RAZORPOINT SECURITY GLOSSARY

1,325 views

Published on

Keep on top of network security terminology with this extensive white paper.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,325
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
11
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

RAZORPOINT SECURITY GLOSSARY

  1. 1. Author: Razorpoint Security Team Version: 1.5 Date of current version: 2006-01/09 Date of original version: 2001-04/04 Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved. Razorpoint Security Glossary ™ [ WHITE PAPER ]
  2. 2. Razorpoint Security Glossary Are you up to speed with the latest in security and hacker terms? Do you know the difference between a hacker and a cracker? How about why a DoS attack can render your entire network useless? The more you know about security, the terms and the techniques involved, the better prepared you’ll be to guard against break-ins, trojans, identity theft, and other unwanted attacks. The Razorpoint Security Glossary is provided as a public service to help guide you through the latest terminology of hackers, crackers, and other threats to your technology infrastructure. Razoroint Security Technologies, Inc. continues to update this list on a regular basis and attempts to keep it as one of the most comprehensive security glossaries available. This list contains terms that span most operating systems and network technologies, including: Sun Solaris, Linux, Mac OS X, BSD Unix (OpenBSD, FreeBSD, NetBSD, etc.), Windows, Cisco, Nortel and 3Com. If you have any questions or information about terms not listed please contact Razorpoint Security Technologies at: security@razorpointsecurity.com. Any copyrights mentioned in this document are the sole property of their rightful owners. AACK Acknowledgment. A response from a receiving computer to a sending computer to indicate successful receipt of information. TCP requires that packets be acknowledged before it considers the transmission complete. Access Control Techniques for limiting access to resources based on authentication information and access rules. Access Provider Companies that offer Internet access through a variety of means such as dial-up, cable, DSL, etc. Acrobat Reader An Adobe independent or Web browser plug-in that allows the viewing of Portable Document Format (PDF) files with complex graphic designs. Adobe does not charge for Acrobat Reader and it can be downloaded directly from them. Address Synonymous with URL, the phrase to connect to a website. Address Masquerading Configuring a network interface with an IP address intended for another system. This undermines access control mechanisms based on network addresses. Address Spoofing Counterfeiting IP datagrams in a way that causes the receiving system to believe they originated from a host other than the actual sender. Address Translation See NAT. Agent The software routing in an SNMP managed device that responds to get and set requests and sends trap messages. AH Authentication A planned security enhancement to IP that provides sending system authentication and datagram integrity; but not confidentiality. See also ESP. Algorithm A mathematical function or set of rules used in the process of encryption and decryption of data. ™ January 9, 2006 Razorpoint Security Glossary [v1.5] Page 1 of 18 31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
  3. 3. AltaVista Popular search engine. Anonymous Remailer A program that removes all traces of an e-mail messages’ actual sender and location before forwarding the message to its intended recipient. Anti-Virus A mechanism that provides detection and innoculation of viruses on a local disk or in files as they are transferred between networks. API Application Programming Interface. A high-level language binding that enables a programmer to easily use functions in another program. Application Gateway A system used to restrict access to services, or specific functions within services, across a firewall boundary. Application Layer The protocol layer used by applications (like Telnet, FTP, and so on) that rides atop the services provided by the transport and network layers. ARP Address Resolution Protocol. A protocol in the TCP/IP suite used to resolve a network (IP) address to its link-layer address. Asymmetric Algorithm A 2-key system using a complementary pair of keys: a public key and a private key. The public key is used to encrypt or verify messages, and the private key is used to decrypt and sign messages. Attack An electronic assault (typically unprovoked) that attempts to somehow break the target’s systems, networks and security mechanisms. AUP Acceptable Use Policy. Within an organization, the policy that has been arranged for proper use of the website. Authentication A systematic method for establishing proof of identity between two or more entities, usually users and hosts. Authorization The predetermined right to access an objective or service based on authentication information. AVI Audio Video Interleave. Created by Microsoft, a digital video file. Noted as an avi file, it displays both picture and sound elements intermittently. B Back Door A method of circumventing an enterprise security policy through an unknown vulnerability, allowing an illegal user access to the network. Back Orifice A program that installs itself on a machine as a server, allowing a user with the Back Orifice client to control the host remotely. Bandwidth The transmission capacity, commonly measured in bits per second, of a network connection. Banner Graphic advertisements appearing on the Web. Baud Modem speed. BCC Blind Carbon Copy. When writing email, the bcc-ed person receives email without knowledge of others on the distribution list. Biometrics The use of a unique physical characteristic, such as a fingerprint, voice recording, or retinal scan, to authenticate a user. Block Cipher An encryption method that places data in fixed-size blocks before encryption January 9, 2006 Razorpoint Security Glossary [v1.5] Page 2 of 18 31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
  4. 4. Blowfish Powerful, free 128-bit encryption cipher. Installed as standard in OpenBSD. Bookmark If you have a favorite site, you can save the link through the Bookmark feature located in the browser. Brute Force Attack An attempt to illicitly recover a cryptographic key by trying al reasonable possibilities. BS7799 (a.k.a. ISO 17799) British Standard 7799. The international equivalent is the ISO 17799. Standardized document outlining requirements for remote security auditing and testing. BSD Trust A trust mechanism whereby one host trusts the identity of users of another system without requiring them to authenticate with passwords. Buffer Overflow A buffer overflow is an attack where too much data is sent to an application that is expecting a lesser amount. The application is ill- prepared for the wave (overflow) of excess data and is sent into a state whereby arbitrary programs can be run by an attacker with the same privileges as the original application or service. Most services (web, email, ftp, etc.) run with root or administrator access. Buffer overflowing an application allows an unwanted attacker to execute programs with those same privileges. This is a very powerful and very common method crackers use for penetrating systems. BXA The U.S. Department of Commerce, Bureau of Export Administration. BXA is the primary regulatory agency responsible for export controls on encryption, and is responsible for the issuance of export licenses. CCable Modem Device connected to computer enabling you to receive am request information from the Internet over your TV line. Greatly exceeds the bandwidth of dial in modems. Cache Temporary storage space in computer hard drive. Web browsers store most recently viewed Web pages in cache. Camping Out Creating a safe undetected spot for hacking, storing or retrieving information, and/or creating another way to get in at a later time upon admission into a network. CC Carbon Copy. When writing email, the cc’d person also receives a copy of the email message. Certificate An electronic document bound to an individual’s or entity’s public key that portrays attributes of the key holder as vouched for by a trusted party or Certification Authority. Certificate Authority (CA) A trusted entity that digitally signs certificates in order to validate ownership of public keys. Certificate Revocation The act of removing the validity of a previously issued certificate. Certificate Revocation List (CRL) A list maintained by a Certificate Authority of certificates that are no longer valid, excluding expired certificates. Certificate Server A server that assists in the process of certifying public keys. Challenge Handshake Authentication Protocol (CHAP) A protocol for authenticating remote users utilizing a three-step authentication mechanism. Chat ‘Talking’ on the Internet via realtime, typed words. Interactive online communication. See also IRC. Chroot A Unix system call used to intentionally restrict a server’s view of a host’s file system. A chroot configuration is important when enabling certain Unix services so as to minimize a host’s vulnerability in the event of a buffer overflow attack. January 9, 2006 Razorpoint Security Glossary [v1.5] Page 3 of 18 31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
  5. 5. Cipher An algorithm that is either symmetric or asymmetric (see definitions below) and allows for either fixed or variable key lengths. Cipher Block Chaining (CBC) A block cipher mode, where the previously encrypted block of cipher text is used to encrypt the current block of cipher text. Cipher Text A message that has been encrypted to maintain its privacy when traveling over untrused networks. CISSP Certified Information Systems Security Professional. A comprehensive certification covering many areas of security (electronic, physical, personal, etc.). This certification is becoming the standard for security professionals worldwide. Client A computer system that requests services of another computer system on the network. Cleartext Human readable text. See also Plaintext Common Criteria A multi-national standard for evaluating security products and assigning ratings of trust to them. Compulsory Tunnel A term used in PPTP and L2TP to describe the creation of an involuntary VPN session. Connectionless Service A delivery service that treats each packet independently from all others before and after it. HTTP (the WorldWide Web) is a connectionless system. Content Security The ability to specify the content of a communication as an element of a security policy, in contrast to defining a security policy on the basis of header information only. Cookie A small piece of information sent to your computer from a website. This information is stored in your hard drive by the site, containing user information such as registration information, shopping cart items or preferences. Covering Tracks Method of avoiding detection by removing, replacing or disabling log files that would otherwise indicate a security breach. CPU Central Processing Unit. The main silicon chip inside the computer that runs the programs and operating systems. Cracker From CRiminal hACKER -- often confused with ‘hacker.’ A person who does not respect the computers she/he hacks on. These are the people that break, deface, and otherwise improperly use technology. See also hacker. Cross-certification The act of sharing levels of trust across two or more organizations or certificate authorities. Cryptanalysis The science of analyzing and breaking secure communication. Cryptography The science of enabling secure communication through encryption and decryption. Cryptology The study of secretive communication, including both cryptography and cryptanalysis. Cyberspace Term to describe the Internet. i.e. You’re in Cyberspace when you are surfing the Web. Cybersquatter A person who buys domain names (URL’s) with the hope of reselling them for profit. DDaemon (‘demon’) Individual process (background program) typically running on a Unix system. Datagram A packet of data and its delivery information usually associated with connectionless service. January 9, 2006 Razorpoint Security Glossary [v1.5] Page 4 of 18 31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
  6. 6. DDoS Distributed Denial-of-Service Attack. An attack on a network or single system that renders it unuseable. See also DoS. Decryption The inverse of encryption; the process of converting ciphertext into plain (usable) text. Dedicated line A direct phone line between two computers. DES Data Encryption Standard. The once-thought-of-as-unbreakable encryption standard adopted by the U.S. Government in 1977 as the federal standard for the encryption of commercial and sensitive yet unclassified government computer data. Demilitarized Zone (DMZ) A network located outside the trusted or secure network but still protected from an untrusted network, by a firewall gateway. Dial-Up A temporary connection over a telephone line from your computer to your Internet Service Provider (ISP) in order to get on the Web. Diffie Hellman or Exponential Key Exchange A concept related to public-key cryptography, it provides a mechanism for setting up a secret but unauthenticated connection between two parties. Dig Domain Information Getter. Useful tool for discovering where unresolved IP addresses originate from. Dig can also help determine what version DNS server someone is running. Digital Signature An unforgeable electronic signature that authenticates a message sender and simultaneously guarantees the integrity of the message. DNS Domain Name System. The mechanism on the Internet (via a distributed database system) that maps Internet protocol (IP) addresses (10.1.20.200) to the more easily remembered hostnames (www.WebSite.com). DNS provides other important data such as email exchange information. Domain name An original name that identifies an Internet site. DoS Attack Denial-of-Service Attack. Internet or IP services disrupted by a flood of phony traffic that clogs the provider’s network. SYN Flood, Ping o’ Death, Smurf, Fraggle and Jolt are some examples of Denial-of-Service attacks. Download Transfer data from a server to your computer’s hard disk. DSL Digital Subscriber Line. Service that offers a faster Internet connection than dial-up. DSLAM Digital Subscriber Line Access Module. Connection point or ‘switch’ that connects all DSL-connected subscribers in a given geographical area. E802.1X A set of specifications devloped by Institute of Electrical and Electronics Engineers for wireless local area networks (WLANs). Email Electronic Mail. A message sent through the Internet from one person to another (or several others). Email address An electronic mail address. Email alias An additional email address that redirects email messages to your email address. Emoticon The sideways smiling (and other) faces used on the Internet to convey emotions. i.e. :-) and :-( January 9, 2006 Razorpoint Security Glossary [v1.5] Page 5 of 18 31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
  7. 7. Encapsulating Security Payload (ESP) A fundamental component of IPSEC-compliant VPNs, specifying both encryption of an IP packet, as well as data integrity checks and sender authentication. Encapsulation The act of placing the contents of an entire packet inside a second packet. Encryption A procedure for scrambling data before sending it over a public network like the Internet. The appropriate recipient usually has a mechanism by which to ‘decrypt’ the scrambled gibberish into the sender’s original format. Encryption Scheme A mechanism for encrypting and authenticating messages, as well as managing and distributing keys. Enumeration The act of extracting valid accounts or exported resource names from systems. Enumeration is target acquisition and information gathering. Enumeration entails making active connections to systems / network resources in the attempt of gathering data for malicious use. Ethernet Common method to connect computers to a Local Area Network Explorer (a.k.a. Microsoft Internet Explorer) Microsoft’s Web browser on the Internet. Extranet A collaborative network that uses Internet technology to link businesses with their suppliers, customers, or other businesses. The shared information can be accessible only to the collaborating parties or can be publicly accessible. FFAQ Frequently Asked Questions. A file on a website that contains the most common questions and answers on a specific subjects or websites. Finger A IP protocol that provides potentially useful information about a user and sometimes a server. Firewall One or more packet filters or gateways that shield ‘internal’ trusted networks from ‘external’ untrusted networks such as the Internet. Firewalls are generally one of the tools used when securing a network from unwanted intruders. Frame Technology that allows the browser window to be broken into several sections. FTP File Transfer Protocol. An Internet protocol that allows for the transfer of files from one computer to another. FQDN Fully Qualified Domain Name. The combination of a system’s host and domain name. FTPD FTP Daemon. The server program that runs the FTP protocol. See also wu-FTPd. GGAK Government Access to Keys. As provided for in key escrow and key recovery systems. Gateway An interface that connects two different networks. GIF Graphic Interchange Format. A common graphics file format used on the Internet, most commonly used to show clip art images. Gigabyte (a.k.a. GB) About 1 billion bytes. January 9, 2006 Razorpoint Security Glossary [v1.5] Page 6 of 18 31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
  8. 8. Glitch Small malfunction in a system. GPG GnuPG is a complete and free replacement for PGP. Because it does not use the patented IDEA algorithm, it can be used without any restrictions. GnuPG is an RFC2440 (OpenPGP) compliant application. GUI Graphical User Interface. A graphical environment of an operating system. HHacker A person who uses vast amounts of time and knowledge to learn about technology and what makes it work and what makes it break. Generally not a person who breaks into or destroys systems. Often confused with a ‘Cracker.’ See also cracker. Hash A one-way function that produces a message digest that cannot be reversed to reproduce the original message. Header Data carried at the beginning of a packet or other type of message that contains information vital to delivery. Hierarchical Trust The distribution of trust through a group of organizations in a top-down fashion, commonly used by certification authorities issuing x.509 certificates. High Availability A method of providing continuous access to a network resource or application. Hit A measurement of the popularity of a website based on a single request from a browser to a server. Home page The main page of a website. Host The server on which a website is stored. HREF Hyperlink Reference. Specifies a URL as the linked resource. HTML Hypertext Mark-up Language. The language used to create hypertext documents on the Internet. HTTP HyperText Transfer Protocol. An application-layer protocol used to deliver text, graphics, sound, movies, and other data over the WWW via the friendly hypertext interface of a Web browser. HTTPD (HTTP daemon) Server HyperText Transfer Protocol Daemon. Generically refers to the process running on a WWW server. Hyperlink A highlighted graphic or word within a web page that will take you someplace within the same page, or to another page on the site. Hypermedia Pictures, video and audio on a Web page that act as hyperlinks. Hypertext Text on a Web page that includes links to other Web pages. IICMP Internet Control Message Protocol. An IP maintenance protocol that monitors and communicates control information, including notification of unreachable destinations, between network participants. IDEA International Data Encryption Algorithm A patented block cipher operating on 64-bit plaintext blocks. The key is 128 bits long. January 9, 2006 Razorpoint Security Glossary [v1.5] Page 7 of 18 31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
  9. 9. Identity Certificate A certificate which binds a public key to an individual for the purpose of identification. In-Place Encryption A mechanism that encrypts only the data of an IP packet, while the header is not encrypted. International Data Encryption Algorithm (IDEA) A secret-key, 64-bit block cipher algorithm that usesa 128-bit key for encryption. IETF Internet Engineering Task Force. An international standards body. Impression Each request for a Web page on a particular server which serves as a basis to measure the popularity of a website. Integrity The current condition of data compared to its original, pristine state. Integrity Check A mechanism for ensuring that data has not been tampered with by adding to, removing from, or otherwise modifying its contents. Often achieved through digital signatures and one way hash functions. Internet The world’s largest collection of networks that reaches universities, government research labs, commercial enterprises, and military installations in many countries. Introducer A person or organization that vouches for the authenticity of a public key. An introducer is designated by a signed public key. Intranet A private network of computers using the same protocols as the Internet, but only for internal use. Intrusion Detection A powerful type of active security technology. Intrusion detection systems combine network monitoring with real-time capture and analysis of packet data, utilizing sophisticated algorithms to recognize types of attack signatures upon discovery, send alarms, and even take action. IP Internet Protocol. Along with TCP, one of the most fundamental protocols in TCP/IP networking. IP is responsible for addressing and delivering datagrams across the Internet. IP Address The 32-bit address that uniquely identifies a node on an IP network. IP Spoofing A technique whereby an intruder attempts to gain access by altering a packet’s IP address to make it appear as though the packet originated in a part of the network with higher access privileges. IRC Internet Relay Chat. A chat network where any words typed by any user are seen by everyone who is in the chat room at that moment. ISAKMP Internet Security Association, Key Management Protocol. Defines the procedures for authenticating a communicating peer, and for creating and managing Security Associations, key generation techniques and threat mitigation (e.g., Denial-of-Service and replay attacks). ISAKMP/Oakley An IETF specification for a public-key cryptosystem. See ISAKMP or Oakley. ISDN Integrated Services Digital Network A digital telephone system that can provide high speed transmission of voice and data. ISO International Standards Organization. An international body founded to draft standards for network protocols. ISP Internet Service Provider A company that provides Internet access, email services and website development tools for its members. January 9, 2006 Razorpoint Security Glossary [v1.5] Page 8 of 18 31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
  10. 10. JJava Sun Microsystems’ object-oriented language based on C++ that allows developers to develop platform-independent applications. JavaScript A scripting language embedded into HTML documents. John The Ripper Powerful tool available for multiple operating systems used to crack (decrypt) passwords on Unix and Windows systems. Joyriding Commandeering a phone service or ISP connection, allowing the intruder to exploit these services without paying for them. JPEG Joint Photographic Experts Group. A compression standard used for full color digital images. Most photos on the web are JPG, while most clip art images are GIFs. KKbps Kilobits per second. A measure of data, i.e. A 28.8 Kbps modem transfers data at about 3.6 kilobytes per second. Kerberos A distributed authentication system, developed at MIT as part of Project Athena, which identifies users, client, and server applications to each other. Key One of all possible values that can be applied to plaintext with an encryption algorithm to produce ciphertext, or vice versa. Key Exchange A mechanism for transferring a secret session key securely across an unsecured channel. Key Escrow A mechanism that provides for storage of private keys, usually for the purpose of guaranteeing third party (government or employer) access to plaintext of encrypted data. Key Fingerprint A uniquely identifying string of characters used to authenticate public keys. Key fingerprints are matched to determine that a public key is actually the key it is supposed to be. Key ID A legible code that uniquely identifies a key pair. Two key pairs may have the same User ID (as in an email address or individual’s name), but will have different Key IDs. Key Length The number of bits representing key size. Generally, the longer the key, the stronger the encryption. Key Management The process of storing and distributing cryptographic keys to authorized recipients. Key Recovery This model requires a sophisticated management system that must securely store keys requiring escrow. A vulnerability in this key management system can compromise the security of all encrypted data. Furthermore, the third party storage of private keys creates the possibility for digital signatures to be created by parties other than the key’s owner. This would invalidate the non repudiation of digital signatures from these escrowed keys. Kilobyte 1,000 bytes. LLAN Local Area Network. A communications network that spans a small office or geographical area. Layered Protocols Protocols that are ‘stacked’ one atop another, whereby ‘lower’ protocols transparently provide services to ‘higher’ ones. January 9, 2006 Razorpoint Security Glossary [v1.5] Page 9 of 18 31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
  11. 11. Leased line A dedicated phone line that supplies a 24-hour connection from one location to another. Link Marked text or picture within a hypertext document. Lightweight Directory Access Protocol (LDAP) A mechanism for Internet clients to access and manage a database of directory services over a TCP/IP connection. Linux Invented by Linus Torvalds. A powerful Unix-based operating system for various computer hardware types. Login Entering into a computer system, also the account name or user ID that you must enter before you can access a computer system. Lynx Useful, text-based web browser available for most operating systems. L0phtCrack Powerful tool that easily cracks (decrypts) passwords on the Windows operating system, demonstrating the weak algorithms used . MMAC Address Media Access Control address. An IEEE-802 hardware address that uniquely identifies each node of an ethernet network. Every network connected device must have a unique MAC address. Mailing List E-mail addresses of subscribers for either different web based e-commerce purposes or discussion groups. Mail Server Server that handles incoming and outgoing email. Mainframe Powerful computer used for intensive computational tasks. Managed Service Provider (MSP) A company that provides outside organizations with Internet services beyond basic connectivty. Man-In-The-Middle Attack A hacker/cracker attack where the attacker has setup a connection somewhere in-between multiple points and uses this position to steal passwords, data or spoof connections to impersonate a valid user. Megabit Roughly one million bits. Message Digest A message that has been condensed into a string of letters and numbers using a one-way hash function. MIB Management Information Base. A database of objects that represent various types of information about a device. Used by SNMP for device management purposes. MIDI Musical Instrument Digital Interface. Used by electronic music industry for regulating and synthesizers. MIT-MAGIC-COOKIE-1 The universally available but infrequently used mechanism for the X Windows System that can help to prevent unauthorized access to the user’s graphical display, keyboard, and pointing device. Modem Modulator/Demodulator. Allows for computer communication via telephone lines turning digital information into analog information and the reverse. MPEG/MPG Compressed video format, downloaded from the Web. Multiprotocol Label Switching (MPLS) Method of forwarding IP packets across networks using predefined routes. January 9, 2006 Razorpoint Security Glossary [v1.5] Page 10 of 18 31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
  12. 12. MP3 Music, downloaded from the web, in a compressed format. MTA Message Transfer Agent. An entity that shoulders responsibility for transferring e-mail messages to their destination, or at least one step closer to it. NNAT Network Address Translation. Hiding a single IP address or an entire network behind another IP address. Typically used for networks that do not want to expose all of their machines to the Internet. Name Resolution The process of mapping a host name to an IP address. DNS is the Internet’s primary system for resolving host names. Net Short for Internet. Net Lingo Slang used on the Internet. Net Surfing Searching or surfing on the Web. Netscape Company that produces one of the most visible Web browsers (Navigator and Communicator) on the Internet. Network Group of connected computers which can share resources and data. Network Layer On the Internet, the layer that implements IP, and provides services to the transport layer. Newbie A new Web user. Newsgroups Discussion groups organized by subject. NIS Network Information System. A naming service developed by Sun that provides a directory service for network and host information. NFS Network File System. A weakly authenticated distributed file system built on RPC that was developed by Sun Microsystems. NFS clients mount remote server directories and then access them as if they were local. See also Secure NFS. nmap Network Mapper. Excellent tool for researching network port openings. NNTP Network News Transfer Protocol. Network News Transfer Protocol. Used for the distribution, inquiry, retrieval, and posting of articles on the Usenet news system. Nonce A random number sent to a recipient, signed with a digital signature, and sent back to confirm identity. Non-Repudiation Assures a sender cannot deny having sent a file or a message. OOakley Provides a hybrid Diffie-Hellman session key exchange for use within the ISAKMP framework. Offline Not connected to a computer network. January 9, 2006 Razorpoint Security Glossary [v1.5] Page 11 of 18 31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
  13. 13. One-Time Passwords User passwords that are used only one time to establish authentication, and are therefore not subject to snooping and replay attacks. S/Key is an example of a system that uses one-time passwords. One-Way Hash A one-way function that produces a message digest that cannot be reversed to reproduce the original message. Online Connected to a computer network. Open Platform for Security (OPSEC) An open, industry-wide alliance that ensures interoperability at the policy level between security products. OSI Open Systems Interconnection. A set of ISO standards that define the framework for implementing network protocols in seven layers. PPacket A unit of data that is broken down into packets and travels independently through the Internet. An Internet packet contains the source and destination address, identifier, and a data (payload) segment. Often used as a synonym for segment or datagram Packet Filter A network device that scans packet header information to determine whether packets should be accepted or rejected from passing through the filter. These are generally associated with routers and the way routers attempt to act as firewalls. Passphrase A series of keystrokes created by the user to allow exclusive access to a private key, used to sign and decrypt data. Payload The portion of an IP packet that holds actual message data. PEM Privacy Enhanced Mail. A standard for message encryption and the authentication of message senders. PGP Pretty Good Privacy. Developed by Phil Zimmerman, a free cryptosystem and data format available across a wide variety of operating systems, used to exchange encrypted and authenticated e-mail messages and files. Phreaker A phone hacker/cracker. From PHone fREAKER. Ping o’ Death A denial of service attack that can crash or reboot a large number of systems by sending a ‘ping’ message of greater than 65,536 bytes (the default size is 64 bytes). Ping Sweep A network reconnaissance technique that uses ICMP echo (pings) to map a network. PKI Public Key Infrastructure. A publicly available system for obtaining public keys in a secure and predictable manner. Plaintext Message text that is easily readable and understandable by anyone; the opposite of ciphertext. Platform Computer operating system. Plug-in Small piece of software which adds new features. POP2 Post Office Protocol version 2. An e-mail protocol primarily used to transfer messages between a central mail server and a user’s workstation. This normally runs on TCP/IP port 109. POP3 Post Office Protocol version 3. An e-mail protocol primarily used to transfer messages between a central mail server and a user’s workstation. This normally runs on TCP/IP port 110. Port 16-bit identifiers used by TCP and UDP that serve to specify which process or application is sending or receiving data. January 9, 2006 Razorpoint Security Glossary [v1.5] Page 12 of 18 31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
  14. 14. Port Scan The act of discerning which TCP/IP ports are open on a given network device (workstation, server, router, etc.). Port Sweep A network reconnaissance technique that determines services available on a host computer. Portal Attracts visitors by providing free information or services on a daily basis. Major portals: Excite, HotBot, Lycos, InfoSeek, and Yahoo. Post A single public message to a newsgroup. PPP Point-to-Point Protocol Allows computer to join Internet via modem. Private Key The secret half of a user’s key-pair in an asymmetric system. The private key is known only to the user. Protocol Way for two network computers to understand each other through a set of rules and conventions the computers must follow. Proxy Server Sits between a client, such as a Web browser, and a real server. Often used to improve performance by filtering out undesirable material. Public-Key Cryptosystem A cryptosystem in which one-half a single keypair is used for encryption and the other half for decryption. Punch To create a hole in a device or network allowing legal or illegal entry. QQuality of Service (QoS) The ability to define a level of performance for data communications through the setting of priorities, guarantees, or service level agreements for certain traffic types or destinations. Query Request for specific information. R‘r’ Commands Remote commands used in Unix between trusted servers. When used between trusted hosts, the trusted server does not need a password to be accessed from the trusted server. Rlogin, rsh and rcp have the most serious security implications. Race Condition A method used by an attacker to gain entry into a system. Some TCP/IP services, while running as non-privileged users, must occasionally make requests or perform functions as a privileged user. Attackers can attempt to make a service perform those privileged functions and then ‘race’ to use this temporary privilege to gain unauthorized access to a system. Remote Authentication Dial-in User Service (RADIUS) A centralized network-authentication standard that includes authentication, authorization, and accounting features. RealAudio Standard for compressed audio over the Internet. Reconnaissance Scoping out potential targets in order to zero in on the most lucrative, least protected, target. Relay A program that passes unstructured data to and from an application client and server, across an intervening firewall. Replay Attack Playing back another party’s packets or other messages recorded in a prior snooping attack in an effort to a accomplish the same or similar results achieved earlier. Resolver Client software that enables access to the DNS database. January 9, 2006 Razorpoint Security Glossary [v1.5] Page 13 of 18 31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
  15. 15. RFC (Request for Comment) Documents written for and by the Internet community that describe Internet protocols, surveys, measurements, ideas and observations. Reconnaissance Scoping out potential targets in order to zero in on the most lucrative, least protected, target. Replay Attack Playing back another party’s packets or other messages recorded in a prior snooping attack in an effort to a accomplish the same or similar results achieved earlier. Resolver Client software that enables access to the DNS database. Relay A program that passes unstructured data to and from an application client and server, across an intervening firewall. RIPEM Riordan’s Internet Privacy Enhanced Mail. A specific and well-known implementation of the PEM standard. Rijndael Pronounced RHINE-doll. As of October 2000, Rijndael is the proposed specification as the United States’ new government encryption standard. It will overtake DES and 3DES (the previous standards). Rijndael will be available in 128-, 192- and 256-bit key lengths, while the previous standard was 56-bit. Robot Program that automates Internet tasks such as collating search engine databases or automatically responding in IRC. Also called a Bot. Rootkit A suite of software tools installed on a cracked system to allow an attacker undetected re-entry. Route The path network traffic takes from its source to its destination. Router Special-purpose computing devices dedicated to delivering packets between communicating endpoints. RPC Remote Procedure Call. A weakly authenticated mechanism that allows an application to call a procedure that executes on a remote machine. See also Secure RPC. RSA Rivest-Shamir-Adleman. The most widely used, public-key cryptosystem. It offers encryption and digital signature functionality. SSATAN System Administrator’s Tool for Analyzing Networks. Developed by Dan Farmer, a controversial, and useful auditing tool for network security. SCP Secure Copy. Encrypted file copy between two systems. One of the functions of SSH. See also SSH. Search Engine Website that allows surfers to search for information through keywords on Web pages. Secure NFS An enhanced version of NFS built on Secure RPC that allows for authenticated and encrypted access to files stored on a remote server. Secure RPC A version of RPC enhanced to support DES encryption over the network connection. Security Audit An examination of networks and computer systems to determine an organization’s vulnerability to attacks from hackers, viruses, or other sources. Security Policy A set of rules that defines the network security parameters of an organization, including access control, authentication, encryption, content security, network address translation, logging and other security components. Seed A random number or sequence used to ensure randomness and security during generation of keys. January 9, 2006 Razorpoint Security Glossary [v1.5] Page 14 of 18 31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
  16. 16. Segment A protocol data unit consisting of part of a stream of bytes being sent between two machines. Also includes information about the current position of the stream and a checksum value. Server Generally a powerful computer that has a permanent connection to the Internet making services available to end-users. Server Filter A host-based firewall that logs and filters client access to server applications. Service Level Agreement (SLA) A contract between a provider and user that specifies a level of network service, such as bandwidth availability, network uptime, and other measures of network performance. Session Key A symmetric key which encrypts a specific message or “session.” Using public key cryptography, it is typical to encrypt a message with a symmetric session key, then encrypt the session key itself with the recipient’s public key and send the encrypted session key with the encrypted message. Shadow Passwords User passwords stored in a database accessible only by privileged system administrators. Shared Secret A string of text or numbers communicated between two parties in an out-of-band connection such as over a phone, through the mail, or on a disk. Shoulder Surfing Finding out what a user is typing by looking over their shoulder, and watching the keyboard or monitor. S-HTTP Secure HyperText Transfer Protocol. An extension of HTTP with security enhancements designed to enable WWW-based commerce. S- HTTP typically runs on port 443. Signature File Personal footer that can be automatically displayed on an email. Shooting Writing in capital letters. Site Website. Snail Mail Old-fashioned mail delivered by post. S/Key A one-time password system where users can only validate themselves once with a given password to a system. This protects against password stealing because each password is only valid once. SKIP Simple Key management for Internet Protocols. An authentication/encryption system that secures the network at the IP packet level. S/MIME Secure Multi-Purpose Internet Mail Extension. A proposed standard developed by a consortium of email software vendors, led by RSADSI for encrypting or authenticating MIME data. SMTP Simple Mail Transfer Protocol. The protocol used to transfer electronic mail messages from one machine to another. Sniffer A tool used to capturing the traffic travelling between multiple points on a network. Sniffers can be used to diagnose poorly configured routers and switches, as well as steal passwords and other non-encrypted data on a network. SNMP Simple Network Management Protocol. A protocol used to manage local networks on the Internet. SNMP enables a management station to configure, monitor and control network devices such as routers. Snooping Attack Passively eavesdropping on network traffic in order to capture valuable data or secrets, such as user passwords. Social Engineering To use lies, deceit, play acting and verbal cleverness to trick legitimate users into divulging the secrets of the system. Socket A bi-directional pipe for incoming and outgoing data that enables an application program to access the TCP/IP protocols. Source Route A route identifying the path a datagram must follow, determined by the source device. Spam Junk email. January 9, 2006 Razorpoint Security Glossary [v1.5] Page 15 of 18 31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
  17. 17. SSH (OpenSSH) Secure Shell. A replacement for Telnet that encrypts all traffic between the two points connected. SSH (in version 1 and version 2) is a free, downloadable application available for nearly every operating system. The SSH server (usually running on TCP/IP port 22) also offers the ability to do encrypted file transfers. See also SCP. SSL (OpenSSL) Secure Socket Layer. A layer between the application and transport layers that ensures that information sent between two systems is encrypted. SSL transparently protects application layer protocols (like HTTP, for which it was originally conceived) and data, with little effort on the part of the user. Static Passwords In contrast to one-time passwords, user passwords that are reused many times for authentication purposes. Because they are reusable, static passwords are subject to snooping and replay attacks. Steganography The art and science of communicating in a way which hides the existence of the communication. A common form of steganography is hiding messages (emails) in pictures (JPG files). Streaming Delivered in real time instead of waiting for the entire file to arrive before playing. Stream Cipher An encryption method that uses continuous input, as opposed to fixed length blocks of data. Surfing Looking through a site or multiple sites. Squatting See Camping Out Symmetric Algorithm A session or single-key system where the same secret key is used for encryption and decryption. It is difficult to protect the secret key transmission, thus the combination of both Asymmetric and Symmetric algorithms are used in the same system. SYN Flood A denial of service attack designed to prevent a server from servicing other users. TTCP/IP Transmission Control Protocol/Internet Protocol. A connection-oriented transport protocol that provides reliable, full-duplex data transmission between two entities, often a client and a server application. The language by which all Internet devices talk to each other. Telecommuting Working at home while using a computer and modem to communicate with the office. Telnet Internet protocol that allows connections as a remote terminal to a host computer. It enables a terminal attached to one host to log in to other hosts, as if directly connected to the remote machine. TFTP Trivial File Transfer Protocol. A no-frills, unauthenticated protocol used to transfer files. TFTP depends on UDP and often is used for backing up router and switch configurations as well as booting diskless workstations. Timestamp A mark that records the time of creation or transmission of a document. Token A password that can be used only once, typically generated as needed by a hardware device. Transport Layer On the Internet, the layer that implements TCP and UDP over the network layer. Triple DES A 168-bit encryption algorithm that encrypts each piece of data with three different DES keys in succession. Trojan Horse Just ‘Trojan’ for short, a piece of code, embedded in an otherwise benign program, that is used to attack a site. January 9, 2006 Razorpoint Security Glossary [v1.5] Page 16 of 18 31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved.
  18. 18. January 9, 2006 Razorpoint Security Glossary [v1.5] Page 17 of 18 31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved. Trusted Introducer An individual or organization that is trusted to introduce other keys. If a key contains the signature of a trusted introducer, that key is determined to be valid. Trusted System A trust mechanism that allows hosts to trust the identity of users of another system without requiring them to authenticate using passwords. TTL Time-To-Live. The maximum number of router hops that a datagram can experience on a network before it should be discarded. Used to prevent packets from looping endlessly. Twofish Developed by Bruce Schneier and Counterpane Systems, Twofish is a 128-bit block cipher that accepts a variable-length key up to 256 bits. Twofish is designed to be highly secure and highly flexible. It is well suited to encrypt and decrypt efficiently on powerful computers, smart cards and wireless devices alike. UUDP User Datagram Protocol. A connectionless transport protocol. Delivery is not guaranteed, nor is it guaranteed that datagrams will be delivered in the proper order. It provides a less reliable channel than TCP and is used mainly for audio and video related information that can tolerate small errors. Unix Operating system used by most service providers and universities. Upload Send files from your computer to another computer through the Internet. URL Web address. Usenet A collection of networks and computer systems that exchange messages, organized by subject into newsgroups. Unified Threat Management (UTM) An emerging trend in firewall appliances that employs many services including: firewalling, intrusion detection, content filtering, spam filtering, and anti-virus. VVerification The act of ensuring that a message has not been altered since it was sent by the sender, by comparing a signature created with a private key with its corresponding public key. Virus A program that replicates itself on computer systems by incorporating itself into other programs that are shared among computer systems. VPN Virtual Private Network. Implementing security devices on network endpoints so as to encrypt and decrypt traffic as they travel over a public network (like the Internet). VRML Virtual Reality Modeling Language. Method for creating 3D environments on the Web. WWetware Hacker slang for the human brain. World Wide Web Invented by Tim Berners-Lee in the early 1990s, an Internet client-server system to distribute information, based upon the hypertext transfer protocol (HTTP).
  19. 19. January 9, 2006 Razorpoint Security Glossary [v1.5] Page 18 of 18 31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpointsecurity.com | security@razorpointsecurity.com Copyright © 2001-2006 Razorpoint Security Technologies, Inc. All Rights Reserved. WAN Wide Area Network. A physical communications network that spans large geographical distances. WANs usually operate at slower speeds than LANs. Webmaster Person responsible for a web server, web authoring and maintaining web sites. Web-of-Trust A trust model used by PGP to validate public keys where trust is cumulative, not hierarchical, and depends on the trust of ‘introducers.’ WEP A security protocol for wireless local area networks (WLANs) defined in the 802.11b standard. Also called: Wireless Encryption, Wireless Encryption Protocol, and Wired Equivalent Privacy WPA This Wi-Fi standard that was designed to improve upon the security features of WEP, improving data encryption user authentication. Also called: Wireless Encryption and Wi-Fi Protected Access Wrapper A package that logs requests for internet services and provides an access control mechanism for Unix systems. wu-FTPd Washington University - File Transfer Protocol Daemon. A more streamlined and secure version of FTP server software. Major corporations and organizations use this in place of most other FTP servers available. WWW World Wide Web. A cohesive and user-friendly view of the Internet through many protocols, especially HTTP. W3C The World Wide Web Consortium. The international standards body. XX Windows System A graphical windowing system developed at MIT that enables a user to run applications on other computers and view the output. x.509v.3 A certificate format used to prove identity and public key ownership that is based on a system of hierarchical trust. ZZip PC file compression format that creates files with the extension of zip using PKZip or WinZip software.

×