Hot spots

Hot spots consist of one or more Wi-Fi access points positioned on a ceiling or wall in a public place to provide maximum wireless coverage for a wireless LAN.

Hot wash

Hot wash is a debriefing session conducted immediately after an exercise or test of an information system with the testing team, non-testing staff, and other participants to share problems and experiences.

Hubs

A hub can be thought of a central place from which all connections are made between networks and computers. Hubs are simple devices that connect network components, sending a packet of data to all other connected devices. Hubs operate in the physical layer of the ISO/OSI reference model.

Human threats

Examples of human threats include intentional/unintentional errors; sabotage of data, systems, and property; implanting of malicious code; and terrorist attacks.

Hybrid attack (password)

A form of guessing attack in which the attacker uses a dictionary that contains possible passwords and then uses variations through brute force methods of the original passwords in the dictionary to create new potential passwords. Hybrid Attack = Dictionary Attack + Brute Force Attack.

Hybrid security control

A security control that has the properties of both a common security control and a system-specific security control (i.e., one part of the control is deemed to be common, whereas another part of the control is deemed to be system-specific).

Hybrid topology

Hybrid topology is a combination of any two different basic network topologies (e.g., combination of star topology and bus topology). The tree topology is an example of a hybrid topology where a linear bus backbone connects star-configured networks.

Hyperlink

An electronic link providing direct access from one distinctively marked place in a hypertext or hypermedia document to another in the same or a different document.

Hypertext markup language (HTML)

A markup language that is a subset of standard generalized markup language (SGML) and is used to create hypertext and hypermedia documents on the Web incorporating text, graphics, sound, video, and hyperlinks. It is a mechanism used to create Web pages on the Internet.

Hypertext transfer protocol (HTTP)

(1) The native protocol of the Web, used to transfer hypertext documents on the Internet. (2) A standard method for communication between clients and Web servers.

Hypervisor

The hypervisor or virtual machine (VM) monitor is an additional layer of software between an operating system and hardware platform that is used to operate multitenant VMs in cloud services. Besides virtualized resources, the hypervisor normally supports other application programming interfaces (APIs) to conduct administrative operations, such as launching, migrating, and terminating VM instances. It is the virtualization component that manages the guest operating systems (OSs) on a host and controls the flow of instructions between the guest OSs and the physical hardware. Compared with a traditional non-virtualized implementation, the addition of a hypervisor causes an increase in the attack surface, which is risky.

I

Identification

(1) The process of verifying the identity of a user, process, or device, usually as a prerequisite for granting access to resources in an IT system. (2) The process of discovering the true identity (i.e., origin, initial history) of a person or item from the entire collection of similar persons or items. Identification comes before authentication.

Identifier

A unique data string used as a key in the biometric system to name a person’s identity and its associated attributes.

Identity

(1) A unique name of an individual person. Because the legal names of persons are not necessarily unique, the identity of a person must include sufficient additional information (for example, an address or some unique identifier such as an employee or account number) to make the complete name unique. (2) It is information that is unique within a security domain and which is recognized as denoting a particular entity within that domain. (3) The set of physical and behavioral characteristics by which an individual is uniquely recognizable.

Identity-based access control (IBAC)

An access control mechanism based only on the identity of the subject and object. An IBAC decision grants or denies a request based on the presence of an entity on an access control list. IBAC and discretionary access control are considered equivalent.

Identity-based security policy

A security policy based on the identities and/or attributes of the object (system resource) being accessed and of the subject (e.g., user, group of users, process, or device) requesting access.

Identity binding

Binding of the vetted claimed identity to the individual (through biometrics) according to the issuing authority.

Identity management

Identity management system comprised of one or more systems or applications that manages the identity verification, validation, and issuance process.

Identity proofing

(1) A process by which a credential service provider (CSP) and a registration authority (RA) validate sufficient information to uniquely identify a person. (2) The process of providing sufficient information (e.g., identity history, credentials, and documents) to a personal identity verification (PIV) registrar when attempting to establish an identity.

Identity registration

The process of making a person’s identity known to the personal identity verification (PIV) system, associating a unique identifier with that identity, and collecting and recording the person’s relevant attributes into the system.

Identity token

A smart card, a metal key, or some other physical token carried by a system user that allows user identity validation.

Identity verification

The process of confirming or denying that a claimed identity is correct by comparing the credentials (i.e., something you know, something you have, something you are) of a person requesting access with those previously proven and stored in the personal identity verification (PIV) card or system and associated with the identity being claimed.

Impact

The magnitude of harm that can be expected to result from the consequences of unauthorized disclosure of information, unauthorized modification of information, unauthorized destruction of information, loss of information, or loss of information system availability.

Impersonating

An attempt to gain access to a computer system by posing as an authorized user. Synonymous with masquerading, spoofing, and mimicking.

Implementation attacks

Implementation attacks can occur when hardware or software is not implemented properly or is not used correctly. For example, if a secure socket layer (SSL) protocol or transport layer security (TLS) protocol is implemented improperly or used incorrectly, it is subjected to a man-in-the-middle (MitM) attack. This attack occurs when a malicious entity intercepts all communication between the Web client and the Web server with which the client is attempting to establish an SSL/TLS connection.

Inappropriate usage

A person who violates acceptable use of any network or computer policies.

In-band management

In in-band management, a secure shell (SSH) session is established with the connectivity device (e.g., routers and switches) in a distributed local-area network (LAN).