More Related Content
Similar to RAZORPOINT SECURITY GLOSSARY (20)
RAZORPOINT SECURITY GLOSSARY
- 1. Author:
Razorpoint Security Team
Version:
1.5
Date of current version:
2006-01/09
Date of original version:
2001-04/04
Copyright © 2001-2006 Razorpoint Security Technologies, Inc.
All Rights Reserved.
Razorpoint Security Glossary
™
[ WHITE PAPER ]
- 2. Razorpoint Security Glossary
Are you up to speed with the latest in security and hacker terms? Do you know the difference between a hacker and a cracker? How about
why a DoS attack can render your entire network useless?
The more you know about security, the terms and the techniques involved, the better prepared you’ll be to guard against break-ins, trojans,
identity theft, and other unwanted attacks. The Razorpoint Security Glossary is provided as a public service to help guide you through the
latest terminology of hackers, crackers, and other threats to your technology infrastructure.
Razoroint Security Technologies, Inc. continues to update this list on a regular basis and attempts to keep it as one of the most comprehensive
security glossaries available. This list contains terms that span most operating systems and network technologies, including: Sun Solaris,
Linux, Mac OS X, BSD Unix (OpenBSD, FreeBSD, NetBSD, etc.), Windows, Cisco, Nortel and 3Com.
If you have any questions or information about terms not listed please contact Razorpoint Security Technologies at:
security@razorpointsecurity.com.
Any copyrights mentioned in this document are the sole property of their rightful owners.
AACK
Acknowledgment. A response from a receiving computer to a sending computer to indicate successful receipt of information. TCP
requires that packets be acknowledged before it considers the transmission complete.
Access Control
Techniques for limiting access to resources based on authentication information and access rules.
Access Provider
Companies that offer Internet access through a variety of means such as dial-up, cable, DSL, etc.
Acrobat Reader
An Adobe independent or Web browser plug-in that allows the viewing of Portable Document Format (PDF) files with complex graphic
designs. Adobe does not charge for Acrobat Reader and it can be downloaded directly from them.
Address
Synonymous with URL, the phrase to connect to a website.
Address Masquerading
Configuring a network interface with an IP address intended for another system. This undermines access control mechanisms based on
network addresses.
Address Spoofing
Counterfeiting IP datagrams in a way that causes the receiving system to believe they originated from a host other than the actual
sender.
Address Translation
See NAT.
Agent
The software routing in an SNMP managed device that responds to get and set requests and sends trap messages.
AH Authentication
A planned security enhancement to IP that provides sending system authentication and datagram integrity; but not confidentiality. See
also ESP.
Algorithm
A mathematical function or set of rules used in the process of encryption and decryption of data.
™
January 9, 2006 Razorpoint Security Glossary [v1.5] Page 1 of 18
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
- 3. AltaVista
Popular search engine.
Anonymous Remailer
A program that removes all traces of an e-mail messages’ actual sender and location before forwarding the message to its intended
recipient.
Anti-Virus
A mechanism that provides detection and innoculation of viruses on a local disk or in files as they are transferred between networks.
API
Application Programming Interface. A high-level language binding that enables a programmer to easily use functions in another
program.
Application Gateway
A system used to restrict access to services, or specific functions within services, across a firewall boundary.
Application Layer
The protocol layer used by applications (like Telnet, FTP, and so on) that rides atop the services provided by the transport and network
layers.
ARP
Address Resolution Protocol. A protocol in the TCP/IP suite used to resolve a network (IP) address to its link-layer address.
Asymmetric Algorithm
A 2-key system using a complementary pair of keys: a public key and a private key. The public key is used to encrypt or verify
messages, and the private key is used to decrypt and sign messages.
Attack
An electronic assault (typically unprovoked) that attempts to somehow break the target’s systems, networks and security mechanisms.
AUP
Acceptable Use Policy. Within an organization, the policy that has been arranged for proper use of the website.
Authentication
A systematic method for establishing proof of identity between two or more entities, usually users and hosts.
Authorization
The predetermined right to access an objective or service based on authentication information.
AVI
Audio Video Interleave. Created by Microsoft, a digital video file. Noted as an avi file, it displays both picture and sound elements
intermittently.
B
Back Door
A method of circumventing an enterprise security policy through an unknown vulnerability, allowing an illegal user access to the
network.
Back Orifice
A program that installs itself on a machine as a server, allowing a user with the Back Orifice client to control the host remotely.
Bandwidth
The transmission capacity, commonly measured in bits per second, of a network connection.
Banner
Graphic advertisements appearing on the Web.
Baud
Modem speed.
BCC
Blind Carbon Copy. When writing email, the bcc-ed person receives email without knowledge of others on the distribution list.
Biometrics
The use of a unique physical characteristic, such as a fingerprint, voice recording, or retinal scan, to authenticate a user.
Block Cipher
An encryption method that places data in fixed-size blocks before encryption
January 9, 2006 Razorpoint Security Glossary [v1.5] Page 2 of 18
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
- 4. Blowfish
Powerful, free 128-bit encryption cipher. Installed as standard in OpenBSD.
Bookmark
If you have a favorite site, you can save the link through the Bookmark feature located in the browser.
Brute Force Attack
An attempt to illicitly recover a cryptographic key by trying al reasonable possibilities.
BS7799 (a.k.a. ISO 17799)
British Standard 7799. The international equivalent is the ISO 17799. Standardized document outlining requirements for remote
security auditing and testing.
BSD Trust
A trust mechanism whereby one host trusts the identity of users of another system without requiring them to authenticate with
passwords.
Buffer Overflow
A buffer overflow is an attack where too much data is sent to an application that is expecting a lesser amount. The application is ill-
prepared for the wave (overflow) of excess data and is sent into a state whereby arbitrary programs can be run by an attacker with the
same privileges as the original application or service. Most services (web, email, ftp, etc.) run with root or administrator access. Buffer
overflowing an application allows an unwanted attacker to execute programs with those same privileges. This is a very powerful and
very common method crackers use for penetrating systems.
BXA
The U.S. Department of Commerce, Bureau of Export Administration. BXA is the primary regulatory agency responsible for export
controls on encryption, and is responsible for the issuance of export licenses.
CCable Modem
Device connected to computer enabling you to receive am request information from the Internet over your TV line. Greatly exceeds the
bandwidth of dial in modems.
Cache
Temporary storage space in computer hard drive. Web browsers store most recently viewed Web pages in cache.
Camping Out
Creating a safe undetected spot for hacking, storing or retrieving information, and/or creating another way to get in at a later time upon
admission into a network.
CC
Carbon Copy. When writing email, the cc’d person also receives a copy of the email message.
Certificate
An electronic document bound to an individual’s or entity’s public key that portrays attributes of the key holder as vouched for by a
trusted party or Certification Authority.
Certificate Authority (CA)
A trusted entity that digitally signs certificates in order to validate ownership of public keys.
Certificate Revocation
The act of removing the validity of a previously issued certificate.
Certificate Revocation List (CRL)
A list maintained by a Certificate Authority of certificates that are no longer valid, excluding expired certificates.
Certificate Server
A server that assists in the process of certifying public keys.
Challenge Handshake Authentication Protocol (CHAP)
A protocol for authenticating remote users utilizing a three-step authentication mechanism.
Chat
‘Talking’ on the Internet via realtime, typed words. Interactive online communication. See also IRC.
Chroot
A Unix system call used to intentionally restrict a server’s view of a host’s file system. A chroot configuration is important when enabling
certain Unix services so as to minimize a host’s vulnerability in the event of a buffer overflow attack.
January 9, 2006 Razorpoint Security Glossary [v1.5] Page 3 of 18
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
- 5. Cipher
An algorithm that is either symmetric or asymmetric (see definitions below) and allows for either fixed or variable key lengths.
Cipher Block Chaining (CBC)
A block cipher mode, where the previously encrypted block of cipher text is used to encrypt the current block of cipher text.
Cipher Text
A message that has been encrypted to maintain its privacy when traveling over untrused networks.
CISSP
Certified Information Systems Security Professional. A comprehensive certification covering many areas of security (electronic, physical,
personal, etc.). This certification is becoming the standard for security professionals worldwide.
Client
A computer system that requests services of another computer system on the network.
Cleartext
Human readable text. See also Plaintext
Common Criteria
A multi-national standard for evaluating security products and assigning ratings of trust to them.
Compulsory Tunnel
A term used in PPTP and L2TP to describe the creation of an involuntary VPN session.
Connectionless Service
A delivery service that treats each packet independently from all others before and after it. HTTP (the WorldWide Web) is a
connectionless system.
Content Security
The ability to specify the content of a communication as an element of a security policy, in contrast to defining a security policy on the
basis of header information only.
Cookie
A small piece of information sent to your computer from a website. This information is stored in your hard drive by the site, containing
user information such as registration information, shopping cart items or preferences.
Covering Tracks
Method of avoiding detection by removing, replacing or disabling log files that would otherwise indicate a security breach.
CPU
Central Processing Unit. The main silicon chip inside the computer that runs the programs and operating systems.
Cracker
From CRiminal hACKER -- often confused with ‘hacker.’ A person who does not respect the computers she/he hacks on. These are the
people that break, deface, and otherwise improperly use technology. See also hacker.
Cross-certification
The act of sharing levels of trust across two or more organizations or certificate authorities.
Cryptanalysis
The science of analyzing and breaking secure communication.
Cryptography
The science of enabling secure communication through encryption and decryption.
Cryptology
The study of secretive communication, including both cryptography and cryptanalysis.
Cyberspace
Term to describe the Internet. i.e. You’re in Cyberspace when you are surfing the Web.
Cybersquatter
A person who buys domain names (URL’s) with the hope of reselling them for profit.
DDaemon (‘demon’)
Individual process (background program) typically running on a Unix system.
Datagram
A packet of data and its delivery information usually associated with connectionless service.
January 9, 2006 Razorpoint Security Glossary [v1.5] Page 4 of 18
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
- 6. DDoS
Distributed Denial-of-Service Attack. An attack on a network or single system that renders it unuseable. See also DoS.
Decryption
The inverse of encryption; the process of converting ciphertext into plain (usable) text.
Dedicated line
A direct phone line between two computers.
DES
Data Encryption Standard. The once-thought-of-as-unbreakable encryption standard adopted by the U.S. Government in 1977 as the
federal standard for the encryption of commercial and sensitive yet unclassified government computer data.
Demilitarized Zone (DMZ)
A network located outside the trusted or secure network but still protected from an untrusted network, by a firewall gateway.
Dial-Up
A temporary connection over a telephone line from your computer to your Internet Service Provider (ISP) in order to get on the Web.
Diffie Hellman or Exponential Key Exchange
A concept related to public-key cryptography, it provides a mechanism for setting up a secret but unauthenticated connection between
two parties.
Dig
Domain Information Getter. Useful tool for discovering where unresolved IP addresses originate from. Dig can also help determine what
version DNS server someone is running.
Digital Signature
An unforgeable electronic signature that authenticates a message sender and simultaneously guarantees the integrity of the message.
DNS
Domain Name System. The mechanism on the Internet (via a distributed database system) that maps Internet protocol (IP) addresses
(10.1.20.200) to the more easily remembered hostnames (www.WebSite.com). DNS provides other important data such as email
exchange information.
Domain name
An original name that identifies an Internet site.
DoS Attack
Denial-of-Service Attack. Internet or IP services disrupted by a flood of phony traffic that clogs the provider’s network. SYN Flood, Ping
o’ Death, Smurf, Fraggle and Jolt are some examples of Denial-of-Service attacks.
Download
Transfer data from a server to your computer’s hard disk.
DSL
Digital Subscriber Line. Service that offers a faster Internet connection than dial-up.
DSLAM
Digital Subscriber Line Access Module. Connection point or ‘switch’ that connects all DSL-connected subscribers in a given geographical
area.
E802.1X
A set of specifications devloped by Institute of Electrical and Electronics Engineers for wireless local area networks (WLANs).
Email
Electronic Mail. A message sent through the Internet from one person to another (or several others).
Email address
An electronic mail address.
Email alias
An additional email address that redirects email messages to your email address.
Emoticon
The sideways smiling (and other) faces used on the Internet to convey emotions. i.e. :-) and :-(
January 9, 2006 Razorpoint Security Glossary [v1.5] Page 5 of 18
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
- 7. Encapsulating Security Payload (ESP)
A fundamental component of IPSEC-compliant VPNs, specifying both encryption of an IP packet, as well as data integrity checks and
sender authentication.
Encapsulation
The act of placing the contents of an entire packet inside a second packet.
Encryption
A procedure for scrambling data before sending it over a public network like the Internet. The appropriate recipient usually has a
mechanism by which to ‘decrypt’ the scrambled gibberish into the sender’s original format.
Encryption Scheme
A mechanism for encrypting and authenticating messages, as well as managing and distributing keys.
Enumeration
The act of extracting valid accounts or exported resource names from systems. Enumeration is target acquisition and information
gathering. Enumeration entails making active connections to systems / network resources in the attempt of gathering data for malicious
use.
Ethernet
Common method to connect computers to a Local Area Network
Explorer (a.k.a. Microsoft Internet Explorer)
Microsoft’s Web browser on the Internet.
Extranet
A collaborative network that uses Internet technology to link businesses with their suppliers, customers, or other businesses. The shared
information can be accessible only to the collaborating parties or can be publicly accessible.
FFAQ
Frequently Asked Questions. A file on a website that contains the most common questions and answers on a specific subjects or
websites.
Finger
A IP protocol that provides potentially useful information about a user and sometimes a server.
Firewall
One or more packet filters or gateways that shield ‘internal’ trusted networks from ‘external’ untrusted networks such as the Internet.
Firewalls are generally one of the tools used when securing a network from unwanted intruders.
Frame
Technology that allows the browser window to be broken into several sections.
FTP
File Transfer Protocol. An Internet protocol that allows for the transfer of files from one computer to another.
FQDN
Fully Qualified Domain Name. The combination of a system’s host and domain name.
FTPD
FTP Daemon. The server program that runs the FTP protocol. See also wu-FTPd.
GGAK
Government Access to Keys. As provided for in key escrow and key recovery systems.
Gateway
An interface that connects two different networks.
GIF
Graphic Interchange Format. A common graphics file format used on the Internet, most commonly used to show clip art images.
Gigabyte (a.k.a. GB)
About 1 billion bytes.
January 9, 2006 Razorpoint Security Glossary [v1.5] Page 6 of 18
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
- 8. Glitch
Small malfunction in a system.
GPG
GnuPG is a complete and free replacement for PGP. Because it does not use the patented IDEA algorithm, it can be used without any
restrictions. GnuPG is an RFC2440 (OpenPGP) compliant application.
GUI
Graphical User Interface. A graphical environment of an operating system.
HHacker
A person who uses vast amounts of time and knowledge to learn about technology and what makes it work and what makes it break.
Generally not a person who breaks into or destroys systems. Often confused with a ‘Cracker.’ See also cracker.
Hash
A one-way function that produces a message digest that cannot be reversed to reproduce the original message.
Header
Data carried at the beginning of a packet or other type of message that contains information vital to delivery.
Hierarchical Trust
The distribution of trust through a group of organizations in a top-down fashion, commonly used by certification authorities issuing x.509
certificates.
High Availability
A method of providing continuous access to a network resource or application.
Hit
A measurement of the popularity of a website based on a single request from a browser to a server.
Home page
The main page of a website.
Host
The server on which a website is stored.
HREF
Hyperlink Reference. Specifies a URL as the linked resource.
HTML
Hypertext Mark-up Language. The language used to create hypertext documents on the Internet.
HTTP
HyperText Transfer Protocol. An application-layer protocol used to deliver text, graphics, sound, movies, and other data over the WWW
via the friendly hypertext interface of a Web browser.
HTTPD (HTTP daemon) Server
HyperText Transfer Protocol Daemon. Generically refers to the process running on a WWW server.
Hyperlink
A highlighted graphic or word within a web page that will take you someplace within the same page, or to another page on the site.
Hypermedia
Pictures, video and audio on a Web page that act as hyperlinks.
Hypertext
Text on a Web page that includes links to other Web pages.
IICMP
Internet Control Message Protocol. An IP maintenance protocol that monitors and communicates control information, including
notification of unreachable destinations, between network participants.
IDEA
International Data Encryption Algorithm
A patented block cipher operating on 64-bit plaintext blocks. The key is 128 bits long.
January 9, 2006 Razorpoint Security Glossary [v1.5] Page 7 of 18
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
- 9. Identity Certificate
A certificate which binds a public key to an individual for the purpose of identification.
In-Place Encryption
A mechanism that encrypts only the data of an IP packet, while the header is not encrypted.
International Data Encryption Algorithm (IDEA)
A secret-key, 64-bit block cipher algorithm that usesa 128-bit key for encryption.
IETF
Internet Engineering Task Force. An international standards body.
Impression
Each request for a Web page on a particular server which serves as a basis to measure the popularity of a website.
Integrity
The current condition of data compared to its original, pristine state.
Integrity Check
A mechanism for ensuring that data has not been tampered with by adding to, removing from, or otherwise modifying its contents. Often
achieved through digital signatures and one
way hash functions.
Internet
The world’s largest collection of networks that reaches universities, government research labs, commercial enterprises, and military
installations in many countries.
Introducer
A person or organization that vouches for the authenticity of a public key. An introducer is designated by a signed public key.
Intranet
A private network of computers using the same protocols as the Internet, but only for internal use.
Intrusion Detection
A powerful type of active security technology. Intrusion detection systems combine network monitoring with real-time capture and
analysis of packet data, utilizing sophisticated algorithms to recognize types of attack signatures upon discovery, send alarms, and even
take action.
IP
Internet Protocol. Along with TCP, one of the most fundamental protocols in TCP/IP networking. IP is responsible for addressing and
delivering datagrams across the Internet.
IP Address
The 32-bit address that uniquely identifies a node on an IP network.
IP Spoofing
A technique whereby an intruder attempts to gain access by altering a packet’s IP address to make it appear as though the packet
originated in a part of the network with higher access privileges.
IRC
Internet Relay Chat. A chat network where any words typed by any user are seen by everyone who is in the chat room at that moment.
ISAKMP
Internet Security Association, Key Management Protocol. Defines the procedures for authenticating a communicating peer, and for
creating and managing Security Associations, key generation techniques and threat mitigation (e.g., Denial-of-Service and replay
attacks).
ISAKMP/Oakley
An IETF specification for a public-key cryptosystem. See ISAKMP or Oakley.
ISDN
Integrated Services Digital Network A digital telephone system that can provide high speed transmission of voice and data.
ISO
International Standards Organization. An international body founded to draft standards for network protocols.
ISP
Internet Service Provider A company that provides Internet access, email services and website development tools for its members.
January 9, 2006 Razorpoint Security Glossary [v1.5] Page 8 of 18
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
- 10. JJava
Sun Microsystems’ object-oriented language based on C++ that allows developers to develop platform-independent applications.
JavaScript
A scripting language embedded into HTML documents.
John The Ripper
Powerful tool available for multiple operating systems used to crack (decrypt) passwords on Unix and Windows systems.
Joyriding
Commandeering a phone service or ISP connection, allowing the intruder to exploit these services without paying for them.
JPEG
Joint Photographic Experts Group. A compression standard used for full color digital images. Most photos on the web are JPG, while
most clip art images are GIFs.
KKbps
Kilobits per second. A measure of data, i.e. A 28.8 Kbps modem transfers data at about 3.6 kilobytes per second.
Kerberos
A distributed authentication system, developed at MIT as part of Project Athena, which identifies users, client, and server applications to
each other.
Key
One of all possible values that can be applied to plaintext with an encryption algorithm to produce ciphertext, or vice versa.
Key Exchange
A mechanism for transferring a secret session key securely across an unsecured channel.
Key Escrow
A mechanism that provides for storage of private keys, usually for the purpose of guaranteeing third party (government or employer)
access to plaintext of encrypted data.
Key Fingerprint
A uniquely identifying string of characters used to authenticate public keys. Key fingerprints are matched to determine that a public key is
actually the key it is supposed to be.
Key ID
A legible code that uniquely identifies a key pair. Two key pairs may have the same User ID (as in an email address or individual’s name),
but will have different Key IDs.
Key Length
The number of bits representing key size. Generally, the longer the key, the stronger the encryption.
Key Management
The process of storing and distributing cryptographic keys to authorized recipients.
Key Recovery
This model requires a sophisticated management system that must securely store keys requiring escrow. A vulnerability in this key
management system can compromise the security of all encrypted data. Furthermore, the third party storage of private keys creates the
possibility for digital signatures to be created by parties other than the key’s owner. This would invalidate the non
repudiation of digital signatures from these escrowed keys.
Kilobyte
1,000 bytes.
LLAN
Local Area Network. A communications network that spans a small office or geographical area.
Layered Protocols
Protocols that are ‘stacked’ one atop another, whereby ‘lower’ protocols transparently provide services to ‘higher’ ones.
January 9, 2006 Razorpoint Security Glossary [v1.5] Page 9 of 18
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
- 11. Leased line
A dedicated phone line that supplies a 24-hour connection from one location to another.
Link
Marked text or picture within a hypertext document.
Lightweight Directory Access Protocol (LDAP)
A mechanism for Internet clients to access and manage a database of directory services over a TCP/IP connection.
Linux
Invented by Linus Torvalds. A powerful Unix-based operating system for various computer hardware types.
Login
Entering into a computer system, also the account name or user ID that you must enter before you can access a computer system.
Lynx
Useful, text-based web browser available for most operating systems.
L0phtCrack
Powerful tool that easily cracks (decrypts) passwords on the Windows operating system, demonstrating the weak algorithms used .
MMAC Address
Media Access Control address. An IEEE-802 hardware address that uniquely identifies each node of an ethernet network. Every network
connected device must have a unique MAC address.
Mailing List
E-mail addresses of subscribers for either different web
based e-commerce purposes or discussion groups.
Mail Server
Server that handles incoming and outgoing email.
Mainframe
Powerful computer used for intensive computational tasks.
Managed Service Provider (MSP)
A company that provides outside organizations with Internet services beyond basic connectivty.
Man-In-The-Middle Attack
A hacker/cracker attack where the attacker has setup a connection somewhere in-between multiple points and uses this position to steal
passwords, data or spoof connections to impersonate a valid user.
Megabit
Roughly one million bits.
Message Digest
A message that has been condensed into a string of letters and numbers using a one-way hash function.
MIB
Management Information Base. A database of objects that represent various types of information about a device. Used by SNMP for
device management purposes.
MIDI
Musical Instrument Digital Interface. Used by electronic music industry for regulating and synthesizers.
MIT-MAGIC-COOKIE-1
The universally available but infrequently used mechanism for the X Windows System that can help to prevent unauthorized access to the
user’s graphical display, keyboard, and pointing device.
Modem
Modulator/Demodulator. Allows for computer communication via telephone lines turning digital information into analog information and
the reverse.
MPEG/MPG
Compressed video format, downloaded from the Web.
Multiprotocol Label Switching (MPLS)
Method of forwarding IP packets across networks using predefined routes.
January 9, 2006 Razorpoint Security Glossary [v1.5] Page 10 of 18
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
- 12. MP3
Music, downloaded from the web, in a compressed format.
MTA
Message Transfer Agent. An entity that shoulders responsibility for transferring e-mail messages to their destination, or at least one step
closer to it.
NNAT
Network Address Translation. Hiding a single IP address or an entire network behind another IP address. Typically used for networks
that do not want to expose all of their machines to the Internet.
Name Resolution
The process of mapping a host name to an IP address. DNS is the Internet’s primary system for resolving host names.
Net
Short for Internet.
Net Lingo
Slang used on the Internet.
Net Surfing
Searching or surfing on the Web.
Netscape
Company that produces one of the most visible Web browsers (Navigator and Communicator) on the Internet.
Network
Group of connected computers which can share resources and data.
Network Layer
On the Internet, the layer that implements IP, and provides services to the transport layer.
Newbie
A new Web user.
Newsgroups
Discussion groups organized by subject.
NIS
Network Information System. A naming service developed by Sun that provides a directory service for network and host information.
NFS
Network File System. A weakly authenticated distributed file system built on RPC that was developed by Sun Microsystems. NFS clients
mount remote server directories and then access them as if they were local. See also Secure NFS.
nmap
Network Mapper. Excellent tool for researching network port openings.
NNTP
Network News Transfer Protocol. Network News Transfer Protocol. Used for the distribution, inquiry, retrieval, and posting of articles on
the Usenet news system.
Nonce
A random number sent to a recipient, signed with a digital signature, and sent back to confirm identity.
Non-Repudiation
Assures a sender cannot deny having sent a file or a message.
OOakley
Provides a hybrid Diffie-Hellman session key exchange for use within the ISAKMP framework.
Offline
Not connected to a computer network.
January 9, 2006 Razorpoint Security Glossary [v1.5] Page 11 of 18
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
- 13. One-Time Passwords
User passwords that are used only one time to establish authentication, and are therefore not subject to snooping and replay attacks.
S/Key is an example of a system that uses one-time passwords.
One-Way Hash
A one-way function that produces a message digest that cannot be reversed to reproduce the original message.
Online
Connected to a computer network.
Open Platform for Security (OPSEC)
An open, industry-wide alliance that ensures interoperability at the policy level between security products.
OSI
Open Systems Interconnection. A set of ISO standards that define the framework for implementing network protocols in seven layers.
PPacket
A unit of data that is broken down into packets and travels independently through the Internet. An Internet packet contains the source
and destination address, identifier, and a data (payload) segment. Often used as a synonym for segment or datagram
Packet Filter
A network device that scans packet header information to determine whether packets should be accepted or rejected from passing
through the filter. These are generally associated with routers and the way routers attempt to act as firewalls.
Passphrase
A series of keystrokes created by the user to allow exclusive access to a private key, used to sign and decrypt data.
Payload
The portion of an IP packet that holds actual message data.
PEM
Privacy Enhanced Mail. A standard for message encryption and the authentication of message senders.
PGP
Pretty Good Privacy. Developed by Phil Zimmerman, a free cryptosystem and data format available across a wide variety of operating
systems, used to exchange encrypted and authenticated e-mail messages and files.
Phreaker
A phone hacker/cracker. From PHone fREAKER.
Ping o’ Death
A denial of service attack that can crash or reboot a large number of systems by sending a ‘ping’ message of greater than 65,536 bytes
(the default size is 64 bytes).
Ping Sweep
A network reconnaissance technique that uses ICMP echo (pings) to map a network.
PKI
Public Key Infrastructure. A publicly available system for obtaining public keys in a secure and predictable manner.
Plaintext
Message text that is easily readable and understandable by anyone; the opposite of ciphertext.
Platform
Computer operating system.
Plug-in
Small piece of software which adds new features.
POP2
Post Office Protocol version 2. An e-mail protocol primarily used to transfer messages between a central mail server and a user’s
workstation. This normally runs on TCP/IP port 109.
POP3
Post Office Protocol version 3. An e-mail protocol primarily used to transfer messages between a central mail server and a user’s
workstation. This normally runs on TCP/IP port 110.
Port
16-bit identifiers used by TCP and UDP that serve to specify which process or application is sending or receiving data.
January 9, 2006 Razorpoint Security Glossary [v1.5] Page 12 of 18
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
- 14. Port Scan
The act of discerning which TCP/IP ports are open on a given network device (workstation, server, router, etc.).
Port Sweep
A network reconnaissance technique that determines services available on a host computer.
Portal
Attracts visitors by providing free information or services on a daily basis. Major portals: Excite, HotBot, Lycos, InfoSeek, and Yahoo.
Post
A single public message to a newsgroup.
PPP
Point-to-Point Protocol Allows computer to join Internet via modem.
Private Key
The secret half of a user’s key-pair in an asymmetric system. The private key is known only to the user.
Protocol
Way for two network computers to understand each other through a set of rules and conventions the computers must follow.
Proxy Server
Sits between a client, such as a Web browser, and a real server. Often used to improve performance by filtering out undesirable material.
Public-Key Cryptosystem
A cryptosystem in which one-half a single keypair is used for encryption and the other half for decryption.
Punch
To create a hole in a device or network allowing legal or illegal entry.
QQuality of Service (QoS)
The ability to define a level of performance for data communications through the setting of priorities, guarantees, or service level
agreements for certain traffic types or destinations.
Query
Request for specific information.
R‘r’ Commands
Remote commands used in Unix between trusted servers. When used between trusted hosts, the trusted server does not need a
password to be accessed from the trusted server. Rlogin, rsh and rcp have the most serious security implications.
Race Condition
A method used by an attacker to gain entry into a system. Some TCP/IP services, while running as non-privileged users, must
occasionally make requests or perform functions as a privileged user. Attackers can attempt to make a service perform those privileged
functions and then ‘race’ to use this temporary privilege to gain unauthorized access to a system.
Remote Authentication Dial-in User Service (RADIUS)
A centralized network-authentication standard that includes authentication, authorization, and accounting features.
RealAudio
Standard for compressed audio over the Internet.
Reconnaissance
Scoping out potential targets in order to zero in on the most lucrative, least protected, target.
Relay
A program that passes unstructured data to and from an application client and server, across an intervening firewall.
Replay Attack
Playing back another party’s packets or other messages recorded in a prior snooping attack in an effort to a accomplish the same or
similar results achieved earlier.
Resolver
Client software that enables access to the DNS database.
January 9, 2006 Razorpoint Security Glossary [v1.5] Page 13 of 18
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
- 15. RFC (Request for Comment)
Documents written for and by the Internet community that describe Internet protocols, surveys, measurements, ideas and observations.
Reconnaissance
Scoping out potential targets in order to zero in on the most lucrative, least protected, target.
Replay Attack
Playing back another party’s packets or other messages recorded in a prior snooping attack in an effort to a accomplish the same or
similar results achieved earlier.
Resolver
Client software that enables access to the DNS database.
Relay
A program that passes unstructured data to and from an application client and server, across an intervening firewall.
RIPEM
Riordan’s Internet Privacy Enhanced Mail. A specific and well-known implementation of the PEM standard.
Rijndael
Pronounced RHINE-doll. As of October 2000, Rijndael is the proposed specification as the United States’ new government encryption
standard. It will overtake DES and 3DES (the previous standards). Rijndael will be available in 128-, 192- and 256-bit key lengths, while
the previous standard was 56-bit.
Robot
Program that automates Internet tasks such as collating search engine databases or automatically responding in IRC. Also called a Bot.
Rootkit
A suite of software tools installed on a cracked system to allow an attacker undetected re-entry.
Route
The path network traffic takes from its source to its destination.
Router
Special-purpose computing devices dedicated to delivering packets between communicating endpoints.
RPC
Remote Procedure Call. A weakly authenticated mechanism that allows an application to call a procedure that executes on a remote
machine. See also Secure RPC.
RSA
Rivest-Shamir-Adleman. The most widely used, public-key cryptosystem. It offers encryption and digital signature functionality.
SSATAN
System Administrator’s Tool for Analyzing Networks. Developed by Dan Farmer, a controversial, and useful auditing tool for network
security.
SCP
Secure Copy. Encrypted file copy between two systems. One of the functions of SSH. See also SSH.
Search Engine
Website that allows surfers to search for information through keywords on Web pages.
Secure NFS
An enhanced version of NFS built on Secure RPC that allows for authenticated and encrypted access to files stored on a remote server.
Secure RPC
A version of RPC enhanced to support DES encryption over the network connection.
Security Audit
An examination of networks and computer systems to determine an organization’s vulnerability to attacks from hackers, viruses, or other
sources.
Security Policy
A set of rules that defines the network security parameters of an organization, including access control, authentication, encryption,
content security, network address translation, logging and other security components.
Seed
A random number or sequence used to ensure randomness and security during generation of keys.
January 9, 2006 Razorpoint Security Glossary [v1.5] Page 14 of 18
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
- 16. Segment
A protocol data unit consisting of part of a stream of bytes being sent between two machines. Also includes information about the current
position of the stream and a checksum value.
Server
Generally a powerful computer that has a permanent connection to the Internet making services available to end-users.
Server Filter
A host-based firewall that logs and filters client access to server applications.
Service Level Agreement (SLA)
A contract between a provider and user that specifies a level of network service, such as bandwidth availability, network uptime, and
other measures of network performance.
Session Key
A symmetric key which encrypts a specific message or “session.” Using public key cryptography, it is typical to encrypt a message with
a symmetric session key, then encrypt the session key itself with the recipient’s public key and send the encrypted session key with the
encrypted message.
Shadow Passwords
User passwords stored in a database accessible only by privileged system administrators.
Shared Secret
A string of text or numbers communicated between two parties in an out-of-band connection such as over a phone, through the mail, or
on a disk.
Shoulder Surfing
Finding out what a user is typing by looking over their shoulder, and watching the keyboard or monitor.
S-HTTP
Secure HyperText Transfer Protocol. An extension of HTTP with security enhancements designed to enable WWW-based commerce. S-
HTTP typically runs on port 443.
Signature File
Personal footer that can be automatically displayed on an email. Shooting Writing in capital letters. Site Website. Snail Mail Old-fashioned
mail delivered by post.
S/Key
A one-time password system where users can only validate themselves once with a given password to a system. This protects against
password stealing because each password is only valid once.
SKIP
Simple Key management for Internet Protocols. An authentication/encryption system that secures the network at the IP packet level.
S/MIME
Secure Multi-Purpose Internet Mail Extension. A proposed standard developed by a consortium of email software vendors, led by RSADSI
for encrypting or authenticating MIME data.
SMTP
Simple Mail Transfer Protocol. The protocol used to transfer electronic mail messages from one machine to another.
Sniffer
A tool used to capturing the traffic travelling between multiple points on a network. Sniffers can be used to diagnose poorly configured
routers and switches, as well as steal passwords and other non-encrypted data on a network.
SNMP
Simple Network Management Protocol. A protocol used to manage local networks on the Internet. SNMP enables a management station
to configure, monitor and control network devices such as routers.
Snooping Attack
Passively eavesdropping on network traffic in order to capture valuable data or secrets, such as user passwords.
Social Engineering
To use lies, deceit, play acting and verbal cleverness to trick legitimate users into divulging the secrets of the system.
Socket
A bi-directional pipe for incoming and outgoing data that enables an application program to access the TCP/IP protocols.
Source Route
A route identifying the path a datagram must follow, determined by the source device.
Spam
Junk email.
January 9, 2006 Razorpoint Security Glossary [v1.5] Page 15 of 18
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
- 17. SSH (OpenSSH)
Secure Shell. A replacement for Telnet that encrypts all traffic between the two points connected. SSH (in version 1 and version 2) is
a free, downloadable application available for nearly every operating system. The SSH server (usually running on TCP/IP port 22) also
offers the ability to do encrypted file transfers. See also SCP.
SSL (OpenSSL)
Secure Socket Layer. A layer between the application and transport layers that ensures that information sent between two systems is
encrypted. SSL transparently protects application layer protocols (like HTTP, for which it was originally conceived) and data, with little
effort on the part of the user.
Static Passwords
In contrast to one-time passwords, user passwords that are reused many times for authentication purposes. Because they are reusable,
static passwords are subject to snooping and replay attacks.
Steganography
The art and science of communicating in a way which hides the existence of the communication. A common form of steganography is
hiding messages (emails) in pictures (JPG files).
Streaming
Delivered in real time instead of waiting for the entire file to arrive before playing.
Stream Cipher
An encryption method that uses continuous input, as opposed to fixed length blocks of data.
Surfing
Looking through a site or multiple sites.
Squatting
See Camping Out
Symmetric Algorithm
A session or single-key system where the same secret key is used for encryption and decryption. It is difficult to protect the secret key
transmission, thus the combination of both Asymmetric and Symmetric algorithms are used in the same system.
SYN Flood
A denial of service attack designed to prevent a server from servicing other users.
TTCP/IP
Transmission Control Protocol/Internet Protocol. A connection-oriented transport protocol that provides reliable, full-duplex data
transmission between two entities, often a client and a server application. The language by which all Internet devices talk to each other.
Telecommuting
Working at home while using a computer and modem to communicate with the office.
Telnet
Internet protocol that allows connections as a remote terminal to a host computer. It enables a terminal attached to one host to log in to
other hosts, as if directly connected to the remote machine.
TFTP
Trivial File Transfer Protocol. A no-frills, unauthenticated protocol used to transfer files. TFTP depends on UDP and often is used for
backing up router and switch configurations as well as booting diskless workstations.
Timestamp
A mark that records the time of creation or transmission of a document.
Token
A password that can be used only once, typically generated as needed by a hardware device.
Transport Layer
On the Internet, the layer that implements TCP and UDP over the network layer.
Triple DES
A 168-bit encryption algorithm that encrypts each piece of data with three different DES keys in succession.
Trojan Horse
Just ‘Trojan’ for short, a piece of code, embedded in an otherwise benign program, that is used to attack a site.
January 9, 2006 Razorpoint Security Glossary [v1.5] Page 16 of 18
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
- 18. January 9, 2006 Razorpoint Security Glossary [v1.5] Page 17 of 18
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
Trusted Introducer
An individual or organization that is trusted to introduce other keys. If a key contains the signature of a trusted introducer, that key is
determined to be valid.
Trusted System
A trust mechanism that allows hosts to trust the identity of users of another system without requiring them to authenticate using
passwords.
TTL
Time-To-Live. The maximum number of router hops that a datagram can experience on a network before it should be discarded. Used to
prevent packets from looping endlessly.
Twofish
Developed by Bruce Schneier and Counterpane Systems, Twofish is a 128-bit block cipher that accepts a variable-length key up to
256 bits. Twofish is designed to be highly secure and highly flexible. It is well suited to encrypt and decrypt efficiently on powerful
computers, smart cards and wireless devices alike.
UUDP
User Datagram Protocol. A connectionless transport protocol. Delivery is not guaranteed, nor is it guaranteed that datagrams will be
delivered in the proper order. It provides a less reliable channel than TCP and is used mainly for audio and video related information that
can tolerate small errors.
Unix
Operating system used by most service providers and universities.
Upload
Send files from your computer to another computer through the Internet.
URL
Web address.
Usenet
A collection of networks and computer systems that exchange messages, organized by subject into newsgroups.
Unified Threat Management (UTM)
An emerging trend in firewall appliances that employs many services including: firewalling, intrusion detection, content filtering, spam
filtering, and anti-virus.
VVerification
The act of ensuring that a message has not been altered since it was sent by the sender, by comparing a signature created with a private
key with its corresponding public key.
Virus
A program that replicates itself on computer systems by incorporating itself into other programs that are shared among computer
systems.
VPN
Virtual Private Network. Implementing security devices on network endpoints so as to encrypt and decrypt traffic as they travel over a
public network (like the Internet).
VRML
Virtual Reality Modeling Language. Method for creating 3D environments on the Web.
WWetware
Hacker slang for the human brain.
World Wide Web
Invented by Tim Berners-Lee in the early 1990s, an Internet client-server system to distribute information, based upon the hypertext
transfer protocol (HTTP).
- 19. January 9, 2006 Razorpoint Security Glossary [v1.5] Page 18 of 18
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com
Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
WAN
Wide Area Network. A physical communications network that spans large geographical distances. WANs usually operate at slower speeds
than LANs.
Webmaster
Person responsible for a web server, web authoring and maintaining web sites.
Web-of-Trust
A trust model used by PGP to validate public keys where trust is cumulative, not hierarchical, and depends on the trust of ‘introducers.’
WEP
A security protocol for wireless local area networks (WLANs) defined in the 802.11b standard.
Also called: Wireless Encryption, Wireless Encryption Protocol, and Wired Equivalent Privacy
WPA
This Wi-Fi standard that was designed to improve upon the security features of WEP, improving data encryption user authentication. Also
called: Wireless Encryption and Wi-Fi Protected Access
Wrapper
A package that logs requests for internet services and provides an access control mechanism for Unix systems.
wu-FTPd
Washington University - File Transfer Protocol Daemon. A more streamlined and secure version of FTP server software. Major
corporations and organizations use this in place of most other FTP servers available.
WWW
World Wide Web. A cohesive and user-friendly view of the Internet through many protocols, especially HTTP.
W3C
The World Wide Web Consortium. The international standards body.
XX Windows System
A graphical windowing system developed at MIT that enables a user to run applications on other computers and view the output.
x.509v.3
A certificate format used to prove identity and public key ownership that is based on a system of hierarchical trust.
ZZip
PC file compression format that creates files with the extension of zip using PKZip or WinZip software.