Man-in-the-middle (MitM) attack

(1) A type of attack that takes advantage of the store-and-forward mechanism used by insecure networks such as the Internet (also called bucket brigade attack). (2) Actively impersonating multiple legitimate parties, such as appearing as a client to an access point and appearing as an access point to a client. This allows an attacker to intercept communications between an access point and a client, thereby obtaining authentication credentials and data. (3) An attack on the authentication protocol run in which the attacker positions himself in between the claimant and verifier so that he can intercept and alter data traveling between them. (4) An attack against public key algorithms, where an attacker substitutes his public key for the requested public key.

Managed or enterprise environment

An inward-facing environment that is very structured and centrally managed.

Managed interfaces

Managed interfaces allow connections to external networks or information systems consisting of boundary protection devices arranged according to an organization’s security architecture.

Managed interfaces employing boundary protection devices include proxies, gateways, routers, firewalls, software/hardware guards, or encrypted tunnels (e.g., routers protecting firewalls and application gateways residing on a protected demilitarized zone). Managed interfaces, along with controlled interfaces, use boundary protection devices. These devices prevent and detect malicious and other unauthorized communications.

Management controls

The security controls (i.e., safeguards or countermeasures) for an information system that focus on the management of risk and the management of information system security. They include actions taken to manage the development, maintenance, and use of the system, including system-specific policies, procedures, rules of behavior, individual roles and responsibilities, individual accountability, and personnel security decisions.

Management message (WMAN/WiMAX)

A management message (MM) is a message used for communications between a BS and SS/MS. These messages (e.g., establishing communication parameters, exchanging privacy settings, and performing system registration events) are not encrypted and thus are susceptible to eavesdropping attacks.

Management network

A separate network strictly designed for security software management.

Management server

A centralized device that receives information from sensors or agents and manages them.

Mandatory access control

Access controls that are driven by the results of a comparison between the user’s trust-level/clearance and the sensitivity designation of the information. A means of restricting access to objects (system resources) based on the sensitivity (as represented by a label) of the information contained in the objects and the formal authorization (i.e., clearance) of subjects (users) to access information of such sensitivity.

Mandatory protection

The result of a system that preserves the sensitivity labels of major data structures in the system and uses them to enforce mandatory access controls.

Mantraps

Mantraps provide additional security at the entrances to high-risk areas. For highly sensitive areas, mantraps require a biometric measure such as fingerprints combined with the weight of the person entering the facility.

Market analysis

Useful in the supply chain activities employing the chain-in-depth concept. Market analysis is conducted when the information system owner does not know who the potential suppliers or integrators are or would like to discover alternative suppliers or integrators or the suppliers of the suppliers or integrators. The market analysis should identify which companies can provide the required items or make suggestions for possible options. Some ways to gather information about potential suppliers or integrators include open sources (such as the press), Internet, periodicals, and fee-based services.

Marking

The process of placing a sensitivity designator (e.g., confidential) with data such that its sensitivity is communicated. Marking is not restricted to the physical placement of a sensitivity designator, as might be done with a rubber stamp, but can involve the use of headers for network messages, special fields in databases, and so on.

Markov models

They are graphical techniques used to model a system with regard to its failure states in order to evaluate the reliability, safety, or availability of the system.

Markup language

A system (as HTML or SGML) for marking or tagging a document that indicates its logical structure (as paragraphs) and gives instructions for its layout on the page for electronic transmission and display.

Masquerading

(1) Impersonating an authorized user and gaining unauthorized privileges. (2) An unauthorized agent claiming the identity of another agent. (3) An attempt to gain access to a computer system by posing as an authorized user. (4) The pretense by an entity to be a different entity. Synonymous with impersonating, spoofing, or mimicking.

Mass mailing worm

A worm that spreads by identifying e-mail addresses, often by searching an infected system, and then sending copies of itself to those addresses, either using the system’s e-mail client or a self-contained mailer built into the worm itself.

Master boot record (MBR)

A special region on bootable media that determines which software (e.g., operating system and utility) will be run when the computer boots from the media.

Maximum signaling rate

The maximum rate, in bits per second, at which binary information can transfer in a given direction between users over telecommunication system facilities dedicated to a particular information transfer transaction. This happens under conditions of continuous transaction and no overhead information.

Maximum stuffing rate

The maximum rate at which bits are inserted or deleted.

Maximum tolerable downtime

The amount of time business processes can be disrupted without causing significant harm to the organization’s mission.

Mean-time-between-failures (MTBF)

(1) The average length of time a system is functional or the average time interval between failures. (2) The total functioning life of an item divided by the total number of failures during the measurement interval of minutes, hours, and days. (3) The average length of time a system or a component works without fault between consecutive failures. MTBF assumes that the failed system is immediately repaired as in MTTR (repair). A high MTBF means high system reliability. MTBF = MTTF + MTTR (repair).

Mean-time-between-outages (MTBO)

The mean-time between equipment failures that results in a loss of system continuity or unacceptable degradation, as expressed by MTBO = MTBF/(1-FFAS), where MTBF is the nonredundant mean-time between failures, and FFAS is the fraction of failures for which the failed hardware or software is bypassed automatically. A high MTBO means high system availability.

Mean-time-to-data loss (MTTDL)

The average time before a loss of data occurs in a given disk array and is applicable to RAID technology. A low MTTDL means high data reliability.

Mean-time-to-failure (MTTF)

The average time to the next failure. It is the time taken for a part or system to fail for the first time. MTTF assumes that the failed system is not repaired. A high MTTF means high system reliability.

Mean-time-to-recovery (MTTR)

The time following a failure to restore a RAID disk array to its normal failure-tolerant mode of operation. This time includes the replacement of the failed disk and the time to rebuild the disk array. A low MTTR means high system availability.