TACACS: Terminal Access Controller Access System
Terminal Access Controller Access System (TACACS), a protocol created by Cisco, provides access control for routers, network access servers and other networked computing devices via one or more centralized servers. TACACS provides separate authentication, authorization and accounting services.

TACACS+: Terminal Access Controller Access Control System (version 3)
Terminal Access Controller Access Control System (version 3), also known as TACACS+, provides access control for routers, network access servers and other networked computing devices via one or more centralized servers. TACACS+ is not compatible with previous versions of TACACS. Compared with the DADIUS, TACACS+ uses the TCP while RADIUS uses the UDP as the transport layer protocol. Some administrators recommend using TACACS+ because TCP is seen as a more reliable protocol. Whereas RADIUS combines authentication and authorization in a user profile, TACACS+ separates the two operations.

Tamper
Tamper in network security means to deliberately alter a system's logic, data, or control information to cause the system to perform unauthorized functions or services.

TCB: Trusted Computing Base
The trusted computing base (TCB) provides a secure environment, which includes the operating system and its provided security mechanisms, hardware, physical locations, network hardware and software, and prescribed procedures. Typically, there are provisions for controlling access, providing authorization to specific resources, supporting user authentication, guarding against viruses and other forms of system infiltration, and backup of data. It is assumed that the trusted computing base has been or should be tested or verified.

TCP Fingerprinting or OS Fingerprinting
TCP/IP Fingerprinting, also known as TCP stack fingerprintin or OS fingerprinting, is the process of determining the identity of a remote host's operating system by analyzing packets from that host. TCP fingerprinting works by sending TCP packets to a port and noticing how the TCP stack responds. Many of the specifications for TCP/IP are left open to interpretation, so each vendor implements the TCP/IP stack a little differently, creating a unique identifier or fingerprint. There are two different types, active and passive. Passive OS fingerprinting identifies the remote operating system with packets that are received, without sending any packets. Active OS fingerprinting, by contrast, sends packets and waits for a response (or lack of one). Active OS fingerprinting sometimes sends strange packets, because different implementations respond differently to such errors.

TCP Full Open Scan
TCP Full Open scans check each port by performing a full three-way handshake on each port to determine if it is open. This is a technique used in the port scanners.

TCP Half Open Scan
TCP Half Open scans work by performing the first half of a three-way handshake to determine if a port is open. This is a technique used in the port scanners.

TCP Sequence Prediction Attack
A TCP sequence prediction attack is to hijack an existing TCP session by injecting packets which pretend to come from one computer involved in the TCP session. The sequence number of TCP ensures that received packets are delivered to higher levels of the protocol stack in the correct order. If a communication is in process, then you can assume that authentication between the two systems has already been established. Theoretically, someone may highjack the communication session and send their own packets to the destination system without any need for further authentication by guessing or predict the TCP sequence numbers.

TCP Syn Attack
TCP Syn Attack is a type of denial of service (DOS) attack in which a sender transmits a volume of connections that cannot be completed. This causes the connection queues to fill up, thereby denying service to legitimate TCP users.

TCP Wrapper
TCP Wrapper is a software package which can be used to restrict access to certain network services based on the source of the connection. It is a simple tool to monitor and control incoming network traffic.

TCP session hijacking
TCP session hijacking refers to taking control of a Transmission Control Protocol (TCP) session between two hosts. People doing this is to launch the Man-In-The-Middle attacks

TCP SYN flooding
TCP SYN flooding, also known as SYN flooding, is a type of denial of service (DoS) attack using SYN packets.

Tcp_scan
Tcp_scan is a popular UNIX tool for TCP port scanning.

TCPA: Trusted Computer Platform Alliance
Trusted Computer Platform Alliance (TCPA), formed by Compaq, HP, IBM, Intel and Microsoft, defines specifications through the collaboration of HW, SW, communications, and technology vendors, and drives and implement TCPA specifications for an enhanced HW and OS based trusted computing platform that implements trust into client, server, networking, and communication platforms.

TCPDump
Tcpdump is a popular computer network debugging and security tool which allows the user to intercept and display TCP/IP packets being transmitted or received over a network to which the computer is attached. Tcpdump allows us to precisely see all the traffic and enables us to create statistical monitoring scripts.

TCSEC: Trusted Computer System Evaluation Criteria
Trusted Computer System Evaluation Criteria(TCSEC) is a document published by the NCSC (5200.28-STD) in 1985, containing the evaluation criteria for assessing degrees of assurance in the security features of hardware and software systems. The document is frequently referred to as "The Orange Book", which is the centerpiece of the “Rainbow Series”. The TCSEC has largely been superseded by the Common Criteria with the security criteria evolving into PPs and assurances into EALs.

TCT: The Coroners Toolkit
The Coroners Toolkit (TCT) is a package of tools for forensic analysis of compromised UNIX systems.

TearDrop
Teardrop is a widely available attack tool that exploits network vulnerability.

Teardrop attack
Teardrop attack is one of the earliest types of denial of service (DoS) attacks, using the Teardrop program.

TEK: Traffic Encryption Key
Traffic Encryption Key (TEK) is a symmetric key that is used to encrypt messages. TEKs are typically changed frequently, in some systems daily and in others for every message.

TELNET
TELNET is a TCP-based, application-layer, Internet Standard protocol for remote login from one host to another.

Tempest
Tempest was the name of a classified (secret) U.S. government project to study (probably for the purpose of both exploiting and guarding against) the susceptibility of some computer and telecommunications devices to emit electromagnetic radiation (EMR) in a manner that can be used to reconstruct intelligible data. Tempest standards define the limitation of electric or electromagnetic radiation emanations from electronic equipment such as microchips, monitors, or printers. It is a counter-intelligence measure aimed at the prevention of radiation espionage, also known as RINT (or RADINT). The term Tempest is often used more broadly for the entire field of compromising emanations or Emissions Security (EMSEC).

Tempest Shielding
Tempest Shielding refers to the shielding of devices from Electromagnetic Interference (EMI) and to ensure communications security (TEMPEST). The most sophisticated devices use advanced micro-components that have been designed from scratch to minimize Tempest emanations. Generally, shielding involves encompassing the device in a Faraday cage that does not permit stray emanations, along with special modifications to the power source. This usually involves a heavy metal case around an object. Tempest shielding also involves such issues as the design of a room and placement of equipment within it, to ensure that no information can escape.

TESS: The Exponential Encryption System
The Exponential Encryption System(TESS) is a system of separate but cooperating cryptographic mechanisms and functions for the secure authenticated exchange of cryptographic keys, the generation of digital signatures, and the distribution of public keys. TESS employs asymmetric cryptography, based on discrete exponentiation, and a structure of self-certified public keys.

T-FA: Two-factor authentication
Two-factor authentication (T-FA) is a security process in which the user provides two means of identification, one of which is typically a physical token, such as a card, and the other of which is typically something memorized, such as a security code. In this context, the two factors involved are sometimes spoken of as something you have and something you know.

TFN: Tribal Flood Network
Tribal Flood Network (TFN), like trinoo, is a classic DDoS attack, using a master program and multiple agents on multiple compromised systems. Unlike trinoo it can spoof the source IP for the agents, and can generate multiple types of attack (including UDP flood, TCP SYN flood, ICMP echo request flood, and ICMP directed broadcast). TFN2K is a more sophisticated version of the original TFN.

TFN2K: Tribal Flood Network 2000
Tribal Flood Network 2000 (TFN2K) is a distributed denial of service (DDoS) tool based on the earlier Tribal Flood Network (TFN) exploit.

TGT: Ticket Granting Ticket
Ticket Granting Ticket(TDT) is a credential that the key distribution center (KDC) issues to authenticated users.

THC-Hydra
THC-Hydra is an open soruce parallized login hacker. It can now attack TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, LDAP, SMB, SMBNT, MS-SQL, MYSQL, REXEC, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS, ICQ, SAP/R3, Cisco auth, Cisco enable and Cisco AAA, and more. It includes SSL support. binary versions for Win32/Cygwin, Palm Pilot and ARM processors (iPaq, Zaurus etc.) are also available!

Threat
Threat in information security means a potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm.

Threat Agent
Threat agent is a person or a thing, which acts, or has the power to act, to cause, carry, transmit, or support a threat.

Threat Assessment
A threat assessment is the identification of types of threats that an organization might be exposed to.

Threat Model
A threat model is used to describe a given threat and the harm it could to do a system if it has a vulnerability.

Threat Vector
Threat Vector is a path or a tool that a person uses to attack the target. For example, PC, PDA, Mobile phones are all possible threat vectors.

Thunderbolt
Thunderbolt is a data encryption algorithm used by (UK) government departments and not available to commercial or private users.

TIA: Terrorism Information Awareness
Terrorism Information Awareness (TIA - and formerly called Total Information Awareness) is the name of a U.S. project aimed at scanning enormous amounts of travel, financial, and other data from public and private sources in order to detect early preparations for terrorist attacks. The program was part of the Homeland Security Act and the project was managed by the Defense Advanced Research Projects Agency (DARPA). In September 2003, the U.S. Congressional negotiators agreed to terminate the program, although software developed for it is possibly being shifted to other agencies.

Ticket
Ticket, in Kerberos authentication, is a data structure used to provide access to resources.

Tier 1 Authentication
Tier 1 Authentication refers to the call authentication using Dialed Number Identification Service (DNIS) and Calling Line ID (CLID).

Tier 2 Authentication
Tier 2 Authentication refers to the user authentication using User ID and Password.

Timbuktu Pro
Timbuktu Pro is a popular solution for secure, full-featured, remote control software for Mac and Windows.

Tiny Fragment Attack
Tiny Fragment Attack is a class of attack on Internet firewalls taking advantage that it is possible to impose an unusually small fragment size on outgoing packets. If the fragment size is made small enough to force some of a TCP packet's TCP header fields into the second fragment, filter rules that specify patterns for those fields will not match. If the filtering implementation does not enforce a minimum fragment size, a disallowed packet might be passed because it didn't hit a match in the filter.

TKIP: Temporal Key Integrity Protocol
Temporal Key Integrity Protocol (TKIP) is part of the IEEE 802.11i encryption standard for wireless LANs security. TKIP utilizes RC4 stream cippher with 128 bit key for encryption and 64 bit key for authentication. TKIP is the next generation of WEP (Wired Equivalency Protocol). TKIP provides per-packet key mixing, a message integrity check and a re-keying mechanism, thus fixing the flaws of WEP.

Tlist
Tlist is a tool for displaying running processes on machines running on Microsoft Windows NT or later versions of the operating system.

TLS: Transport Layer Security
Transport Layer Security (TLS) protocol, based on SSL developed by Netscape, provides privacy and data integrity between two communicating applications. TLS is used extensively by web browsers to provide secure connections for transferring credit cards numbers and other sensitive data. Though SSL was superseeded to TLS by IETF, but the SSL name has gained enough popularity and people still call the protocol SSL or SST/TLS. The protocol is composed of two layers: the TLS Record Protocol and the TLS Handshake Protocol. At the lowest level, layered on top of some reliable transport protocol (TCP) is the TLS Record Protocol.

TOE: Target of Evaluation
Target of Evaluation (TOE) refers to an IT system, part of a system or product that has been identified as requiring security evaluation.

Token
In security context, a token or security token is a physical device, such as a special smart card, that together with something that a user knows, such as a PIN, will enable authorized access to a computer system or network.

Token Storage Key
Token Storage Key is a cryptography key used to protect data that is stored on a security token.

Token-Based Access Control
Token based access control is a user access control scheme that associates a list of objects and their privileges with each user.

Token-Based Devices
A token-based device is triggered by the time of day, so every minute the password changes, requiring the user to have the token with them when they log in.

Top CA: Top Certification Authority
Top Certification Authority (CA) refers to the highest-level CA (that is, the most trusted CA) in a certification hierarchy.

Topsite
A topsite is a stringently protected underground FTP server at the top of the distribution chain for pirated content, such as movies, music, games, and software.

Traffic Flow Confidentiality
Traffic Flow Confidentiality is a data confidentiality service to protect against traffic analysis.

Traceroute (tracert.exe)
Traceroute is a software tool (tracert.exe) the maps the route a packet takes from the local machine to a remote destination.

Tranquility Property
Tranquility Property is one of the three main properties of the Bell LaPadula security model (the others being the *-property (star property) and the simple property). The tranquility property states that the security level of an object cannot be changed while it is being processed by a computer system.

Transform
Transform in network security refers to the list of operations done on a dataflow to provide data authentication, data confidentiality, and data compression. For example, one transform is the ESP protocol with the HMAC-MD5 authentication algorithm; another transform is the AH protocol with the 56-bit DES encryption algorithm and the ESP protocol with the HMAC-SHA authentication algorithm.

Trap Door or Trapdoor
Trapdoor (trap door), also called a back door, is an entrance into a network, system or program created by the system’s designers or managers. However, attackers often use back doors that they detect or install themselves, as part of an exploit. In some cases, a worm is designed to take advantage of a back door created by an earlier attack. For example, Nimda gained entrance through a back door left by Code Red.

Trash2
Trash2 is a denial of service (DoS) exploit that uses Internet Control Message Protocol (ICMP) packets to hang or crash targeted systems.

Trigraph
Ttrigraph is a three-character replacement for a special or nonstandard character in a text file. A trigraph can be used in place of a symbol that is not present on a keyboard or in a character set. However, some programs cannot properly interpret them.

Trinoo
Trinoo is a scheme to launch DDoS attack, using a master program and multiple agents on multiple compromised systems. The attacker activates the master program and the master activates the agents using a list of IP addresses. The attacker connects to the master program via TCP, typically telnet. The master program launches the agents, connecting to them via UDP on port 27444. The agents then simultaneously attack one or more targets by flooding the network with UDP packets.

TRINOO ATTACK
Trinoo attack is a Distributed Denial of Service(DDOS) attack that uses a UDP flood to disable the victim. A trinoo network consists of an attacker system, several compromised systems, including one or more masters (referred to as handlers) and one or more daemon systems (referred to as agents), and one or more victims.

Trinux
Trinux is a security toolkit for Linux that runs from a floppy disk or CD-ROM.

Triple DES (3DES)
Triple DES, also known as 3DES, is a symmetric strong encryption algorithm, or cipher, that is compliant with the OpenPGP standard. 3DES is based on DES, that transforms each 64-bit plaintext block by applying the Data Encryption Algorithm three successive times, using either two or three different keys, for an effective key length of 112 or 168 bits.

Triple-A
Triple-A, more commonly known as AAA or Authentication, Authorization, and Accounting, is a security framework for controlling access to network resources.

Triple-Wrapped
Triple-Wrapped in S/MIME means data that has been signed with a digital signature, and then encrypted, and then signed again.

Tripwire
Tripwire is a file integrity security program to check designated files and/or directories against a previously generated database, and flags any files that have been added, deleted or changed. Basically, it works with a database that maintains information about the byte count of files. If the byte count has changed, it will identify it to the system security manager.

Trojan Horse
A Trojan horse is a program in which malicious or harmful code is contained inside apparently harmless programming or data in such a way that it can get control and do its chosen form of damage, such as ruining the file allocation table on your hard disk. In one celebrated case, a Trojan horse was a program that was supposed to find and destroy computer viruses. A Trojan horse may be widely redistributed as part of a computer virus.

Trojan
Trojan  is a form of malware that often can do considerable damage to a system or network.

Trust
Trust in networking determines which permissions and what actions other systems or users can perform on remote machines.

Trust Level
Trust Level is the standard of security protection to be met by a computer system.

Trustbridge
Trustbridge is a Microsoft technology for federated identity management among businesses.

TRUSTe
TRUSTe is a nonprofit organization that monitors how participating online businesses comply with their privacy policies.

Trusted Certificate
Trusted Certificate is the certificate upon which a certificate user relies as being valid without the need for validation testing; especially a public-key certificate that is used to provide the first public key in a certification path.

Trusted Key
Trusted Key is a public key upon which a user relies; especially a public key that can be used as the first public key in a certification path.

Trusted Ports
Trusted ports are ports below number 1024 usually allowed to be opened by the root user.

Trusted Process
Trusted Process is a system process with certain privileges that enable it to affect the state of system security and that can, therefore, through incorrect or malicious execution, violate the system's security policy.

Trusted Subnetwork
Trusted Subnetwork contains hosts and routers that trust each other not to engage in active or passive attacks. (There also is an assumption that the underlying communication channels—for example, telephone lines or a LAN—are protected from attack by some means.)

Trust-file PKI
Trust-file PKI is a Non-hierarchical PKI in which each certificate user has a local file (which is used by application software) of public-key certificates that the user trusts as starting points (that is, roots) for certification paths.

TSEnum
TSEnum is a tool for scanning for the presence of Microsoft Windows terminal servers.

TTL: Time to Live
Time To Live (TTL) is a value in an Internet Protocol packet that tells a network router whether or not the packet has been in the network too long and should be discarded.

Tunnel
Tunnel refers to a communication channel created in a computer network by encapsulating a communication protocol's data packets in (on top of) a second protocol that normally would be carried above, or at the same layer as, the first one. Most often, a tunnel is a logical point-to-point link - i.e., an OSI layer 2 connection - created by encapsulating the layer 2 protocol in a transport protocol (such as TCP), in a network or inter-network layer protocol (such as IP), or in another link layer protocol. Tunneling can move data between computers that use a protocol not supported by the network connecting them.

Tunneling
Tunneling is the transmission of data intended for use only within a private, usually corporate network through a public network in such a way that the routing nodes in the public network are unaware that the transmission is part of a private network. Tunneling is generally done by encapsulating the private network data and protocol information within the public network transmission units so that the private network protocol information appears to the public network as data.

TUV: Technischer Überwachungsverein
Technischer Überwachungsverein (TUV), Technical Monitoring Association in English, is a German organization that aims to protect humans and the environment against hazards coming from factories and mechanisms of all kinds. As an independent consultant, it examines monitoring-needy plants, motor vehicles, energy installations and devices. Many subsidiaries of the TÜVs can also appear as project developers for energy and traffic concepts, problem solutions in the area of environmental protection and certification bodies.

Two-Factor Authentication
Two-factor authentication is a security process in which the user provides two means of identification, one of which is typically a physical token, such as a card, and the other of which is typically something memorized, such as a security code. In this context, the two factors involved are sometimes spoken of as something you have and something you know.

Twofish
Twofish is an encryption algorithm based on an earlier algorithm, Blowfish, and was a finalist for a NIST Advanced Encryption Standard (AES) algorithm to replace the DES algorithm. (NIST eventually selected the Rijndael algorithm.)

Type II Error
Type II error, also called false acceptance, is a mistake occasionally made by biometric security systems. In an instance of false acceptance, an unauthorized person is identified as an authorized person.