Mean-time-to-repair (MTTR)

(1) The amount of time it takes to resume normal operation. (2) The total corrective maintenance time divided by the total number of corrective maintenance actions during a given period of time. A low MTTR means high system reliability.

Mean-time-to-restore (MTTR)

The average time to restore service following system failures that result on service outages. The time to restore includes all time from the occurrence of the failure until the restoral of service. A low MTTR means high system availability.

Measures

All the output produced by automated tools (for example, IDS/IPS, vulnerability scanners, audit record management tools, configuration management tools, and asset management tools) and various information security program-related data (for example, training and awareness data, information system authorization data, contingency planning and testing data, and incident response data). Measures also include security assessment evidence from both automated and manual collection methods. A “measure” is the result of gathering data from the known sources.

Mechanisms

An assessment object that includes specific protection-related items (for example, hardware, software, or firmware) employed within or at the boundary of an information system.

Media

Physical devices or writing surfaces including, but not limited to, magnetic tapes, optical disks, magnetic disks, large-scale integration (LSI) memory chips, flash ROM, and printouts (but not including display media) onto which information is recorded, stored, or printed within an information system.

Media access control address

A hardware address that uniquely identifies each component of an IEEE 802-based standard. On networks that do not conform to the IEEE 802 standard but do conform to the ISO/OSI reference model, the node address is called the Data Link Control (DLC) address.

Media gateway

It is the interface between circuit switched networks and IP network. Media gateway handles analog/digital conversion, call origination and reception, and quality improvement functions such as compression or echo cancellation.

Media gateway control protocol (MGCP)

MGCP is a common protocol used with media gateways to provide network management and control functions.

Media sanitization

A general term referring to the actions taken to render data written on media unrecoverable by both ordinary and extraordinary means.

Medium/media access control protocols

Protocols for the medium/media access control sublayer, which is the bottom part of the data link layer of the ISO/OSI reference model, include carrier sense multiple access with collision avoidance and collision detection (CSMA/CA and CSMA/CD), wavelength division multiple access (WDMA), Ethernet (thick, thin, fast, switched, and gigabit), logical link control (LLC), the 802.11 protocol stack for wireless LANs, the 802.15 for Bluetooth, the 802.16 for Wireless MANs, and the 802.1Q for virtual LANs. These are examples of broadcast networks with multi-access channels.

Meet-in-the-middle (MIM) attack

Occurs when one end is encrypted and the other end is decrypted, and the results are matched in the middle. MIM attack is made on block ciphers.

Melting

A physically destructive method of sanitizing media; to be changed from a solid to a liquid state generally by the application of heat. Same as smelting.

Memorandum of understanding/agreement

A document established between two or more parties to define their respective roles and responsibilities in accomplishing a particular goal. Regarding IT, it defines the responsibilities of two or more organizations in establishing, operating, and securing a system interconnection.

Memory cards

Memory cards are data storage devices used for personal authentication, access authorization, card integrity, and application systems.

Memory protection

It is achieved through the use of system partitioning, non-modifiable executable programs, resource isolation, and domain separation.

Memory resident virus

A virus that stays in the memory of infected systems for an extended period of time.

Memory scavenging

The collection of residual information from data storage.

Mesh computing

Provides application processing and load balancing capacity for Web servers using the Internet cache. It pushes applications, data, and computing power away from centralized points to local points of networks. It deploys Web server farms and clustering concepts, and is based on “charge for network services” model. Mesh computing implies non-centralized points and node-less availability.

Advantages include (1) reduced transmission costs, reduced latency, and improved quality-of-service (QoS) due to a decrease in data volume that must be moved across the network, (2) improved security due to data encryption and firewalls, and (3) limited bottlenecks and single point of failure due to replicated information across distributed networks of Web servers and de-emphasized central network points. Other names for mesh computing include peer-to-peer computing

Mesh topology

Mesh topology is a network topology in which there are at least two nodes with two or more paths between them. The mesh topology is made up of multiple, high-speed paths between several end-points, and provides a high degree of fault tolerance due to many redundant interconnections between nodes. In a true mesh topology, every node has a connection to every other node in the network.

Message authentication code

(1) A cryptographic checksum on data that uses a symmetric key to detect both accidental and intentional modifications of the data. (2) A cryptographic checksum that results from passing data through a message authentication algorithm.

Message digest (MD)

(1) A digital signature that uniquely identifies data and has the property that changing a single bit in the data will cause a completely different message digest to be generated. (2) The result of applying a hash function to a message; also known as hash value. (3) A cryptographic checksum typically generated for a file that can be used to detect changes to the file. Secure Hash Algorithm-1 (SHA-1) is an example of a message digest algorithm. (4) It is the fixed size result of hashing a message.

Message identifier (MID)

A field that may be used to identify a message. Typically, this field is a sequence number.

Message modification

Altering a legitimate message by deleting, adding to, changing, or reordering it.

Message passing

The means by which objects communicate. Individual messages may consist of the name of the message, the name of the target object to which it is being sent, and arguments, if any. When an object receives a message, a method is invoked which performs an operation that exhibits some part of the object’s behavior.

Message passing systems

Used in object-oriented application systems.

Message replay

Passively monitoring transmissions and retransmitting messages, acting as if the attacker were a legitimate user.

Messaging interface

The linkage from the service component to various external software modules (e.g., enterprise component, external system, and gateway) through the use of message middleware (i.e., performing message-routing, data-transformation, and directory-services) and other service components.