Glossary

A
AAA - See Authentication, Authorization and Accounting
Access Control List - A sequential list of permit and deny conditions. The list defines the connections permitted to pass through a device, usually a router. ACL's act as a basic method of limiting access to the network.
ACL - See Access Control List
Active Defense - A category of Internet security products, introduced by Check Point, that combines attacks detection and response, real-time information and on-line updates in a centralized solution for defeating network attacks.
Advanced Encryption Standard - a block cipher adopted as an encryption standard by the U.S. government. It is expected to be used worldwide and analysed extensively, as was the case with its predecessor, the Data Encryption Standard (DES). As of 2006, AES is one of the most popular algorithms used in symmetric key cryptography.
Adware - any software package which automatically plays, displays, or downloads advertising material to a computer after the software is installed on it or while the application is being used.
AES - See Advanced Encryption Standard
AH - See Authentication Header
Anti-Spam - See Spam Filtering
Anti-Virus - software that identifies, thwarts and eliminates computer viruses and other malicious software
Authentication ¹- A mechanism to verify the identity of a user. An authentication scheme for network security grants access (or Authorization) privileges to specific users through such methods as certificates, passwords or tokens.
Authentication ²- The act of ensuring that communication between two parties has not been tampered with. An IPSec VPN includes the Authentication Header to perform this function.
Authentication, Authorization and Accounting - The process of providing and tracking access to network resources. Authentication refers to the confirmation that a user who is requesting services is a valid user of the network services requested. Authorization refers to the granting of specific types of service (including "no service") to a user, based on their authentication, what services they are requesting, and the current system state. Accounting refers to the tracking of the consumption of network resources by users.
Authentication Header - A component of the IPSec protocol, the Authentication Header is used to verify that the contents of a packet have not been changed and to validate the identity of the sender. An Authentication Header by itself does not provide encryption of packets.
AV - See Anti-Virus

B
Back Door - A method of circumventing an enterprise security policy through an unknown vulnerability, allowing an illegal user access to the network. An example of a backdoor would be an insecure modem connection to a computer on the network, that circumvents all security measures.
Back Orifice - Although Back Orifice has legitimate purposes, such as remote administration, there are other factors that make it suited for less benign business. The server can hide itself from cursory looks by users of the system. As the server can be installed without user interaction, it can be distributed as payload of a Trojan horse.
Biometrics - The use of a unique physical characteristic, such as a fingerprint, voice recording, or retinal scan, to authenticate a user. Biometrics is considered more secure than other methods, such as passwords.
Block Cipher - An encryption method that places data in fixed-size blocks before encryption. For example, a 32-byte (256 bit) message that was subjected to a 64-bit block cipher, such as DES, would be encrypted in four distinct blocks.
BO - See Back Orifice
Brute Force Attack - An attempt to illicitly recover a cryptographic key by trying all reasonable possibilities. The expected number of trials before the correct key is found is equal to half the size of the key space. For example, if there are 2⁶⁴ possible keys, a brute force attack would, on average, be expected to find a key after 2⁶³ trials. If keys are generated in a weak way, for example, derived from a guessable-password, it is possible to exhaustively search over a much smaller set, for example, keys generated from passwords in a dictionary. The amount of time required to break a 128 bit key is daunting. Each of the 2¹²⁸ possibilities must be checked. This is an enormous number - 340,282,366,920,938,463,463,374,607,431,768,211,456 in decimal. If a device could be built that could check a billion billion keys (10¹⁸) per second, 10,790,283,070,806 years would still be required to exhaust the key space.
Buffer Overflow - An attack where a data buffer is sent more data than the buffer was designed to accept. In its simplest form, this attack can slow or crash the target system. In more advanced forms, the attack can cause execution of malicious commands on the target computer. Many variations of this attack exist.

C
CA - See Certificate Authority
Certificate - The digital equivalent of credentials, a certificate contains the sender's public key and verifies his or her identity. Certificates provide a safe method of distributing public keys because they can be validated and signed by a trusted certificate authority. In a VPN, certificates are used during the key exchange process to ensure that keys are being exchanged between two known parties.
Certificate Authority - A trusted organization that acts as an issuer and repository for digital certificates. A certificate authority accepts a user's public key along with some proof of identity. It then issues a certificate for that user. Others can then verify the authenticity of that user's public key with the certificate authority.
Certificate Revocation - The act of removing the validity of a previously issued certificate. A revoked certificate's reference number is stored in the Certificate Revocation List of the Certificate Authority that issued the certificate. VPNs use certificate revocation lists to check the validity of a previously issued certificate - ensuring the following conditions:

• A certificate has not been compromised in the past
• A person or organization still has rights to participate in a VPN

Certificate Revocation List - A trusted organization that acts as an issuer and repository for digital certificates. A certificate authority accepts a user's public key along with some proof of identity. It then issues a certificate for that user. Others can then verify the authenticity of that user's public key with the certificate authority.
Content Filtering - Software designed and optimized for controlling what internet content is permitted for a user to view

D
Data Encryption Standard - a cipher which has subsequently enjoyed widespread use internationally. DES is now considered to be insecure for many applications. This is chiefly due to the 56-bit key size being too small; DES keys have been broken in less than 24 hours.
DES - See Data Encryption Standard

E

F
Firewall - software that controls and checks all data passing through it
Firewall Appliance - See Unified Threat Management

G
Gimmes - See Trojan Horse ¹

H
Hacker - someone who creates and/or modifies computer software and/or computer hardware. In computer security the term describes those who seek to strengthen such systems, but also those who seek access despite them

I
IDS - See Intrusion Detection System
Internet - the worldwide, publicly accessible network of interconnected computer networks that transmit data by packet switching using the standard Internet Protocol (IP). It is a "network of networks" that consists of millions of smaller domestic, academic, business, and government networks, which together carry various information and services, such as electronic mail, online chat, file transfer, and the interlinked Web pages and other documents of the World Wide Web.
Internet Protocol - a data-oriented protocol used for communicating data across a packet-switched internetwork
Internet Protocol Security - protocols for securing Internet Protocol (IP) communications by encrypting and/or authenticating each IP packet in a data stream
Intrusion Detection System - a software system that detects unwanted manipulations to systems
Intrusion Prevention System - a software system that prevents unwanted manipulations to systems
IP - See Intrusion Protocol
IPS - See Intrusion Prevention System
IPSec - See Internet Protocol Security

J

K

L

M
Malicious Software - See Malware
Malware - Software designed to infiltrate or damage a computer system without the owner's informed consent. The expression is a general term used to mean a variety of forms of hostile, intrusive, or annoying software or program code. Software is considered malware based on the perceived intent of the creator rather than any particular features.

N

0

P
Phishing - An email appearing to come from a legitimate business - a bank, or credit card company - requesting "verification" of information and warning of some dire consequence if it is not done. The letter usually contains a link to a fradulent web page that looks legitimate - with company logos and content - and has a form requesting everything from a home address to an bank card's PIN
Phone Phishing - A technique which uses a rogue Interactive Voice Response (IVR) system to recreate a legitimate sounding copy of a bank or other institution's IVR system. The victim is prompted (typically via a phishing email) to call in to the "bank" and verify information. A typical system will continually reject logins ensuring the victim enters PINs or passwords multiple times. More advanced systems will even transfer the victim to the attacker posing as a customer service agent for further questioning.
Power Monitoring Attack - Attacks which make use of varying power consumption by the hardware during computation.

Q

R
Rijndael - See Advanced Encryption Standard
Road Apple - A real-world variation of a Trojan Horse that uses physical media and relies on the curiosity of the victim. The attacker leaves a malware infected floppy disc, CD ROM or USB key in a location sure to be found (outside target company offices, hotel room, lift, pavement etc), gives it a legitimate looking and curiosity provoking label - and simply waits. For example, get corporate logo off target's web site, make a disk label using logo, write "Salary Summary Q1 2007" on the front and place it in target company car park.

S
Side Channel Attack - any attack based on information gained from the physical implementation of a cryptosystem, rather than theoretical weaknesses in the algorithms (compare cryptanalysis). For example, timing information, power consumption, electromagnetic leaks or even sound can provide an extra source of information which can be exploited to break the system. Many side-channel attacks require considerable technical knowledge of the internal operation of the system on which the cryptography is implemented.
Social Engineering - A collection of techniques used to manipulate people into performing actions or divulging confidential information. The term has been popularized in recent years by computer criminals and some point out that it's much easier to trick someone into giving you his or her password for a system than to spend the effort to hack in.
Spam - Unsolicited emails
Spambot ¹- A program designed to collect e-mail addresses from the Internet in order to build mailing lists for sending unsolicited e-mail, also known as Spam. A spambot is a type of web crawler, that can gather e-mail addresses from Web sites, newsgroups, special-interest group (SIG) postings, and chat-room conversations. Because e-mail addresses have a distinctive format, spambots are easy to write.
Spambot ²- A term sometimes used in reference to a program designed to prevent spam from reaching the subscribers of an ISP.
Spam Filtering - software designed and optimized for checking email and highlighting possible spam messages
Spam over Internet Telephony - An as-of-yet nonexistent problem which is anticipated to become an issue during 2007. Voice over IP systems are susceptible to abuse by malicious parties who initiate unsolicited and unwanted communications. Telemarketers, prank callers, and other telephone system abusers are likely to target VoIP systems increasingly. You will notice from this website that much like email addresses can be protected from spambots, Metadigm has taken steps to protect its telephone numbers from "SPITbots".
Spyware - Computer software that collects personal information about users without their informed consent. Spyware may collect different types of information. Some variants attempt to track the websites a user visits and then send this information to an advertising agency. More malicious variants attempt to intercept passwords or credit card numbers as a user enters them into a web form or other applications.
SPIT - See Spam over Internet Telephony
SPITbot - A term used to define a program designed to collect VoIP addresses and numbers from the Internet in order to build mailing lists for the making of unsolicited VoIP calls, also known as SPIT. Some SPITbots may also be used to make unsolicited VoIP calls, much in the same way as autodiallers do now, but with the ability to know your availability before even attempting to call or make contact with you.
Secure Socket Layer - a protocol which provide secure communications on the Internet for such things as web browsing, email, Internet faxing, and other data transfers
SSL - See Secure Socket Layer

T
TEMPEST - Attacks based on leaked electromagnetic radiation which can directly provide plaintexts and other information.
Timing Attack - A timing attack watches data movement into and out of the CPU, or memory, on the hardware running the cryptosystem or algorithm. Simply by observing how long it takes to transfer key information, it is sometimes possible to determine how long the key is in this instance (or to rule out certain lengths which can also be cryptanalytically useful).
Trojan - a malicious program contained within a Trojan Horse
Trojan Horse ¹ - a program that contains or installs a malicious program. Trojan horses may appear to be useful or interesting programs (or at the very least harmless) to an unsuspecting user, but are actually harmful when executed. A simple example of a trojan horse would be a program named "waterfalls.scr" claiming to be a free waterfall screensaver which, when run, instead would allow access to the user's computer remotely.
Trojan Horse ² - a security loophole that allows any piece of User Code which makes the Kernel Code access anything it would not have been able to access itself in the first place (i.e making the OS do something it wasn't supposed to be doing).

U
Uniform Resource Identifier - a compact string of characters used to identify or name a resource over a network
Uniform Resource Locator - a URI that in addition to identifying a resource, provides a means of locating the resource by describing its primary access mechanism (e.g. its network 'location')
Unified Threat Management - a product that contains a firewall as well as performing content filtering, spam filtering, intrusion detection and anti-virus duties
URI - See Uniform Resource Identifier
URL - See Uniform Resource Locator
UTM - See Unified Threat Management

V
VoIP spam - See Spam over Internet Telephony
VPN - See Virtual Private Network
Virtual Private Network - software that allows you to connect two or more private networks over a publicly accessed network (e.g. the internet)
Virus - a self-replicating computer program written to alter the way a computer operates, without the permission or knowledge of the user

W
WHOIS - a TCP-based query/response protocol which is widely used for querying a database in order to determine the owner of a domain name, an IP address, or an autonomous system number on the Internet
World Wide Web - a collection of interconnected documents and other resources, linked by hyperlinks and URLs. The World Wide Web is accessible via the Internet
WWW - See World Wide Web

X

Y

Z