Glossary

Some terms in this glossary come from the hacker community and others from the security professionals’ community. To truly understand computer security one must be familiar with both worlds. General networking terms are also included in this glossary.

access control list: A list of entities, together with their access rights, that are authorized to have access to a resource.

access lockout policies: Policies regarding how many login attempts should be allowed before the account is locked.

account policies: Policies regarding account settings.

admin: Short for system administrator.

AES: Advanced Encryption Standard, a modern encryption method that is widely used.

anomaly detection: An intrusion-detection strategy that depends on detecting anomalous activities.

application gateway firewall: A firewall type that verifies specific applications.

ASCII code: Numeric codes used to represent all standard alphanumeric symbols. There are 255 different ASCII codes.

auditing: A check of a system’s security usually including a review of documents, procedures, and system configurations.

authenticate: The process of verifying that a user is authorized to access some resource.

Authentication Header (AH): A field that immediately follows the IP header in an IP datagram and provides authentication and integrity checking for the datagram.

banishment vigilance: Blocking all traffic from a suspect IP address (i.e., banishing that address).

basic security theorem: A theorem that states that a system is secure if and only if the initial state is a secure state and all state transitions are secure, then every subsequent state will also be secure, no matter what inputs occur.

bastion host: A single point of contact between the Internet and a private network.

Bell-LaPadula Model: One of the oldest security models, based on the basic security theorem.

Biba Integrity Model: An older security model with similarities to Bell-LaPadula.

binary numbers: Numbers that use the base 2 number system.

binary operations: Operations on base 2 (i.e., binary) numbers. The operations include XOR, OR, and AND.

black hat hacker: A hacker with a malicious purpose, synonymous with cracker.

blocking: The act of preventing transmissions of some type.

Blowfish: A well-known symmetric block cipher created by Bruce Schneier.

braindump: The act of telling someone everything one knows.

breach: To successfully break into a system (e.g., “to breach the security”).

brute force: To try to crack a password by simply trying every possible combination.

buffer overflow: An attack that seeks to overwrite a memory buffer with more data than it is designed to hold.

bug: A flaw in a system.

call back: A procedure for identifying a remote connection. In a call back, the host disconnects the caller and then dials the authorized telephone number of the remote client to re-establish the connection.

certificate authority: An agency authorized to issue digital certificates.

CHAP: Challenge Handshake Authentication Protocol, a commonly used authentication protocol.

Chinese Wall Model: An informational barrier preventing information flow between different groups within the same organization.

cipher: Synonym for cryptographic algorithm.

cipher text: Encrypted text.

circuit level gateway firewall: A firewall that authenticates each user before granting access.

CISSP Certified Information Systems Security Professional. This is the oldest IT security certification and the one most often asked for in job ads.

Clark-Wilson Model: A subject-object model first published in 1987 that attempts to achieve data security via well-formed transactions and a separation of duties.

code: The source code for a program, or the act of programming, as in “to code an algorithm.”

Common Criteria: A set of standards for computer security. This is a fusion of United States Department of Defense standards with European and Canadian standards.

compulsory tunneling: Tunneling that is mandatory, not optional. This is in reference to VPN technologies. Some protocols allow the user to choose whether to use tunneling.

confidentiality of data: Ensuring that the contents of messages will be kept secret.

cookie: A small file containing data that is put on your machine by a Web site you visit.

cracker: One who breaks into a system in order to do something malicious, illegal, or harmful. Synonymous with black hat hacker.

cracking: Hacking with malicious intent.

crash: A sudden and unintended failure, as in “my computer crashed.”

CTCPEC: Canadian Trusted Computer Product Evaluation Criteria.

Cyber terrorism Terrorism using computers, computer networks, telecommunications, or the Internet.

DDoS: Distributed Denial of Service, a DoS attack launched from multiple sources.

decryption: The process of un-encrypting an encrypted message.

demigod: A hacker with years of experience, a national or international reputation.

DES: Data Encryption Standard, a symmetric cryptography algorithm first published in 1977, no longer considered secure.

digital signature: A file that digitally verifies the identity of the sender.

discretionary access control: An administrator’s option either to control access to a given resource or simply allow unrestricted access.

discretionary security property: The policies that control access based on named users and named objects.

Distributed Reflection Denial of Service: A specialized type of DDoS that uses Internet routers to perform the attack.

DMZ: Demilitarized zone. A firewall type consisting of two firewalls with an intermediate zone between them

DoS: Denial of Service, an attack that prevents legitimate users from accessing a resource.

dropper: A type of Trojan horse that drops another program onto the target machine.

dual-homed host: A type of firewall that literally has two NICs.

dynamic security approach: An approach to security that is proactive rather than reactive.

encapsulated: Wrapped up.

Encrypting File System: Also known as EFS, this is Microsoft’s file system that allows users to encrypt individual files. It was first introduced in Windows 2000.

encryption: The act of encrypting a message, usually by altering a message so that it cannot be read without the key and the decryption algorithm.

ESP: Encapsulated Security Payload, one of the two protocols (ESP and AH) that make up IPSec.

ethical hacker: One who hacks into systems in order to accomplish some goal that he or she feels is ethically valid.

Evaluation Assurance Levels: Numeric levels (1 through 7) that define security assurance as defined in the Common Criteria.

executable profiling: A type of intrusion detection strategy that seeks to profile the behavior of legitimate executables and compare that against the activity of any running program.

firewall: A barrier between the network and the outside world.

Group Policy Objects: Objects in Microsoft Windows that allow you to assign access rights to entire groups of users or computers.

handshaking: The process of verifying a connection request. It involves several packets going from client to server and back.

honey pot: A system or server designed to be very appealing to hackers, when in fact it is a trap to catch them.

Internet Key Exchange (IKE): A method for managing the exchange of encryption keys.

infiltration: The act of gaining access to secure portions of a network. See also intrusion.

Information Technology Security Evaluation: Security guidelines created by the Commission of the European Communities, analogous to the Common Criteria.

information warfare: Attempts to influence political or military outcomes via information manipulation.

integrity of data: Ensuring that data has not been modified or altered and that the data received is identical to the data that was sent.

international data encryption algorithm (IDEA): A block cipher designed as a replacement for DES.

intrusion: The act of gaining access to secure portions of a network. See also infiltration.

intrusion deflection: An IDS strategy that is dependent upon making the system seem less attractive to intruders. It seeks to deflect attention away from the system.

Intrusion-Detection System (IDS): A system for detecting attempted intrusions.

intrusion deterrence: An IDS strategy that attempts to deter intruders by making the system seem formidable, perhaps more formidable than it is.

IP: Internet Protocol, one of the primary protocols used in networking.

IPComp: IP compression protocol. A protocol designed to reduce the size of IP packets sent over the Internet.

IPSec: Internet Protocol Security, a method used to secure VPNs.

IP spoofing: Making packets seem to come from a different IP address than they really originated from.

layered security approach: A security approach that also secures the internal components of the network, not just the perimeter.

Microsoft Point-to-Point Encryption: An encryption technology designed by Microsoft for use with virtual private networks.

mono-alphabet cipher: An encryption cipher using only one substitution alphabet.

MS-CHAP: A Microsoft Extension to CHAP.

multi-alphabet substitutions: Encryption methods that use more than one substitution alphabet.

network host-based: A firewall solution that runs on an existing server.

network intrusion-detection: Detecting any attempted intrusion throughout the network, as opposed to intrusion-detection that only works on a single machine or server.

NIC: Network interface card.

Non-repudiation: The process of verifying a connection so that neither party can later deny, or repudiate the transaction.

null sessions: How Windows represents an anonymous user.

open source: Software where the source code itself is freely available to the public.

operating system hardening: The process of securing an individual operating system. This includes proper configuration and applying patches.

packet sniffer: Software that intercepts packets and copies their contents.

PAP: Password Authentication Protocol, the most basic form of authentication in which a user’s name and password are transmitted over a network and compared to a table of name-password pairs.

passive security approach: An approach to security that awaits some incident to react to, rather than being proactive.

password policies: Policies that determine the parameters of a valid password including minimum length, age, and complexity.

penetration testing: Assessing the security of a system by attempting to break into the system. This is the activity most sneakers engage in.

perimeter security approach: A security approach that is concerned only with securing the perimeter of a network.

PGP: Pretty good privacy, a widely used public key encryption algorithm.

phreaker: Someone who hacks into phone systems.

phreaking: The process of hacking into a phone system.

Ping of Death: A DoS attack that sends a malformed Ping packet hoping to cause the target machine to error out.

playback attacks: This attack involves recording the authentication session of a legitimate user, and then simply playing that back in order to gain access.

port scan: Sequentially pinging ports to see which ones are active.

PPP: Point-to-point protocol, a somewhat older connection protocol.

PPTP: Point-to-point tunneling protocol, an extension to PPP for VPNs.

proxy server: A device that hides your internal network from the outside world.

public key system: An encryption method where the key used to encrypt messages is made public and anyone can use it. A separate, private key is required to decrypt the message.

quantum entanglement: A phenomena from quantum physics where two subatomic particles are related in such a way that a change to the state of one instantaneously causes a change to the state of the other.

Rijndael algorithm: The algorithm used by AES.

RSA: A public key encryption method developed in 1977 by three mathematicians, Ron Rivest, Adi Shamir, and Len Adleman. The name RSA is derived from the first letter of each mathematician’s last name.

RST cookie: A simple method for alleviating the danger of certain types of DoS attacks.

script kiddy: A slang term for an unskilled person who purports to be a skilled hacker.

security template: Preset security settings that can be applied to a system.

service: A program that runs in the background, often performing some system service. See also daemon.

session hacking: The process of taking over the session between a client and a server in order to gain access to the server.

simple-security property: This means that a subject can read an object only if the security level of the subject is higher or equal to the security of the object.

single-machine firewall: A firewall that resides on a single PC or server.

Slammer: A famous Internet worm.

Smurf attack: A specific type of DDoS attack.

sneaker: Someone who is attempting to compromise a system in order to assess its vulnerability.

sniffer: A program that captures data as it travels across a network. Also called a packet sniffer.

Snort: A widely used, open source, Intrusion-Detection System.

social engineering: The use of persuasion on human users in order to gain information required to access a system.

SPAP: Shiva Password Authentication Protocol. SPAP is a proprietary version of PAP.

spoofing: Pretending to be something else, as when a packet might spoof another return IP address (as in the Smurf attack) or when a Web site is spoofing a well-known e-commerce site.

spyware: Software that monitors computer use.

stack tweaking: A complex method for protecting a system against DoS attacks. This method involves reconfiguring the operating system to handle connections differently.

Stateful packet inspection: A type of firewall that not only examines packets but also knows the context within which the packet was sent.

State Machine Model: The state machine model looks at a system’s transition from one state to another. It starts by capturing the current state of a system. Later the system’s state at that point in time is compared to the previous state of the system to determine whether there has been a security violation in the interim.

subject: In computer security models the subject is any entity that is attempting to access a system or data.

symmetric key system: An encryption method where the same key is used to encrypt and decrypt the message.

SYN cookie: A method for ameliorating the dangers of SYN floods.

SYN flood: Sending a stream of SYN packets (requests for connection) and then never responding, thus leaving the connection half open.

target of evaluation: Also TOE, an independent evaluation of a product to show that the product does, in fact, meet the claims in a particular security target.

threshold monitoring: Monitoring a network or system looking for any activity that exceeds some predefined limit or threshold.

Tribal Flood Network: A tool used to execute DDoS attacks.

Trin00: A tool used to execute DDoS attacks.

Trojan horse: Software that appears to have a valid and benign purpose but really has another, nefarious purpose.

trusted computing base: The trusted computing base (TCB) is everything in a computing system that provides a secure environment.

tunnel mode: One of two IPSec modes. The tunnel mode encrypts both the header and the data and is thus more secure than the transport mode but can work a bit slower.

virus hoax: A notification of a virus that is not true. Often the notification attempts to convince the user to delete some critical file, claiming that file is a virus.

voluntary tunneling: Tunneling that allows the user to either use tunneling or to simply use a standard (i.e., nontunneled) connection.

war-driving: Driving and scanning for wireless networks that can be compromised.

well-formed transactions: Transaction in which users cannot manipulate or change the data without careful restrictions.

white hat hacker: A hacker who does not break the law, often synonymous with ethical hacker.

worm: A virus that can spread without human intervention.