Operating system fingerprinting
Analyzing characteristics of packets sent by a target, such as packet headers or listening ports, to identity the operating system in use on the target.
Operating system log
Provides information on who used computer resources, for how long, and for what purpose. Unauthorized actions can be detected by analyzing the operating system log. This is a technical and detective control.
Operational controls
Day-to-day procedures and mechanisms used to protect operational systems and applications. They include security controls (i.e., safeguards or countermeasures) for an information system that are primarily implemented and executed by people, as opposed to systems.
Operational environment
It includes standalone, managed or custom environments, where the latter is either a specialized security-limited functionality or a legacy environment.
Originator usage period (crypto-period)
The period of time in the crypto-period of a symmetric key during which cryptographic protection may be applied to data.
Outage
The period of time for which a communication service or an operation is unavailable.
Output block
A data block that is an output of either the forward cipher function or the inverse cipher function of the block cipher algorithm.
Outward-facing
Refers to a system that is directly connected to the Internet.
Over-the-air-key distribution
Providing electronic key via over-the-air rekeying, over-the-air key transfer, or cooperative key generation.
Over-the-air key transfer
Electronically distributing key without changing traffic encryption key used on the secured communications path over which the transfer is accomplished.
Over-the-air rekeying (OTAR)
Changing traffic encryption key or transmission security key in remote cryptographic equipment by sending new key directly to the remote cryptographic equipment over the communications path it secures. OTAR is a key management protocol specified for digital mobile radios and designed for unclassified, sensitive communications. OTAR performs key distribution and transfer functions. Three types of keys are used in OTAR: a key-wrapping key, a traffic-encryption key, and a message authentication code (MAC).
Overt channel
A communication path within a computer system or network designed for the authorized transfer of data. Compare with covert channel.
Overt testing
Security testing performed with the knowledge and consent of the organization’s IT staff.
Overwrite procedure
(1) A software process that replaces data previously stored on storage media with a predetermined set of meaningless data or random patterns. (2) The obliteration of recorded data by recording different data on the same storage surface. (3) Writing patterns of data on top of the data stored on a magnetic medium.
Out-of-band management
In out-of-band management, the communications device is accessed via a dial-up circuit with a modem, directly connected terminal device, or LANs dedicated to managing traffic.
Owner of data
The individual or group that has responsibility for specific data types and that is charged with the communication of the need for certain security-related handling procedures to both the users and custodians of this data.
P
P2P
Free and easily accessible software that poses risks to individuals and organizations.
P3P
According to the Platform for Privacy Preferences Project (P3P), users are given more control over personal information gathered on websites they visit.
P-box
Permutation box (P-box) is used to effect a transposition on an 8-bit input in a product cipher. This transposition, which is implemented with simple electrical circuits, is done so fast that it does not require any computation, just signal propagation. The P-box design, which is implemented in hardware for cryptographic algorithm, follows Kerckhoff’s principle (security-by-obscurity) in that an attacker knows that the general method is permuting the bits, but he does not know which bit goes where. Hence, there is no need to hide the permutation method. P-boxes and S-boxes are combined to form a product cipher, where wiring of the P-box is placed inside the S-box; the correct sequence is S-box first and P-box next (Tanenbaum).
Packet
A piece of a message, usually containing the destination address, transmitted over a network by communications software.
Packet churns
Rapid changes in packet forwarding disrupt packet delivery, possibly affecting congestion control.
Packet filter
(1) A routing device that provides access control functionality for host addresses and communication sessions. (2) A type of firewall that examines each packet and accepts or rejects it based on the security policy programmed into it in the form of traffic rules. (3) A router to block or filter protocols and addresses. Packet filtering specifies which types of traffic should be permitted or denied and how permitted traffic should be protected, if at all.
Packet latency
The time delay in processing voice packets as in Voice over Internet Protocol (VoIP).
Packet looping
Packets enter a looping path, so that the traffic is never delivered.
Packet replay
Refers to the recording and retransmission of message packets in the network. It is frequently undetectable but can be prevented by using packet time-stamping and packet-sequence counting.
Packet sniffer
Software that observes and records network traffic. It is a passive wiretapping.
Packet snarfing
Also known as eavesdropping.
Padded cell systems
An attacker is seamlessly transferred to a special padded cell host.
Padding
Meaningless data added to the start or end of messages. They are used to hide the length of the message or to add volume to a data structure that requires a fixed size.
Pairwise trust
Establishment of trust by two entities that have direct business agreements with each other.
Parameters
Specific variables and their values used with a cryptographic algorithm to compute outputs useful to achieve specific security goals.
Pareto’s law
It is called the 80/20 rule, which can be applied to IT in that 80 percent of IT-related problems come from 20 percent of IT-related causes or issues.
Parity
Bit(s) used to determine whether a block of data has been altered.
Parity bit
A bit indicating whether the sum of a previous series of bits is even or odd.
Parity checking
A hardware control that detects data errors during transmission. It compares the sum of a previous set of bits with the parity bit to determine if an error in the transmission or receiving of the message has occurred. This is a technical and detective control.
Parkinson’s law
Parkinson’s law states that work expands to fill the time available for its completion. Regarding IT, we can state an analogy that data expands to fill the bandwidth available for data transmission.