TCB: Trusted Computing Base: The Orange Book (TCSEC) classes use the notion of a Trusted Computing Base (or TCB) extensively. This is the central part of the system (e.g. the kernel) which is trusted to carry out security functions.

TCO: Total Cost of Ownership, a model that helps IT professionals understand and manage the budgeted (direct) and unbudgeted (indirect) costs incurred for acquiring, maintaining and using an application or a computing system. TCO normally includes training, upgrades, and administration as well as the purchase price. Lowering TCO through single-point control is a key benefit of server-based computing.

TCP/IP: Transmission Control Protocol / Internet Protocol: This suite of protocols, originally developed for the Internet, is now the standard enterprise network protocol.

Telnet: This is the way you can access someone else's computer, assuming they have given you permission. (Such a computer is frequently called a host computer.) More technically, Telnet is a user command and an underlying TCP/IP protocol for accessing remote computers. The Web or HTTP protocol and the FTP protocol allow you to request specific files from remote computers, but not to actually be logged on as a user of that computer. With Telnet, you log on as a regular user with whatever privileges you may have been granted to the specific applications and data on that computer.

Thin Client: A low-cost computing device that works in a server-centric computing model. Thin clients typically do not require state-of-the-art, powerful processors and large amounts of RAM and ROM because they access applications from a central server or network. Thin clients can operate in a server-based computing environment.

Threat: As defined by [CERT 1993] "any circumstances or event that has the potential to cause harm to a system or network." That means, that even the existence of an unknown vulnerability implies a threat by definition.

Token: A "token" is an authentication too, a device utilized to send and receive challenges and responses during the user authentication process. Tokens may be small, hand-held hardware devices similar to pocket calculators or credit cards. See 'Key'.

Traceroute: A TCP/IP program common to UNIX that traces the route between your machine and a remote host.

Traffic Analysis: Traffic analysis is the study of patterns in communication rather than the content of the communication. For example, studying when, where, and to whom particular messages are being sent, without actually studying the content of those messages. Traffic analysis can be revealing, primarily in determining relationships between individuals and hosts.

Transport Password: A newly issued PSE is encrypted by CA Management with a Transport Password. This password protects the PSE on its way from the CA to the user. The user is informed of the password by the CA (e.g. by a letter) and is advised to change it immediately after receiving the PSE.

TripleDES (3DES): DES, Data Encryption Standard is a symmetrical key algorithm originally developed at IBM. When used for communication, both sender and receiver must know the same secret key, which is used both to encrypt and decrypt the message. DES has a 64 bit block size and uses a 56 bit key during encryption. 3DES (TripleDES) has been developed to provide stronger security. With 3DES, the plaintext is encrypted, three times with the DES algorithm to provide stronger security than DES. The effective key length becomes 112 bit, instead of the 56 bit DES key.

Trojan Horse: 1) Any program designed to do things that the user of the program did not intend to do or that disguises its harmful intent. 2) Program that installs itself while the user is making an authorized entry; and, then are used to break-in and exploit the system.

Tunneling Router: A router or system capable of routing traffic by encrypting it and encapsulating it for transmission across an untrusted network, for eventual de-encapsulation and decryption.

Turn Commands: Commands inserted to forward mail to another address for interception.

Two-Factor Authentication: Two-factor authentication is based on something a user knows (factor one) plus something the user has (factor two). In order to access a network, the user must have both "factors" - just as he/she must have an ATM card and a Personal Identification Number (PIN) to retrieve money from a bank account, In order to be authenticated during the challenge/response process, users must have this specific (private) information.