The glossary below contains many of the terms you will find in common use throughout the Symantec Security Response website. Please refer to this list to find definitions of terms and answers to other Internet security-related questions.


The process of validating a user’s credentials.

The attribute that measures the complexity of the attestation that is required to exploit the vulnerability. The values are Multiple, Single, and None.

The process of determining the identity of a user attempting to access a network. Authentication occurs through challenge/response, time-based code sequences, or other techniques. Authentication typically involves the use of a password, certificate, PIN, or other information that can be used to validate identity over a computer network. See also CHAP (Challenge Handshake Authentication Protocol), PAP (Password Authentication Protocol).

The process by which a system identifies an individual or a computer to make sure that the user or computer is who they claim to be. An Enforcer checks whether a client is allowed by reviewing a list of trusted client IP ranges. If the client is not within an acceptable range, the Enforcer sends an authentication packet to the Agent. See also Authentication port.

Identifies whether the exploit of a vulnerability requires the presentation of some sort of credentials, aside from system logon, before attack. The possible values for this field are: Required, Not Required, and Unknown.