Glossary of Definitions


Active Directory login - Usually the same credentials as the BUnetID login.


American Registry of Internet Numbers. The Regional Internet Registry (RIR) for Canada, many Caribbean and North Atlantic islands, and the United States. ARIN manages the distribution of Internet number resource (IP addresses) for the said regions.

Border Router Access Control Lists (ACLs)

Access control lists on the border routers provide another layer of security in addition to the firewall to protect the campus network as a whole, all zones, from unwanted activity from the Internet/outside world.


The ID (a.k.a. user name, login, user-id, and account name) used by Bradley to identify all users of network services.

Computer Peripherals

Peripheral devices such as printers and scanners. Peripheral devices may be attached to a computer directly or via the campus network.

Computer Workstations

General purpose computers which are utilized by individuals and include stationary and portable systems.

Confidential Data

Non-protected data which, if revealed, can result in financial, legal or significant privacy loss to members of the Bradley community.

Contributed Service

To qualify for a 'Contributed Services' category, a person must be actively collaborating with a member of the Bradley community, be providing "valuable services" to the University, and not be an employee or student at Bradley. The University collaborator must sponsor this person and define the "valuable services" provided. This request must be approved by the Dean (or other administrator) and by the Vice President of the sponsor. Access will be granted for up to 1 year with renewal possible based upon need and university approval.

Data Custodian

Data Custodians are responsible for the safe custody, transport, storage of the data and implementation of business rules.

Data Steward

A data steward is a person responsible for the management and fitness of data elements - both the content and metadata.

Device Level Protection

Many other devices on the network, most commonly servers, have firewall protection installed locally on them, which is in addition to the network firewall.

Display Visibility

Individuals with access to protected data information shall ensure that any and all computer displays for which they are responsible are not visible to unauthorized viewing by others.

Electronic Identity

This term refers to a method of assuring that the person who authenticated using a particular set of credentials is the person who is identified by these credentials.

Endpoint Device

An endpoint device acts as a user endpoint in a distributed computing system. Typically, the term is used specifically for Internet-connected PC hardware on a TCP/IP network. However, various network types have their own types of endpoint devices in which users can access information from a network. Endpoint devices can include desktop or laptop computers, as well as portable devices like tablets and smart phones.


Family Educational Rights and Privacy Act –

Firewall Access Control Lists (ACLs)

Access control lists on the firewall are used to permit certain devices in the lower security zones initiate network communications with the higher security zones, communications that would otherwise not be allowed per the zone’s security level number.

Firewall Security Zones

The firewall is segmented into zones, each with an assigned security level number relative to other zones. Devices are added to a specific zone based on who the user is, the protection needed for the device, and the required access to other network resources. For example, a student computer would be placed in a lower numbered zone than an admin machine, but a higher numbered zone than the Internet. 

Network devices in higher numbered/level security zones can automatically initiate network communication with devices in lower numbered/level security level zones by default. Lower security zones can respond back to already established network communications that were established by devices higher security zones. Devices in lower security level zones can only initiate network communication with devices in higher level zones when explicitly configured by an access control list (ACL) to allow this.


Health Insurance Portability and Accountability Act -


Intrusion Detection System. Software and/or hardware designed to detect unwanted attempts at accessing, manipulating, and/or disabling of computer systems, mainly through a network, such as the Internet. These attempts may take the form of attacks, as examples, by crackers, malware and/or disgruntled employees.

Institutional Data

Search Results Institutional data is information created, collected, maintained, transmitted, or recorded by or for the university to conduct university business.


Malware is short for malicious software, meaning software that can be used to compromise computer functions, steal data, bypass access controls, or otherwise cause harm to the host computer. Malware is a broad term that refers to a variety of malicious programs.

Types of Malware
Adware (short for advertising-supported software) is a type of malware that automatically delivers advertisements. Common examples of adware include pop-up ads on websites and advertisements that are displayed by software.

Bots are software programs created to automatically perform specific operations.

In the context of software, a bug is a flaw produces an undesired outcome. These flaws are usually the result of human error and typically exist in the source code or compilers of a program.

Ransomware is a form of malware that essentially holds a computer system captive while demanding a ransom. The malware restricts user access to the computer either by encrypting files on the hard drive or locking down the system and displaying messages that are intended to force the user to pay the malware creator to remove the restrictions and regain access to their computer.

A rootkit is a type of malicious software designed to remotely access or control a computer without being detected by users or security programs. Once a rootkit has been installed it is possible for the malicious party behind the rootkit to remotely execute files, access/steal information, modify system configurations, alter software (especially any security software that could detect the rootkit), install concealed malware, or control the computer as part of a botnet.

Spyware is a type of malware that functions by spying on user activity without their knowledge. These spying capabilities can include activity monitoring, collecting keystrokes, data harvesting (account information, logins, financial data), and more. Spyware often has additional capabilities as well, ranging from modifying security settings of software or browsers to interfering with network connections.

Trojan Horse
A Trojan horse, commonly known as a “Trojan,” is a type of malware that disguises itself as a normal file or program to trick users into downloading and installing malware. A Trojan can give a malicious party remote access to an infected computer.

A virus is a form of malware that is capable of copying itself and spreading to other computers. Viruses often spread to other computers by attaching themselves to various programs and executing code when a user launches one of those infected programs.

Computer worms are among the most common types of malware. They spread over computer networks by exploiting operating system vulnerabilities. Worms typically cause harm to their host networks by consuming bandwidth and overloading web servers. Computer worms can also contain “payloads” that damage host computers. Payloads are pieces of code written to perform actions on affected computers beyond simply spreading the worm. Payloads are commonly designed to steal data, delete files, or create botnets.

Mobile Computing Devices

Mobile computing devices including e-readers, tablets and smart phones with data access.


Multi Router Traffic Grapher.- Free software for monitoring and measuring the traffic load on network links. It allows the user to see traffic load on a network over time in graphical form.

Network Device

Anything on the Bradley network, not necessarily a computer. This includes workstations, servers, laptops, desktops, routers, switches, access points, IP video units, IP Phones, building security systems, Laundry Systems, QuickCard systems, hand held devices, gaming systems, etc.

Network Resources

Anything a user on campus accesses over the campus network including shared files, printers, databases, applications, network equipment, internal-only websites, etc. 

Network Security Exception

Configuration in a network device such as a firewall or router that allows networks or systems to initiate traffic through the said network device to get to other networks/systems listening on TCP, UDP, or other IP ports that the network device would otherwise block.

One-time use secret PIN

One time password to be used for this procedure.


Payment Card Industry -

Proprietary Data

All data held by the University for operational, educational, and/or other purposes not appropriate or available for general public use.

Protected Data

Data required to be protected by FERPA, HIPAA, PCI, or other regulations.

Public Data

Information available to the public.

Secure Protocol Examples

128-bit or longer keys of AES, IPSEC, SSH, SSL, or TLS


a computer device containing proprietary or protected data that is shared by a number of Bradley University computer users.

Server Custodian

see policy 3.01 Server Physical Access Policy.

Server Location

the physical site containing server.

System Registration

Care should be taken when registering computers on the network not to place them in a higher security zone than is needed, particularly in the case of computers that will be publicly accessible and/or used by students other than student employees authorized to access protected data.


(Virtual Private Network) - A method establishing secure network communication through an unsecure network, such as the Internet.


(pronounced who is) is a query/response protocol which is widely used for querying databases in order to determine the registrant or assignee of Internet resources, such as a domain name or an IP address.


A segment of the network that, in order to have network communication with other segments of the network, must communicate through the firewall to get there.


A logical area of the network whose ingress and egress traffic is sent through a firewall.