Sensitivity and criticality

A method developed to describe the value of an information system by its owner by taking into account the cost, capability, and jeopardy to mission accomplishment or human life associated with the system.

Sensor

An intrusion detection and prevention system (IDPS) component that monitors and analyzes network activity and may also perform prevention actions.

Separation

An intervening space established by the act of setting or keeping apart.

Separation of duties

(1) A security principle that divides critical functions among different employees in an attempt to ensure that no one employee has enough information or access privilege to perpetrate damaging fraud. (2) A principle of design that separates functions with differing requirements for security or integrity into separate protection domains. Separation of duty is sometimes implemented as an authorization rule, specifying that two or more subjects are required to authorize an operation. The goal is to ensure that no single individual (acting alone) can compromise an application system’s features and its control functions. For example, security function is separated from security operations. This is a management and preventive control.

Separation of name spaces

A technique of controlling access by precluding sharing; names given to objects are only meaningful to a single subject and thus cannot be addressed by other subjects.

Separation of privileges

The principle of separation of privileges asserts that protection mechanisms where two keys (held by different parties) are required for access are stronger mechanisms than those requiring only one key. The rationale behind this principle is that “no single accident, deception, or breach of trust is sufficient” to circumvent the mechanism. In computer systems the separation is often implemented as a requirement for multiple conditions (access rules) to be met before access is allowed.

Serial line Internet Protocol (SLIP)

A protocol for carrying IP over an asynchronous serial communications line. Point-to-Point Protocol (PPP) replaced the SLIP.

Server

(1) A host that provides one or more services for other hosts over a network as a primary function. (2) A computer program that provides services to other computer programs in the same or another computer. (3) A computer running a server program is frequently referred to as a server, though it may also be running other client (and server) programs.

Server administrator

A system architect responsible for the overall design, implementation, and maintenance of a server.

Server-based threats

These threats are due to poorly implemented session-tracking, which may provide an avenue of attack. Similarly, user-provided input might eventually be passed to an application interface that interprets the input as part of a command, such as a Structured Query Language (SQL) command. Attackers may also inject custom code into the website for subsequent browsers to process via cross-site scripting (XSS). Subtle changes introduced into the Web server can radically change the server’s behavior (including turning a trusted entity into malicious one), the accuracy of the computation (including changing computational algorithms to yield incorrect results), or the confidentiality of the information (e.g., disclosing collected information).

Server farm

A physical security control that uses a network configuration mechanism to monitor theft or damage because all servers are kept in a single, secure location.

Server load balancing

Network traffic is distributed dynamically across groups of servers running a common application so that no one server is overwhelmed. Server load balancing increases server availability and application system availability, and could be a viable contingency measure when it is implemented among different sites. In this regard, the application system continues to operate as long as one or more sites remain operational.

Server mirroring

The purpose is the same as the disk arrays. A file server is duplicated instead of the disk. All information is written to both servers simultaneously. This is a technical and recovery control, and ensures the availability goal.

Server-side scripts

The server-side scripts such as CGI, ASP, JSP, PHP, and Perl are used to generate dynamic Web pages.

Server software

Software that is run on a server to provide one or more services.

Service

A software component participating in a service-oriented architecture (SOA) that provides functionality or participates in realizing one or more capabilities.

Service-component

Modularized service-based applications that package and process together service interfaces with associated business logic into a single cohesive conceptual module. The aim of a service-component in a service-oriented architecture (SOA) is to raise the level of abstraction in software services by modularizing synthesized service functionality and by facilitating service reuse, service extension, specialization, and service inheritance. The desired features of a service component include encapsulation, consumability, extensibility, standards-based (reuse), industry best practices and patterns, well-documented, cohesive set of services, and well-defined and broadly available licensing or service-level agreement (SLA).

Service interface

The set of published services that the component supports. These technical interfaces must be aligned with the business services outlined in the service reference model.

Service-level agreement (SLA)

A service contract between a network service provider and a subscriber guaranteeing a particular service’s quality characteristics. These agreements are concerned about network availability and data-delivery reliability.

Service-oriented architecture (SOA)

A collection of services that communicate with each other. The communication can involve either simple data passing or it could involve two or more services coordinating some activity.

Service set identifier (SSID)

A name assigned to a wireless access point.

Session cookie

A temporary cookie that is valid only for a single website session. It is erased when the user closes the Web browser, and is stored in temporary memory.

Session hijack attack

An attack in which the attacker can insert himself between a claimant and a verifier subsequent to a successful authentication exchange between the latter two parties. The attacker can pose as a subscriber to the verifier or vice versa to control session data exchange.

Session initiation protocol (SIP)

SIP is a standard for initiating, modifying, and terminating an interactive user session that involves multimedia elements such as video, voice, instant messaging, online games, and virtual reality. It is one of the leading signaling protocols for Voice over IP (VoIP) along with H.323.

Session key

The cryptographic key used by a device (module) to encrypt and decrypt data during a session. A temporary symmetric key that is only valid for a short period. Session keys are typically random numbers that can be chosen by either party to a conversation, by both parties in cooperation with one another, or by a trusted third party.