[ Pobierz całość w formacie PDF ]
.File system resources typiserver on which callback has been configured, the cally inherit their permissions from the folder in whichaccess server terminates the connection attempt and they reside, but when a canonicalization error occurs,then calls the client back at a previously configured the file may gain its permissions from a grandparenttelephone number.This helps verify the identity of the instead, that is, a folder higher up in its parentage chain.client to the server, as only the client can respond from If the grandparent folder has less-restrictive permisthe configured number, although in reality this is rela sions than the parent folder, the attacker has succeededtively weak protection.Callback can also be used to in gaining additional permissions, and it may be possi-reverse the charges for the client connection to help clients avoid paying long-distance calling charges.50CAPI CCITSble to utilize these extra permissions for launchingCASTsome kind of attack.A family of symmetric encryption algorithms.CSee Also: elevation of privileges (EoP)OverviewCAST is a symmetric block cipher developed by cryptographer Carlisle Adams.CAST is similar to DataCAPIEncryption Standard (DES) in operation.Its originalStands for Microsoft CryptoAPI, a set of applicationform, CAST-128, uses a 128-bit key with 16 successiveprogramming interfaces (APIs) for cryptography builtrounds of application on 64-bit blocks of plaintext.Aninto Microsoft Windows platforms.extension called CAST-256 uses a key twice the size ofSee: CryptoAPI (CAPI)the original version.CAST is available royalty-free for commercial or priCAPICOMvate use.CAST has been used in several products rangA Component Object Model (COM) interface for theing from Pretty Good Privacy (PGP) to MicrosoftMicrosoft CryptoAPI (CAPI) programming interface.CryptoAPI (CAPI).OverviewThe detailed operation of CAST is outlined in RFC 2144.CAPICOM is an ActiveX control that provides a COMSee Also: block cipher, encryption algorithminterface to CryptoAPI (CAPI).CAPICOM exposes thecryptographic functions of CryptoAPI (CAPI) usingCOM so that developers can easily write applicationsCBCthat encrypt or decrypt data, digitally sign messages,Stands for cipher block chaining, a feedback mechagenerate and manage keys, and perform other cryptonism commonly used in block ciphers.graphic actions.Since CAPICOM is a COM interface,See: cipher block chaining (CBC)it can be accessed from a variety of programming environments including Active Server Pages (ASP) andASP.NET, Visual Basic Scripting Edition (VBScript),CCAJScript, C++, C#, and VB.NET.Because CAPICOM isStands for Common Cryptographic Architecture, aimplemented as an ActiveX control, it can easily becryptographic architecture developed by IBM for itsembedded in Web pages to cryptographically enablecomputing platforms.dynamic Web applications.See: Common Cryptographic Architecture (CCA)See Also: CryptoAPI (CAPI)CCITSCarnivoreStands for Canadian Centre for Information TechnolNow called DCS-1000, a surveillance technology usedogy Security, an organization that provides educationby the FBI for monitoring e-mail.and research on computer security and high-tech crimiSee: DCS-1000 nal investigation.See: Canadian Centre for Information TechnologyCASSecurity (CCITS)Stands for code access security, a code security mechanism built into Microsoft Windows.NET Framework.See: code access security (CAS)51cDc CERT Coordination Center (CERT/CC)OverviewcDcThe Center for Internet Security (CIS) is a cooperativeStands for Cult of the Dead Cow, a notorious group ofCof over 170 organizations from business, education,underground hackers.government, law enforcement, and professional associSee: Cult of the Dead Cow (cDc) ations that work together to provide tools and recommendations for measuring, monitoring, and improvinginformation systems security.To meet these goals, CISCenter for Education anddevelops and publishes benchmarks that representResearch in Informationbest practices in securing operating systems such asAssurance and SecurityWindows 2000, Solaris, HP-UX, Linux, and IOS.These(CERIAS)benchmarks provide detailed instructions for how toharden systems and include scoring tools for measuringA center for research and education in informationsystems against the benchmark and generating a varisecurity at Purdue University.ance report.OverviewFor More InformationThe Center for Education and Research in InformationVisit CIS at www.cisecurity.org for more information.Assurance and Security (CERIAS) is a well-knownleader in research in computer, network, and information security and information assurance.CERIAS takesCERIASa multidisciplinary approach to research and educationStands for Center for Education and Research in Inforin these fields using the involvement of academia, govmation Assurance and Security, a center for research andernment, and industry.The community of scholarseducation in information security at Purdue University
[ Pobierz całość w formacie PDF ]