P

Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Previous Chapter

Next Chapter

P

packet filtering: A firewall technology that accepts or rejects packets based on their content.

packet switching: The process of breaking messages into packets at the sending router for easier transmission over a WAN.

pad: A number of characters often added to data before an operation such as hashing takes place. Most often unique values, known as one-time pads, are added to make the resulting hash unique.

PAP: See Password Authentication Protocol (PAP).

partitioning: The process of breaking a network into smaller components that can be individually protected.

passive detection: A type of intruder detection that logs all network events to a file for an administrator to view later.

passive response: A nonactive response, such as logging. Passive response is the most common type of response to many intrusions. In general, passive responses are the easiest to develop and implement.

Password Authentication Protocol (PAP): One of the simplest forms of authentication. Authentication is accomplished by sending the username and password to the server and having them verified. Passwords are sent as clear text and, therefore, can be easily seen if intercepted.

password guessing: Attempting to enter a password by guessing its value.

password history: A list of passwords that have already been used.

PAT: See Port Address Translation (PAT).

patch: A fix for a known software problem.

penetration: The act of gaining access.

perimeter security: Security set up on the outside of the network or server to protect it.

PGP: See Pretty Good Privacy (PGP).

phage virus: A virus that modifies and alters other programs and databases.

phishing: A form of social engineering in which you simply ask someone for a piece of information that you are missing by making it look as if it is a legitimate request. Commonly sent via e-mail.

phreaker: Someone who abuses phone systems, as opposed to data systems.

physical access control: Control access measures used to restrict physical access to the server(s).

physical barrier: An object, such as a locked door, used to restrict physical access to network components.

Physical layer: The first layer of the OSI model; controls the functional interface. See also Open Systems Interconnection (OSI) model.

physical port: On a computer, an interface where you can connect a device.

physical security: Security that guards the physical aspects of the network.

Ping: A TCP/IP utility used to test whether another host is reachable. An Internet Control Message Protocol (ICMP) request is sent to the host, which responds with a reply if it's reachable. The request times out if the host isn't reachable.

ping of death: A large Internet Control Message Protocol (ICMP) packet sent to overflow the remote host's buffer. A ping of death usually causes the remote host to reboot or hang.

Plain Old Telephone Service (POTS): Standard telephone service, as opposed to other connection technologies like Digital Subscriber Line (DSL).

point-to-point: Network communication in which two devices have exclusive access to a network medium. For example, a printer connected to only one workstation is using a point-to-point connection.

Point-to-Point Protocol (PPP): A full-duplex line protocol that supersedes Serial Line Internet Protocol (SLIP). It's part of the standard TCP/IP suite and is often used in dial-up connections.

Point-to-Point Tunneling Protocol (PPTP): An extension to Point-to-Point Protocol (PPP) that is used in virtual private networks (VPNs). An alternative to PPTP is L2TP.

policies: Rules or standards governing usage.

polymorphic: An attribute of some viruses that allows them to mutate and appear differently each time they crop up. The mutations make it harder for virus scanners to detect (and react) to the viruses.

POP: See Post Office Protocol (POP).

POP3: See Post Office Protocol Version 3 (POP3).

port: Some kind of opening that allows network data to pass through.

Port Address Translation (PAT): A means of translating between ports on a public and private network. Similar to Network Address Translation (NAT), which translates addresses between public and private.

port scanner: The item (physical or software) that scans a server for open ports that can be taken advantage of. Port scanning is the process of sending messages to ports to see which ones are available and which ones aren't.

postmortem: Anything that occurs "after the fact," such as an audit or review.

Post Office Protocol (POP): An e-mail access program that can be used to retrieve e-mail from an e-mail server.

Post Office Protocol Version 3 (POP3): The protocol used to download e-mail from an SMTP e-mail server to a network client. See also Simple Mail Transfer Protocol (SMTP).

POTS: See Plain Old Telephone Service (POTS).

power conditioner: A device that "conditions" the electrical supply to take out spikes and surges.

power system: A device that provides electrical power.

PPP: See Point-to-Point Protocol (PPP).

PPTP: See Point-to-Point Tunneling Protocol (PPTP).

Presentation layer: The sixth layer of the OSI model; responsible for formatting data exchange, such as graphic commands, and converting character sets. This layer is also responsible for data compression, data encryption, and data stream redirection. See also Open Systems Interconnection (OSI) model.

preservation of evidence: The process of controlling access to evidence within chain-of-custody measures, often by placing it in a controlled-access area with a single custodian responsible for all access.

Pretty Good Privacy (PGP): An implementation of RSA encryption. See also RSA.

privacy: A state of security in which information isn't seen by unauthorized parties without the express permission of the party involved.

Private Branch Exchange (PBX): A system that allows users to connect voice, data, pagers, networks, and almost any other application into a single telecommunications system. A PBX system allows an organization to be its own phone company.

private information: Information that isn't for public knowledge.

private key: An asymmetric encryption technology in which both the sender and the receiver have different keys. A public key is used to encrypt messages and the private key is used to decrypt them. See also public key.

private network: The part of a network that lies behind a firewall and isn't "seen" on the Internet. See also firewall.

privilege audit: An audit performed to verify that no user is accessing information, or able to access information, beyond the security level at which they should be operating.

privilege escalation: The result when a user obtains access to a resource they wouldn't normally be able to access. Privilege escalation can be done inadvertently, by running a program with Set User ID (SUID) or Set Group ID (SGID) permissions or by temporarily becoming another user (via su or sudo in Unix/Linux or RunAs in Windows 2000/2003).

process list: The list of processes currently running on a system. In Windows NT/2000, it can be seen with Task Manager; the ps command shows it in Unix/Linux. Viewing a process list is one of the first steps to take to look for rogue processes running on a server.

promiscuous mode: A mode wherein a network interface card (NIC) intercepts all traffic crossing the network wire and not just the traffic intended for it.

protocol analyzer: A software and hardware troubleshooting tool that is used to decode protocol information to try to determine the source of a network problem and to establish baselines.

protocols: Standards or rules.

proxy: A type of firewall that prevents direct communication between a client and a host by acting as an intermediary. See also firewall.

proxy cache server: An implementation of a web proxy. The server receives an HTTP request from a web browser and makes the request on behalf of the sending workstation. When the response comes, the proxy cache server caches a copy of the response locally. The next time someone makes a request for the same web page or Internet information, the proxy cache server can fulfill the request out of the cache instead of having to retrieve the resource from the Web.

proxy firewall: A proxy server that also acts as a firewall, blocking network access from external networks.

proxy server: A type of server that makes a single Internet connection and services requests on behalf of many users.

public information: Information that is publicly made available to all.

public key: A technology that uses two keys—a public key and a private key—to facilitate communication. The public key is used to encrypt a message to a receiver. See also private key.

Public Key Cryptography Standards (PKCS): A set of voluntary standards created by RSA security and industry security leaders.

Public Key Infrastructure (PKI): A two-key encryption system wherein messages are encrypted with a private key and decrypted with a public key.

Public Key Infrastructure X.509 (PKIX): The Internet Engineering Task Force (IETF) working group developing standards and models for the Public Key Infrastructure (PKI) environment.

public network: The part of a network outside a firewall that is exposed to the public. See also firewall.

public key system: An encryption system employing a key that is known to users beyond the recipient.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for P

Create new playlist

Sign In

Sign Up

P

Table of Contents for
P