Administrator's Guide
A sends data with a digital signature, a digest or hash encrypted with system A's private key. To
verify the signature, system B uses system A's public key to decrypt the signature and compare the
decrypted hash or digest to the digest or hash that it computes for the message.
SASL Simple Authentication and Security Layer. A protocol used to add authentication services to
connection-based network applications. The SASL API provides a flexible framework that allows
programmers to use a common interface to access multiple authentication services.
secure shell See SSH.
Secure Sockets
Layer
See SSL.
Security
Certificate
See certificate.
SHA1 Secure Hash Algorithm-1. An authentication algorithm that generates a 160-bit message digest
using a 160-bit key.
shadow
password
A structure to provide additional security for user passwords. The shadow password structure (spwd)
contains encrypted user passwords and other information used with the passwd structure. The
shadow password structure is stored in a file that is usually readable only by privileged users.
shared key
cryptography
A cryptographic method where two parties use the same key (the two parties share the same key)
for encrypting or authenticating data. To provide data privacy or authentication, only the two parties
can know the key value (the key must be private). Shared key cryptography is more efficient than
public-private key cryptography for encrypting data, so it is often used for bulk data encryption.
However, distributing or establishing the shared key requires an out-of-band key exchange (such
as a face-to-face verbal exchange), Diffie-Hellman exchange, or other mechanism.
Also referred to as private key cryptography or symmetric key cryptography.
SSH Secure Shell. A set of network services that provides secure replacements for remote login, file
transfer, and remote command execution. SSH also provides secure tunneling features, port
forwarding, and an SSH agent to maintain private keys on the client.
SSL Secure Sockets Layer. A protocol used to encrypt network data. The SSL protocol is above TCP in
the data stack. SSL uses public/private keys to authenticate principals and exchange a private
(shared) key. SSL then uses the private key to encrypt data.
stack buffer
overflow attack
A method to attack a system by causing a process to execute malicious code. This is typically
achieved by overflowing an input buffer in the stack to insert malicious code and then modifying
the stack pointer to execute the malicious code. See also buffer overflow attack.
stateful packet
filter
A type of packet filtering that uses upper-layer protocol fields and state information, such as TCP
connection states.
subject A user, host, device or other entity in a computer network. In the context of authorization, the
originator of an operation on an object requiring an authorization decision.
symmetric key
cryptography
See shared key cryptography.
third-party
attack
In a third-party attack, the attacker intercepts packets between two attacked parties, A and B. A
and B assume they are exchanging messages with each other, but are exchanging messages with
the third party. The attacker assumes the identity of A to exchange messages with B, and assumes
the identity of A to exchange messages with B. Also referred to as man-in-the-middle attack.
transitive trust
relationship
Extending a trust relationship through other trusted entities. If A and B both trust C, A and B can
trust each other using a transitive trust relationship through C. In a hierarchical structure, A and B
can establish a transitive trust relationship if they can establish a chain-of-trust to a common root.
210 Glossary