;
The ; shell meta character is often used to separate commands that will be executed sequentially.
!
The ! meta character recalls recent commands by their history number in csh. For example, the command !143 recalls command 143. (You can quickly recall the very last command by issuing a double bang, like this: !!.)
$
The $ meta character is used for variable assignment (particularly in PERL and C).
*
The asterisk (*) is used to match any character in pattern matching.
?
The ? symbol will match any character in file name searches. Hence, the search ls myfile.tx? will match myfile.txt, myfile.txs, myfile.tx1 and so forth.
@
In PERL, the @ symbol is used for array assignment, (@fruits=('apples', 'oranges', 'peaches')). Also, the @ symbol is used in email addresses (bwagner@altavista.net.)
<
The < symbol is used to redirect input to the specified file or process. (In many programming languages, the < symbol is also used in its more traditional role as a comparative operator, the more well known "lesser-than" symbol.)
>
The > symbol is used to redirect output to the specified file or process. For example, dir > dir-listing.txt will redirect your directory listing request (dir) to a file (dir-listing.txt) for later viewing. (In many programming languages, the > symbol is also used in its more traditional role as a comparative operator, the more well known "greater-than" symbol.)
>>
The >> symbol is used to redirect (and append) data to a file. (This differs from the > symbol. >> appends information to a file, adding text to the end without overwriting it.)
=
The = symbol is often used as an assignment operator (and rarely as a comparative operator). For example, to store the Unix date program in a variable, you might use the following statement: $mydate=`/usr/bin/date`.
==
The == operator indicates equality between two values, and is often used in conditional tests, like this: if($my-variable==4) { print "$my-variable is greater than 4\n"; }
3DES
3DES is another way of referring to 'Triple DES', where DES runs through 3 levels of encryption. See DES.
802.2
An Ethernet frame format (probably the most common) typically used in Local Area Networks.
Abuse
Unauthorized or prohibited behavior.
AAUI (Apple AUI)
AAUI is Apple Computer's Attachment Unit Interface version. Please see AUI.
Access Control
Any technique used to selectively grant or deny users access to system resources. (System resources can be files, directories, volumes, drives, services, hosts, networks and so on. The practice of limiting users' access to these resources - and the ability of an operating system to offer that authority - is access control.)
Access Control List (ACL)
A list that stores information on users and what system resources they're allowed to access. This is also sometimes called simply an "Access List". Access control lists can be either quite complex (listing where, when, and how each user can access resources) or rudimentary (merely a list of usernames and their corresponding passwords).
Access Control Mechanism (ACM)
Any tool or technique used to establish, deliver, or maintain access control.
Access Level
Either the degree of access a user has or the degree of sensitivity of a particular object. In the first instance, perhaps the user can only read files (but not write or execute them) in the current directory. They therefore have a low access level. Or, when applied to objects, this is a measurement of how sensitive an object is and what security level a user will need to access it.
Access Time
Access time is the time during which a user can access a particular object or resource. (For example, an administrator might restrict a user's login capability to weekdays between the hours of 8:00 a.m. and 5:00 p.m. This is the user's access time.)
Account Lockout
Account lockout is an option to disable an account after repeated logon failures. (This is to guard against brute force attacks or folks manually trying password after password). Most network operating systems allow you to specify how many attempts to permit before account lockout ensues.
Account Policies
In Windows NT, you can establish logon and password procedures for each user. (For example, how long is a user's password valid? Should they be allowed to change it?) These policies are account policies. (Other network operating systems also offer such functionality but it may be called something different.)
Accreditation
A statement from some authority that your web site and business practices are secure or lend to security. You obtain this statement by submitting your network to a stringent evaluation, the end result of which is certification and a seal of approval. Many groups offer such accreditation, including the International Computer Security Association, the American Institute of Certified Public Accountants, Coopers and Lybrand and so on.
Active Server Pages (ASP)
Active Server Pages are web pages designed according to Windows NT's Internet Information Server specifications. Such pages employ and exploit extensions designed to process client requests and input. (Such processing is usually done using VBScript - a language syntactically similar to Visual Basic - or JScript, Microsoft's version of JavaScript.) You'll know if you're reading an ASP, because the page will have an *.ASP extension, e.g. http://www.microsoft.com/default.asp.
ActiveX
ActiveX is a proprietary Microsoft technology that allows web clients (browsers) to run ActiveX or OLE programs (called controls). These ActiveX programs or components are often written in Visual C++ and they run only on Microsoft platforms. (ActiveX is generally employed only in Microsoft-centric intranet's or web sites.) ActiveX has serious security implications.
Adapter
A hardware device used to connect devices. In networking context, an Ethernet adapter/card (though the term has been more generally applied to even dial up devices.)
Adaptive Routing
Routing designed to adapt to the current network load. Adaptive routing routes data around bottlenecks and congested network areas.
Add-on Security Controls
Add-on security controls are controls added after-the-fact, usually to legacy hardware or software. (Or, a form of security retrofitting, and an attempt to bolster the limited security of a legacy system.)
Address Resolution Protocol (ARP)
Address Resolution Protocol maps IP addresses to physical addresses.
Administrator
Either a human charged with controlling a network or the supervisory account in Windows NT. (Whoever has Administrator privileges in NT can - but need not necessarily - hold complete control over their network, workgroup, or domain).
AI
AI is Artificial Intelligence, or, the employment of technology that allows machines to perform tasks that - if preformed by men - would require intelligence.
AIS
Please see Automated Information System.
AIX
A Unix flavor from International Business Machines (IBM). AIX runs on RISC workstations and the PowerPC.
Algorithm
An algorithm is a methodical, mathematical operation that performs some useful purpose. This purpose could be cosmetic (such as laying out web pages as they're interpreted) or more critical (encrypting and decrypting sensitive data).
AMI Decode
Program that cracks American Megatrends BIOS passwords.
Anonymous FTP
FTP service available to the public that allows anonymous logins. Anyone can access anonymous FTP with the username anonymous and their email address as a password.
ANSI
The American National Standards Institute. Check them out here: http://www.ansi/org.
ANS InterLock
ANS InterLock is a commercial firewall product. Find out more here: http://www.ans.net/whatneed/security/interlock/interloc.htm.
Answer-only Modem
An answer-only modem is a modem that answers but cannot dial out. (These are useful to prevent users from initiating calls from your system via outdials).
Apache
Apache is a popular Unix-based web server. Find out more here: http://www.apache.org.
Apache-SSL
Apache-SSL is a secure web server based on Apache SSLeay.
Application Gateways (Firewalls)
These are firewall devices that disallow direct communication between the outside world and an internal network. Information flows in and out using a series of proxies that filter it along the way. Think of these as the lawyers of Internet security. The gateway speaks for both ends, without allowing direct access between them.
Application Layer
Layer 7 of the OSI Reference Model, the highest layer of the model, it defines how applications interact over the network.
Applet
A small Java program that runs in a web browser environment. Applets add graphics, animation, and dynamic text to otherwise lifeless web pages. Applets can have serious security implications. In sensitive environments, you should disable browser applet capability.
AppleShare
Specialized Apple Computer software used to establish and maintain Macintosh file servers.
AppleTalk
Apple Computer's networking suite that supports Ethernet and Token Ring.
AppleTalk Address Resolution Protocol
Apple's version of ARP, this protocol maps IP addresses to physical addresses.
AppleTalk Data Stream Protocol (ADSP)
Apple's Peer-to-peer, streamed communication protocol for transporting large amounts of data over a network.
AppleTalk Echo Protocol (AEP)
Apple's version of the Echo protocol, used to test the network by having a remote server echo back packets you send.
AppleTalk Remote Access Protocol (ARAP)
Enabling this protocol turns your Mac server into a remote access server, allowing others to access your network from remote locations.
Application Gateways (Firewalls)
Firewall devices that disallow direct communication between the Internet and an internal, private network. Proxies that screen out undesirable information or hosts control data flow.
Application Layer
In networking, that layer of communications that occurs (and is conspicuous) at the user level. (Example File Transfer Protocol interfaces with the user at the application layer.)
ARCNET
The Attached Resource Computer Network, a LAN system by Datapoint Corporation. It supports 255 workstations in a star topology at speeds up to 2.5mbps.
ARPAnet
Advanced Research Projects Agency Network. This was the original Internet which, for many years, was controlled by the Department of Defense.
Ascend Inverse Multiplexing (AIM)
Proprietary protocol created by Ascend Communications (router manufacturer) for managing multiplexers. To learn more, go to http://www.ascend.com.
ASCI
American Standard Code for Information Interchange, ASCII is a common standard by which all operating systems treat simple text.
Assurance
Trust in a given procedure or system.
Assurance Level
The degree of trust provided by assurance.
Asymmetric Digital Subscriber Line (ADSL)
A high-speed, digital telephone technology that fast downloading (nearly 6 megs per second) but much slower uploading (about 65kbps). Unfortunately, ADSL is a new technology only available in major metropolitan areas.
Asynchronous Data Transmission
Asynchronous Data Transmission is the transmission of data one character at a time.
Asynchronous PPP
Run-of-the-mill PPP; the kind generally used by PPP dial-up customers.
Asynchronous Transfer Mode (ATM)
An ATM networks is one type of circuit switched packet networks that can transfer information in standard blocks at high speed. (These are not to be confused with Automatic Teller Networks.) (e)
ATP (The Anti-Tampering Program)
ATP is a Unix file integrity-checking tool and is used to monitor possible file tampering. Get ATP here: http://www.cryptonet.it/docs/atp.html.
Attack
An attempt by an intruder to penetrate your security or disable your system. (For example, a denial-of-service attack, where the attacker attempts to knock your server off the net.) Also, in cryptography, the act or method of attempting to circumvent a particular cryptographic cipher or hash. Such attacks are called by various names, depending on what portion of the encryption scheme is attacked and what elements are used to complete the attack. For example, you can engage in plain-text attacks, cipher-text attacks, key-based attacks, or attacks based on timing.
Attribute
The state of a given resource (whether file or directory), and whether that resource is readable, hidden, system, or other. (This is a term primarily used in reference to files on Microsoft-based file systems.) Also, this can refer to the state of objects in JavaScript and even HTML.
Audit
In the general sense, a systematic examination of your system and/or business practices. The purpose of such an examination is to ascertain if you are currently maintaining best practices. Or, in a more particular sense, an audit can also be a pro-active test of your security controls and your ability to record, track, analyze, and report network activity.
Audit Policy
In Windows NT, your audit policy sets forth what security events you log to file. (For example, you can log user logons, security policy changes, reboots, and so on. All these events could be potentially significant in a security context. You, as administrator, must prioritize these and decide which are most relevant.)
Audit Trail
This most often refers to the sum of all data used to record, track, analyze, and report network activity (and the path one takes to derive that data from its original source.) For example, you might have raw access logs from your web server. To make these more readable, you might employ a special script that mines the data and makes it more manageable. From there, you can begin to isolate particular events (e.g., requests for a particular file from a particular address) and finally, from all this, you can make an educated guess about the suspicious activity. All these documents form an audit trail.
AuditWare for NDS
A security analysis tool for NetWare 4.x (in a Windows environment) that audits multiple processes and objects (including NLM, DSK, and LAN drivers.) To learn more, go here: http://www.cai.com/products/auditware_nds.htm.
AUI
Attachment Unit Interface, a 15-pin "twisted-pair" Ethernet connection or connector.
AUP
Acceptable Use Policy. Originally established by the National Science Foundation, AUP once forbade use of the Internet for commercial purposes. Today, AUP refers to rules a user must adhere to when using an ISP's services.
Authenticate
When you authenticate a particular use or host, you are verifying their identity, their access level, or both.
Authentication
The process of authenticating either a user or host. Such authentication may be simple, and applied at the application level (demanding a password), or may be complex (as in challenge-response dialogs between machines, which are generally reliant on algorithms or encryption at a discrete level of the system.)
Authentication Server Protocol
A TCP-based authentication service that can verify the identity of a user. (Please see RFC 931.)
Authenticator
Any means by which to authenticate a user, node, or process.
Authorization
A user's rights to access objects or resources.
Automated Information System (AIS)
Any system (composed of hardware and software) that allows the maintenance, storage, and processing of information.
Automounting
The practice of automatically mounting network drives at boot. This is common where tasks or resources are distributed over several hosts on a network.
Avertis
Avertis is a commercial firewall product. Find out more here: http://www.galea.com/En/Products/Avertis/Index.html.
Back Door
A hidden program, left behind by an intruder (or perhaps a disgruntled employee), that allows them future access to a victim host. This term is synonymous with the more antiquated term "trap door". Also, in cryptography, a mechanism or fault intentionally engineered into a cryptographic scheme that allows the designer, the government, or other interested parties to easily decrypt encrypted data. (This allows them to surreptitiously view data not intended for their viewing pleasure. Back doors, therefore, are bad things.)
Backbone
Your backbone is your fastest and most centralized network feed, or, the heart of your network to which all other systems are connected.
BackOffice
A networking suite from Microsoft that packages together database, mail, and network management.
Back Orifice
Back Orifice is a Trojan horse that allows attackers to seize control of remote Microsoft Windows hosts. (Really, BO is a remote administration tool; a client-server RAS.)
Backup
To preserve a file system or files, usually for disaster recovery. Generally, backup is done to tape, floppy disk or other, portable media that can be safely stored for later use.
Bastion Host
A server that is hardened against attack and can therefore be used outside the firewall as your "face to the world". These are often sacrificial (meaning that they are throwaway systems which, if taken down by hackers, won't adversely affect your network or work flow).
Bell-La Padula Model
A system that utilizes access controls based on user need-to-know and data sensitivity formulas. (For example, fewer users access sensitive data and the procedures and mechanisms to protect that data are more stringent, as are the methods of access control and authentication associated with them.)
BGP (Border Gateway Protocol)
A routing protocol used amoungst Internet Service Providers (ISP's)
Biometric Access Controls
Systems that authenticate users by physical characteristics, such as their face, fingerprints, retinal pattern, or voice. Once favored by government agencies, biometric access controls are coming into more general use. (Compaq recently started shipping workstations with fingerprint scanners.)
Biometrics
See Biometric Access Control.
BIOS
The BIOS is the Basic Input/Output System. This BIOS consists of firmware (software embedded on a chip on your motherboard) that manages the most basic functions of your computer. For example, your BIOS tests system memory and disk drives on each boot. (The BIOS also allows you to specify exotic boot options and even a boot password and for this reason, the BIOS is significant in a security context.)
Blowfish
A 64-bit encryption scheme developed by Bruce Schneier. Blowfish is often used for high-volume, high-speed encryption. (Blowfish is reportedly faster than both DES and IDEA.) To learn more, go here: http://www.counterpane.com/blowfish.html.
BNC
A coaxial cable or connection used in older Ethernet networks. (BNC connectors look exactly like cable television wire connectors.)
Boolean
Boolean values run either true or false. (1 predominantly represents true while false is usually represented by 0.)
Border Gateway
A border gateway is a router-based gateway. Its purpose is to impose access control on all packets entering or exiting the network. Most networks have at least one border gateway that serves as a single-point-of-entry. (This makes it much easier to screen out unwanted packets.)
BorderManager
BorderManager is a firewall for Novell NetWare that includes basic firewall services, VPN services, and cache management. To learn more, visit Novell here: http://www.novell.com.
Bottleneck
An area of your network that demonstrates sluggish transfer rates, usually due to network congestion or misconfiguration.
Bootstrap Protocol
A network protocol used for remote booting. (Diskless workstations often use a bootstrap protocol to contact a boot server. In response, the boot server sends boot commands.)
Border Gateway Protocol
A protocol that facilitates communication between routers serving as gateways.
Bridge
Network hardware device that connects Local Area Networks together.
Broadband
Very high-speed data transmission system, capable of supporting large transfers of media such as sound, video, and other data.
Broadcast/Broadcasting
Any network message sent to all network hosts or, the practice of sending such a message.
Brute Force Attack
A brute force attack is primitive. In it, every possible combination is tried until the attacker lands on the correct one. To appreciate this process, think of an attaché case with a combination lock. Such locks usually have 3 wheels and each wheel runs from numbers 0 to 9. To try all possible combinations on such a lock would take 999 tries or 1998 total for both right and left locks. However, in reality, you would likely open the case long before exhausting your 1998 possibilities. You could increase your chances dramatically by trying more likely combinations first, like 007, 666, and 777) as well as matching combinations that span both locks. (For example, where the left 3 wheels are 2,4,6 and the 3 right wheels are 8,1,0, thus spelling out 2-4-6-8-10.) In such a scheme, your search would start at 000, progress to 001, and so on (primarily because you'd have to and this would be the most effective method). However, in real-life brute force attacks on encryption, often the quickest way from point A to point B is not a straight line.
Bug
A bug is a hole or weakness in a computer program, nearly always related to human error. Please see vulnerability.
C
The C programming language. C is an all-purpose language but has become closely associated with the Internet because Unix was written in C. Many security programs are still distributed in raw C source.
C2
Criteria Class from The Rainbow Series Orange Book, officially known as DoD 5200-28-STD.
C&A
Certification and Accreditation.
C4I
Command, Control, Communications, Computers, and Intelligence (a term used in information warfare).
Cable Modem
A modem that negotiates Internet access over cable television networks. (Cable modems provide blazing speeds.)
Call Back
Call back systems ensure that a trusted host initiated the current connection. The host connects, a brief exchange is had, and the connection is cut. Then, the server calls back the requesting host.
Cast-128
An encryption algorithm that uses large keys, and can be easily incorporated into applications. (You can learn more by obtaining RFC 2144.)
CA-Unicenter
a powerful database and network management software from Computer Associates (typically used in very large, enterprise-based database serving, especially over Wide Area Networks.)
CERT
The Computer Emergency Response Team. Founded in response to the Internet Worm attack in November 1988, CERT is a security organization that assists victims of cracker attacks. Find them here: http://www.cert.org.
Certificate Authority
Trusted third party clearing house that distributes security certificates and ensures their authenticity. Probably the most renowned commercial certificate authority is VeriSign (http://www.verisign.com), that issues certificates for Microsoft-compatible ActiveX components, among other things.
Certification
Either the end-result of a successful security evaluation of a product or system or, an academic honor bestowed on those who successfully complete courses in network engineering (such as certification as a Novell Network Engineer.)
Challenge Handshake Authentication Protocol (CHAP)
Protocol (often used with PPP) that challenges users to verify their identity. If the challenge is properly met, the user is authenticated. If not, the user is denied access. Please see RFC 1344 for further information.
Chaos
Chaos has traditionally been recognized as "the great disorder or formless matter in infinite space" or something so disorderly and random that no pattern could be found within it. Not any more. Chaos is now viewed as everything it was before with one, slight difference: it is now recognized that even in chaos, there is some order (of sorts). That is, in chaos, there are discernable patterns that can appear over time and these do repeat themselves in a semi-orderly fashion and therefore, true randomness is difficult to attain. This is a popular topic of discussion among cryptographers.
Checksum
A numeric value composed of the total sum (or a finite number) of a file's bits. Checksums are used not only in security but to verify file integrity. For example, many remote access packages use checksums to verify that transmitted data arrives at its destination intact. (Typically, a checksum is generated at the origin. This is checked at the destination. If there's a match, everything went smoothly. If not, the data is re-sent.)
chmod
chmod is a Unix program used to change file permissions (such as read, write, or execute).
Chroot
A restricted environment in which processes run with limited privileges or, the technique (and command) used to create such an environment. (UNIX)
Circuit
Circuits are connections that conduct electrical currents and by doing so, they transmit data.
Citrix Winframe
Winframe is a system that delivers terminal functionality to Windows-based thin clients (that can run DOS and Windows applications on the server.)
Class A IP Networks
In Class A IP network addresses, bits 1-7 represent the network, and bits 8-31 represent the host. Hence, Class A networks can support up to 16 million hosts.
Class B IP Networks
In Class B IP network addresses, bits 2-15 represent the network, and bits 16-31 represent the host. Hence, Class B networks can support up to 65, 536 hosts.
Class C IP Networks
In Class C IP network addresses, bits 3-23 represent the network, and bits 24-31 represent the host. Hence, Class C networks can support up to 256 hosts.
Class D IP Network Addresses
Class D addresses (used for multicasting) consist of four initial bits followed by a 24 bit multicast address.
Clear Text
Sometimes called "text-in-the-clear", clear text is humanly readable, plain, old text. (This term is used when contrasting clear text to cipher text, which is encrypted.)
Client
Software designed to interact with a specific server application. For example, WWW browsers like Netscape Communicator and Internet Explorer are WWW clients. They are specifically designed to interact with web or HTTP servers.
Client-Server Model
A programming and networking model where a single server can distribute data to many clients. (For example, the relationship a web server and web clients or browsers. In most cases, all computation is performed on the web server and the result is returned to the client.) Most network applications and protocols are based on the client-server model.
CNE
Certified NetWare Engineer.
Common Carrier
Any government-regulated utility that provides the public with communications (for example, a telephone company).
Common Gateway Interface
A standard that specifies programming techniques through which you pass data from web servers to web clients. (CGI is language neutral. You can write CGI programs in PERL, C, C++, Python, Visual Basic, BASIC, and shell languages).
Compromise
This refers to a security breach in which sensitive data is or could have been exposed. When such a breach occurs, folks sometimes say that the target was compromised.
COMPUSEC
Computer Security.
Computer Fraud
Computer fraud would seem to be easily defined: fraud perpetrated with a computer. However, computer fraud statutes cover a much wider range of activity, including basic electronic trespassing that leads to actual damage.
Conclave
Conclave is a commercial firewall product. Find out more here: http://www.interdyn.com/fyi.html.
Confidentiality
The principle by which some data is sensitive and privileged and therefore not for general consumption or viewing.
Contingency Plan
A contingency plan consists of established procedures that you will undertake when faced with emergency or disaster. (Example: what do you do when your web server goes down? What if the failure happens on a weekend? Can you get someone in to fix it?) Every system administrator should have a contingency plan to guard against unforeseen circumstances.
Cookies
Cookies (properly called Persistent Cookies, a system developed by Netscape) are a means through which web servers preserve state information on users. This parlor trick is accomplished by writing the state information (a user's preferences, for example) to the user's hard disk drive. Cookie information is generally kept in the file cookies.txt. Search your drive for that file, find it, and view it now. The information there will surprise you.
COPS
Computer Oracle and Password System: A system-based tool that will scan your localhost for common configuration problem and security vulnerabilities. (Developed by Gene Spafford and Dan Farmer.)
Copy Access
When a user has copy access, it means that they have privileges to copy a particular file.
COTS
Commercial-off-the-Shelf, or applications that can be bought at any retail outlet.
Countermeasure
A countermeasure is any action or technique undertaken to minimize or eliminate a threat or a system's vulnerability.
Crack
This can be either a noun or a verb. As a noun, it can generally refer either to software (or any technique) used to circumvent security or specifically, to a Unix-based Unix password cracker called Crack. As a verb, it means to breach system security or break the registration scheme on commercial software.
Cracker
A cracker is someone who, with malicious intent, unlawfully breaches security of computer systems or software.
Crash
This refers to when a system suddenly fails and requires a reboot.
CRC32
CRC32 is Cyclical Redundancy Checking, a method of establishing message or data integrity. Most often, CRC is used to check the integrity of files being transmitted digitally. At the beginning of the transfer, a file is broken into small parts of particular, predetermined size. For each part, a cryptographic value is generated just before it's sent. As each part arrives at its destination, the receiving end calculates the cryptographic value again. If the two values match, the file was transferred without error. If the two values differ, the data is resent. CRC32 is an extreme implementation of CRC, is 32-bit, and is often used for file integrity checking. You can learn more about CRC32 (and other algorithms) here: http://info.internet.isi.edu/in-notes/rfc/files/rfc1510.txt.
Cryptix
Cryptix consists of free Java classes, and a Java implementation of RSA and several other algorithms.
Cryptography
Cryptography is the practice of secret writings. When you use cryptography, your chief aim is to scramble your writings so they remain unreadable to anyone but authorized personnel. This is done using a code of sorts. Only users with the code can "crack" the message.
CRYPTON
An encryption algorithm with a block length of 128 bits and key length up to 256 bits. To learn more, go here: http://crypt.future.co.kr/~chlim/crypton.html.
CSMA/CD
Carrier Sense Multiple Access with Collision Detection. A traffic management technique used by Ethernet.
CSM Proxy/Enterprise Edition
CSM Proxy/Enterprise Edition is a commercial firewall product. Find out more here: http://www.csm-usa.com/proxy/index.htm.
CyberGuard Firewall
CyberGuard Firewall is a commercial firewall product. Find out more here: http://www.cyberguard.com/products2/frames/nt_overview.html.
CyberSheild
CyberSheild is a commercial firewall product. Learn more here: http://www.cybershield.com/.
Cyberwar
A contingency now being studied by intelligence analysts, Cyberwar refers to active information warfare conducted over the Internet. See Information Warfare.
C shell
A command interpreter for Unix with syntax that resembles the C programming language.
DAC
Discretionary Access Control. DAC provides means for a central authority on a computer system or network to either permit or deny access to all users, and do so incisively, based on time, date, file, directory, or host.
Data Driven Attack
An attack that relies upon hidden or encapsulated data, which may be designed to flow through a firewall undetected. (Java, JavaScript, ActiveX, and VBScript can be used for such attacks.) These attacks are particularly insidious and to defeat them you must employ content filtering.
Data Encryption Standard (DES)
Encryption standard from by IBM, developed in 1974, and published in 1977. DES is the US government standard for encrypting non-classified data.
Data Integrity (File Integrity)
Data integrity refers to the state of files. If files are unchanged and have not been tampered with, they have integrity. If they have been tampered with, data integrity has been breached and/or degraded.
Data Link Layer
Layer 2 of the OSI Reference Model, which defines the rules for sending and receiving information between systems.
DECnet
An antiquated, proprietary protocol from Digital Equipment Corporation that runs chiefly over proprietary, Ethernet, and X.25 networks.
Denial of Service (DoS)
Denial of service is a condition that results when a user maliciously renders an Internet information server inoperable, thereby denying computer service to legitimate users.
Dictionary Attack
Dictionary attacks (sometimes called wordlist attacks) work like this: crackers obtain your encrypted passwords and, using the same password algorithm as your NOS, they encrypt many thousands of words. (These words are usually derived from a dictionary, hence the name.) Each newly encrypted word is then compared to your encrypted passwords. If there's a match, that password has been cracked.
Digest Access Authentication
A security extension for Hypertext Transfer Protocol which provides only basic (and not encrypted) user authentication over the web. To learn more, please see RFC 2069.
Digital Certificate
Any digital value used in authentication. Digital certificates are typically numeric values, derived from cryptographic processes. (There are many values that can used as the basis of a digital certificate, including but not limited to Biometric values, such as retinal scans.)
DoD
Department of Defense.
DNS (Domain Name Service)
A networked system that translates numeric IP addresses (207.171.0.111) into Internet hostnames (traderights.pacificnet.net).
DNS Spoofing
A technique through which the attacker compromises a Domain Name Service server. This can be done either by corrupting the DNS cache or by man-in-the-middle attacks (where your machine impersonates the legitimate DNS server.)
DNSSEC
DNSSEC stands for Domain Name System Security Extensions, extensions to DNS that enhance DNS security. (These can be used to prevent unauthorized use or abuse of your name servers.) The DNSSEC system relies mainly on key-based authentication among hosts.
DoS
This refers to denial-of-service, a condition that results when a user maliciously renders an Internet information server inoperable, thereby denying computer service to legitimate users.
DSS
DSS is the federal Digital Signature Standard, which makes use of the Digital Signature Algorithm. DSS provides a reliable means of identifying both the sender of a message and the authenticity of the message itself. DSS specifications are articulated in the National Institute of Standards and Technology's (NIST) Federal Information Processing Standard (FIPS) 186, formally titled "Digital Signature Standard (DSS)". Learn more here: http://www.itl.nist.gov/div897/pubs/fip186.htm.
Dual Homed Gateway
Configuration or machine that supports 2 or more disparate protocols or means of network transport, and provides packet screening between them. (For example, suppose you run TCP/IP on the outside and IPX on the inside.)
Dynamic Host Configuration Protocol (DCHP)
DCHP provides and automates address pool functionality, where the system automatically assigns new sessions dynamic network addresses as needed.
EFT
Electronic Funds Transfer.
Elron Firewall/Secure
Elron Firewall/Secure is a commercial firewall product. Learn more here: http://www.elronsoftware.com/.
EMSEC
Emissions Security.
Encryption
The process of scrambling data so it is unreadable by unauthorized parties. In most encryption schemes, you must have a password to reassemble the data into readable form. Encryption is primarily used to enhance privacy or to protect classified, secret, or top secret information. (For example, many military and satellite transmissions are encrypted to prevent spies or hostile nations from analyzing them.)
Ethernet
a Local Area Network networking technology (original developed by XEROX) that connects computers and transmits data between them. Data is packaged into frames and sent via wires.
Ethernet Spoofing
Any procedure that involves assuming another host's Ethernet address to gain unauthorized access to the target.
Ethereal
Freely available and much recommended network sniffer available at www.ethereal.com
EPL
Evaluated Products List.
Esniff
Esniff is a freely available protocol analyzer for Unix. Get it here: http://www.asmodeus.com/archive/IP_toolz/ESNIFF.C.
ETHLOAD
ETHLOAD is a freely available protocol analyzer for Unix. Get it here: http://www.computercraft.com/noprogs/ethld104.zip.
Event Viewer
Event Viewer is a Windows NT tool for examining system messages (including those that could have security significance.) To use Event Viewer, choose START|PROGRAMS|ADMINISTRATIVE TOOLS|EVENT VIEWER.
FDDI
Fiber Optic Data Distribution Interface, fiber optic cable that transfers data at 100mbps.
Fiber Optic Cable
An extremely fast network cable that transmits data using light rather than electricity. Most commonly used for backbones.
File Server
A computer that serves as a centralized source for files.
File Transfer Protocol (FTP)
A protocol used to transfer files from one TCP/IP host to another.
Filtering
the process of examining network packets for integrity and security. Filtering is typically an automated process, performed by either routers or software.
Finger
A Unix program that gathers personal information on the specified user, including their username, real name, shell, directory, and office telephone number (if available). Allowing finger queries can represent a security risk.
Firewall
Loosely, any device that refuses unauthorized users access to a particular host. Less loosely a device that each packet's source address. If that address is on an approved list, the packets gain entry. If not, they're rejected.
Frame Relay
Frame Relay technology allows networks to transfer information in bursts. This is a cost-effective way of transferring data over networks because you only pay for the resources you use. (Unfortunately, you may also be sharing your frame relay connection with someone else. Standard frame relay connections run at 56kbps.)
FROG
FROG is a relatively new encryption algorithm that can be incorporated into applications using Java, Pascal, or C. Learn more here: http://www.tecapro.com/aesfrog.htm.
Full Duplex Transmission
A full duplex transmission is any transmission in which data is transmitted in both directions simultaneously.
FWTK
An acronym used to refer to Trusted Information System's Firewall Toolkit, the first freely available toolkit for building firewalls. To get the TIS FWTK, first read the instructions here: ftp://ftp.tis.com/pub/firewalls/toolkit/README.
Gateway
A point on a network where two (or more) network protocols are translated into other protocols. Typical examples of such translation include TCP/IP to basic Ethernet or even proprietary protocols.
Gauntlet Internet Firewall
Gauntlet Internet Firewall is a commercial firewall product. Learn more here: http://www.tis.com/prodserv/gauntlet/index.html.
GNAT Box Firewall
GNAT Box Firewall is a commercial firewall product. Learn more here: http://www.gnatbox.com/.
Gobbler
Gobbler is a freely available protocol analyzer for DOS/Windows systems. Get it here: http://www.computercraft.com/noprogs/gobbler.zip.
GOPHER
The Internet Gopher Protocol, a protocol for distributing documents over the Net. GOPHER preceded the World Wide Web as an information retrieval tool. (Please see RFC 1436 for more information.)
GOTS
Government-off-the-Shelf.
Granularity
The degree to which you can incisively apply access controls. The more incisively a system allows controls to be set, the more granularity that system has.
Group
A value denoting a collection of users. This value is used in network file permissions. All users belonging to this or that group share similar access privileges.
GroupWare
Application programs that are designed to make full use of a network, and often promote collaborative work.
GSMP
General Switch Management Protocol by Ipsilon, a protocol that controls ATM switches and their ports.
Guardian
Guardian is a commercial firewall product. Learn more here: http://www.ntguard.com/grfeatures.html.
Hacker
Someone interested in operating systems, software, security, and the Internet generally. Also a programmer.
Hardware Address
the fixed physical address of a network adapter and hence, the machine on which it was installed. Hardware addresses are sometimes hard-coded into the network adapter.
Hobgoblin
Hobgoblin is a Unix file integrity-checking tool and is used to monitor possible file tampering. Get Hobgoblin in source code form here: http://ftp.su.se/pub/security/tools/admin/hobgoblin/hobgoblin.shar.gz.
Host
A computer with a permanent hardware address, especially on a TCP/IP network.
Host Table
any record of matching hostnames and network addresses. These tables are used to identify the name and location of each host on your network. Such tables are consulted before data is transmitted. (Think of a host table as a personal address book of machine addresses.)
HP-UX
HP-UX is a Unix flavor from Hewlett Packard.
htpasswd
htpasswd is a Unix-based tool for password-protecting web sites.
Hypertext
a text display format commonly used on web pages. Hypertext is distinct from regular text because it's interactive. In a hypertext document, when you click or choose any highlighted word, other associated text appears. This allows powerful cross-referencing, and permits users to navigate a document.
Hypertext Transfer Protocol (HTTP)
The protocol used to traffic hypertext across the Internet, and the underlying protocol of the WWW.
IBM eNetwork Firewall
IBM eNetwork Firewall is a commercial firewall product. Learn more here: http://www.software.ibm.com/enetwork/firewall/.
International Data Encryption Algorithm (IDEA)
IDEA is a powerful block-cipher encryption algorithm that operates with a 128 bit key. IDEA encrypts data faster than DES and is far more secure.
Identification Protocol (IDENT)
A TCP-based protocol for identifying users. IDENT is a more modern, advanced version of the Authentication Protocol. You can find out more by obtaining RFC 1413.
IGMP (Internet Group Management Protocol)
A protocol that controls broadcasts to multiple users.
IMAP3
Interactive Mail Access Protocol, a protocol that allows workstations to access Internet electronic mail from centralized servers. (Please see RFC 1176 for further information.)
InPerson
InPerson is a GroupWare product from Silicon Graphics.
Interceptor Firewall Appliance
Interceptor Firewall Appliance is a commercial firewall product. Learn more here: http://www.tlogic.com/appliancedocs/index.html.
Internet
in general, the conglomeration of computer networks now connected to the international switched packet telephone system that support TCP/IP. Less generally, any computer network that supports TCP/IP and is inter-connected.
Internet Protocol Security Option.
IP security option, used to protect IP datagrams, according to US classifications, whether unclassified, classified secret, or top secret. (Please see RFC 1038 and RFC 1108.)
Internet Security Scanner (ISS)
Internet Security Scanner is a penetration testing and system-auditing tool from Internet Security Systems, Inc. (ISS is part of a larger security management suite called SafeSuite). Find out more here: http://www.iss.net.
Internet Worm
Also called the Morris Worm, a program that attacked the Internet in November 1988. To get a Worm overview, check out RFC 1135. Another well known worm that infected 200,000 computers worldwide within 1 week is the W32/Blaster worm which was discovered in August 2003.
Internetworking
The practice of using networks that run standard Internet protocols.
InterNIC
The Network Information Center located at www.internic.net.
Intrusion Detection
The practice of using automated systems to detect intrusion attempts. Intrusion detection typically involves intelligent systems or agents.
IP
Internet Protocol.
IP Address
Numeric Internet address, such as 172.16.1.1.
IP Security Option
The IP Security Option consists of several security options that were incorporated into routers that allow them to mark datagrams according to a pre-defined security criteria (such as Top Secret, Secret, Classified, Unclassified and so on.) Only hosts with an adequate security clearance can access datagrams marked in this manner. To learn more, see RFC 1038.
IP Spoofing
Any procedure where an attacker assumes another host's IP address to gain unauthorized access to the target.
IPX
Internetwork Packet eXchange, a proprietary data transport protocol from Novell, Inc. that loosely resembles Internet Protocol.
IRIX
A flavor of Unix from Silicon Graphics.
ISDN
Integrated Services Digital Network, digital telephone service that offers data transfer rates upward of 128Kbps.
ISO
International Standards Organization.
ISP
Internet Service Provider.
Java
A network programming language created by Sun Microsystems that marginally resembles C++. Java is object oriented, and is often used to generate graphics and multimedia applications, though it's most well known for its networking power.
JavaScript
Programming language developed by Netscape Communications Corporation. JavaScript runs in and manipulates web browser environments, particularly Netscape Navigator and Communicator (but also Internet Explorer.) Because JavaScript now has very extended functionality (functionality that extends beyond simple window and state manipulation), it is significant in a security context. This is true even though Netscape has made many excellent efforts at bolstering JavaScript's security features.
Kerberos
Encryption and authentication system developed at the Massachusetts Institute of Technology, Kerberos is used in network applications, and relies on trusted third party servers for authentication.
Kerberos Network Authentication Service
Third-party, Kerberos ticket-based authentication scheme that can be easily integrated into network applications. Please see RFC 1510 for details.
Key
A key is generally a unique value (derived from an algorithmic process) that identifies you. For example, in public-key/private-key schemes, you have both public and private keys. You distribute your public key to the world at large and they use this key (typically represented by your email address) to encrypt messages to you and for your eyes only. Such a message can only be decrypted with your private key. (Not even the author of that message can unravel it.)
Key pair
A key pair consists of 2 elements: a private key and its corresponding public key in an asymmetric cryptographic system. Such key pairs are used in conjunction by a message recipient or in general authentication procedures.
Linux
A free Unix clone that runs on widely disparate architecture, including X86 (Intel), Alpha, Sparc, and PowerPC processors. Linux is becoming increasingly popular as a web server platform.
LISTSERV
Listserv Distribute Protocol, a protocol used to deliver mass email. (Please see RFC 1429 for further information.)
Lotus Notes
a GroupWare product from Lotus.
LPDP
Line Printer Daemon Protocol, a protocol used to facilitate remote printing. (Please see RFC 1179 for more information.)
lsof (List Open Files)
lsof lists open files and processes (and their owners) on Unix. lsof is currently available for a wide variety of Unix flavors. Learn more here: ftp://coast.cs.purdue.edu/pub/tools/unix/lsof/.
Maximum Transmission Unit (MTU)
A value that denotes the largest packet that can be transmitted. (Many people adjust this value and often get better performance by either increasing or decreasing it.
MCP (Mircosoft Certified Professional)
Qualification that can be obtained by computer professionals by taking any one Microsoft exam at an authorised testing centre such as Sylvan Prometric or VUE.
MCSE (Mircosoft Certified Systems Engineer)
Qualification that can be obtained by computer professionals by taking a series of Microsoft exam's at an authorised testing centre such as Sylvan Prometric or VUE. There are normally 7 exams to gain the full MCSE certification.
MD4
MD4 is a message digest algorithm that produces a 32-bit digital fingerprint of specified input. Since such a fingerprint is totally unique (or rather, it's mathematically infeasible to create a duplicate), MD5 is used in file and session integrity authentication. (In other words, a file will always produce the same MD5 signature unless it's been tampered with. Hence, MD5 checking is a good way to determine if your data has been surreptitiously altered.)
MD5
Another message digest algorithm, similar to MD4. (Please see MD4.)
Microsoft Exchange
An email and office integration product from Microsoft Corporation.
Mirroring
Mirroring is the practice of duplicating disk volumes for the purpose of redundancy. Typically, this is done on separate drives. For example, let's say that drive1 has a complete, functional web site on it. To preserve redundancy, you duplicate drive1 on drive2 and drive3. This way, if drive1 dies, your web site marches on undisturbed. (This is important not simply for security but in electronic commerce situations where you absolutely cannot afford downtime.)
NE2000
A standard by which Network Interface Cards are judged. Most cards use this standard.
Nessus
Nessus is a scanner, a utility that will probe your host for possible security weaknesses. If Nessus finds such a weakness, it offers you a tutorial that explains the hole's impact and how to fix it. Nessus is relatively new (but effective) and remains a work in progress. Currently, Nessus is available for Windows 95, Windows NT, and Unix (Solaris, Linux, and perhaps others).
NetBIOS Protocol
A high-speed, lightweight transport protocol commonly used in Local Area Networks, particularly those running LAN Manager.
NETBuilder
NETBuilder is a commercial firewall product. Learn more here: http://www.3com.com/products/dsheets/pdf/40023808.pdf.
Netstat
UNIX command (also available in Windows) that shows the current TCP/IP connections, and the their source addresses.
NetWare
A popular network operating system from Novell, Inc.
Network Interface Card
An adapter card that lets the computer attach to a network cable. Also known as a NIC.
Network Layer
Layer 3 of the OSI Reference Model, that provides the routing information for data, opening and closing paths for the data to travel, and insuring it reaches it destination.
Network Operating System
An operating system for networks, such as Netware or Windows NT.
NFS
Network File System. A system that allows you to transparently import files from remote hosts. These files appear and act as though they were installed on your local machine.
NIC
See Network Interface Card.
NIS
Network Information System. A system developed by Sun Microsystems that allows Internet hosts to transfer information after authenticating themselves with a single password. NIS was once called the Yellow Pages system.
NNTP
Network News Transfer Protocol or, the protocol that controls the transmission of USENET news messages.
NSS (Network Security Scanner)
NSS is a scanner that can identify security weaknesses on remote Unix hosts. NSS is written in PERL and is therefore highly portable. Get NSS here: http://www.giga.or.at/pub/hacker/unix/nss.tar.gz.
NTFS
NTFS is the Windows NT (New Technology) File System. This file system is vastly superior to File Allocation Table (FAT and FAT32). Not only does NTFS support very large disk drives, it's also infinitely more secure, faster, and more stable. To maintain any degree of security on a Windows system, you must have NT and NTFS must be enabled.
Ogre
Ogre is a scanner that can identify running processes and weaknesses on remote Windows NT systems.
One-Time Password
A password generated on the fly during a challenge-response exchange. Such passwords are generated using a pre-defined algorithm, but are extremely secure, because they are good for the current session only.
OSI Reference Model
Open Systems Interconnection Reference Model. A 7 layer model of data communications protocols, that make up the architecture of a network.
Owner
The person (or process) with privileges to read, write, or otherwise access a given file, directory, or process. The system administrator assigns ownership. However, ownership may also be assigned automatically by the operating system in certain instances.
Packets
Data that is sent over a network is broken into manageable chunks called, packets or frames. The size is determined by the protocol used.
Password Authentication Protocol
A protocol used to authenticate PPP users.
PCI
Peripheral Component Interface, an interface used for expansion slots in PCs and Macintosh computers. PCI slots are where you plug in new adapater cards, including Ethernet adapters, Disk Controller cards, and video cards to name a few.
PCM
Pulse Code Modulation, a system of transforming signals from analog to digital. (Many high-speed Internet connections from the telephone company use PCM.)
Penetration Testing
The process of attacking a host from without to ascertain remote security vulnerabilities.
Performance Monitor
(d)PERL Practical Extraction and Report Language, a programming language commonly used in network programming, text processing, and CGI programming.
Permissions
Normally associated with file permissions used on an NTFS file system to lock access to files from selected users.
PGP
Pretty Good Privacy, a popular encryption software that offers industry standard (and up to military-grade) encryption. Learn more here: http://web.mit.edu/network/pgp.html.
Phreaking
The process of (usually unlawfully) manipulating the telephone system.
Physical Layer
Layer 1 of the OSI Reference Model deals with hardware connections, and transmissions, and is the only layer that involves the physical transfer of data from system to system.
Ping
Ping is a network utility that tests whether the target host is alive. Here's some sample ping output:
ping 207.171.0.111
Pinging 207.171.0.111 with 32 bytes of data:
Reply from 207.171.0.111: bytes=32 time=181ms TTL=247
Reply from 207.171.0.111: bytes=32 time=160ms TTL=247
Reply from 207.171.0.111: bytes=32 time=161ms TTL=247
Reply from 207.171.0.111: bytes=32 time=150ms TTL=247
PIX
PIX is a commercial firewall product. Learn more here: http://www.cisco.com.
PPP
Point to Point Protocol. PPP is a communication protocol used between machines that support serial interfaces, such as modems. PPP is commonly use to provide and access dialup services to Internet Service Providers.
Point-to-Point Tunneling Protocol (PPTP)
PPTP is a specialized form of PPP. Its unique design makes it possible to "encapsulate" or wrap non-TCP/IP protocols within PPP. Through this method, PPTP allows two or more LANs to connect using the Internet as a conduit. (PPTP is a great stride ahead because previously, expensive, leased lines were used to perform this task which was cost-prohibitive in many instances.)
POP2
Post Office Protocol, a protocol that allows workstations to access Internet electronic mail from centralized servers. (Please see RFC 937 for further information.)
PPP Authentication Protocols
Set of protocols that can be used to enhance security of Point-to-Point protocol. (Please see RFC 1334.)
PPP DES
The PPP DES Encryption Protocol, which applies standard Data Encryption Standard protection to Point-to-Point links. (This is one method to harden PPP traffic against sniffing.) To learn more, please see RFC 1969.
Presentation Layer
Layer 6 of the OSI Reference Model, manages the protocols of the operating system, formatting of data for display, encryption, and translation of characters.
ProShare
a GroupWare product from Intel.
Protocol
A standardized set of rules that govern communication or the way that data is transmitted.
Protocol Analyzer
Hardware software, or both that monitors network traffic, and reduces that traffic to either datagrams or packets that can be humanly read.
Protocol Stack
A hierarchy of protocols used in data transport, usually arranged in a collection called a suite (such as the TCP/IP suite.)
Proxy
A proxy is a server that "fronts" for your client and in doing so, obscures and protects your client from attack. For example, when you use a proxy and you point your web browser to http://www.mcp.com, the proxy server receives this request, connects to mcp.com, gets the requested data, and forwards that data back to your browser. During this exchange, your machine never actually connects to mcp.com. Instead, the proxy does it for you.
RAID
Redundant Array of Inexpensive Disks, a large amount of hard drives connected together that act as one drive. The data is spread out across several disks, and one drive keeps checking information so that if one drive fails the data can be rebuilt.
Raptor Firewall
Raptor Firewall is a commercial firewall product. Find out more here: http://www.raptor.com/products/datasheets/prodsheet.html.
RC4
RC4 is a symmetric algorithm that can provide either 40-bit or 128-bit encryption. RC4 has an interesting story behind it. RC4 was originally a trade secret (and proprietary information) of RSA (http://www.rsa.com). However, in or about September 1997, someone posted RC4 source code to the Internet. This was really an unprecedented event and since the post was anonymous, that was that. Since then, developers have come up with various RC4 implementations (though few have likely used RC4 without obtaining a valid license).
Read Access
When a user has read access, it means that they have privileges to read a particular file.
Remote Access Server Administration Utility
A Windows NT administration program that allows you to apply access control and logging to your remote access services.
Repeater
A device that strengthens a signal so it can travel further distances.
Reverse Address Protocol (RARP)
A protocol that maps Ethernet addresses to IP addresses.
RFC
Request for Comment. Request for Comments documents (RFCs) are working notes of the Internet development community. These are often used to propose new standards. A huge depository of RFC documents can be found here http://www.internic.net.
RIP
Routing Information Protocol, a protocol that allows Internet hosts to exchange routing information. (Please see RFC 1058 for more information.)
rlogin
a Unix program that allows you to connect your terminal to remote hosts. rlogin is much like telnet except that rlogin allows you to dispense with entering your password each time you login.
RSA
RSA (which was named after its creators, Rivest, Shamir, Adleman) is a public-key encryption algorithm. RSA is probably the most popular of such algorithms and has been incorporated into many commercial applications, including but not limited to Netscape Navigator, Communicator, and even Lotus Notes. Find out more about RSA at http://www.rsa.com.
Router
Device that routes packets in and out of a network. Many routers are sophisticated and can serve as firewalls.
RSA
RSA is the Rivest-Shamir-Adleman public key cryptographic algorithm and system. RSA is extremely popular because it can be seamlessly integrated into many applications (and has been, including mainstream applications like Netscape Communicator and Microsoft Internet Explorer.) Learn more here: http://www.rsa.com.
RWHOIS
Referral WHOIS Protocol, a protocol that provides access to the WHOIS registration database, which stores Internet domain name registration information.
SATAN (Security Administrator's Tool for Analyzing Networks)
SATAN is a scanner, a utility that will probe your host for possible security weaknesses. If SATAN finds such a weakness, it offers you a tutorial that explains the hole's impact and how to fix it. (SATAN is for Unix only.) When used maliciously, SATAN is a powerful cracking tool. However, there are tools to automatically detect SATAN scans, including Courtney and Gabriel.
Secure Socket Layer (SSL)
A security protocol (created by Netscape Communications Corporation) that allows client/server applications to communicate free of eavesdropping, tampering, or message forgery. SSL is now used for secure electronic commerce. To find out more, please see http://home.netscape.com/eng/ssl3/draft302.txt.
Security Audit
An examination (often by third parties) of an organization's security controls and disaster recovery mechanisms.
Serial Line Internet Protocol
SLIP, an Internet protocol designed for connections based on serial communications (e.g., telephone connections or COM port/RS232 connections.)
Session Layer
Layer 5 of the OSI Reference Model, that handles the coordination of communication between systems, maintains sessions for as long as need, and security, logging, and administrative functions.
SET
Secured Electronic Transaction. A standard of secure protocols associated with on-line commerce and credit-card transactions. (Visa and MasterCard are the chief players in development of the SET protocol.) Its purpose is ostensibly to make electronic commerce more secure.
SHA (Secure Hash Algorithm)
SHA (from NIST) is exceptionally strong and is designed to compute a condensed representation of a message or a data file. (In essence, SHA is a message digest algorithm, similar to MD5.) SHA is used in the Fortezza card, a PCMCIA card that provides an extra layer of security to electronic mail sent from DoD laptops. (SHA is also incorporated into the Secure Data Network System Message Security Protocol, a message protocol designed to provide security to the X.400 Message Handling environment). To learn more about SHA, grab Federal Information Processing Standards Publication 180-1, located here: http://www.itl.nist.gov/div897/pubs/fip180-1.htm.
Sharing
Sharing is the process of allowing users on other machines to access files and directories on your own. File sharing is a fairly typically activity within Local Area Networks, and can sometimes be a security risk.
SHTTP
SHTTP is Secure HTTP, a security extension to garden-variety Hypertext Transfer Protocol and secures individual messages and their integrity. Learn more here: http://www.terisa.com/shttp/intro.html.
Simple Mail Transfer Protocol
The Internet's most commonly used electronic mail protocol. (Please see RFC 821.)
Simple Network Management Protocol
SNMP, a protocol that offers centralized management of TCP/IP-based networks (particularly those connected to the Internet.)
S/Key
One-time password system to secure connections. In S/Key, passwords are never sent over the network and therefore cannot be sniffed. Please see RFC 1760 for more information.
Sniffer
A sniffer is hardware or software that captures datagrams across a network. It can be used legitimately (by an engineer trying to diagnose network problems) or illegitimately (by a cracker).
SNMP Security Protocols
Simple Network Management Protocol is used for remote management and protection of networks and hosts. Within the SNMP suite, there are a series of security-related protocols. You can find out about them by obtaining RFC 1352.
SNPP
Simple Network Paging Protocol, a protocol used to transmit wireless messages from the Internet to pagers. (Please see RFC 1861 for more information.)
SNTP
Simple Network Time Protocol, a protocol used to negotiate synchronization of your system's clock with clocks on other hosts.
SOCKS Protocol
Protocol that provides unsecured firewall traversal for TCP-based services. (Please see 1928.)
SONET
Synchronous Optical Network, an extremely high-speed network standard. Complaint networks can transmit data at 2Gbps (gigabits per second) or even faster. (Yeah, you read that right! 2 gigs or better.)
SP3
Network Layer Security Protocol.
SP4
Transport Layer Security Protocol.
Spoofing (General)
Any procedure that involves impersonating another user or host to gain unauthorized access to the target.
Strobe
Strobe is a scanner that can identify running processes on remote Unix hosts. Get Strobe here: http://www.madness.org/misc/strobe.tgz.
SunScreen
SunScreen is a commercial firewall product. Learn more here: http://www.sun.com/security/overview.html.
SWATCH (The System Watcher)
SWATCH is a Unix-based, intrusion detection/logging tool written primarily in PERL. Learn more here: ftp://coast.cs.purdue.edu/pub/tools/unix/swatch/.
TCP/IP
Transmission Control Protocol / Internet Protocol, the protocols used by the Internet.
Telnet
a protocol and an application that allows you to control your system from remote locations. During a telnet session, your machine responds precisely as it would if you were actually working on its console.
Telnet Authentication Option
Protocol options for Telnet that add basic security to Telnet-based connections based on rules at the source routing level. Please see RFC 1409 for details.
TEMPEST
Transient Electromagnetic Pulse Surveillance Technology. TEMPEST is the practice and study of capturing or eavesdropping on electromagnetic signals that emanate from any device, in this case a computer. TEMPEST shielding is any computer security system designed to defeat such eavesdropping.
Terminator
A small plug that attaches to the end of a segment of coax Ethernet cable. This plug terminates the signal from the wire.
Token Ring
A network that's connected in a ring topology, which a special "token" is passed from computer to computer. A computer must wait until it receives a "token" before sending data over the network.
Topology
The method or system by which your network is physically laid out. Popular topologies include star, bus, ring, and mesh. Each topology has advantages and disadvantages and each has security implications. (For example, bus topology places all machines on the same wire, sharing bandwidth, and therefore allows attackers to eavesdrop fairly easily.)
Traceroute
A TCP/IP program common to UNIX that traces the route between your machine and a remote host. (A traceroute version exists for Windows 95, 98, and NT called tracert.exe.) Typical traceroute output looks like this:
C:\>tracert 207.171.0.111
Tracing route to traderights.pacificnet.net [207.171.0.111]
over a maximum of 30 hops:
1 150 ms 150 ms 151 ms tnt1.isdn.jetlink.net [206.72.64.13]
2 150 ms 141 ms 140 ms jl-bb1-ven-fe0.jetlink.net [206.72.64.1]
3 151 ms 150 ms 150 ms 166.48.176.17
4 150 ms 161 ms 150 ms core1.Bloomington.cw.net [204.70.4.161]
5 370 ms 381 ms 420 ms lang1sr2-4-0.ca.us.ibm.net [165.87.156.174]
6 200 ms 150 ms 160 ms 165.87.157.129
7 150 ms 160 ms 150 ms ded1-fe0-0-0.lsan03.pbi.net [206.13.29.196]
8 160 ms * 150 ms 206.171.134.34
9 170 ms 201 ms 180 ms traderights.pacificnet.net [207.171.0.111]
Trace complete.
Transceiver
An essential part of a Network Interface Card (NIC) that connects the network cable to the card. Most 10 base T cards have them built in, but in some cases you might have to get a transceiver for an AUI port to 10 base T. (These are no longer easy to find and you may have to special order them.)
Traffic Analysis
Traffic analysis is the study of patterns in communication rather than the content of the communication. For example, studying when, where, and to whom particular messages are being sent, without actually studying the content of those messages.
Transport Layer
Layer 4 of the OSI Reference Model, that controls the movement of data between systems, defines the protocols for messages, and does error checking. (e)Tripwire Tripwire is a Unix file integrity-checking tool and is used to monitor possible file tampering. Get Tripwire here: ftp://coast.cs.purdue.ed/pub/tools/unix/Tripwire/.
Trivial File Transfer Protocol (TFTP)
An antiquated file transfer protocol now seldom used on the Internet. (TFTP is a lot like FTP without authentication.)
Trojan or Trojan Horse
An application or code that, unbeknownst to the user, performs surreptitious and unauthorized tasks, tasks which can compromise system security.
Trusted Computer System Evaluation Criteria (TCSEC)
Also known as Government Standard DoD 5200.28-ST, the TCSEC is a criteria set forth by the Department of Defense that articulates a system by which all hardware and software can be assessed for assurance. Products assessed according to the TCSEC are categorized into ascending classes (with lower or higher levels of assurance).
Trusted System
A system secure enough for use in environments where classified information is warehoused.
Tunneling
The practice of employing encryption in data communication between two points, thus shielding that data from others that may be surreptitiously sniffing the wire. Tunneling procedures encrypt data within packets, making it extremely difficult for outsiders to access such data.
Twisted Pair
A cable that is made up of one or more pairs of wires, twisted to improve their electrical performance.
UDP
UDP (User Datagram Protocol). A connectionless protocol from the TCP/IP family. (Connectionless protocols will transmit data between two hosts even though those hosts do not currently have an active session. Such protocols are considered "unreliable" because there is no absolute guarantee that the data will arrive as it as intended.) To learn more, see RFC 768.
UID
See User ID.
UPS
Uninterruptible Power Supply, a backup power supply for when your primary power is cut. (These are typically huge batteries that can support your network for several hours only.)
User
Anyone that uses a computer system or system resources.
User ID
In general, any value by which a user is identified, including their user name. More specifically, and in relation to UNIX and other multi-user environments, any process ID - usually a numeric value - that identifies the owner of a particular process. (Please see OWNER and USER.)
User Manager for Domains
User Manager for Domains is a centralized Windows NT system administration tool that allows you to manage trust relationship between domains and also add users to or remove users from those domains. (User Manager for Domains comes with Windows NT Server 4.0 and higher.)
UTP
Unshielded Twisted Pair. See 10 base T.
Vines
A network operating system made by Banyan.
Virtual Private Network (VPN)
VPN technology allows companies with leased lines to form a closed and secure circuit over the Internet, between themselves. In this way, such companies ensure that data passed between them and their counterparts is secure (and usually encrypted).
Virus
Self-replicating or propagating program (sometimes malicious) that attaches itself to other executables, drivers, or document templates, thus "infecting" the target host or file.
Vulnerability (Hole)
This term refers to any system weakness (in either hardware or software) that allows intruders to gain unauthorized access or deny service.
WAN
Wide Area Network.
WEP
Wireless Equivilent Privay, used in WiFi networks and a very crude form of encyption with a weaknesses.
WPA
WiFi Protected Access. WPA was constructed to provide improved data encryption and enhanced protection for WiFi networking.
Watcher
Watcher is a Unix-based, intrusion detection/logging tool written in C. Learn more here: http://www.i-pi.com/.
Webalizer
An excellent web stats package that is available for Linux / Apache web servers. Best of all it's free!
http://www.webalizer.com
WebLog Expert
Another web stats package for web servers.
http://www.weblogexpert.com/
WebTrends
WebTrends is a web site monitoring/statistics tool that combines web link, usage, and traffic analysis with log analysis. http://www.webtrends.com |
