></dd>
<dt class="dltermexpand"><a name="rzalxsecterms__Ee"><!-- --></a>encryption</dt>
<dd><img src="./delta.gif" alt="Start of change" />The process of transforming data into a form
that is unreadable by anyone who does not have the correct decrypting method
and key. Unauthorized parties can still intercept the information. However,
without the correct decrypting method and key, the information is incomprehensible.<img src="./deltaend.gif" alt="End of change" /></dd>
<dt class="dltermexpand"><img src="./delta.gif" alt="Start of change" />Enterprise Identity Mapping (EIM)<img src="./deltaend.gif" alt="End of change" /></dt>
<dd><img src="./delta.gif" alt="Start of change" />EIM is a mechanism for mapping (associating) a person or entity to the
appropriate user identities in various registries throughout the enterprise.
EIM provides APIs for creating and managing these identity mapping relationships
as well as APIs used by applications to query this information. <img src="./deltaend.gif" alt="End of change" /></dd>
<dt class="dltermexpand">extranet</dt>
<dd>A private business network of several cooperating organizations located
outside the corporate firewall. An extranet service uses the existing Internet
infrastructure, including standard servers, e-mail clients, and Web browsers.
This makes an extranet more economical than the creation and maintenance of
a proprietary network. It enables trading partners, suppliers, and customers
with common interests to use the extended Internet to form both tight business
relations and a strong communication bond.</dd>
<dt class="dltermexpand"><a name="rzalxsecterms__F"><!-- --></a>F</dt>
<dd></dd>
<dt class="dltermexpand"><a name="rzalxsecterms__Ff"><!-- --></a>firewall</dt>
<dd><img src="./delta.gif" alt="Start of change" />A logical barrier between your internal network and an
external network, such as the Internet. A firewall consists of one or more
hardware and software systems or partitions. It controls the access and flow
of information between secure or trusted systems and insecure or untrusted
systems.<img src="./deltaend.gif" alt="End of change" /></dd>
<dt class="dltermexpand"><a name="rzalxsecterms__G"><!-- --></a>G</dt>
<dd></dd>
<dt class="dltermexpand"><a name="rzalxsecterms__H"><!-- --></a>H</dt>
<dd></dd>
<dt class="dltermexpand"><a name="rzalxsecterms__Hh"><!-- --></a>hacker</dt>
<dd>Any unauthorized person who tries to break into your system.</dd>
<dt class="dltermexpand"><img src="./delta.gif" alt="Start of change" />hypertext links<img src="./deltaend.gif" alt="End of change" /></dt>
<dd><img src="./delta.gif" alt="Start of change" />A way of presenting information online with connections (called hypertext
links) between one piece of information (called a hypertext node) and another.<img src="./deltaend.gif" alt="End of change" /></dd>
<dt class="dltermexpand"><img src="./delta.gif" alt="Start of change" />Hypertext Markup Language (HTML)<img src="./deltaend.gif" alt="End of change" /></dt>
<dd><img src="./delta.gif" alt="Start of change" />The language that is used to define hypertext documents. Use HTML to indicate
how your document should look (such as highlighting and type style) and how
it should be linked to other documents or objects.<img src="./deltaend.gif" alt="End of change" /></dd>
<dt class="dltermexpand"><img src="./delta.gif" alt="Start of change" />Hypertext Transfer Protocol (HTTP)<img src="./deltaend.gif" alt="End of change" /></dt>
<dd><img src="./delta.gif" alt="Start of change" />The standard method for accessing hypertext documents.<img src="./deltaend.gif" alt="End of change" /></dd>
<dt class="dltermexpand"><a name="rzalxsecterms__I"><!-- --></a>I</dt>
<dd></dd>
<dt class="dltermexpand"><a name="rzalxsecterms__Ii"><!-- --></a>Internet</dt>
<dd>The worldwide "network of networks" that are connected to each other.
And a suite of cooperating applications that allow computers connected to
this "network of networks" to communicate with each other. The Internet provides
browsable information, file transfer, remote logon, electronic mail, news,
and other services. The Internet is often called "the Net".</dd>
<dt class="dltermexpand">Internet client</dt>
<dd>A program (or user) that uses the Internet to make requests of and to
receive results from an Internet server program. Different client programs
are available to request different types of Internet services. A Web browser
is one type of client program. File transfer protocol (FTP) is another.</dd>
<dt class="dltermexpand">Internet host</dt>
<dd>A computer that is connected to the Internet or an intranet. An Internet
host might run more than one Internet server program. For example, the Internet
host might run an FTP server to respond to requests from FTP client applications.
The same host might run an HTTP server to respond to requests from clients
using Web browsers. Server programs typically run in the background (in batch)
on the host system.</dd>
<dt class="dltermexpand">Internet Key Exchange (IKE) protocol</dt>
<dd>Provides the automatic negotiation of security associations, as well as
the automatic generation and refresh of cryptographic keys as part of virtual
private networking (VPN).</dd>
<dt class="dltermexpand"><img src="./delta.gif" alt="Start of change" />Internet name<img src="./deltaend.gif" alt="End of change" /></dt>
<dd><img src="./delta.gif" alt="Start of change" />An alias for an IP address. An IP address is in long numeric form and
is difficult to remember, such as 10.5.100.75. You can assign this IP address
to an Internet name, such as system1.vnet.ibm.com. An Internet name is also
called a fully qualified domain name. When you see an advertisement that says,
"Visit our home page", the home page address is the Internet name, not the
IP address, because the Internet name is easier to remember. A fully qualified
domain name has several parts. For example, system1.vnet.ibm.com has the following
parts: <dl><dt class="dlterm">com:</dt>
<dd>All commercial networks. This part of the domain name is assigned by the
Internet authority (an external organization). Different characters are assigned
for different kinds of networks (such as <dfn class="term">com</dfn> for commercial and <dfn class="term">edu</dfn> for
educational institutions).</dd>
<dt class="dlterm">ibm:</dt>
<dd>The identifier for the organization. This part of the domain name is also
assigned by the Internet authority, and it is unique. Only one organization
in the world can have the identifier ibm.com.</dd>
<dt class="dlterm">vnet:</dt>
<dd>A grouping of systems within ibm.com. This identifier is assigned internally.
The administrator of ibm.com can create one or more groupings.</dd>
<dt class="dlterm">system1: </dt>
<dd>The name of an Internet host within the vnet.ibm.com group.</dd>
</dl>
   <img src="./deltaend.gif" alt="End of change" /></dd>
<dt class="dltermexpand">Internet server</dt>
<dd>A program (or set of programs) that accepts requests from corresponding
client programs over the Internet and responds to those clients over the Internet.
You can think of an Internet server as a site that an Internet client can
access or visit. Different server programs support different services, such
as the following: <ul><li>Browsing (a "home page" and links to other documents and objects).</li>
<li>File transfer. The client can request, for example, to transfer files
from the server to the client. The files might be software updates, product
listings, or documents.</li>
<li>Electronic commerce, such as the ability to request information or order
products.</li>
</ul>
</dd>
<dt class="dltermexpand">Internet service provider (ISP)</dt>
<dd>An organization that provides your connection to the Internet in much
the same way that your local telephone company provides your connection to
worldwide telephone networks.</dd>
<dt class="dltermexpand">intranet</dt>
<dd>An organization's <u>internal</u> network that uses Internet tools, such
as a Web browser or FTP.</dd>
<dt class="dltermexpand" id="rzalxsecterms__intdetdt"><a name="rzalxsecterms__intdetdt"><!-- --></a><img src="./delta.gif" alt="Start of change" />intrusion detection<img src="./deltaend.gif" alt="End of change" /></dt>
<dd id="rzalxsecterms__intdetdd"><a name="rzalxsecterms__intdetdd"><!-- --></a><img src="./delta.gif" alt="Start of change" />A broad term encompassing the detection of many undesirable
activities.  The objective of an intrusion might be to acquire information
that a person is not authorized to have (information theft). The objective
might be to cause a business harm by rendering a network, system, or application
unusable (denial of service), or it might be to gain unauthorized use of a
system as a means for further intrusions elsewhere.  Most intrusions follow
a pattern of information gathering, attempted access, and then destructive
attacks. Some attacks can be detected and neutralized by the target system.
 Other attacks cannot be effectively neutralized by the target system.  Most
of the attacks also make use of "spoofed" packets, which are not easily traceable
to their true origin.  Many attacks now make use of unwitting accomplices,
which are machines or networks that are used without authorization to hide
the identity of the attacker. For these reasons, detecting information gathering,
access attempts, and attack behaviors are vital parts of intrusion detection.<img src="./deltaend.gif" alt="End of change" /></dd>
<dt class="dltermexpand">IP address</dt>
<dd>A unique identifier on a TCP/IP network (the Internet is a very large
TCP/IP network). An Internet server typically has an assigned unique IP address.
An Internet client might use a temporary but unique IP address that is allocated
by the ISP.</dd>
<dt class="dltermexpand">IP datagram</dt>
<dd>A unit of information that is sent across a TCP/IP network. An IP datagram
(also called a packet) contains both data and header information, such as
the IP addresses of the origin and of the destination machines.</dd>
<dt class="dltermexpand">IP filters</dt>
<dd>Controls what IP traffic to allow into and out of your network by filtering
packets according to rules that you define. This protects the secure network
from outsiders who use unsophisticated techniques (such as scanning for secure
servers) or even the most sophisticated techniques (such as IP address spoofing).
You should think of the filtering feature as the base on which the other tools
are constructed. It provides the infrastructure in which they operate and
denies access to all but the most determined cracker.</dd>
<dt class="dltermexpand">IP security (IPSec) protocol</dt>
<dd>A set of protocols to support secure exchange of packets at the network
layer. IPSec is a set of standards that i5/OS and many other systems use to carry
out VPNs.</dd>
<dt class="dltermexpand"><img src="./delta.gif" alt="Start of change" />IP spoofing<img src="./deltaend.gif" alt="End of change" /></dt>
<dd><img src="./delta.gif" alt="Start of change" />An attempt to access your system by pretending to be a system (IP address)
that you normally trust. The would-be intruder sets up a system with an IP
address that you trust. Router manufacturers have worked to build protections
into their systems to detect and reject attempts to spoof.<img src="./deltaend.gif" alt="End of change" /></dd>
<dt class="dltermexpand"><a name="rzalxsecterms__J"><!-- --></a>J</dt>
<dd></dd>
<dt class="dltermexpand"><a name="rzalxsecterms__K"><!-- --></a>K</dt>
<dd></dd>
<dt class="dltermexpand"><a name="rzalxsecterms__L"><!-- --></a>L</dt>
<dd></dd>
<dt class="dltermexpand"><a name="rzalxsecterms__M"><!-- --></a>M</dt>
<dd></dd>
<dt class="dltermexpand"><a name="rzalxsecterms__N"><!-- --></a>N</dt>
<dd></dd>
<dt class="dltermexpand"><a name="rzalxsecterms__Nn"><!-- --></a>network address translation (NAT)</dt>
<dd>Provides a more transparent alternative to the proxy and SOCKS servers.
It also simplifies network configuration by enabling networks with incompatible
addressing structures to be connected. NAT provides two major functions. NAT
provides this protection by allowing you to hide your server's "true" address
behind an address that you make available to the public. For example, it can
protect a public Web server that you want to operate from within your internal
network. NAT also provides a mechanism for internal users to access the Internet
while hiding the private internal IP addresses. NAT provides protection when
you allow internal users to access Internet services because you can hide
their private addresses.</dd>
<dt class="dltermexpand">non-repudiation</dt>
<dd>Provides proof that a transaction occurred, or that you sent or received
a message. The use of digital certificates and public key cryptography to
"sign" transactions, messages, and documents supports non-repudiation.</dd>
<dt class="dltermexpand"><a name="rzalxsecterms__O"><!-- --></a>O</dt>
<dd></dd>
<dt class="dltermexpand"><a name="rzalxsecterms__P"><!-- --></a>P</dt>
<dd></dd>
<dt class="dltermexpand"><a name="rzalxsecterms__Pp"><!-- --></a>packet</dt>
<dd>A unit of information that is sent across a TCP/IP network. A packet (also
called a datagram) contains both data and header information, such as the
IP addresses of the origin and of the destination machines, and includes information
about the line protocol, such as Ethernet token-ring, or frame-relay.</dd>
<dt class="dltermexpand">proxy server</dt>
<dd>A TCP/IP application that re-sends requests and responses between clients
on your secure internal network and servers on the untrusted network. The
proxy server breaks the TCP/IP connection to hide your internal network information
(such as internal IP addresses). Hosts outside your network perceive the proxy
server as the source of the communication.</dd>
<dt class="dltermexpand">public key infrastructure (PKI)</dt>
<dd>A system of digital certificates, CAs, and other registration authorities
that verify and authenticate the validity of each party involved in an Internet
transaction.</dd>
<dt class="dltermexpand"><a name="rzalxsecterms__Q"><!-- --></a>Q</dt>
<dd></dd>
<dt class="dltermexpand"><a name="rzalxsecterms__R"><!-- --></a>R</dt>
<dd></dd>
<dt class="dltermexpand"><a name="rzalxsecterms__Rr"><!-- --></a>replay protection</dt>
<dd>Ensures that an attacker cannot intercept a datagram and play it back
at some later time.</dd>
<dt class="dltermexpand"><a name="rzalxsecterms__S"><!-- --></a>S</dt>
<dd></dd>
<dt class="dltermexpand"><a name="rzalxsecterms__Ss"><!-- --></a>Secure Sockets Layer (SSL)</dt>
<dd>Created by Netscape, SSL is the de facto industry standard for session
encryption between clients and servers. SSL uses symmetric key encryption
to encrypt the session between a server and client (user). The client and
server negotiate this session key during an exchange of digital certificates.
A different key is created for each client and server SSL session. Consequently,
even if unauthorized users intercept and decrypt a session key (that is unlikely),
they cannot use it to eavesdrop on current, future, or past SSL sessions.</dd>
<dt class="dltermexpand"><img src="./delta.gif" alt="Start of change" />single sign-on (SSO): <img src="./deltaend.gif" alt="End of change" /></dt>
<dd><img src="./delta.gif" alt="Start of change" />A form of authentication that enables a user to authenticate once and
gain access to the resources of multiple systems or applications. See Enterprise
Identity Mapping.<img src="./deltaend.gif" alt="End of change" /></dd>
<dt class="dltermexpand">sniffing</dt>
<dd>The practice of monitoring or eavesdropping on electronic transmissions.
Information that is sent across the Internet might pass through many routers
before it reaches its destination. Router manufacturers, ISPs, and operating
system developers have worked very hard to ensure that sniffing cannot occur
on the Internet backbone. Incidents of successful sniffing are becoming increasingly
rare. Most occur on private LANs that are connected to the Internet, rather
than on the Internet backbone itself. However, you need to be aware of the
possibility of sniffing because most TCP/IP transmissions are not encrypted.</dd>
<dt class="dltermexpand">SOCKS</dt>
<dd>A client/server architecture that transports TCP/IP traffic through a
secure gateway. A SOCKS server performs many of the same services that a proxy
server does.</dd>
<dt class="dltermexpand">spoofing</dt>
<dd>The attackers masquerade as a trusted system to try to persuade you to
send secret information to them.</dd>
<dt class="dltermexpand"><a name="rzalxsecterms__T"><!-- --></a>T</dt>
<dd></dd>
<dt class="dltermexpand"><a name="rzalxsecterms__Tt"><!-- --></a>TCP/IP</dt>
<dd>The primary communications protocol that is used on the Internet. TCP/IP
stands for Transmission Control Protocol/Internet Protocol. You might also
use TCP/IP on your internal network.</dd>
<dt class="dltermexpand"><img src="./delta.gif" alt="Start of change" />Trojan horse<img src="./deltaend.gif" alt="End of change" /></dt>
<dd><img src="./delta.gif" alt="Start of change" />A computer program, command, or script that appears to perform a useful
and innocent function. However, it contains hidden functions that use approved
authorizations assigned to users when they start the program. For example,
it might copy your internal authorization information from your computer and
send it back to the originator of the Trojan horse.<img src="./deltaend.gif" alt="End of change" /></dd>
<dt class="dltermexpand"><a name="rzalxsecterms__U"><!-- --></a>U</dt>
<dd></dd>
<dt class="dltermexpand"><a name="rzalxsecterms__V"><!-- --></a>V</dt>
<dd></dd>
<dt class="dltermexpand"><a name="rzalxsecterms__Vv"><!-- --></a>virtual private network (VPN)</dt>
<dd>An extension of an enterprise's private intranet. You can use it across
a public network such as the Internet, creating a secure private connection,
essentially through a private "tunnel". VPNs securely convey information across
the Internet connecting other users to your system. These include: <ul><li>Remote users</li>
<li>Branch offices</li>
<li>Business partners and suppliers</li>
</ul>
</dd>
<dt class="dltermexpand"><a name="rzalxsecterms__W"><!-- --></a>W</dt>
<dd></dd>
<dt class="dltermexpand"><a name="rzalxsecterms__Ww"><!-- --></a>Web browser</dt>
<dd>The HTTP client application. A Web browser interprets HTML to display
hypertext documents for the user. The user can access a hyperlinked object
by clicking on (selecting) an area of the current document. That area is often
called a <span class="uicontrol">hot spot</span>. Internet Connection Web Explorer,
and Netscape Navigator are examples of Web browsers.</dd>
<dt class="dltermexpand">World Wide Web (WWW)</dt>
<dd>A mesh of interconnected servers and clients that use the same standard
format for creating documents (HTML) and accessing documents (HTTP). The mesh
of links, both from server to server and from document to document, is metaphorically
called <span class="uicontrol">the Web</span>.</dd>
<dt class="dltermexpand"><a name="rzalxsecterms__X"><!-- --></a>X</dt>
<dd></dd>
<dt class="dltermexpand"><a name="rzalxsecterms__Y"><!-- --></a>Y</dt>
<dd></dd>
<dt class="dltermexpand"><a name="rzalxsecterms__Z"><!-- --></a>Z</dt>
<dd></dd>
</dl>
</div>
</div>
<div></div>
</body>
</html>