Professional Documents
Culture Documents
A Access Control
A Access Control
A Access Control
Access Control
Refers to mechanisms and policies that restrict access to computer resources. An
access control list (ACL), for example, specifies what operations different users can
perform on specific files and directories.
Active Content
Active content refers to material that is downloaded that makes something happen, as
opposed to static content, such as text or simple images that do nothing but get
displayed. Active content includes such things as JavaScript animations, ActiveX
controls, Java spreadsheets...anything that actually does something.
ActiveX
ActiveX is Microsoft's answer to the Java technology from Sun Microsystems. An
ActiveX control is roughly equivalent to a Java applet. ActiveX is the name Microsoft
has given to a set of "strategic" object-oriented program technologies and tools. The
main thing that you create when writing a program to run in the ActiveX environment is
a component, a self-sufficient program that can be run anywhere in your ActiveX
network (currently a network consisting of Windows and Macintosh systems). This
component is known as an ActiveX control.
Address Book
An automated e-mail address directory that allows you to address your messages
easily. Generally comes in personal and public versions.
Address Resolution Protocol (ARP)
See ARP
Advanced Encryption Standard (AES)
The Advanced Encryption Standard (AES) is a Federal Information Processing
Standard (FIPS) Publication that will specify a cryptographic algorithm for use by U.S.
Government organizations to protect sensitive (unclassified) information. This standard
specifies Rijndael as a FIPS-approved symmetric encryption algorithm that may be
used by U.S. Government organizations (and others) to protect sensitive information.
Anti-Replay Service
With anti-replay service, each IP packet passing within the secure association is tagged
with a sequence number. On the receiving end, each packet's sequence number is
checked to see if it falls within a specified range. If an IP packet tag number falls outside
of the range, the packet is blocked.
Anti-virus
A software program designed to identify and remove a known or potential computer
virus
API (Application program interface)
An API is the specific methodology by which a programmer writing an application
program may make requests of the operating system or another application.
Authorization
The process of determining what types of activities or access are permitted on a
network. Usually used in the context of authentication: once you have authenticated a
user, they may be authorized to have access to a specific service.
B
Bandwidth
Generally speaking, bandwidth is directly proportional to the amount
of data transmitted or received per unit time. In digital systems, bandwidth is
proportional to the data speed in bits per second (bps). Thus, a modem that works at
57,600 bps has twice the bandwidth of a modem that works at 28,800 bps.
Bastion host
A specific host that is used to intercept packets entering or leaving a network. and the
system that any outsider must ordinarily connect with to access a system or service that
is inside the network's firewall. Typically the bastion host must be highly secured
because it is vulnerable to attack due to its placement. See dual-homed gateway.
Buffer Overflow Attack
A buffer overflow attack works by exploiting a known bug in one of the applications
running on a server. It then causes the application to overlay system areas, such as the
system stack, thus gaining administrative rights. In most cases, this gives a hacker
complete control over the system. Also referred to as stack overflow.
C
CA (Certificate Authority)
See Certificate Authority
CA Signature
A digital code that vouches for the authenticity of a digital certificate. The CA signature
is provided by the certificate authority (CA) that issued the certificate.
CGI exploit
When a denial of service attack is aimed at the CGI (common gateway interface), it is
referred to as a CGI exploit. The CGI is a standard way for a Web server to pass a Web
user's request to an application program and to receive data back to forward to the
user. It is part of the Web's HTTP protocol.
Certificate Authority (CA)
A certificate authority is an authority in a network that issues and manages security
credentials and public keys for message encryption and decryption. As part of a public
key infrastructure (PKI), a CA checks with a registration authority (RA) to verify
information provided by the requestor of a digital certificate. If the RA verifies the
requestor's information, the CA can then issue a certificate.
Challenge-Response
A common authentication technique whereby an individual is prompted (the challenge)
to provide some private information (the response). Most security systems that rely on
smart cards are based on challenge-response. A user is given a code (the challenge)
which he or she enters into the smart card. The smart card then displays a new code
(the response) that the user can present to log in.
Encryption
Scrambling data in such a way that it can only be unscrambled through the application
of the correct cryptographic key.
Encryption-In-Place (EIP)
A security mode in which a Ravlin unit encrypts the IP packet's payload only (without
encrypting the packet header). Because EIP does not require encryption of the IP
header or encapsulation of the IP packet, overhead is lower and performance
enhanced.
Endpoint Group
In a policy enforced network, an endpoint group represents subnets or an individual
host protected by a security appliance. By creating and configuring endpoint groups,
you can permit hosts in one subnet to exchange data securely with hosts in another
subnet. Endpoint groups along with their associated policy enforcement points are
generally members of a policy group.
Enterprise Object
Within a policy enforced network, the enterprise is the highest-level object category. It
encompasses all management domains and all lower-level divisions in the
organization's secure networking environment.
ESP (Encapsulated Security Payload)
The Encapsulating Security Payload provides confidentiality for IP datagrams or
packets, which are the message units that the Internet Protocol deals with and that the
Internet transports, by encrypting the payload data to be protected. I
Ethernet
A local-area network (LAN) protocol developed by Xerox Corporation in cooperation
with DEC and Intel in 1976. Ethernet uses a bus or star topology and supports data
transfer rates of 100Mbps.
Executable
An executable is a file that contains a program - that is, a particular kind of file that is
capable of being executed or run as a program in the computer.
Extended MAPI (Extended Messaging Application Programming Interface)
An interface developed by Microsoft that provides messaging functions including
addressing, sending, receiving and storing messages.
F
FDDI (Fiber Distributed Data Interface
A set of ANSI protocols for sending digital data over fiber optic cable. FDDI networks
are token-passing networks, and support data rates of up to 100 Mbps (100 million bits)
per second. FDDI networks are typically used as backbones for wide-area networks.
Filter
A filter is a program or section of code that is designed to examine each input or output
request for certain qualifying criteria and then process or forward it accordingly. .
Firewall
A firewall is a program that protects the resources of one network from users from other
networks. Typically, an enterprise with an intranet that allows its workers access to the
wider Internet will want a firewall to prevent outsiders from accessing its own private
data resources.
Firewall denial-of service
The firewall is specifically subjected to a denial-of-service attack.
FTP (File Transfer Protocol)
FTP is the simplest way to exchange files between computers on the Internet. Like the
Hypertext Transfer Protocol (HTTP), which transfers displayable Web pages and related
files, and the Simple Mail Transfer Protocol (SMTP), which transfers e-mail, FTP is an
application protocol that uses the Internet's TCP/IP protocols.
G
Gateway
A gateway is a network point that acts as an entrance to another network. In a company
network, a proxy server acts as a gateway between the internal network and the
Internet. A gateway may also be any machine or service that passes packets from one
network to another network in their trip across the Internet.
Green Screen Terminal
Terminals that are designed to be centrally-managed, configured with only essential
equipment, and devoid of CD-ROM players, diskette drives, and expansion slots (and
therefore lower in cost).
H
Hacker
Hacker is a term used by some to mean "a clever programmer" and by others,
especially journalists or their editors, to mean "someone who tries to break into
computer systems."
Headend or Head End
A central control device required by some networks (e.g., LANs or VPNs) to provide
such centralized functions as administration, diagnostic control, and network access.
Highjacking or hijacking
Control of a connection is taken by the attacker after the user authentication has been
established.
HMAC (Header Message Authentication Codes )
HMAC is a hash function based message authentication code that was designed to
meet the requirements of the IPsec working group in the IETF, and is now a standard.
HTML (HyperText Markup Language)
A standard set of commands used to structure documents and format text so that it can
be used on the Web.
HTTP (HyperText Transfer Protocol)
HTTP is the set of rules for exchanging files (text, graphic images, sound, video, and
other multimedia files) on the World Wide Web. Relative to the TCP/IP suite of protocols
(which are the basis for information exchange on the Internet), HTTP is an application
protocol.
Litigation Protection
Litigation protection is both the review and recording of Internet, intranet and extranet
communications that is done in order to avoid litigation or the documentation of the
communications parties and content in the event of litigation.
M
MAC (Media Access Control)
On a network, the MAC (Media Access Control) address is your computer's unique
hardware number. The MAC address is used by the Media Access Control sublayer of
the Data-Link Control (DLC) layer of telecommunication protocols. There is a different
MAC sublayer for each physical device type. The Data-Link Layer is the protocol layer
in a program that handles the moving of data in and out across a physical link in a
network.
Macro Virus
Macro viruses are small programs written using the internal programming language of a
specific application program that replicate within documents created by the application
program. Common examples of application programs that use macros include word
processors such as Word and spreadsheets such as Excel.
Malicious Code
Malicious code is any code added, changed, or removed from a software system in
order to intentionally cause harm or subvert the intended function of the system.
Traditional examples of malicious code include viruses, worms, Trojan Horses, and
attack scripts, while more modern examples include Java attack applets and dangerous
ActiveX controls.
Management Domain
In a policy enforced network, a management domain consists of one or more policy
groups. A management domain usually encompasses a large category of users. For
example, a management domain might contain all users who work with an
organization's financial data or with an insurance company's patient records.
Management domains may also be specific to business relationships such as extranet
partnerships or branch-office data transfer.
MAPI (Messaging Application Programming Interface)
An interface developed by Microsoft that provides messaging functions including
addressing, sending, receiving and storing messages. Simple MAPI includes some of
these functions. Extended MAPI includes all of these functions.
MIB (Management Information Base)
A database of objects that can be monitored by an SNMP-based network management
system. Standardized MIB formats allow any SNMP tool to monitor any device defined
by a MIB.
MIME (Multipurpose Internet Mail Extensions)
A protocol used for transmitting documents with different formats via the Internet.
Monitoring
A view of individual user activity on a network, generally in real time. Provides
administrators with the ability to view the content of user utilized applications.
MPLS (Multiprotocol Label Switching
A base technology for using label switching in conjunction with network layer routing
and for the implementation of that technology over various link level technologies, which
"chunks" of an efficient size for routing. Each of these packets is separately numbered
and includes the Internet address of the destination. The individual packets for a given
file may travel different routes through the Internet. When they have all arrived, they are
reassembled into the original file (by the TCP layer at the receiving end).
Packet Filters
Packet filters keep out certain data packets based on their source and destination
addresses and service type. Filters can be used to block connections from or to specific
hosts, networks or ports. Packet filters are simple and fast. However, they make
decisions based on a very limited amount of information.
Packet Sniffing
Intercepting packets of information (including such things for example as a credit card
number ) that are traveling between locations on the Internet.
PAP (Password Authentication Procedure)
A procedure used to validate a connection request. After the link is established, the
requestor sends a password and an id to the server. The server either validates the
request and sends back an acknowledgement, terminates the connection, or offers the
requestor another chance.
Password-based attacks
An attack where repetitive attempts are made to duplicate a valid log-in and/or
password sequence.
Perimeter network
See DMZ.
PGP (Pretty Good Privacy)
A cryptographic product family that enables people to securely exchange messages,
and to secure files, disk volumes and network connections with both privacy and strong
authentication.
Ping of Death Attack
A notorious exploit that (when first discovered) could be easily used to crash a wide
variety of machines by overrunning the size limits in their TCP/IP stacks. The term is
now used to refer to any nudge delivered by hackers over the network that causes bad
things to happen on the system being nudged.
PKCS (Public-Key Cryptography Standards)
The Public-Key Cryptography Standards are specifications produced by RSA
Laboratories in cooperation with secure systems developers worldwide for the purpose
of accelerating the deployment of public-key cryptography. First published in 1991 as a
result of meetings with a small group of early adopters of public-key technology, the
PKCS documents have become widely referenced and implemented.
PKI (Public Key Infrastructure)
A PKI (public key infrastructure) enables users of a basically unsecure public network
such as the Internet to securely and privately exchange data and money through the
use of a public and a private cryptographic key pair that is obtained and shared through
a trusted authority.
Platform attack
An attack that is focuses on vulnerabilities in the operating system hosting the firewall.
PPP (Point-to-Point Protocol)
Point-to-Point Protocol (PPP) is a protocol for communication between two computers
using a serial interface, typically a personal computer connected by phone line to a
server.
PPPoE (Point-to-Point Protocol over Ethernet)
PPP over Ethernet (PPPoE) provides the ability to connect a network of hosts over a
simple bridging access device to a remote Access Concentrator (Server).
PPTP (Point-to-Point Tunneling Protocol)
Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables the secure
transfer of data from a remote client to a private enterprise server by creating a virtual
private network (VPN) across TCP/IP-based data networks. PPTP supports on-demand,
multi-protocol, virtual private networking over public networks, such as the Internet.
Policy Enforced Network (PEN)
A Policy Enforced Network is a management architecture in which the creation, delivery
and enforcement of business rules in an information network are defined and
automated. Policy Enforced Networking is designed to bring structure and organization
to information networks whether they are within a campus or are distributed around the
globe.
Policy Enforcement Points (PEP)
In a policy enforced network, a policy enforcement point represents a security appliance
used to protect one or more endpoints. PEPs are also points for monitoring the health
and status of a network. PEPs are generally members of a policy group.
Policy Groups
In a policy enforced network (PEN), a policy group represents endpoint groups and their
associated policy enforcement points. A policy group also contains business rules
concerning membership, access privileges, and traffic flow (including data
authentication, encryption, and address translation). In most cases, a policy groups
members are related to each other in ways useful to the organization. Policy groups are
generally members of a management domain.
Policy Management Zone (PMZ)
The Policy Management Zone protects communications between trusted parties and
firewalls access to untrusted domains in an information network.
Policy Rules
In a policy enforced network (PEN), policy rules determine how the members and
endpoint groups of a policy group communicate.
Polymorphic virus
Polymorphic viruses encrypt the body of the virus in an attempt to hide its signature
from anti-virus programs.
POP3 (Post Office Protocol 3)
An e-mail protocol used to retrieve e-mail from a remote server over an Internet
connection.
Private Key
In cryptography, a private or secret key is an encryption/decryption key known only to
the party or parties that exchange secret messages. In traditional secret key
cryptography, a key would be shared by the communicators so that each could encrypt
and decrypt messages. The risk in this system is that if either party loses the key or it is
stolen, the system is broken. A more recent alternative is to use a combination of public
and private keys. In this system, a public key is used together with a private key.
Protocol
A special set of rules for communicating that the end points in a telecommunication
connection use when they send signals back and forth. Protocols exist at several levels
in a telecommunication connection. There are hardware telephone protocols. There are
protocols between the end points in communicating programs within the same computer
or at different locations. Both end points must recognize and observe the protocol.
Protocols are often described in an industry or international standard.
Protocol Attacks
A protocol attack is when the characteristics of network services are exploited by the
attacker. Examples include the creation of infinite protocol loops which result in denial of
services (e.g., echo packets under IP), the use of information packets under the
Network News Transfer Protocol to map out a remote site, and use of the Source
Quench protocol element to reduce traffic rates through select network paths.
Proxy
An agent that acts on behalf of a user, typically accepting a connection from a user and
completing a connection on behalf of the user with a remote host or service. See also
gateway and proxy server.
Proxy Server
A proxy server is one that acts on behalf of one or more other servers, usually for
screening, firewall, caching, or a combination of these purposes. Gateway is often used
as a synonym for "proxy server." Typically, a proxy server is used within a company or
enterprise to gather all Internet requests, forward them out to Internet servers, and then
receive the responses and in turn forward them to the original requestor within the
company.
Public Key
A public key is a value provided by some designated authority as a key that, combined
with a private key derived from the public key, can be used to effectively encrypt and
decrypt messages and digital signatures. The use of combined public and private keys
is known as asymmetric encryption. A system for using public keys is called a public key
infrastructure (PKI).
Q
QoS (Quality of Service)
On the Internet and in other networks, QoS is the idea that transmission rates, error
rates, and other characteristics can be measured, improved, and, to some extent,
guaranteed in advance. QoS is of particular concern for the continuous transmission of
high-bandwidth video and multimedia information.
R
RA (Registration Authority)
An RA (registration authority) is an authority in a network that verifies user requests for
a digital certificate and tells the certificate authority (CA) to issue it. RAs are part of a
public key infrastructure (PKI), a networked system that enables companies and users
to exchange information and money safely and securely.
RADIUS
RADIUS (Remote Authentication Dial-In User Service) is a client/server protocol and
software that enables remote access servers to communicate with a central server to
authenticate dial-in users and authorize their access to the requested system or service.
RADIUS allows a company to maintain user profiles in a central database that all
remote servers can share.
RAS (Remote Access Services)
A feature built into Windows NT that enables users to log into an NT-based LAN using a
modem, X.25 connection or WAN link. RAS works with several major network protocols,
including TCP/IP, IPX, and NetBEUI.
Replay Prevention
To provide protection against replay attacks in which a message is stored and re-used
later, replacing or repeating the original. See also Anti-replay service.
RIP (Routing Information Protocol)
The oldest routing protocol on the Internet and the most commonly used routing
protocol on local area IP networks. Routers use RIP to periodically broadcast which
networks they know how to reach.
Routing Agent
On the Internet, an agent (also called an intelligent agent) is a program that gathers
information or performs some other service without your immediate presence and on
some regular schedule. Typically, an agent program, using parameters you have
provided, searches all or some part of the Internet, gathers information you're interested
in, and presents it to you on a daily or other periodic basis.
RSA (Rivest-Shamir-Adleman)
One of the fundamental encryption algorithms or series of mathematical actions
developed in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman. The RSA
algorithm is the most commonly used encryption and authentication algorithm and is
included as part of the Web browsers from Netscape and Microsoft.
RSACi (Recreational Software Advisory Council on the Internet)
A computer software ratings system of Web site content developed by RSACI in
response to the passage of US federal legislation prohibiting the transmittal of offensive,
or indecent, materials over the Internet. RSACi was developed with the express intent of
providing a simple, yet effective rating system for web sites which protect both children,
by providing and empowering parents with detailed information about site content, and
the rights of free speech of everyone who publishes on the World Wide Web.
Rules
Criteria that are used to organize and control incoming messages automatically. When
you set up a rule, you designate the criteria that selects a specific class of messages
and then you select one or more actions to handle the messages that meet the criteria.
S
Screening router
A router configured to permit or deny traffic based on a set of permission rules installed
by the administrator.
Security Association (SA)
A Security Association (SA) is a relationship between two or more entities that
describes how the entities will utilize security services to communicate securely. This
relationship is represented by a set of information that can be considered a contract
between the entities. The information must be agreed upon and shared between all the
entities.
Secure Hash Algorithm-1 (SHA-1)
A one-way cryptographic function which takes a message produces a 160-bit message
digest. A message digest is a value generated for a message or document that is
unique to that message, and is sometimes referred to as a "fingerprint" of that message
or data. Once a message digest is computed, any subsequent change to the original
data will, with a very high probability, cause a change in the message digest, and the
signature will fail to verify. This process is used to compress large data strings to a 20byte length which is used in a cryptographic process. The reduced data length relieves
computational requirements for data encryption.
Self-signed Certificate
A self-signed certificate uses its own certificate request as a signature rather than the
signature of a CA. A self-signed certificate will not provide the same functionality as a
CA-signed certificate. A self-signed certificate will not be automatically recognized by
users' browsers, and a self-signed certificate does not provide any guarantee
concerning the identity of the organization that is providing the website.
Session
In the Open Systems Interconnection (OSI) communications model, the Session layer
(sometimes called the "port layer") manages the setting up and taking down of the
association between two communicating end points that is called a connection. A
connection is maintained while the two end points are communicating back and forth in
a conversation or session of some duration. Some connections and sessions last only
long enough to send a message in one direction. However, other sessions may last
longer, usually with one or both of the communicating parties able to terminate it.
Shared POP3 mailbox
A mailbox that stores messages for an entire domain that allows organizations with parttime Internet connections to exchange mail.
Shared Secret
An authentication method used to establish trust between computers in a VPN that
utilizes a password, also termed pre-shared authentication keys, for establishing trust
not for application data packet protection.
Signatures
Viruses employ signatures by which they identify themselves to themselves and thereby
avoid corrupting their own code. Standard viruses, including most macro viruses, use
U
UDP (User Datagram Protocol
A connectionless protocol that, like TCP, runs on top of IP networks. Unlike TCP/IP,
UDP/IP provides very few error recovery services, offering instead a direct way to send
and receive datagrams over an IP network. It's used primarily for broadcasting
messages over a network.
URL (Uniform Resource Locator)
An address in a standard format that locates files (resources) on the Internet and the
Web. The type of resource depends on the Internet application protocol. Using the
World Wide Web's protocol, the Hypertext Transfer Protocol (HTTP) , the resource can
be an HTML page (like the one you're reading), an image file, a program such as a CGI
application or Java applet, or any other file supported by HTTP. The URL contains the
name of the protocol required to access the resource, a domain name that identifies a
specific computer on the Internet, and a hierarchical description of a file location on the
computer.
URL Blocking
The tracking and denying of user access to undesirable web sites based on predefined
site content.
User Administration
User Administration is a process aimed at creating users efficiently, controlling what
they can do, limiting the damage they can cause, and monitoring their activities on a
system or network.
ULA (User Level Authentication)
User Level Authentication refers to the ability to track the usage of a VPN connection Ito
a given individual, on a specific machine, during a specific time period, by the
assignment of a unique username. It also implies the restriction of patron use of the
VPN in an anonymous manner.
UUCP (UNIX-to-UNIX Copy Protocol)
A set of UNIX programs for copying (sending) files between different UNIX systems and
for sending commands to be executed on another system.
UUencode
A data encoding standard developed to translate or convert a file or e-mail attachment
(it can be an image, a text file, or a program) from its binary or bit-stream representation
into the 7-bit ASCII set of text characters.
V
Vandal
A vandal is an executable file, usually an applet or an ActiveX control, associated with a
Web page that is designed to be harmful, malicious, or at the very least inconvenient to
the user. Since such applets or little application programs can be embedded in any
HTML file, they can also arrive as an e-mail attachment or automatically as the result of
being pushed to the user. Vandals can be viewed as viruses that can arrive over the
Internet stuck to a Web page. Vandals are sometimes referred to as "hostile applets."
VBScript (Visual Basic Script)
VBScript is an interpreted script language from Microsoft that is a subset of its Visual
Basic programming language. VBScript can be compared to other script languages
designed for the Web such as Netscape's JavaScript
Virus
A virus is a piece of programming code inserted into other programming to cause some
unexpected and, for the victim, usually undesirable event. Viruses can be transmitted by
downloading programming from other sites or be present on a diskette. The source of
the file you're downloading or of a diskette you've received is often unaware of the virus.
The virus lies dormant until circumstances cause its code to be executed by the
computer. Some viruses are playful in intent and effect and some can be quite harmful,
erasing data or causing your hard disk to require reformatting.
Virus Scanner
A program that searches files for possible viruses, including email and attachments.
VPN (Virtual Private Networking)
A VPN is a technology that overlays communications networks with a management and
security layer. Though VPN technology, network managers can set up secure
relationships while still enjoying the low cost of a public network such as the Internet.
W
WAP (Wireless Application Protocol)
An open global standard for communications between a mobile handset and the
Internet or other computer applications as defined by the WAP forum.
Web Attack
Any attack from the outside aimed at Web server vulnerabilities.
Web Browser
A Web browser is a client program that uses the Hypertext Transfer Protocol (HTTP) to
make requests of Web servers throughout the Internet on behalf of the browser user.
Web denial-of-service
The Web server is specifically subjected to denial-of-service attacks.
WinNuke Attack
WinNuke is a Windows DoS (Denial of Service) attack which can cause Windows
NT & 95 (and in some cases, Windows 3.11) stations to panic and lose their
network connections. WinNuke sends a string (in the original source code the
string is "bye") to your NETBIOS port (139) using OOB (Out Of Band data). The
port is open by default on most Windows machines and is used for networking
over TCP/IP. The problem is that Windows, although it supports OOB's, doesn't
know what to do with them all the time. Windows 95 goes for the exception
handler, and fails, leaving most users with a blue screen.
Worm
A type of virus that disables a computer by creating a large number of copies of itself
within the computer's memory, forcing out other programs. Worm viruses are generally
constructed to also copy themselves to other linked computers.
X
X.500 Directory
X.500 Directory Service is a standard way to develop an electronic directory of people in
an organization so that it can be part of a global directory available to anyone in the
world with Internet access. Such a directory is sometimes called a global White Pages
directory.
X.509
The most widely used standard for defining digital certificates. X.509 is actually an ITU
Recommendation, which means that has not yet been officially defined or approved. As
a result, companies have implemented the standard in different ways. For example,
both Netscape and Microsoft use X.509 certificates to implement SSL in their Web
servers and browsers. But an X.509 Certificate generated by Netscape may not be
readable by Microsoft products, and vice versa.
XAuth
The XAuth extension to the IKE protocol allows two-factor authentication for remote
users: The digital certificate authenticates the user's machine or desktop, while the use
of passwords or tokens binds that user to his digital ID and authorizes him for network
access.