Back door

An activity used to test the strength and effectiveness of deployed security measures with an authorized attempted intrusion attack. Penetration testing should be performed only with the consent and knowledge of the management staff. Security testing in which evaluators attempt to circumvent the security features of a system based on their understanding of the system design and implementation. Security testing in which the evaluators attempt to circumvent the security features of a system based on their understanding of the system design and implementation. The evaluators may be assumed to use all system design and implementation documentation, which may include listings of system source code, manuals, and circuit diagrams. The evaluators work under no constraints other than those applied to ordinary users or implementers of untrusted portions of the component.
[view]

A hidden software or hardware mechanism that permits system protection mechanisms to be circumvented. It is activated in some nonapparent manner; for example, a special “random” key sequence at a terminal. Synonymous with back door. Undocumented command sequence that allows software developers to bypass normal access restrictions.
[view]

The combination of hardware, software, and controls that form a trusted base that enforces your security policy. The totality of protection mechanisms within a computer system, including hardware, software, and communications equipment, the combination of which is responsible for enforcing a security policy. A TCB consists of one or more components that together enforce a unified security policy over a product or system. The ability of a trusted computing base to correctly enforce a security policy depends solely on the mechanisms within the TCB and on the correct input by system administrative personnel of parameters (such as a user’s clearance) related to the security policy. Totality of protection mechanisms within a computer system, including hardware, firmware, and software, the combination responsible for enforcing a security policy.
[view]

A characteristic of a service, security control, or access mechanism that is unseen by users. Transparency is often a desirable feature for security controls. The characteristic of a service, security control, or access mechanism that ensures that it is unseen by users. Transparency is often a desirable feature for security controls. The more transparent a security mechanism is, the less likely a user will be able to circumvent it or even be aware that it exists.
[view]

Software that if not performed or performed incorrectly, inadvertently, or out of sequence could result in a hazard or allow a hazardous condition to exist. This includes (1) software that directly exercises command and control over potentially hazardous functions or hardware; (2) software that monitors critical hardware components; and (3) software that monitors the system for possible critical conditions or states.
[view]