See Security Accounts Manager (SAM).
A set of rules used when creating a Java applet that prevents certain functions when the applet is sent as part of a web page.
The process that attackers use to gather information about how a network is configured.
A router that is in front of a server on the private network. Typically, this server does packet filtering before reaching the firewall/proxy server that services the internal network.
See private key.
A protocol developed by Visa and MasterCard for secure credit card transactions. The protocol is becoming an accepted standard by many companies. SET provides encrypted credit card numbers over the Internet, and it's most suited to small amounts of data transmission.
A one-way hash algorithm designed to ensure the integrity of a message.
A protocol used for secure communications between a web server and a web browser.
A replacement for rlogin in Unix/Linux that includes security. rlogin allowed one host to establish a connection with another with no real security being employed; SSH replaces it with slogin and digital certificates.
A protocol that secures messages by operating between the Application layer (HTTP) and the Transport layer.
A method of securing wireless networks that is beginning to gain momentum and acceptance.
A database within Windows NT–based operating systems that contains information about all users and groups and their associated rights and settings within a domain.
An audit of the system (host, network, and so on) for security vulnerabilities and holes.
A log file used in Windows NT to keep track of security events specified by the domain's audit policy.
Rules set in place by a company to ensure the security of a network. These may include how often a password must be changed or how many characters a password should be.
Individuals who make their living working with computer security.
A piece of data that contains the rights and access privileges of the token bearer as part of the token.
A method of isolating a system from other systems or networks.
A unit of data transmission found at the Transport layer of the Open Systems Interconnection (OSI) model and used by TCP.
A device that collects data from the data source and passes it on to the analyzer.
A set of policies designed to reduce the risk of fraud and prevent other losses in an organization.
A number used to determine the order in which parts of a packet are to be reassembled after the packet has been split into sections.
A connection-oriented protocol that is part of the Internetwork Packet Exchange (IPX) protocol suite. It operates at the Transport layer of the OSI model. It initiates the connection between the sender and receiver, transmits the data, and then terminates the connection. See also Internetwork Packet Exchange (IPX), Open Systems Interconnection (OSI) model.
An older protocol that was used in early remote-access environments. SLIP was originally designed to connect Unix systems together in a dial-up environment, and it supports only serial communications.
A computer that provides resources to the clients on the network.
A network in which the resources are located on a server and accessed by clients.
A process that requires the workstation to authenticate against the server.
An item that adds functionality to a network by providing resources or doing tasks for other computers. In Windows-based operating systems, services include file and printer sharing for Microsoft or Novell networks.
An account created on a server for a user to perform special services, such as a backup operator, an account operator, and a server operator.
An agreement that specifies performance requirements for a vendor. This agreement may use mean time before failure (MTBF) and mean time to repair (MTTR) as performance measures in the SLA.
Operating system updates from Microsoft.
The agreed-upon (during connection) key used between a client and a server during a session. This key is generated by encrypting the server's digital ID (after validity has been established). The asymmetric key pair is then used to encrypt and verify the session key that is passed back and forth between client and server during the length of the connection.
The fifth layer of the OSI model. It determines how two computers establish, use, and end a session. Security authentication and network naming functions required for applications occur here. The Session layer establishes, maintains, and breaks dialogs between two stations. See also Open Systems Interconnection (OSI) model.
See Secure Hash Algorithm (SHA).
A network security method that assigns passwords to individual files or other network resources (such as printers) instead of assigning rights to network resources to users. The passwords are then given to all users that need access to these resources. All resources are visible from anywhere in the network, and any user who knows the password for a particular network resource can make changes to it.
Network cabling media that has a shield, similar to coax, wrapped over the wires.
Watching someone when they enter their username/password/sensitive data.
See Secure Hypertext Transfer Protocol (S-HTTP).
Transmission from one PC to another. A signal could be a notification to start a session or end a session.
The process whereby a protocol at the Physical layer receives information from the upper layers and translates all the data into signals that can be transmitted on a transmission medium.
The process of transmitting data across the medium. Two types of signaling are digital and analog.
An applet that doesn't run in the Java sandbox and has higher system access capabilities. Signed applets aren't usually downloaded from the Internet but are provided by in-house or custom programming efforts.
A protocol for sending e-mail between SMTP servers.
The management protocol created for sending information about the health of the network-to-network management consoles.
The cost of a single loss when it occurs. This loss can be a critical failure, or it can be the result of an attack.
A relationship between the client and the network wherein the client is allowed to log on one time, and all resource access is based on that logon (as opposed to needing to log on to each individual server to access the resources there).
A generic site survey involves listening in on an existing wireless network using commercially available technologies. A wireless site survey, or wireless survey, is the process of planning and designing a wireless network, in particular an 802.11.
See Serial Line Internet Protocol (SLIP).
See Simple Mail Transfer Protocol (SMTP).
A feature designed into many e-mail servers that allows them to forward e-mail to other e-mail servers. While the ability to act as a relay exists to allow networks to grow, the possibility exists for rogue servers to also participate.
An attack in which large volumes of ICMP echo requests (pings) are broadcast to all other machines on the network and in which the source address of the broadcast system has been spoofed to appear as though it came from the target computer. When all the machines that received the broadcast respond, they flood the target with more data than it can handle.
A method of performing backups that creates a compressed file of a database as it exists at the moment, without taking the users offline. A snapshot backup can take the place of other backups. It's often run on mirrored servers, but the snapshot captures only the most recent version of files.
A physical device that listens in (sniffs) on network traffic and looks for items it can make sense of. There is a legitimate purpose for these devices: Administrators use them to analyze traffic. However, when they're used by sources other than the administrator, they become security risks.
Analyzing data to look for passwords and anything else of value. Sniffing is also known as wiretapping, eavesdropping, and a number of other terms (packet sniffing, network sniffing, and so on).
See Simple Network Management Protocol (SNMP).
Looking through files in hopes of finding something interesting.
An attack that uses others by deceiving them.
The primary method used to communicate with services and applications such as the Web and Telnet. The socket is a programming construct that enables communication by mapping between ports and addresses.
An attack launched against applications and higher-level services.
Unwanted, unsolicited e-mail sent in bulk.
A momentary or instantaneous increase in power over a power line.
An attempt by someone or something to masquerade as someone else.
See Sequenced Packet Exchange (SPX).
Software programs that work—often actively—on behalf of a third party.
See Secure Shell (SSH).
See Secure Sockets Layer (SSL).
A firewall security method that monitors the status of all the connections through the firewall.
Inspections that occur at all levels of the network and provide additional security using a state table that tracks every communications channel.
An entry in the Address Resolution Protocol (ARP) table that a user adds manually when a PC will be accessed often.
A method of routing packets where the router's routing table is updated manually by the network administrator instead of automatically by a route discovery protocol.
A port that is open but might not be obvious (invisible to those who don't know it exists). Trojan horses often exploit them.
A virus that attempts to avoid detection by masking itself from applications.
The science of hiding information within other information, such as a picture.
The effectiveness of a cryptographic system in preventing unauthorized decryption.
An individual who is attempting to present a certificate proving authenticity.
A device that protects electrical components from momentary or instantaneous increases (called spikes) in a power line.
A network that has multiple routes to get from a source to a destination. Switching allows for higher speeds.
See Secure WLAN Protocol (SWP).
The keys used when the same key encrypts and decrypts data.
A denial of service attack in which the hacker sends a barrage of spoofed SYN packets. The receiving station tries to respond to each SYN request for a connection, thereby tying up all the resources. All incoming connections are rejected until all current connections can be established.
Documents that provide you with the blueprint of your organization's software and hardware infrastructure.
3.144.48.3