The ability of a user to communicate with, pass data through, or have entry to a component or system. It is also used to describe entry to a specified Restricted area. This definition does not include those persons (customers) who simply receive products created by the system and who do not have communications or other interface with the system or its personnel.
Accreditation
Official DAA authorization to place a system in operation. It is formally defined as the official management authorization to operate an information system. Accreditation normally grants approval to operate in a particular security mode, with a prescribed set of countermeasures and computer security, with stated vulnerabilities if any, within a given operational concept and environment, with stated interconnections to other systems, within an acceptable level of risk for which the accrediting authority has assumed responsibility, and for a specified period of time (not to exceed three years).
Access Control List. An HP-UX term for a set of entries associated with a file that specify permissions for all possible userid/groupid combinations.
ACM
Access Control Mechanism. An algorithm and data structure that supports access control decisions. It mediates decisions about whether specific subjects can access specific objects in specific ways.
An HP-UX term for a portion of the disk array capacity reserved to perform a rebuild. An Active Spare ensures that the disk array can maintain Data Redundancy if a disk fails. Until it is needed the array uses the space as RAID 0/1 capacity which improves array performance. The Active Spare space does not sit idle.
Automated Data Processing Facility. The physical resources, including structures or parts of structures, which house and support data processing capabilities. For each computer facility designated as a DPC, the ADPF is the DPC. For small computers, the ADPF is the physical area in which the computer is used.
Automated Information System. An assembly of computer hardware, software, and/or firmware configured to collect, create, communicate, compute, disseminate, process, store, and/or control information.
Anonymous FTP
An UNIX term for A mechanism that allows public files to be copied from systems on the internet, intranet, LAN and/or WAN without having a login account on the system. It uses the login name "anonymous" with a password of "guest" or the email address of the person using the anonymous login. Browsers automatically use anonymous FTP when an ftp URL is chosen.
applications programs
Those routines designed by or for ADPS users and customers to complete specific, mission-oriented tasks, jobs or functions, using available ADP equipment and basic software.
Approval to Operate
Represents agreement by the DAA that a satisfactory level of security exists. That is, minimum requirements are met and there is an acceptably low level of risk. The DAA authorizes the operation of an AIS at an ADPF.
ARM
AutoRAID Manager Utilities. Optional software from Hewlett-Packard for array control, setup and manipulation.
An HP-UX term. Known as the arraymon process, runs at regular five minute intervals to retrieve disk array status information.
audit id
An HP-UX term for an ID associated with each user when trusted systems are used. The audit ID does not change, even when executing programs with a different userid.
audit trail
An HP-UX term for a set of records that collectively provide documentary evidence of processing, used to aid in tracing from original transactions forwarded to related records and reports, and/or backwards from records and reports to their component source transactions.
An HP-UX term for an autoboot sequence which allows a complete bootstrap operation to occur with no intervention from an operator.
auto configuration
An HP-UX term for for a process in which software automatically allows the Disk Array Controller to recognize and include disks of varying performance and capacity.
auto failover
An HP-UX term. When two controllers are present, one serves as the primary array controller and the other then becomes the secondary array controller. If either fails, the other has the ability to assume the role of primary array controller. The failed controller can be removed and replaced with no interruption to the users or the system.
auto rebuild
An HP-UX term for a process that begins immediately after a disk failure (as long as enough space is available). No user intervention is required. Once complete the array is again Fault-tolerant and the data is again redundant.
An HP-UX term for a mechanism that automatically locates the boot and console devices. Autosearch is implemented if the Primary Boot Path is invalid or if the System Administrator overrides the autoboot sequence. See also pdc.
automated data processing resources
The totality of ADP equipment, software, data, computer time, computer programs, ADP contractual services, ADP personnel, and supplies.
automated data processing security plan
The overall plan for providing security throughout the life-cycle of an automated project or program, AIS, or ADPF.
AutoRAID array technology
AutoRAID is a trademark of the Hewlett-Packard Company . It implements RAID technology automatically without requiring the user to know how to setup, determine or install different RAID modes.
An HP-UX term for a space reserved at the end of a disk (optionally) reserved by the System Administrator to provide alternate locations for blocks which go bad on the disk. In advance of using the disk you can record on it which blocks are known to be bad. Bad block relocation should be turned off for contiguous Logical Volumes, including root, primary swap, and dump.
balancing
An HP-UX term for the process of automatically spreading the data equally across all disks to increase performance.
An HP-UX term for a memory buffer that greatly increases the speed of data transfers to and from disk devices.
Certification
The technical, comprehensive evaluation of a system's security features, made as part of and in support of the approval/accreditation process, that establishes the extent to which a particular computer system's design and implementation meets a set of specified security requirements.
channel
An HP-UX term for a SCSI bus on the Disk Array Controller. Each Disk Array Controller is connected to one channel.
Component Information Systems Security Manager - the focal point for policy and guidance in information system security matters. The CISSM shall review threat and vulnerability assessments to enable the DAA to properly assess risks and determine effective measures to minimize such risks. The CISSM reports to and supports the DAA by administering the DISA Information Systems Security Program. See also ISSM.
class
A hierarchical ranking denoting a certain level of trust based on DOD 5200.28-STD (the Orange Book).
A computer term for a software application that works to extract a service from a server (computer program such as a database), usually over a network.
COE
Common Operating Environment. See DII COE for a more complete description.
COMPUSEC
Computer Security.
computer systems security officer
The person designated to establish and provide computer security to the computer system, platform, application, database, and environment.
COMSEC
Communications Security.
concentrator
A computer networking term for a device that allows a multitude of network workstations to utilize a single communication connection.
connect session
A computer network term for the period of time during which a user is connected to the system. It starts when the user logs in and finishes when the user logs out.
An HP-UX term for an option (-C y) used with the lvcreate command which assures that Physical Extents are allocated in ascending order, no gap is allowed between Physical Extents within a mirror copy, and Physical Extents of any mirror copy all reside on a single Physical Volume.
controlled access
The process of limiting access to the resources of an AIS only to authorized personnel, users, programs, processes, or other ADP systems (computer networks).
controlled area
An environment, considered in part or as a whole, where all types and aspects of access are checked and controlled.
COOP
Continuity of Operations Plan. A process to ensure availability in the event of a system or component failure.
Computer Oracle and Password System - a collection of security tools that are designed specifically to aid the typical UNIX System Administrator in the oft neglected are of computer security. COPS does not attempt to correct or exploit any of the potential problems it finds.
A computer program. Crack is a password guessing program that is designed to quickly locate insecurities in UNIX (or other) password files by scanning the contents of a password file, looking for users who have misguidedly chosen a weak login password.
A computer term for the unexpected shutdown of a program or system. If the operating system crashes, this is a "system crash", and requires the system to be rebooted. When a system 'crashes' it attempts to store the contents of it's volatile memory on the hard drive. If successful it will be stored in /var/adm/crash. This stored information can be very valuable to HP in determining the reason for the crash.
critical processing resources
Those resources that must be protected because their compromise, alteration, destruction, loss, or failure to meet objectives will jeopardize the system or DOD life support functions.
An HP-UX term for a process which executes commands at specified dates and times, according to instructions given to it in files contained in directory /usr/spool/cron/crontabs.
customer
A person or organization who receives products produced by an AIS, but who does not necessarily have any means of access to the system (see access).
Designated Approving Authority. The appointed management official tasked to determine the level of acceptable risk. Tasked also to authorize the operation of an information system once an acceptable level of risk has been attained. The DAA is responsible for issuing an accreditation statement if the level of risk is deemed acceptable. This statement states that the DAA formally accepts responsibility for the operation of the system and declares that the specified system will adequately protect against compromise, destruction, or unauthorized modification under the stated parameters of the accreditation.
An HP-UX term for a background, unseen process that performs system wide functions.
DASD
Direct Access Storage Device. A hardware device (disk drive or tape drive) used for temporary or permanent storage of data and software.
data owner
The authority, individual, or organization who has original responsibility for the data by statute, Executive order, or Directive.
data redundancy
An HP-UX term for a process which protects the disk array from data loss by disk failure by putting the same data on two of the arrays’ disks. See Mirroring.
data redundancy capacity
An HP-UX term for the capacity required to support RAID 0/1 and RAID 5 storage techniques. This capacity is managed by the disk array controller and cannot be increased or reduced.
data transfer rate
An HP-UX term for the speed at which data is moved between a host computer and a peripheral.
DCA
Department Control ACID. Individual who controls users, profiles, departments, and resources within their own department.
Defense Data Network. A portion of the Internet that connects to U.S. military bases and concentrators. Used for non-secure communications.
Declassifying
A procedure and an administrative decision to remove the security classification of subject media. The procedural aspect of declassification is the actual purging of the media and removing all labels denoting original classification category. Relabeling may be required. Collateral classified media may be declassified if purged in accordance with National Computer Security Center NCSC-TG-025, A Guide to Understanding Data Remanence in Automated Systems (reference a). Declassifying is required when the media will be released outside the facility, such as when equipment is turned in for repair or excessed, or released to another facility, agency or activity.
Device Special Files tell the operating system which device driver to use, how to find the peripherial device, and what characteristics the peripherial device should employ. Characteristics vary by device. Most device special file names contain the location of the device on the bus architecture. All mass storage devices adhere to a syntax that includes c#t#d# (s#).
Defense Information Infostructure Common Operating Environment. The DII COE Kernel is a suite of applications layered on top of the HP-UX Operating System. It is the minimum set of software required on every workstation regardless of how the workstation will be used - if the site is to be COE compliant. The DII COE Kernel ensures that every workstation in a system operates in a consistent manner and that every workstation begins with the same environment.
A piece of HP hardware. It implements HP’s AutoRAID Array Technology and Balancing and manages all data transfers between the host computer and disk modules of an array.
disk module
An HP-UX term for one of the hard drives of an array
disk sectioning
An HP-UX term. On Series 800 systems, disks can be divided into sections, which appear to the operating system as separate disks.
disk stamp
An HP-UX term for a unique identifying code written to each disk when it is included in an array.
disks not in use
An HP-UX term for any disk, installed in an array cabinet but not included in the array configuration.
DISN
Defense Information Systems Network.
DISO
Defense Information Services Organization (predecessor of Defense Information Systems Agency - Western Hemisphere).
Defense MegaCenter. Formerly called Regional Processing Center (RPC) it refers to the consolidation locations for computer resources and operations directed by Defense Management Report Decision (DMRD) 924. Both terms have been replace by JOF.
An HP-UX term for the process of moving data that is accessed frequently, as determined both by the Disk Stamp and Time Stamp, into RAID 0/1 space, which is optimized for performance. It is the process of moving data that is accessed less frequently to RAID 5 space, which is optimized for its higher storage capacity. In either RAID mode the data is stored with data redundancy so that at any time a single disk failure will cause no data loss and no interruption of data transfer.
A computer term for the complete architecture associated with one or more file systems. A file structure may or may not contain more than one file system. A complete file structure for any particular filename or directory can be associated with the path of the particular file or directory. A file structure can be represented by an inverted tree structure showing all the branches associated with the tree, beginning with root.
A computer term for the organization of files on storage devices. The term "file system" can refer either to the entire file system tree or a subsection of that file system (contained within either a disk section or a logical volume) that can be mounted or unmounted from the tree. The only exception to this rule can be found in discussions concerning the root directory. The root directory can be referred to as a file system or structure (See the definition of file structure above).
A UNIX term for a standard protocol that lists users logged into a system. It can also display information about a particular user. It typically shows full name, last login time, idle time, terminal line, and terminal location.
An HP-UX term for a command that audits and interactively repairs inconsistent conditions for HP-UX file systems on mass storage device files. If the file system is consistent, the number of files on that system and the number of used and free blocks are reported. If the system is inconsistent, fsck provides a mechanism to repair those inconsistencies.
A computer networking term for a program or device used to provide a protocol conversion and for passing information between networks and/or applications. Gateways allow incompatible applications to communicate over the same network, e.g., TCP/IP, 3270.
An HP-UX term for a group identifier. Also called groupid. Not to be confused with sgid.
GOTS
Government Off The Shelf software
group
A computer term for a collection of users with common computer resource requirements and/or a collection of userids that form collective ownership of a file or directory. They have a common groupid. When referenced with permission (as in group permissions), it relates to the permissions for a group associated with a file, directory, or ACL.
Graphical User Interface - computer terminology for colorful pictures and icons on a users workspace (monitor). The users uses a mouse or other pointing device to point and click instead of typing words and/or commands at a prompt.
A computer term for a condition where the computer is stuck in a loop, and looks and acts like it has stopped. It allows no entry from the keyboard or any other input device. Sometimes processes can last so long they appear to be 'hangs'.
HBA
Host Bus Adapter. An HP-UX term for an internal card located in the host computer. Each SCSI-2 HBA can connect to 15 SCSI targets.
Also known as a partial backup. A computer term for the process of backing up only the data which changed since the last backup. As opposed to a full backup.
Inode
A UNIX term for a number created to identify each file in a UNIX file system. Used for tracing information.
An HP-UX program which installs special files in the devices directory (normally /dev) for all new devices found. New devices are those for which no special files have been previously created.
internal security controls
Hardware, firmware, and software features within an AIS that restrict access to passive "objects" (hardware, firmware, software, and data) by only authorized active "subjects" (persons, programs, or devices).
IP
Internet Protocol. A UNIX term for the most important of the protocols on which the Internet is based. An IP allows a packet of data to traverse multiple networks on the way to the packet’s final destination.
IP address
A computer term for the Internet Protocol address used to uniquely identify host computers and workstations.
An HP-UX term. Initial System Loader. The first piece of software loaded from outside the System Processing Unit and executed during the boot process. It implements the operating system independent portion of the bootstrap process. It is loaded and executed after self-test and initialization have completed successfully.
Information System Security Manager - the focal point for all organizational information system security concerns. The ISSM implements the overall IS security program for the organization and should not participate in daily IS operations. See also CISSM.
Information Systems Security Officer. Term replaces PSAO (primary organization or individual) responsible for security administration on the platform. An ISSO will be appointed for a single or cluster of information systems. For information systems undergoing development, the ISSO will function as the Application Security Engineer (ASE), responsible for designing security into life-cycle development. The ISSO/ASE should assure that effective security products and techniques are appropriately used in the information system and should be contacted when security incidents or violations occur.
A UNIX term for the core of a UNIX operating system. The kernel is the compiled code responsible for managing the computer's resources; it performs such functions as allocating memory and scheduling programs for execution. The kernel resides in RAM (random access memory) whenever UNIX is running.
Logical Extents. An HP-UX term. LEs are Physical Extents that have been allocated for use in a Logical Volume. Logical Extents are simply a way to map the Physical Extents allocated to various Logical Volumes. They are always numbered sequentially but are not necessarily contiguous unless specified to be so.
LIF
Logical Interchange Format. An HP-UX term for a standard disk format that can be used for the interchange of files among various HP computer systems.
local point of contact
Individual(s) located at the computer site responsible for coordinating with DISA remote systems administrators and performing certain local tasks.
logical drive number
An HP-UX term for a unique number (0 to 7) assigned to each LUN on an array.
login
A computer term for the process by which users gain access to a computer system. It consists of entering a userid and a password. It is validated by the operating system and upon verification will allow the user to have access to the system and its resources.
An HP-UX term for a portion of an array’s capacity that appears to the operating system as a physical disk. The entire array capacity can be divided into up to 8 LUNs numbered 0 to 7. The data in a LUN is spread across all disks in an array. There is no correlation between a LUN and any physical disk in an array.
Logical Volume. An HP-UX term. LVs are collections of Physical Extents from one or more arrays and/or disks. Each collection is put together so that it appears to the operating system to be a single disk device. Like whole disks or disk sections, Logical Volumes can be be used to hold file systems, raw data areas, dump areas or swap areas.. The size of the Logical Volume can be reduced or expanded.
An algorithm designed to verify data integrity. Reported to be much more reliable than checksum and other commonly used methods. The MD5 algorithm is intended for digital signature applications, where a large file must be "compressed" in a secure manner before being encrypted with a private (secret) key under a public-key cryptosystem like RSA Data Security or PGP.
migration
An HP-UX term for the movement of data between RAID 0/1 and RAID 5.
mirrored disks
An HP-UX term for an exact duplication of a defined set of a disks files on another disk. There are now two basic types of mirroring - traditional and LVM. The LVM disk array uses a mirroring routine called RAID 0/1 or block mirroring.
Network Security Officer - appointed for each identified network and will implement the Information System Security Program for all networks within their purview. The NSO's responsibilities are similar to those of the ISSO, with the NSO concentrating on network security and the ISSO concentrating on information system security. depending on the size and complexity of the information system, the NSO may also be the ISSO.
NVRAM
Non Volatile Random Access Memory. An HP-UX term. This is battery backed up memory on the array controllers.
A computer term. Objects are passive entities that contain or receive information. Access to the object implies access to the information it contains.
orasid
An Oracle Database term. It is the Oracle site id parameter. Valid orasids can be found in the /etc/oratab file. This value is, in effect, a database identifier. Each one must be unique.
A Computer term for a condition when the system becomes inoperable due to an abnormal condition detected by the kernel. The system reboots on it's own. Panics create dumps.
A computer term for a protected string of characters used to authenticate the identity of a user for access to a system. It is known only to that user.
or "path name" - a computer term for the complete list of directories that must be followed to arrive at the location of any particular file. Directory names are separated by / characters, and end in a directory name or file name. The path will follow the file structure to arrive at the file name location.
An HP-UX term for the firmware that implements all processor-dependent functionality, including initialization and self-test of the processor. Upon completion it transfers control to the ISL.
Physical Extent - evenly sized, addressable units of disk space. The default size is 4 MB. You can set or change the size of the Physical Extent at the time of Volume Group creation. Physical Extents are always the same size for every Physical Volume in a Volume Group. The Physical Extents of a Physical Volume are always numbered sequentially and are always contiguous. As Logical Volumes are created their Logical Extents are "mapped" to corresponding Physical Extents and stored in the VGRA area of each Physical Volume in the Volume Group.
POSIX is a Unix shell a command interpreter that conforms to the POSIX 1003.2 standard. The behavior of the POSIX shell is almost identical to that of the Korn shell.
PMO
Program Management Office. The primary office for purchasing the hardware and software. The PMO will provide the initial information for establishing the platform to include licensing, hardware, communications and points of contact for the installation.
port
A computer term for a number that identifies a particular Internet application. Also, a physical connection for an input/output channel.
An HP-UX term. In disk arrays with two controllers. One is designated as primary. The other as secondary. They both can do the same things. The secondary takes over automatically if the primary fails for any reason.
A computer term for the environment in which a program or script executes. It includes the program's code, data, status of open files, value of variables, etc.
process id
A computer term for the unique number assigned to a process executing on the system.
profile
A computer term for any of the user groupings or categories that are defined according to the job the user performs.
A computer term for the set of rules governing how computers will act when communicating with each other. A standard communication format allowing networked computers to exchange information. Protocols are developed for each type of information exchange (TCP/IP, ftp, telnet, http, smtp, etc.). Protocols are developed to allow computers from different manufacturers to communicate.
Physical Volume. An HP-UX term. It can be equated with a LUN. A Physical Volume cannot be split between Volume Groups. It must be wholly contained in one VG only.
Physical Volume Reserved Area - An HP-UX term for an area set aside on a Physical Volume that contains: the Physical Volume (PV) ID number, the Volume Group the PV belongs to, the Physical Extent (PE) size, the Physical Volume size, a bad block directory, and pointers to other disk areas (Bad Block Pool and VGRA).
A computer acronym for ‘Redundant Array of Independent Disks’. The disk array implements this technology to connect several disk drives to one Disk Array Controller. Several different forms of RAID implementations have been defined. The RAID implementations supported by Advanced Disk Array include RAID 0/1 and RAID 5.
A disk array operating mode that provides high performance but is somewhat inefficient in its use of disk space. RAID 0/1 implements data redundancy by keeping a separate copy of all data and ‘striping’ the two copies across all disks. This mirroring technique consumes half of the disk capacity but provides maximum performance for servicing disk writes. Distributing data across all disks provides a performance boost.
A disk array operating mode that is efficient in its use of disk space but suffers a performance penalty when performing write I/Os. As the disk array begins to fill up, less frequently updated data is moved to RAID 5 space.
real userid
A computer term for an integer, assigned to a user name at login from the /etc/passwd file, which uniquely identifies the user name to a system.
reboot
A computer term for taking the operating system from a running state, to a stopped state and back to a running state without a power down.
rebuild
An HP-UX term for the process of recovering data that was on a failed disk and putting it onto a newly installed and included disk.
rebuild priority
An HP-UX term for the priority of a rebuild to be either higher or lower than the host I/Os.
relocated blocks
An HP-UX term for data blocks that are relocated from RAID0/1 to RAID 5 (or visa versa) when performing a write.
residual risk
That portion of risk that remains after security measures have been applied.
Remote File Services - all of the commands which can be used to run a remote site, such as; rlogin, rlp, rcp, rdist, etc.
risk
The loss potential which exists as the result of threat vulnerability pairs. Reducing either the threat or vulnerability reduces risk.
risk analysis
A part of risk management that is used to minimize risk by effectively applying security countermeasures commensurate with the relative threats, vulnerabilities, and value of resources to be protected, consisting of four assessment modules: Sensitivity, Risk, Economic, and Security Test and Evaluation.
risk assessment
A detailed study of the vulnerabilities, threats, likelihood estimates, loss or impact, and theoretical effectiveness of security measures.
rlogin
Program that allows remote users to log into a system.
router
A computer networking term for a device that transfers data between two networks that use the same protocols.
RPC
Regional Processing Center. This term refers to the consolidated processing sites in the CONUS (Continential United States).
Security Administrator Tool for Analyzing Networks - A computer program which gathers as much information about remote hosts and networks as possible by examining such network services as finger, NFS, NIS, ftp, tftp, and other services. The information gathered includes the presence of various network information services as well as potential security flaws.
Small Computer System Interface. A computer term for an industry standard interface that defines mechanical, electrical, and functional requirements for connections and communications between small computers, disk drives and other peripherals.
SCSI ID
A computer term for a unique number assigned to each device connected to a SCSI bus. It uniquely identifies the device on the SCSI channel. Each controller in an array has it’s own SCSI ID.
SDTR
Synchronous Data Transfer Request. A UNIX term. SDTR controls the data rate on the SCSI bus used by the host and the array. SDTR also determines the negotiation protocol of the host. If SDTR is enabled, the array will initiate the negotiation protocol; if disabled (default) the host will negotiate the protocol. In either case the disk array will always respond to any requests made by the host.
security incident
Any act or circumstance that involves sensitive information in which there is a deviation from the requirements of governing security regulations.
security mechanisms
Elements of software, firmware, hardware, or procedures included in a system used to satisfy the security requirements for that system.
security officer
The individual responsible for monitoring, evaluating, and ensuring procedures and controls for system security.
security policy
The set of laws, rules, and policies that regulate how an organization manages, protects, and distributes sensitive information.
sensitive processing resources
Those resources that must be protected because their compromise, alteration, destruction, or loss will adversely affect the security of classified, proprietary, personal, or other information which has been restricted by competent authority from general disclosure. This includes information used to manage sensitive resources such as high dollar value, munitions, and personnel records.
sensitive unclassified information
Information that requires protection due to the risk and magnitude of harm or loss that could result from unauthorized disclosure, alteration, loss, or destruction. Privacy Act and "For Official Use Only" data are included in this definition.
A computer term. Software (like a database) that allows a computer to offer services to other computers. Also, the computer on which the server software runs. See host.
A UNIX term for a permission that allows a user executing a file the same permissions as the group owner of the file.
shell
A UNIX term for a program or script that interfaces a user with an operating system. There are many different shells each containing different functionality. Each shell is generally directed toward a particular capability needed by certain users. A shell is software that accepts and processes command lines from a terminal. UNIX has several shells including C, Bourne, and Korn, each with slightly different commands.
shutdown
A computer term - the process of taking the system from a multi-user state to a single user state and a complete halt and/or power down.
Serial Line IP. A UNIX term for a protocol that allows a computer to use the Internet protocols with a standard telephone line. SLIP is being replaced by PPP.
SMC Montgomery
DMC Montgomery Systems Management Center
Sniffer
A computer networking program. A network interface designed to interrogate data passed through the network communication links.
An HP-UX term for the memory reserved for maintaining critical configuration parameters used during system boot. For example, the primary and alternate boot paths, console path, and autoboot settings are stored in Stable Storage.
A computer term for a bit that provides protection for files in a directory. The sticky bit ensures that only the owner of a file can delete the file or directory.
An HP-UX term. Also known as "disk striping" is used in multiple hard drive situations. Data, which would normally be in consecutive blocks on a single disk, are intentionally and systematically sent to Physical Extents (PE) on different disks i.e.; block 1 to disk one, block 2 to disk 2, block 3 to disk 3, etc. The size of each block of data is called the "stripe size" of the Logical Volume. Striped data requires the same amount of disk space as unstriped data. Striping can increase the performance of applications that read and write large sequentially accessed files. Data access is performed across multiple disks simultaneously.
stripe depth
An HP-UX term. The stripe depth used by advanced disk array in RAID 5 mode is 64Kbytes. Normally, RAID 5 mode incurs a performance penalty since in order to determine the proper parity, previously written data must be read. This is called the read/modify/write penalty. However, when the data to be written exceeds the size of the stripe depth, or 64K, no read/modify/write penalty occurs because all of the data (including parity) already exists in ram.
Terminal Area Security Officer - appointed for each workstation or contiguous group of workstations not under the direct control of an ISSO or NSO. TASOs are responsible for information system related security procedures in an assigned information system user area. TASOs may be assigned security responsibility for multiple workstations or areas as long as the ISSM/ISSO is satisfied that security is being maintained.
TCB
Trusted Computer Base. The totality of protection mechanisms within a computer system – including hardware, firmware, and software -- the combination of which is responsible for enforcing a security policy. It consists of one of more components that together enforce a unified security policy over a product or system.
Transmission Control Protocol. A UNIX term for one of the protocols on which the Internet is based. TCP is a connection-oriented, reliable protocol.
telnet
A UNIX tern for the standard protocol for remote terminal connection service. A "terminal emulation" protocol that allows a user to log into other computer systems.
Transfer of Control. An HP-UX term. In the event of a hang the System Administrator can force a TOC. If successful the hardware is reset as though a power up has occurred and proceeds to reboot. After reboot the resultant dump can be recovered from the dump space and analyzed by HP for cause. To Transfer Control and force a dump on a T520 - from the console type ctrl-b [return]; at the resultant CM> prompt type SP [return]; at the the resultant SP> prompt type TC [return]. Then stand back. Each HP computer series forces a TOC differently.
threat agent
Those methods and capabilities such as fire, natural disaster, etc., which may be used to exploit the vulnerability in a system, facility, or operation.
trusted computer system
A system that employs sufficient hardware and software integrity measures to allow its use for processing sensitive or classified information.
A manual addressed to the ADP System Administrator which presents cautions about functions and privileges that should be controlled when running a secure facility.
User Identification. A UNIX term for a unique user number assigned to each user in a UNIX system also known as userid. Not to be confused with suid.
umask
A UNIX term. Built-in shell function to restrict read/write/execute permissions.
unallocated capacity
An HP-UX term for array capacity that has not been assigned to a LUN and is therefore not accessible to the system. The disk array uses all unallocated capacity to improve array performance by using it for RAID 0/1 storage.
UNIX System Administration and Management - programs written and provided to all DMC's by SSO Montgomery to replace Hewlett-Packard's SAM (System Administration Manager).
user
A computer term for an individual or organization with the ability to access system components.
Volume Group - An HP-UX term for a separate pool of storage space as distinct from any other storage space outside the Volume Group. A Volume Group can contain from 1 to 255 Logical Volumes, 16 being the default.
Volume Group Description Area - An HP-UX term. Part of the VGRA area of a Physical Volume. It contains information on the Volume Group to which the Physical Volume belongs, i.e.;How many Logical Volumes (LV) in this VG, How many Physical Volumes make up this Volume Group, and the PE -> LEmap for every Logical Volume in the Volume Group.
Volume Group Reserved Area - An HP-UX term. An area of a physical disk below and adjacent to the PVRA, created at the time it was made into a Physical Volume. It contains information on the Volume Group it belongs to and contains 2 information areas: (1) VGDA - Volume Group Description Area and (2) VGSA - Volume Group Status Area.
Volume Group Status Area - An HP-UX term. Part of the VGRA area of a Physical Volume. A dynamic area containing information on the status of each Physical Volume of the Volume Group.
vulnerability
A weakness in security procedures, administrative controls, internal controls, or practices that could be exploited by a threat agent to gain unauthorized access to sensitive information or to disrupt processing.
VERITAS File System, also known as JFS (Journaled File System). An HP-UX term. It allows much shorter recovery times (as compared to HFS) in the event of system failure. It is also particularly useful in environments that require high performance or deal with large volumes of data. Memory requirements are considerably larger than that needed for HFS.
Wide Data Transfer Request. An HP-UX term for a process which controls whether or not an additional eight bits on a wide bus will be used. Enabled WDTR uses wide (16 bit) data transfer requests for the primary disk array controller. Disabled (default), a narrow (8 bit) data transfer request is used.
workstation
A computer term for a personal computer configured to access a network host.
write working set
An HP-UX term for the number of unique data blocks written to the array over a period of time. To maintain performance, the write working set should not consistently exceed the amount of RAID 0/1 space available.
