General packet radio service (GPRS)

A packet switching enhancement to global system for mobile communications (GSM) and time division multiple access (TDMA) wireless networks to increase data transmission speeds.

General support system (GSS)

An interconnected information resource under the same direct management controls that share common functionality. It normally includes hardware, software, information, data, applications, communications, facilities, and people and provides support for a variety of users and/or applications. Individual applications support different mission-related functions. Users may be from the same or different organizations.

Generalized testing

A test methodology that assumes no knowledge of the internal structure and implementation detail of the assessment object. Also known as black-box testing.

Global positioning system (GPS)

(1) A system for determining position by comparing radio signals from several satellites. (2) A network of satellites providing precise location determination to receivers.

Global supply chain

A system of organizations, people, activities, information, and resources, international in scope, involved in moving products or services from supplier/producer to consumer/customer.

Global system for mobile communications (GSM)

A set of standards for second generation cellular networks currently maintained by the third generation partnership project (3GPP).

Gopher

A protocol designed to allow a user to transfer text or binary files among computer hosts across networks.

Graduated security

A security system that provides several levels (e.g., low, moderate, or high) of protection based on threats, risks, available technology, support services, time, human concerns, and economics.

Granularity

(1) An expression of the relative size of a data object. (2) The degree to which access to objects can be restricted. (3) Granularity can be applied to both the actions allowable on objects, as well as to the users allowed to perform those actions of the object. (4) The relative fineness or coarseness by which a mechanism can be adjusted. For example, protection at the file level is considered to be coarse granularity, whereas protection at the field level is considered to be of finer granularity. (5) The phrase “the granularity of a single user” means the access control mechanism can be adjusted to include or exclude any single user.

Graphical user interface (GUI)

A combination of menus, screen design, keyboard commands, command language, and help screens that together create the way a user interacts with a computer. Allows users to move in and out of programs and manipulate their commands by using a pointing device (often a mouse). Synonymous with user interface.

Gray box testing

A test methodology that assumes some knowledge of the internal structure and implementation detail of the assessment object. Focused testing is also known as gray box testing.

Grid computing

A form of distributed computing whereby a super virtual computer is composed of many networked and loosely coupled computers working together to perform very large tasks. The grid handles non-interactive workloads that involve a large number of files that are heterogeneous and geographically dispersed. Grids are constructed with middleware and software libraries, and the grid computers are connected to a network (that is, private, public, or the Internet) with a conventional network interface, such as Ethernet. There is an overlap between grid computing, distributed computing, parallel computing, and mesh computing (Wikipedia).

Group

A set of subjects.

Groupware

Software that recognizes the significance of groups by providing system functions to support the collaborative activities of work groups.

Guard (hardware and software)

A mechanism limiting the exchange of information between information systems or subsystems. It operates as a gatekeeper in the form of an application layer guard to implement firewall mechanisms, such as performing identification and authentication functions and enforcing security policies. Guard functionality includes such features as cryptographic invocation check on information that is allowed outside the protected enclave and data content filtering to support sensitivity regrade decisions. The guard functionality, although effective for non-real-time applications (e.g., e-mail) on networks with low sensitivity, has been difficult to scale to highly classified networks and real-time applications.

Guessing entropy

A measure of the difficulty that an attacker has to guess the average password used in a system. Entropy is stated in bits. The attacker is assumed to know the actual password frequency distribution.

Guessing (password)

The act of repeatedly attempting to authenticate using default passwords, dictionary words, and other possible passwords.

H

H.225

A gatekeeper telephony protocol used in the PC-to-gatekeeper channel (the International Telecommunications Union (ITU) standard).

H.245

A telephony protocol used to allow terminals to negotiate options (the ITU standard).

H.248

A protocol used in large deployment for gateway decomposition (the ITU standard).

H.323

A gateway protocol used in the Internet telephony systems operating with packet-switched networks providing voice and video calling and signaling (the ITU standard).

Hacker

Any unauthorized user who gains, or attempts to gain, access to an information system, regardless of motivation.

Handler

A type of program used in distributed denial-of-service (DDoS) attacks to control agents distributed throughout a network. Also refers to an incident handler, which refers to a person who performs computer-security incident response work.

Handshake

Involves passing special characters (XON/XOFF) between two devices or between two computers to control the flow of information. When the receiving computer cannot continue to receive data, it transmits an XOFF that tells the sending computer to stop transmitting. When transmission can resume, the receiving computer signals the sending computer with an XON. Two types of handshake exist: hardware and software. The hardware handshake uses non-data wires for transmission and the software handshake uses data wires as in modem-to-modem communications over telephone lines.

Handshaking procedure

A dialogue between two entities (e.g., a user and a computer, a computer and another computer, or a program and another program) for the purpose of identifying and authenticating the entities to one another.

Hardening

Configuring a host’s operating system and application systems to reduce the host’s security weaknesses.

Hardware and software monitors

Hardware monitors work by attaching probes to processor circuits and detecting and recording events at those probes. Software monitors are programs that execute in a computer system to observe and report on the behavior of the system.

Hardware segmentation

The principle of hardware segmentation provides hardware transparency when hardware is designed in a modular fashion and when it is interconnected. A failure in one module should not affect the operation of other modules. Similarly, a module attacked by an intruder should not compromise the entire system. System architecture should be arranged so that vulnerable networks or network segments can be quickly isolated or taken off-line in the event of an attack. Examples of hardware that need to be segmented includes network switches, physical circuits, and power supply equipment.