rfc2504.txt

RFC 的详细文档！

   Client

      Depending on the point of view, a client might be a computer
      system which an end-user uses to access services hosted on another
      computer system called a server.  'Client' may also refer to a
      program or a part of a system that is used by an end-user to
      access services provided by another program (for example, a web
      browser is a client that accesses pages provided by a Web Server).

   Compound Documents

      A 'document' is a file containing (a set of) data.  Files may
      consist of multiple parts: a plain document, an encrypted
      document, a digitally-signed documents or a compressed document.
      Multi-part files are known as compound documents and may require a
      variety of programs to be used in order to interpret and
      manipulate it.  These programs may be used without the user's
      knowledge.

   (Computer) Account

      This term describes the authorization to access a specific
      computer system or network.  Each end-user has to use an account,
      which consists most probably of a combination of user name and
      password or another means of proving that the end-user is the
      person the account is assigned to.

   Configuring Network Services

      The part of an administrator's task that is related to specifying
      the conditions and details of network services that govern the
      service provision.  In regard to a Web server, this includes which
      Web pages are available to whom and what kind of information is
      logged for later review purposes.



Guttman, et. al.             Informational                     [Page 22]

RFC 2504                Users' Security Handbook           February 1999


   Cookies

      Cookies register information about a visit to a web site for
      future use by the server.  A server may receive information of
      cookies of other sites as well which create concern in terms of
      breach of privacy.

   Cracker

      This term is used to describe attackers, intruders or other bad
      guys that do not play by the rules and try to circumvent security
      mechanisms and/or attack individuals and organisations.

   Daemons (inetd, talkd, etc.)

      These are processes that run on computer systems to provide
      services to other computer systems or processes.  Typically,
      daemons are considered "servers".

   Decrypting

      The process of reversing the encryption of a file or message to
      recover the original data in order to use or read it.

   Default Account

      Some systems and server software come with preconfigured accounts.
      These accounts may be set up with a predefined (user name and)
      password to allow anyone access and are often put there to make it
      convenient for users to login initially.  Default accounts should
      be turned off or have their predefined passwords changed, to
      reduce the risk of abuse to the system.

   Dial-in Service

      A way of providing access to computer systems or networks via a
      telecommunications network.  A computer uses a modem to make a
      telephone call to a another modem, which in turn provides 'network
      access service'.  See also: PPP.

   Digital Signature

      A digital signature is created by a mathematical computer program.
      It is not a hand-written signature nor a computer-produced picture
      of one.  The signature is like a wax seal that requires a special
      stamp to produce it, and is attached to an Email message or file.
      The origin of the message or file may then be verified by the
      digital signature (using special tools).



Guttman, et. al.             Informational                     [Page 23]

RFC 2504                Users' Security Handbook           February 1999


   Downloaded Software

      Software packages retrieved from the Internet (using, for example,
      the FTP protocol).

   Downloading

      The act of retrieving files from a server on the network.

   Email Packages

      To communicate via electronic mail, an end-user usually makes use
      of an Email client that provides the user-interface to create,
      send, retrieve and read Email. Various different Email packages
      provide the same set of basic functions but have different user-
      interfaces and perhaps, special/extra functions.  Some Email
      packages provide encryption and digital signature capabilities.

   Email Security Software

      Software which provides security through digital signatures and
      encryption (and decryption) to enable the end-user to protect
      messages and documents prior to sending them over a possibly
      insecure network.  PGP is an example of such software.

   Encrypting / Encryption

      This is a mathematical process of scambling data for privacy
      protection.

   Encryption Software

      The software that actually provides the needed functionality for
      end users to encrypt messages and files. PGP is one example.

   End-User

      An (human) individual that makes use of computer systems and
      networks.

   Files (programs, data, text and so on)

      Files include user data, but also programs, the computer operating
      system and the system's configuration data.







Guttman, et. al.             Informational                     [Page 24]

RFC 2504                Users' Security Handbook           February 1999


   File Server

      A computer system that provides a way of sharing and working on
      files stored on the system among users with access to these files
      over a network.

   File Transfer

      The process of transferring files between two computer systems
      over a network, using a protocol such as FTP or HTTP.

   Fixes, Patches and installing them

      Vendors, in response to the discovery of security vulnerabilities,
      provide sets of files that have to be installed on computer
      systems.  These files 'fix' or 'patch' the computer system or
      programs and remove the security vulnerability.

   FTP (File Transfer Protocol)

      A protocol that allows for the transfer of files between an FTP
      client and FTP server.

   Group of Users

      Security software often allow permissions to be set for groups (of
      users) as opposed to individuals.

   Help Desk

      A support entity that can be called upon to get help with a
      computer or communication problem.

   Internet

      A collection of interconnected networks that use a common set of
      protocols called the TCP/IP stack to enable communication between
      the connected computer systems.

   Key Escrow

      Keys are used to encrypt and decrypt files.  key escrow is used to
      store keys for use by third parties to access the data in
      encrypted files.







Guttman, et. al.             Informational                     [Page 25]

RFC 2504                Users' Security Handbook           February 1999


   Keys Used to Encrypt and Decrypt Files

      To make use of encryption, an end-user has to provide some secret,
      in the form of some data, usually called a key.

   Log In, Logging into a System

      This is an action performed by an end-user, when he authenticates
      himself to a computer system.

   Log In Prompt

      The characters that are displayed when logging into a system to
      ask for user name and password.

   Logged In

      If an end-user has successfully proven to have legitimate access
      to a system, he is considered to be logged in.

   Logging

      Systems and server software often provide the ability to keep
      track of events.  Events may be configured to be written out to a
      file known as a log.  The log file can be read later and allows
      for system failures and security breaches to be identified.

   Masquerade (see Remote Log In)

      Anyone who pretends to be someone they are not in order to obtain
      access to a computer account is said to be in 'masquerade'.  This
      may be accomplished by providing a false user name, or stealing
      someone else's password and logging in as him.

   Network File System (NFS, file sharing with PCs, etc.)

      NFS is an application and protocol suite that provides a way of
      sharing files between clients and servers. There are other
      protocols which provide file access over networks.  These provide
      similar functionality, but do not interoperate with each other.

   Networking Features of Software

      Some software has features which make use of the network to
      retrieve or share data.  It may not be obvious that software has
      networking features.





Guttman, et. al.             Informational                     [Page 26]

RFC 2504                Users' Security Handbook           February 1999


   Network Services

      Services which are not provided on the local computer system the
      end-user is working on but on a server located in the network.

   One-Time Passwords (OTP)

      Instead of using the same password over and over again, a
      different password is used on each subsequent log in.

   Passphrase

      A passphrase is a long password.  It is often composed of several
      words and symbols to make it harder to guess.

   Password-Locked Screensaver

      A screen saver obscures the normal display of a monitor.  A
      password-locked screensaver can only be deactivated if the end-
      user's password is supplied.  This prevents a logged-in system
      from being abused and hides the work currently being done from
      passers-by.

   Patch

      See "Fixes, Patches and installing them"

   Permissions

      Another word for the access controls that are used to control the
      access to f