Table 221 Commonly Used Computer Security Terminology

Term

Description

Application A proxy service that acts as a gateway for application-level protocols, such as gateway FTP, Telnet, and HTTP.

Authentication The process of confirming that a user is indeed who he or she claims to be.

The typical authentication method is a challenge-response method, wherein the user enters a user name and secret password to confirm his or her identity.

Backdoor A security weakness a cracker places on a host in order to bypass security features.

Bastion host A highly secured computer that serves as an organization's main point of presence on the Internet. A bastion host typically resides on the perimeter network, but a dual-homed host (with one network interface connected to the Internet and the other to the internal network) is also a bastion host.

Buffer overflow A security flaw in a program that enables a cracker to send an excessive amount of data to that program and to overwrite parts of the running program with code in the data being sent. The result is that the cracker can execute arbitrary code on the system and possibly gain access to the system as a privileged user.

Certificate An electronic document that identifies an entity (such as an individual, an organization, or a computer) and associates a public key with that identity. A certificate contains the certificate holder's name, a serial number, expiration dates, a copy of the certificate holder's public key, and the digital signature of the Certificate Authority so that a recipient can verify that the certificate is real.

Certificate An organization that validates identities and issues certificates.

Authority (CA)

Confidentiality Of data, a state of being accessible by no one but you (usually achieved by encryption).

Cracker A person who breaks into (or attempts to break into) a host, often with malicious intent.

Decryption The process of transforming encrypted information into its original, intelligible form.

Denial of Service An attack that uses so many of the resources on your computer and network (DoS) that legitimate users cannot access and use the system.

Digital signature A one-way MD5 or SHA-1 hash of a message encrypted with the private key signature of the message originator, used to verify the integrity of a message and ensure nonrepudiation.

Distributed A variant of the denial-of-service attack that uses a coordinated attack from a

Denial of Service distributed system of computers rather than a single source. It often makes (DDoS) use of worms to spread to multiple computers that can then attack the target.

DMZ Another name for the perimeter network. (DMZ stands for demilitarized zone, the buffer zone separating North and South Korea.)

Dual-homed host A computer with two network interfaces (think of each network as a home).

Table 22-1 (continued)

Term

Description

Encryption The process of transforming information so that it is unintelligible to anyone but the intended recipient. The transformation is accomplished by a mathematical operation between a key and the information.

Exploit tools Publicly available and sophisticated tools that intruders of various skill levels can use to determine vulnerabilities and gain entry into targeted systems.

Firewall A controlled-access gateway between an organization's internal network and the Internet. A dual-homed host can be configured as a firewall.

Hash A mathematical function converts a message into a fixed-size numeric value known as a message digest or hash. The MD5 algorithm produces a 128-bit message digest, whereas the Secure Hash Algorithm-1 (SHA-1) generates a 160-bit message digest. The hash of a message is encrypted with the private key of the sender to produce the digital signature.

Host A computer on any network (so called because it offers many services).

Integrity Of received data, a state of being the same data that was sent (unaltered in transit).

IPSec (IP Security A security protocol for the network layer that is designed to provide

Protocol) cryptographic security services for IP packets. IPSec provides encryption-

based authentication, integrity, access control, and confidentiality. (Visit

www.ietf.org/html.charters/ipsec-charter.html for the list of RFCs related to IPSec.)

IP spoofing An attack in which a cracker figures out the IP address of a trusted host and then sends packets that appear to come from the trusted host. The attacker can only send packets, but cannot see any responses. However, the attacker can predict the sequence of packets and essentially send commands that will set up a back door for future break-ins.

Logic bombs A form of sabotage in which a programmer inserts code that causes the program to perform a destructive action when some triggering event occurs, such as terminating the programmer's employment.

Nonrepudiation A security feature that prevents the sender of data from being able to deny ever having sent the data.

Packet A collection of bytes that serve as the basic unit of communication on a network. On TCP/IP networks, the packet may be referred to as an IP packet or a TCP/IP packet.

Packet filtering Selective blocking of packets based on the type of packet (as specified by the source and destination IP address or port).

Perimeter A network between the Internet and the protected internal network. The network bastion host resides on the perimeter network (also known as the DMZ).

Port scanning A method for discovering which ports are open (in other words, which

Internet services are enabled) on a system. Performed by sending connection requests to the ports one by one. This is usually a precursor to further attacks.

Term

Description

Proxy server

Public-key cryptography

Public Key

Infrastructure

Screening router Setuid program

Sniffer

Spyware

Symmetric-key encryption

Threat

Trojan horse

Virus

Vulnerability

War-dialing

War-driving

Worm

A server on the bastion host that enables internal clients to access external servers (and enables external clients to access servers inside the protected network). There are proxy servers for various Internet services, such as FTP and HTTP.

An encryption method that uses a pair of keys, a private key and a public key, to encrypt and decrypt the information. Anything encrypted with the public key can be decrypted with the corresponding private key, and vice versa.

A set of standards and services that enables the use of public-key cryptography and certificates in a networked environment. PKI facilitates tasks, such as issuing, renewing, and revoking certificates, and generating and distributing public-private key pairs.

An Internet router that filters packets.

A program that runs with the permissions of the owner regardless of who runs the program. For example, if a setuid program is owned by root, that program has root privileges regardless of who has started the program. Crackers often exploit vulnerabilities in setuid programs to gain privileged access to a system.

Synonymous with packet sniffer —a program that intercepts routed data and examines each packet in search of specified information, such as passwords transmitted in clear text.

Any software that covertly gathers user information through the user's Internet connection and usually transmits that information in the background to someone else. Spyware can also gather information about email addresses and even passwords and credit card numbers. Spyware is similar to a Trojan horse in that users are tricked into installing spyware when they install something else.

An encryption method wherein the same key is used to encrypt and decrypt the information.

An event or activity, deliberate or unintentional, with the potential for causing harm to a system or network.

A program that masquerades as a benign program but, in fact is a back door used for attacking a system. Attackers often install a collection of Trojan horse programs that enable the attacker to freely access the system with root privileges, yet hide that fact from the system administrator. Such collections of Trojan horse programs are called rootkits.

A self-replicating program that spreads from one computer to another by attaching itself to other programs.

A flaw or weakness that may cause harm to a system or network.

Simple programs that dial consecutive phone numbers looking for modems.

A method of gaining entry into wireless computer networks using a laptop, antennas, and a wireless network card that involves driving around various locations to gain unauthorized access.

A self-replicating program that copies itself from one computer to another over a network.

Was this article helpful?

0 0
Make Money Writing

Make Money Writing

This Report Will Show You How To Make Money By Providing Writing Services To Other Internet Marketers. Learn how to make money by writing the right way. Grab your copy of this report now and learn. Why writing is a great way to earn money. How to compete with cheap writers, even if you charge a lot more money.

Get My Free Ebook


Post a comment