Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Glossary of Key Terms

802.1x: Port or portal authentication. A mechanism commonly used by network devices, such as firewalls, routers, switches, and wireless access points, to perform authentication of users before allowing communication to continue across or through the device. The authentication can take place locally on the device or go to an authentications service, such as a credit card payment system, PKI, or directory service.

A

AAA services: Combination of authentication, authorization, and accounting on a dedicated system. Examples include RADIUS, TACACS, and directory services such as LDAP and Active Directory.
Access control: The process or mechanism of granting or denying use of a resource; typically applied to users or generic network traffic.
Access control list (ACL): Mechanism defining traffic or an event to apply an authorization control of allow or deny against. Often used interchangeably with the terms rule and filter in relation to firewalls. An ACL focuses on controlling a specific user or client's access to a protocol or port.
Active threats: A form of threat that takes some type of initiative to seek out a target to compromise. These can be hackers, intruders, or automated worms. In any case, an active threat seeks out vulnerable targets. If you don't have reasonable security measures and the active threat discovers your system, you might be at risk for a compromise.
ADSL: Asymmetric Digital Subscriber Line (ADSL); one form of the Digital Subscriber Line technology, a data communications technology that enables faster data transmission over copper telephone lines than a conventional voice band modem can provide.
Adware: Unwanted software that displays advertisements. Often linked with spyware.
Agents: Malicious software programs distributed by hackers to take over control of victims' computers. Also known as bots or zombies. Agents are commonly used to construct botnets.
Alert: A notification from a firewall that a specific event or packet was detected. Alerts notify administrators of events that may need real-time human response or attention.
Algorithm: A set of rules and procedures, usually mathematical in nature. Algorithms can define how the encryption and decryption processes operate. Often very complex, many algorithms are publicly known; anyone can investigate and analyze the strengths and weaknesses of an algorithm.
Allow by default: A security stance that allows all communications except those prohibited by specific deny exceptions. Also known as default allow.
Alternate data stream (ADS): A feature added to the NTFS file system to support files from POSIX, OS/2, and Macintosh. ADS supports multiple resource forks for file objects. Hackers use ADS to hide files.
Annualized loss expectancy (ALE): The calculation of the total loss potential across a year for a given asset and a specific threat. ALE calculations are part of risk assessment. ALE = SLE X ARO.
Annualized rate of occurrence (ARO): A probability prediction based on statistics and historical occurrences on the likelihood of how many times in the next year is a threat going to cause harm. ARO is used in the ALE calculation.
Anomaly-based detection: A form of Intrusion Detection System/Intrusion Prevention System (IDS/IPS) detection based on a defined normal, often defined using rules similar to firewall rules. All traffic or events that fail to match defined normal are considered anomalies and potentially malicious.
Anonymity: The ability for a network or system user to remain unknown. A number of tools and techniques provide anonymity when connected to a network, although the underlying network protocols make true anonymity very difficult.
Anti-forensics: Refers to a series of tools and techniques used to prevent forensic examination from identifying an attack or attacker.
AppleTalk: A legacy protocol developed by Apple Inc. for use in networks hosting mainly Macintosh computers. Mostly replaced by TCP/IP.
Appliance: A hardware product that is dedicated to a single primary function. The operating system or firmware of the hardware device is hardened and its use is limited to directly and only supporting the intended function. Firewalls, routers, and switches are typical appliances.
Appliance firewall: A hardened hardware firewall.
Application layer (Layer 7): The top or seventh layer of the OSI model. This layer is responsible for enabling communications with host software, including the operating system. The application layer is the interface between host software and the network protocol stack. The sub-protocols of this layer support specific applications or types of data.
Application proxy/firewall/gateway: A type of firewall that filters on a specific application's content and session information.
Arbitrary code execution: An exploit that allows a hacker to run any command line function on a compromised system. Buffer overflow attacks and SQL injection attacks can often allow arbitrary code execution.
ARP spoofing: The falsification of ARP replies to trick the requestor into sending frames to a system other than its intended destination.
Asset: Anything you use in a business process to accomplish a business task is considered an asset.
Asset value (AV): The cumulative value of an asset based on both tangible and intangible values. AV supports the SLE calculation.
Asymmetric cryptography: A means of encoding and decoding information using related but different keys for each process. A key used to encode cannot decode, and vice versa. Cryptography based on algorithms that use either key pairs or some other special mathematical mechanism. Asymmetric cryptography that uses key pairs is commonly known as public-key cryptography. Different keys serve different purposes. Different keys are used by different members of the communication session. Some systems use something different from keys altogether.
Attack surface: Portions of a software system that unauthenticated users can run.
Auditing: Act of conducting an audit. Auditing can be the action of a system that is recording user activity and system events into an audit log. Auditing can also be the action of an auditor who checks for compliance with security policies and other regulations.
Auditor: Either an outside consultant or an internal member of the Information Technology staff. The auditor performs security audits, confirms that auditing is sufficient, and investigates audit trails produced by system auditing. In the case of regulatory compliance, auditors should be external and independent of the organization under audit.
Authentication: The process of confirming the identity of a user. Also known as logon.
Authenticity: The security service of the combination of authentication and access control (authorization) that provides either the identity of the sender of a message or controls who is the receiver of a message.
Authorization: Defining what users are allowed and not allowed to do. Also known as access control.
Availability: When a system is usable for its intended purpose. The security service that supports access to resources in a timely manner. If availability becomes compromised, a denial of service is taking place.
Avalanche effect: A common feature of hash algorithms. This effect ensures that small changes in the input data produce large changes in the outputted hash value. A single binary digit change in a file should produce a clearly recognizable difference in the resultant hash value.
Awareness: Basic security training that focuses on common or basic security elements that all employees must know and abide by. Less rigorous than training or education.

B

Backdoor: Unauthorized access to a system. A backdoor is any access method or pathway that circumvents access or authentication mechanisms.
Backup: The process of making copies of data onto other storage media. The purpose of a backup is to protect against data loss by having additional onsite or offsite copies of data that can be restored when necessary.
Banner: A message sent by a service in response to a valid or invalid query. A banner can confirm communication is functioning properly or announce an error. Some banners disclose the product name and version number of the service.
Banner grabbing: The act of capturing or extracting banners from services. Hackers often perform banner grabbing after port scanning to learn what service is active on a port.
Bastion host: A firewall positioned at the initial entry point where a network interfaces with the Internet. It serves as the first line of defense for the network. Also known as a sacrificial host.
Behavioral-based detection: A form of IDS/IPS detection based on a recording of real-world traffic as a baseline for normal. All traffic or events that fail to match the normal baselines are considered abnormal and potentially malicious.
Black list: A type of filtering in which all activities or entities are permitted except for those on the black list. Also known as a block list.
Blog: A contraction of the words "web" and "log," it is a form of Web site where the site owner posts messages, images, and videos for the public to view and potentially comment on. Blogs are commonly a platform for discussing issues, causes, or interests.
Border sentry: A description often applied to firewalls positioned on network zone transitions or gateway locations.
Botnet army: A network of zombie/bot/agent-compromised systems controlled by a hacker. The network consists of the bots, agents, or zombies that intercommunicate over the Internet. Another term for zombie.
Botnets: A network of zombie/bot/agent-compromised systems controlled by a hacker. The network consists of the bots, agents, or zombies that intercommunicate over the Internet.
Bots: Malicious software programs distributed by hackers to take over control of victims' computers. Also known as agents or zombies. Bots are commonly used to construct botnets.
Bottleneck: Any restriction on the performance of a system. Can be caused by a slower component or a pathway with insufficient throughput. A bottleneck causes other components of system to work slower than their optimum rate.
Breach: Any compromise of security. Any violation of a restriction or rule whether caused by an authorized user or an unauthorized outsider.
Bridge: A network device that forwards traffic between networks based on the MAC address of the Ethernet frame. A bridge forwards only packets whose destination address is on the opposing network.
Brute force attack: A form of password or encryption key cracking attack that tries all possible valid combinations from a defined set of possibilities (e.g., a set of characters or hex values). Brute force attacks will eventually generate a valid solution given enough time, assuming the hacker uses the correct set of possibilities.
Buffer overflow: A condition in which a memory buffer exceeds its capacity and extends its contents into adjacent memory. Often used as an attack against poor programming techniques or poor software quality control. Hackers can inject more data into a memory buffer than it can hold, which may result in the additional data overflowing into the next area of memory. If the overflow extends to the next memory segment designated for code execution, a skilled attacker can insert arbitrary code that will execute with the same privileges as the current program. Improperly formatted overflow data may also result in a system crash.
Business continuity plan: A plan to maintain the mission-critical functions of the organization in the event of a problem that threatens to take business processes offline. The goal of business continuity planning is to prevent the interruption of business tasks, even with a damaged environment and reduced resources.
Business task: Any activity necessary to meet an organization's long-term goals. Business tasks are assigned to employees and other authorized personnel via their job descriptions.
Bus topology: A network design based on a single backbone cable to which all host segments connect. Ethernet is logically a bus topology-based technology, although it can operate in numerous other physical topologies.

C

Caching: Specifically, caching by a proxy server is the retention of Internet content. Various internal clients may access this content and provide it to subsequent requesters without the need to retrieve the same content from the Internet repeatedly.
Centralized logging system: A technique of storing or copying log events to a centralized logging server. This mechanism is used to create a redundant copy of all log files in a single warehousing location. A common example of this is syslog.
Certificate Authority (CA): A trusted third-party entity that issues digital certificates to verify and validate identities of people, organizations, systems, and networks digitally.
Channel: A communication pathway, circuit, or frequency dedicated or reserved for a specific transmission.
Chip creep: The slow movement of a chip out of its socket or solder points because of expansion and contraction caused by extreme temperature fluctuations.
Choke point: Similar to a bottleneck, but deliberately created within a network infrastructure. A choke point is a controlled pathway through which all traffic must cross. At this point, filtering to block unwanted communication or monitoring can occur.
Ciphertext: The seemingly random and unusable output from a cryptographic function applied to original data. Ciphertext is the result of encryption. Decryption converts ciphertext back into plain text.
Circuit: A logical connection between a client and a resource server. May exist at Layer 3, 4, or 5 of the OSI model. Also known as a session or a state.
Circuit proxy/firewall: A filtering device that allows or denies the initial creation of a circuit, session, or state, but performs no subsequent filtering on the circuit once established.
Client: A host on a network. A client is the computer system, which supports user interaction with the network. Users employ a client to access resources from the network. Users can also employ a client generically as any hardware or software product to access a resource. For example, standard e-mail software is a client.
Client/server network: A form of network where certain computers are designated as "servers" to host resources shared with the network. The remaining computers are designated as "clients" to enable users to access shared resources. Most client/server networks employ directory services and single sign-on. Also known as a domain.
Client-to-server VPN: A VPN created between a client and a server either within the same local network or across a WAN link or intermediary network to support secure client interaction with the services of a resource host. Also known as a host-to-host VPN.
Clipper Chip: A chipset developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission. It was announced in 1993 and was discontinued in 1996.
Closed source: A type of software product that is pre-compiled and whose source code is undisclosed.
Cluster: A logical division of data composed of one or more sectors on a hard drive. A cluster is the smallest addressable unit of drive storage, usually 512, 1,024, 2,048, or 4,096 bytes, depending on the logical volume size.
Cold calling: A tactic of pursuing and extracting information for the purpose of making a sale or performing a social engineering attack. A cold call presupposes little or no knowledge of the person answering the phone. It requires the caller to be able to pick up on vocal and word clues, be knowledgeable about human nature, and adapt quickly to changes in conversation.
Command shell: A software interface with a system that allows code execution. A command shell is often the focus of an attack. If a hacker gains access to a command shell, he or she can perform arbitrary code execution. Also known as a terminal window or a command prompt. For example, in Windows, the command shell prompt is usually "C:>".
Commercial firewall: A firewall product designed for larger networks. Usually a commercial firewall is a hardware device.
Common Gateway Interface (CGI) script: The Common Gateway Interface (CGI) is a standard that defines how Web server software can delegate the generation of Web pages to a console application. Such applications are known as CGI scripts. They can be written in many programming languages, although scripting languages are often used.
Compliance audit: A detailed and thorough review of the deployed security infrastructure compared with the organization's security policy and any applicable laws and regulations.
Compression: Removal of redundant or superfluous data or space to reduce the size of a data set. Compression consumes less storage space and increases the speed of data transmission.
Confidentiality: The security service of preventing access to resources by unauthorized users, while supporting access to authorized users.
Content filtering: A form of filtering that focuses on traffic content. Application proxies perform most content filtering.
Contract workers: Outsiders brought into an organization to work on a temporary basis. Contracted workers can be consultants, temporary workers, seasonal workers, contractors, or even day-laborers. Contracted workers potentially represent a greater risk than regular, full-time regular employees because they might lack loyalty, not see the company as worthy of protection, might not be accountable after a project ends, and so on.
Cookie filter: A cookie is a small text file used by Web browsers and servers to track Web sessions. A cookie filter blocks the sending and receiving of cookies. Blocking cookies can reduce some threats of session tracking and identify theft, but can also disable many Web-based services such as online purchasing.
Corporate firewall: An appliance firewall placed on the border or edge of an organization's network.
Cost/benefit: The final equation of risk analysis to assess the relative benefit of a countermeasure against the potential annual loss of a given asset exposed to a specific threat.
Covert channel: An unknown, secret pathway of communication. Covert channels can be timing or storage-based.
Cross-site scripting (XSS): The malicious insertion of scripting code onto a vulnerable Web site. The results of an XSS attack can include the corruption of the data on the Web site or identity theft of the site's visitors.
Cryptography: The art and science of hiding information from unauthorized third parties. Cryptography is divided into two main categories: encryption and decryption.
Customer Premise Equipment (CPE): A customer premise equipment-based VPN. This VPN is also known as a VPN appliance.

D

Data Leakage Prevention (DLP): A distributed data protection technology that leverages deep analysis, context evaluation, and rules configured from a central console to ensure confidential information remains secure while in use, in transit, and at rest
Data link layer (Layer 2): The second layer of the OSI model responsible for physical addressing (MAC addresses) and supporting the network topology, such as Ethernet.
Database-based detection: A form of IDS/IPS detection based on a collection of samples, patterns, signatures, and so on stored in a database of known malicious traffic and events. All traffic or events that match an item in the database is considered abnormal and potentially malicious. Also known as signature, knowledge, and pattern-matching based detection.
Dead-man switch: A form of auto-initiation switch that triggers when the ongoing prevention mechanism fails. Common dead-man switches include firewalls and hand grenades. If the firewall stops functioning, the connection is severed. If a person dies while holding a live grenade, the safety latch opens and the grenade explodes.
Decryption: The process of converting cipher text back into plain text.
Dedicated connection: A network connection that is always on and available for immediate transmission of data. Most leased lines are dedicated connections.
Dedicated leased lines: See dedicated connection and leased line.
De-encapsulation: The action of processing the contents of a header, removing that header, and sending the remaining payload up to the appropriate protocol in the next higher layer in the OSI model.
Default allow: A security stance that allows all communications except those prohibited by specific deny exceptions. Also known as allow by default.
Default deny: A security stance that blocks all access to all resources until a valid authorized explicit exception is defined.
Default permit: A security stance that allows all access to all resources until an explicit exception is defined.
Defense in depth: A tactic of protection involving multiple layers or levels of security components. Based on the idea that multiple protections create a cumulative effect that will require an attacker to breach all layers, not just one.
Demilitarized zone (DMZ): A type of perimeter network used to host resources designated as accessible by the public from the Internet.
Denial of service (Dos): A form of attack that attempts to compromise availability. DoS attacks are usually of two types: flaw exploitation and flooding. DDoS (Distributed Denial of Service) often involves the distribution of robots, zombies, or agents to thousands or millions of systems that are then used to launch a DoS attack against a primary target.
Deny by default: A security stance that prevents all communications except those enabled by specific allow exceptions. Also known as default deny.
Deterrent: A form of security defense that focuses on discouraging a perpetrator with disincentives such as physical harm, social disgrace, or legal consequences. A deterrent can also be a defense that is complex or difficult to overcome, such as strong encryption, multifactor authentication, or stateful inspection filtering.
Dialer: A rogue program that automatically dials a modem to a pre-defined number. Sometimes this is to auto-download additional malware to the victim or to upload stolen data from the victim. In other cases, the dialer calls premium rate telephone numbers to rack up massive long distance charges.
Dictionary attack: A form of password or encryption key-cracking attack that uses a pre-constructed list of potential passwords or encryption keys.
Digital certificate: An electronic proof of identity issued by a certificate authority (CA). A digital certificate is an entity's public key encoded by the CA's private key.
Digital envelope: A secure communication based on public-key cryptography that encodes a message or data with the public key of the intended recipient.
Digital forensic techniques: Identifying, extracting, and evaluating evidence obtained from digital media such as computer hard drives, CDs, DVDs and other digital storage device
Digital signature: A public-key cryptography-based mechanism for proving the source (and possibly integrity) of a signed dataset or message. A digital signature uses the private key of a sender. Not the same as a "digitized signature," which is a digital image of handwriting.
Directory service: A network service that maintains a searchable index or database of network hosts and shared resources. Often based on a domain name system (DNS). An essential service of large networks.
Disaster recovery plan: A plan to restore the mission-critical functions of the organization once they have been interrupted by an adverse event. The goal of disaster recovery planning is to return the business to functional operation within a limited time to prevent the failure of the organization due to the incident
Disgruntled employees: Workers who feel wronged by their employer and who may take malicious, unethical, potentially illegal actions to exact revenge on the organization.
Distributed denial of service (DDos): An attack that uses multiple remotely controlled software agents disseminated across the Internet. Because the denial of service attack comes from multiple machines simultaneously, it is "distributed." DDoS attacks can include flooding, spam, eavesdropping, interception, MitM, session hijacking, spoofing, packet manipulation, distribution of malware, hosting phishing sites, stealing passwords, cracking encryption, and more.
Distributed LAN: A LAN whose components are in multiple places that are interconnected by WAN VPN links.
DNs poisoning: A form of exploitation in which the data on a DNS server are falsified so subsequent responses to DNS resolution queries are incorrect. DNS poisoning can wage man-in-the-middle attacks.
DNs spoofing: A form of exploitation in which unauthorized or rogue DNS server responds to DNS queries with false, spoofed resolutions. DNS poisoning can wage man-in-the-middle attacks.
Domain: A client/server network managed by a directory service.
Domain name system (DNS): A network service that resolves fully qualified domain names (FQDNs) into their corresponding IP address. DNS is an essential service of most networks and their directory services.
Domain registration: The information related to the owners and managers of a domain name accessed through domain registrar's Web sites and whois lookups. A domain registration might include a physical address, people's names, e-mail addresses, and phone numbers. This information is useful in waging social engineering attacks.
Downtime: Any planned or unplanned period when a network service or resource is not available. Downtime can be caused by attack, hardware failure, or scheduled maintenance. Most organizations strive to minimize downtime through security and system management.
Dual-homed firewall: A firewall that has two network interfaces. Each network interface is located in a unique network segment. This allows for true isolation of the segments and forces the firewall to filter all traffic moving from one segment to another.
Dumpster diving: A type of reconnaissance in which an attacker examines an organization's trash or other discarded items to learn internal or private information. The results of dumpster diving are often used to wage social engineering attacks.
Dynamic packet filtering: The process of automatically created temporary filters. In most cases, the filters allow inbound responses to previous outbound requests. Also called stateful inspection.

E

Eavesdropping: The act of listening in on digital or audio conversations. Network eavesdropping usually requires a sniffer, protocol analyzer, or packet capturing utility. Eavesdropping may be able to access unencrypted communication, depending on where it occurs.
Edge router: A router positioned on the edge of a private network. Usually an edge router is the last device owned and controlled by an organization before an ISP or telco connection.
Education: The third and highest level of obtaining security knowledge that leads to career advancement. Security education is broad and not necessarily focused on specific job tasks or assignments. More rigorous than awareness or training.
Egress filtering: Filtering traffic as it attempts to leave a network, which can include monitoring for spoofed addresses, malformed packets, unauthorized ports and protocols, and blocked destinations.
Electronic Privacy Information Center (EPIC): A public interest research group in Washington, D.C., established in 1994 to focus public attention on emerging civil liberties issues and to protect privacy, the First Amendment, and Constitutional values in the information age. It pursues a wide range of activities, including privacy research, public education, conferences, litigation, publications, and advocacy. It maintains two of the world's most popular privacy sites—epic.org and privacy.org—and publishes the online EPIC Alert every two weeks with information about emerging privacy and civil liberties issues.
Encapsulation: The process of enclosing or encasing one protocol or packet inside another protocol or packet. Also known as "tunneling." Encapsulation allows for communications to cross intermediary networks that might be incompatible with the original protocol. Encapsulation is distinct from encryption, but many encapsulation protocols include encryption.
Encryption: The process of converting original data into a chaotic and unusable form to protect it from unauthorized third parties. Decryption returns the data back to its original, usable form.
Enumeration: The process of discovering sufficient details about a potential target to learn about network or system vulnerabilities. Enumeration often starts with operating system identification, followed by application identification, then extraction of information from discovered services.
Exploit: An attack tool, method, or technique a hacker uses to take advantage of a known vulnerability or flaw in a target system.
Exposure factor (EF): The potential amount of harm from a specific threat stated as a percentage. Used in the calculation of SLE.
Extranet: A type of perimeter network used to host resources designated as accessible to a limited group of external entities, such as business partners or suppliers, but not by the public. Often, access to an extranet requires the use of a virtual private network or VPN, especially when access originates from the Internet.
Extranet VPN: A VPN used to grant outside entities access into a perimeter network; used to host resources designated as accessible to a limited group of external entities, such as business partners or suppliers, but not the general public.

F

Fail-open: A failure response resulting in open and unrestricted access or communication.
Fail-safe: A failure response resulting in a secured or safe level of access or communication.
Fail-secure: A failure response resulting in a secured or safe level of access or communication.
Fair queuing: A technique of load balancing that operates by sending the next transaction to the firewall with the least current workload.
False negative: An event that does not trigger an alarm but should have, due to the traffic or event actually being abnormal and/or malicious. This is the unwanted non-detection of a malicious event.
False positive: An event that triggers an alarm but should not have, due to the traffic or event actually being benign. This is the unwanted false alarm that wastes time and resources pursuing a non-malicious event.
File encryption: A form of security protection that protects individual files by scrambling the contents in such a way as to render them unusable by unauthorized third parties.
File Transfer Protocol (FTP): A protocol and a data exchange system commonly used over TCP/IP networks, including the Internet, but which is unencrypted and performs authentication and data transfer in plaintext.
Filter: A written expression of an item of concern (protocol, port, service, application, user, IP address) and one or more actions to take when the item of concern appears in traffic. A filter expresses the intention to block or deny unwanted items of concern. Also known as a rule or ACL.
Filtering: The process of inspecting content against a set of rules or restrictions to enforce allow-and-deny operations on that content. Firewalls and other security components use filtering.
Firewalking: A hacking technique used against static packet filtering firewalls to discover the rules or filters controlling inbound traffic.
Firewall: A network security device or host software that filters communications, usually network traffic, based on a set of predefined rules. Unwanted content is denied and authorized content is allowed. Also known as a sentry device.
Flaw exploitation: A form of DoS that uses a software specific exploit to cause the interruption of availability. Once you apply the appropriate patch, the system is no longer vulnerable to this particular exploit.
Flooding: An attack, usually resulting in a DoS, in which hackers direct massive amounts of traffic toward a target to fully consume available bandwidth or processing capabilities.
Footprinting: The act of researching and uncovering information about a potential attack target. Also known as reconnaissance.
Fragmentation: This occurs when a dataset is too large for maximum supported size of a communication container, such as a segment, packet, or frame. The original dataset divides into multiple sections or fragments for transmission across the size-limited medium, then reassembles on the receiving end. Fragmentation can sometimes corrupt or damage data or allow outsiders to smuggle malicious content past network filters.
Frame: The collection of data at the Data Link layer (Layer 2) of the OSI model, defined by the Ethernet IEEE 802.3 standard, that consists of a payload from the Network layer (Layer 3) to which an Ethernet header and footer have been attached.
Full mesh topology: A network design that establishes all possible connections between hosts. A full mesh topology is the most fault-tolerant topology possible, but is also the least resistant to propagation of malware.
Fully qualified domain name (FQDN): A complete Internet host name including a top-level domain name, a registered domain name, possibly one or more sub-domain names, and a host name. Examples include: www.itttech.edu and maps.google.com. A DNS is used to resolve FQDNs into IP addresses.
Fuzzing tools: Hacking and testing utilities that use a brute force technique to craft packets and other forms of input directed toward the target. Fuzzing tools stress a system to push it to react improperly, to fail, or to reveal unknown vulnerabilities.

G

Gateway: An entrance or exit point to a controlled space. A firewall is often positioned at a gateway of a network to block unwanted traffic.
Gateway-to-gateway VPN: A VPN model used to connect to offices together such as a main office and a remote office. It is also referred to as a site-to-site VPN.

H

Hacker: A person who performs hacking. Modern use of this term now implies malicious or criminal intent by the hacker, although criminals are more correctly known as "crackers." An "ethical hacker" obtains the permission of the owner of a system before hacking.
Hacking: The act of producing a result not intended by the designer of a system. Hackers may perform such acts out of curiosity or malice. Malicious hacking is known as "cracking," but many people typically call all these actions "hacking," regardless of intent.
Hardening: The process of securing or locking down a host against threats and attacks. This can include removing unnecessary software, installing updates, and imposing secure configuration settings.
Hardware address: The physical address assigned to a network interface by the manufacturer. Also known as the MAC address.
Hardware firewall: An appliance firewall. A hardened computer product that hosts firewall software exclusively.
Hardware VPN: A dedicated device hosting VPN software. Also known as an appliance VPN. Hardware VPNs can connect hosts and/or networks.
Hash algorithm: A set of mathematical rules and procedures that produces a unique number from a dataset. See hash and hashing.
Hash or hash value: The unique number produced by a hash algorithm when applied to a dataset. A hash value verifies the integrity of data.
Hashing: The process of verifying data integrity. Hashing uses hash algorithms to produce unique numbers from datasets, known as hash values. If before and after hash values are the same, the data retain integrity.
Header: The additional data added to the front of a payload at each layer of the OSI model that includes layer-specific information.
Hierarchical File system (HFS): A storage device file system developed by Apple Inc. for use on Macintosh computers. HFS supports multiple resource forks for file objects.
Hijacking: This attack occurs when a hacker uses a network sniffer to watch a communications session to learn its parameters. The hacker then disconnects one of the session's hosts, impersonates the offline system, and then begins injecting crafted packets into the communication stream. If successful, the hacker takes over the session of the offline host, while the other host is unaware of the switch.
Honeynet: A collection of multiple honeypots in a network for the purposes of luring and trapping hackers.
Honeypot: A closely monitored system that usually contains a large number of files that appears to be valuable or sensitive, and serves as a trap for hackers. A honeypot distracts hackers from real targets, detects new exploitations, and learns the identities of hackers.
Host: A node that has a logical address assigned to it, usually an IP address. This typically implies that the node operates at and/or above the network layer. This would include clients, servers, firewalls, proxies, and even routers. The term excludes switches, bridges, and other physical devices such as repeaters and hubs. In most cases, a host either shares or accesses resources and services from other hosts.
Host firewall: A software firewall installed on a client or server.
Host VPN: A VPN endpoint located on a host client or server. A host VPN relies on either a native feature of the operating system or a third-party application.
Host-to-gateway VPN: A VPN model where the remote client connects to the VPN server to gain access to the internal network.
Host-to-host VPN: A VPN created between two individual hosts across a local or intermediary network. Host-to-host VPNs is also known as client-to-server or remote-to-office or remote-to-home VPNs.
Host-to-site VPN: A VPN created between a host and a network across a local or intermediary network. Also known as a remote access VPN.
HOSTS file: A static file on every IP enabled host where FQDN to IP address resolutions can be hard coded.
Hybrid attack: A form of password or encryption key-cracking attack that combines dictionary attacks with brute force attacks. A dictionary list provides seed values to a brute force attack tool that makes modifications to the seed value. A very effective attack against users who mistakenly believe that changing a few characters or adding a few characters to a base password is actually improving the password's strength. For example, hybrid attacks may combine dictionary words with a digit or two to increase the likelihood of obtaining a successful result.
Hybrid VPN: A form of VPN establishing a secure VPN over trusted VPN connections.

I

IEEE 802.1x: A networking mechanism to hand off or pass off the task of authentication to a third-party dedicated authentication system. Also known as port authentication, portal authentication, or port-based network access (admission) control (PNAC).
ICMP redirect: An announcement message sent to hosts to adjust the routing table. ICMP type 5 messages are known as redirects. Hackers can use ICMP redirects to perform man-in-the-middle or session hijacking attacks.
Identity proofing: The act of authentication. Confirming the identity of a user or host.
IDS insertion: An attack that exploits the nature of a network focused IDS to collect and analyze every packet to trick the IDS into thinking an attack took place when it actually hasn't. The common purpose of IDS injection attacks is to trick signature or pattern matching detection of malicious network events.
Incident response plan: A predefined procedure to react to security breaches to limit damage, contain the spread of malicious content, stop compromise of information, and promptly restore the environment to a normal state.
Information Technology Infrastructure Library (ITIL): A set of concepts and practices that provide detailed descriptions and comprehensive checklists, tasks and procedures for common IT practices. The Security Management section is based on the ISO 27002 standard.
Ingress filtering: Filtering traffic as it attempts to enter a network. This can include monitoring for spoofed addresses, malformed packets, unauthorized ports and protocols, and blocked destinations.
Insertion attack: An exploit-based on the introduction of unauthorized content or devices to an otherwise secured infrastructure. Three common insertion-based attacks include SQL injection, IDS insertion, and rogue devices.
Instant message (IM): A form of near real-time text communication. Also known as chat, IRC, and SMS messaging.
Intangible cost/value: Costs or values not directly related to budgetary funds. They can include, but are not limited to: research and development, marketing edge, competition value, first to market, intellectual property, public opinion, quality of service, name recognition, repeat customers, loyalty, honesty, dependability, assurance, reliability, trademarks, patents, privacy, and so on.
Integrated services Digital Network (ISDN): A set of communications standards for simultaneous digital transmission of voice, video, data, and other network services over the traditional circuits of the public switched telephone network.
Integrity: The security service of preventing unauthorized changes to data.
Interception attack: Any attack that positions the attacker inline with a session between a client and server. Such attacks typically allow the hacker to eavesdrop and manipulate the contents of the session. Also known as a man-in-the-middle attack.
Intermediary network: Any network, network link, or channel located between the endpoints of a VPN. Often the Internet.
Internal personnel: Any worker or person who is physically present within the building or who has authorization to remotely connect into the network. Internal personnel are the most common cause of security violations.
International Assigned Numbers Authority (IANA): The entity responsible for global coordination of IP addressing, DNS root, and other Internet protocol resources.
Internet Control Message Protocol (ICMP): A commonly used protocol found in the Network layer (Layer 3). ICMP rides as the payload of an IP packet. ICMP supports network health and testing. Commonly abused by hackers for flooding and probing attacks.
Internet Key Exchange (IKE): The protocol used to set up a security association (SA) in the IPSec protocol suite.
Internet Relay Chat (IRC): A real-time text communication system. Hackers commonly use IRC as a way to communicate anonymously and control botnets.
Internetwork Packet Exchange/sequenced Packet Exchange (IPX/SPX): A legacy protocol developed by Novell for their NetWare networking product. Mostly replaced by TCP/IP.
Intrusion detection system (IDS): A security mechanism to detect unauthorized user activities, attacks, and network compromise. An IDS can respond in a passive manner through alerts and logging or in an active manner by disconnecting an offending session.
Intrusion prevention system (IPS): A security mechanism to detect and prevent attempts to breach security.
IP address: The temporary logical address assigned to hosts on a network. An IP address is managed and controlled at the Network layer (Layer 3) of the OSI model by IP (Internet Protocol). IPv4 addresses are 32-bit addresses presented in human-friendly dotted-decimal notation. IPv6 addresses are 128-bit address presented in a special hexadecimal grouping format.
IPSec: IP protocol encryption services extracted from IPv6 to be used as an add-on component for IPv4. IPSec provides tunnel mode and transport mode encrypted network layer connections between hosts and/or networks.

J

Job description: An essential part of security and an extension of the written security policy. The job description defines the business tasks for each person within the organization. This in turn prescribes the authorization personnel need to accomplish these assigned tasks.

K

Kerberos: A computer network authentication protocol that allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. It is also a suite of free software published by Massachusetts Institute of Technology (MIT) that implements this protocol. It was designed as a client-server model, and it provides mutual authentication—both the user and the server verify each other's identity. Kerberos protocol messages are protected against eavesdropping and replay attacks.
Key or encryption key: The unique number used to guide an algorithm in the encryption and decryption process. A valid key must be within the key space of an algorithm.
Key exchange: The cryptographic function ensuring that both endpoints of a commutation have the same symmetric key. Key exchange occurs by simultaneous key generation or with a digital envelope.
Key pair: The set of associated keys including a public key and a private key used by public key cryptography. Only the public key can decrypt data encrypted by the private key, and vice versa.
Key space: The range of valid keys used by an algorithm. Key space is the bit length of the keys supported by the algorithm.
Keystroke logger: Malware that records all keyboard input and transmits the keystroke log to a hacker.
Knowledge-based detection: A form of IDS/IPS detection based on a collection of samples, patterns, signatures, and so on stored in a database of known malicious traffic and events. All traffic or events that match an item in the database is considered abnormal and potentially malicious. Also known as signature, database, and pattern-matching-based detection.

L

LAN-to-LAN VPN: A VPN between two networks over an intermediary network. Also known as WAN VPN and site-to-site VPN.
Latency: The accumulation of delay each time a communication signal crosses a node or host. Some amount of delay occurs between reception on one interface and transmission out another interface. Too much latency causes communication timeouts.
Leased line: A network communications line leased from an ISP or telco service. A leased line is usually a dedicated line between network locations or to the Internet.
Leetspeak: A somewhat secret form of communication or language hackers use based on replacing letters with numbers, symbols, or other letters that somewhat resemble the original characters. For example, "elite" becomes "eleet," and then becomes "31337."
Line topology: A network design in which hosts are connected end-to-end, each system being connected to no more than two others.
Load balancing: A network traffic management technique to spread the workload or traffic levels across multiple devices to maintain availability, uptime, and high-performance at wirespeed.
Local area network (LAN): A network confined to a limited geographic distance. Generally, a LAN is comprised of segments that are fully owned and controlled by the host organization as opposed to using lines leased from telcos.
Log: A log is a recording or notation of activities. Many security services, applications, and network resources automatically create a log of all events. Also known as an event log or a log file.
Logging: The act of creating or recording events into a log. Similar to auditing and monitoring.
Logic bomb: Malware that acts like an electronic land mine. Once a hacker places a logic bomb in a system, it remains dormant until a triggering event takes place. The trigger can be a specific time and date, the launching of a program, the typing of a specific keyword, or accessing a specific URL. Once the trigger occurs, the logic bomb springs its malicious event on the unsuspecting use.
Logical address: A temporarily assigned address given to a host. IP address is a common example of a logical address. Most logical addresses exist at the Network layer (Layer 3) of the OSI model.
Logical topology: A description of the arrangement of network devices and how they communicate with each other. Logical topology is a function of network protocols and may not reflect the actual physical topology of the network.

M

MAC (Media Access Control) address: The physical address assigned to a network interface by the manufacturer. The MAC address is a 48-bit binary address presented in as hexadecimal pairs separated by colons. The first half of a MAC address is known as the Organizationally Unique Identifier (OUI) or vender ID, the last half is the unique serial number of the NIC.
MAC spoofing: The act of a hacker changing the MAC address of their network interface. Commonly used to bypass MAC filtering on a wireless access point by impersonating a valid client.
Malicious code (or malware): Any software that was written with malicious intent. Administrators use antivirus and anti-malware scanners to detect and prevent malicious code (also known as malware) from causing harm within a private network or computer.
Management interface: The command line or graphical interface used to control and configure a device. Often accessible through a console (CON) port on the device or through a logical interface across the network.
Man-in-the-middle (MinM): This attack occurs when a hacker is positioned between a client and a server and the client is fooled into connecting with the hacker computer instead of the real server. The attack performs a spoofing attack to trick the client. As a result, the connection between the client and server is proxied by the hacker. This allows the hacker to eavesdrop and manipulate the communications.
Maximum Transmission Unit (MTU): The largest amount of data that a datagram can hold based on the limitations of the networking devices managing a given segment. As an MTU changes across a communication path, a datagram may be fragmented to comply with the MTU restriction.
Mean Time Between Failures (MTBF): A rating on some hardware devices expressing the average length of time between significant failures.
Mean Time To Failure (MTTF): A rating on some hardware devices expressing the average length of time until the first significant failure is likely to happen.
Metacharacter: A character that has a special meaning assigned to it and recognized as part of a scripting or programming language. Metacharacters should be filtered, escaped, or blocked to prevent script injection attacks. Escaping metacharacters is a programmatic tactic to treat all characters as basic ASCII rather than as something with special meaning or purpose.
Mission-critical: The state or condition of an asset or process vitally important to the long-term existence and stability of an organization. If a mission-critical element is interrupted or removed, it often results in the failure of the organization.
MITRE: The MITRE Corporation is a not-for-profit organization chartered to work in the public interest. It sponsors a vulnerability research, cataloging, and information organization: http://cve.mitre.org/.
Mobile code: A form of software transmitted to and executed on a client. Hackers can use mobile code for malicious purposes.
Modeling: The process of simulating and testing a new concept, design, programming, technique, and so forth before deployment into a production environment. Modeling often occurs before piloting.
Modem: An acronym for MOdulator-DEModulator. A device that communicates computer data across a telephone connection.
Monitor or monitoring: The act of watching for abnormal or unwanted circumstances. Commonly used interchangeably with logging and auditing.
Monkey-in-the-middle: Another term for man-in-the-middle.
Multi-factor authentication: Authentication that requires multiple valid proofs of identity used in simultaneous combination.

N

National Information Infrastructure (NII): The product of the High Performance Computing and Communication Act of 1991. It was a telecommunications policy buzzword, which was popularized during the Clinton administration under the leadership of Vice President Al Gore. It was a proposed advanced, seamless web of public and private communications networks, interactive services, interoperable hardware and software, computers, databases, and consumer electronics to put vast amounts of information at users' fingertips.
National Institute of standards and Technology (NIST): NIST is a non-regulatory federal agency within the U.S. Department of Commerce whose mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology. As part of its mission, the NIST performs vulnerability research, cataloging, and information distribution: http://nvd.nist.gov/.
National security Agency (NSA): The National Security Agency/Central Security Service (NSA/CSS) is a cryptologic intelligence agency of the United States government, administered as part of the United States Department of Defense. It is responsible for the collection and analysis of foreign communications and foreign signals intelligence, which involves cryptanalysis. It is also responsible for protecting U.S. government communications and information systems from similar agencies elsewhere, which involves cryptography.
Native firewall: A firewall within an operating system or hardware device placed there by the vendor or manufacturer. Can also include firewalls not necessarily installed by default, but which you can add to a system through an update or patch installation.
NetBIOS: A transport layer protocol used for file and printer sharing over TCP/IP. Originally developed in 1983 as an application-programming interface (API) for software communications, the protocol was extended to encapsulate NetBIOS information in TCP and UDP packets, also known as NetBIOS over TCP/IP (NBT).
NetBIOS Extended User Interface (NetBEUI): An application-programming interface (API) developed by IBM in 1985 to emulate NetBIOS on a token ring network. Still used by Microsoft to describe a transport layer protocol for file and print sharing over Ethernet, which technically is better termed NetBIOS Frames (NBF). NBF makes extensive use of broadcast messages and thus introduces additional traffic to a network.
Network access control (NAC): A mechanism that limits access or admission to a network based on the security compliance of a host.
Network address translation (NAT): A service that converts between internal addresses and external public addresses. This conversion is performed on packets as they enter or leave the network to mask and modify the internal client's configuration. The primary purpose of NAT is to prevent internal IP and network configuration details from being discovered by external entities, such as hackers.
Network layer (Layer 3): The third layer of the OSI model. This layer is responsible for logical addressing (IP addresses) and routing traffic.
Network News Transfer Protocol (NNTP): The protocol used by the USENET message service. USENET is a persistent message service that allows anyone to post and read messages from over 100,000 named, categorized, topical newsgroups.
Network security: The collection of security components assembled in a network to support secure internal and external communications. Network security depends on upon host security. Network security operates to protect the network as a whole, rather than as individual systems.
New Technology File system (NTFS): A file format developed by Microsoft commonly used on Windows systems. NTFS offers file security, large volume size, large file size, and alternate data streams (ADS).
Nmap: A network mapping tool that performs network scanning, port scanning, OS identification, and other types of network probing. Nmap is available at http://www.insecure.org/.
Node: Any device on the network that can act as the endpoint of a communication. This includes clients, servers, switches, routers, firewalls, and anything with a network interface that has a MAC address. A node is a component that can receive communication with, rather than one that communication only through or across. For example, network cables and patch panels are not nodes.
Non-authenticating query service: Any communication exchange that does not verify the identity of the endpoints of a communication and accepts any properly formed response as valid. DNS and ARP are common examples. Hackers can easily spoof such a service.
Non-dedicated connection: A network connection not always on and available for immediate transmission of data. A connection must be established through a negation process before the channel is open and ready for data transmission. Dial-up, ISDN, and DSL lines are non-dedicated connections.
Non-repudiation: A security service that ensures that a sender cannot deny sending a message. This service can be provided by public key cryptography, typically through a digital signature.

O

One-time pad: A form of cryptography in which each encryption key is used once before being discarded. Keys are pseudorandom and never repeat. Key length must match message length, so that each character is encrypted with a unique key character.
One-way function: A mathematical operation performed in one direction relatively easily; reversing the operation is impossible—or nearly so.
Open source: A type of software product that may or may not be pre-compiled and whose source code is freely disclosed and available for review and modification.
Opportunistic hackers: A person who takes advantages of unique or abnormal situations to perform malicious actions, but who would not initiate such actions otherwise.
Optical carrier (OC): A form of network carrier line, often leased or dedicated, which uses fiber optic cables for very high-speed connections. An OC-1 connection supports a throughput of 51.84 Mbps.
OS/2: A multi-tasking operating system developed jointly by Microsoft and IBM. First released in 1987, it lost nearly its entire market share to Windows after the two companies ceased collaboration in 1990. IBM discontinued support in 2006.
OSI model: Open systems interconnect (OSI) is a standard conceptual tool used to discuss protocols and their functions. The OSI model has seven layers. Each layer can communicate with its peer layer on the other end of a communication session. While the OSI model helps to discuss protocols, most protocols are not in full compliance with it.
Out of band: A method of communication through an alternative route, mechanism, or pathway than the current one employed (the current communication is known as "in band"). Commonly used as a technique for secured data exchange or verification of an identity.

P

Packet: The collection of data at the Network layer (Layer 3) of the OSI model. It consists of the payload from the Transport layer (Layer 4) above and the Network layer header. IP packets are a common example.
Packet manipulation: Any modification of network communications performed mid-session by a hacker. Commonly used in session hijacking, man-in-the-middle, and spoofing attacks.
Padded cell: Specialized host used to place an attacker into a system where the intruder cannot do any harm.
Partial mesh topology: A mesh network design that establishes many but not all possible host-to-host links. Not as fault tolerant as a full-mesh topology.
Partition: A logical division of a hard drive that can be formatted with a file system.
Passive threats: Any harmful code or site that depends upon the user's actions to be accessed or activated. If users never visit an infected site or do not perform the risky activity, the threat never reaches them. A passive threat is similar to a virus in that it depends upon the activity of the user to activate, infect, and spread.
Patch management: The procedure of watching for the release of new updates from vendors, testing the patches, obtaining approval, then overseeing the deployment and implementation of updates across the production environment.
Payload: The non-header component of a PDU/segment/packet/frame. The payload is the data received from the layer above that includes the above layer's header and its payload.
Permission: An ability to interact with a resource that is granted or denied to a user through some method of authorization or access control, such as access control lists (ACLs)
Personal firewall: Typically a software host firewall installed on a home computer or network client. Can also refer to SOHO hardware firewalls such as those found on DSL and cable modems and wireless access points.
Phishing: An attack that seeks to obtain information from a victim by presenting false credentials or luring victims to an attack site. Phishing can occur face to face, over the phone, via e-mail, on a Web site, or through IM.
Physical address: The hardware address assigned to a network interface by the manufacturer. Also known as the MAC address.
Physical layer (Layer 1): The bottom or first layer of the OSI model. This layer converts data into transmitted bits over the physical network medium.
Physical topology: The actual cable structure connecting hosts and nodes together. Physical topology may be independent of logical topology.
Piloting: Using a new service, device, configuration, software, and so on to a limited number of testing hosts before rolling out the new component to the entire production environment. Piloting often occurs after modeling. Also called beta testing.
Ping sweep: A network scan that sends ICMP type 8 echo requests to a range of IP addresses to obtain ICMP type 0 echo responses. A ping sweep can discover active systems and identify the IP addresses in use.
Playback attack: See replay attack.
Pop-up blocker: A software tool that prevents or restricts Web sites from automatically opening additional tabs or windows without the user's consent. These additional windows are known as pop-ups or pop-unders. Pop-ups are commonly used as methods of advertising, as well as elements in social engineering and distribution of malicious code.
Port-based network access (admission) control (PNAC): A form of network access control or admission control (NAC) used on individual network access devices, such as firewalls, VPN gateways, and wireless routers, to offload authentication to a dedicated authentication server/service. Only after valid authentication are communications with or across the network device allowed.
Port forwarding: The function of routing traffic from an external source received on a specific pre-defined IP address and port combination (also known as a socket) to an internal resource server. Also known as reverse proxy and static NAT.
Port number: The addressing scheme used at the Transport layer (Layer 4) of the OSI model. There are 65,535 ports, each of which can in theory support a single simultaneous communication.
Port scanning: A network scan that sends various constructions of TCP or UDP packets to determine the open or closed state of a port. Tools such as nmap are used to perform port scanning.
POSIX: A variant of the UNIX operating system. Supported by Windows NT 4.0, but not in any subsequent version of Windows. POSIX used the ADS feature of NTFS.
Post office Protocol (POP): An application layer protocol used by e-mail clients to receive messages from an e-mail server. The default TCP/IP port is 110, and it does not encrypt communications. The companion SMTP protocol sends messages to an e-mail server.
Presentation layer (Layer 6): The sixth layer of the OSI model translates the data received from host software into a format acceptable to the network. This layer also performs this task in reverse for data coming from the network to host software.
Principle of least privilege: The guideline that all users should be granted only the minimum level of access and permission required to perform their assigned job tasks and responsibilities.
Privacy: Keeping information about a network or system user from being disclosed to unauthorized entities. While typically focused on private information like a Social Security number, medical records, credit card number, cellular phone number, etc., privacy concerns extend to any data that represents personally identifiable information (also known as PII).
Private branch exchange (PBX): A type of business telephone network. PBX systems allow for multiple phone extensions, voice mailboxes, and conference calling. PBX systems require specialized equipment. PBX systems are largely being replaced by VOIP (Voice over IP) solutions.
Private IP address: The ranges of IP addresses defined in RFC 1918 for use in private networks that are not usable on the Internet.
Private key: The key of the public key cryptography key pair kept secret and used only by the intended entity. The private key decodes information encoded with its associated public key, encrypting information that can be decrypted only by its associated public key. This process validates the identity of the originator and creates a digital signature.
Privilege: An increased ability to interact with and modify the operating system and desktop environment granted or denied to a user through some method of authorization or access control, such as user rights on a Windows system.
Privilege escalation: The act of obtaining a higher level of privilege or access for a user account or a session. A tactic employed by hackers once they intrude into a network through the compromise of a normal user account.
Professional hackers: Criminals whose objective is to compromise IT infrastructures. Whether operating as individuals, offering mercenary hacking services, or functioning as members of a criminal ring, professional hackers focus time and energy on becoming effective cyber attackers. A professional hacker is someone who contracts out his or her hacking skills to others.
Protocol Data Unit (PDU): The collection of data at the Session, Presentation, and Application layers (Layers 5-7) of the OSI model.
Proxy: A network service that acts as a "middle man" between a client and server. A proxy can hide the identity of the client, filter content, perform NAT services, and cache content.
Proxy attack: See man-in-the-middle.
Proxy manipulation: An attack in which a hacker modifies the proxy settings on a client to redirect traffic to another system, such as the hacker's own machine. The hacker may host a proxy server in addition to eavesdropping and manipulating the redirected traffic.
Pseudo random number generator (PRNG): The mechanism of computer systems that produces partially random numbers using a complex algorithm and a seed value that is usually time based. Computers are currently unable to produce true random numbers and a PRNG approximates randomness.
Public IP address: Any address that is valid for use on the Internet. This excludes specially reserved addresses such as loopback (127.0.0.1127.255.255.255), RFC 1918 addresses, and the Windows APIPA addresses (169.254.0.0-169.254.255.255). Organizations lease public addresses from an Internet Service Provider (ISP).
Public key: The key of the public key cryptography key pair shared with other entities with whom the holder of the private key wishes to correspond. The public key decodes messages encoded with its associated private key, originates messages that only the holder of the associate private key can decrypt, and creates digital envelopes.
Public key cryptography: A subset of asymmetric cryptography based on the use of key pair sets. Public key cryptography uses public and private keys to create digital envelopes and digital signatures.
Public Key Infrastructure (PKI): A combination of several cryptographic components to create a real-world solution that provides secure communications, storage, and identification services. Commonly uses symmetric encryption, asymmetric/public key encryption, hashing, and digital certificates. In most cases, when PKI refers to authentication, digital certificates are used as credentials.
Public network: Any network that accessible by entities from outside an organization. Most often, use of this term implies the Internet, but many other public networks exist.
Pwned: A leetspeak word derived from a common IRC typo of "owned." Used to mean hacking and taking over control of a computer or network.

R

Reconnaissance: The act of learning as much as possible about a target before attempting attacks. Reconnaissance consists of collecting data about the target from multiple sources online and offline. Effective reconnaissance is done covertly, without tipping off the target about the research. Reconnaissance can also be called footprinting, discovery, research, and information gathering.
Recreational hackers: People those who enjoy learning and exploring, especially with computing technology. However, they might make poor choices as to when to use their newfound skills. Bringing in unapproved software from home, experimenting on the company network, or just trying out an exploit to "see if it works" are all potential problems caused by recreational hackers.
Redundancy or redundant: The feature of network design that ensures the existence of multiple pathways of communication. The purpose is to prevent or avoid single points of failure.
Redundant Array of Independent Disks (RAID): A disk set management technology that gains speed and fault tolerance. RAID can provide some protection against hard drive failure, but does not protect against software or data compromises, such as virus infection.
Regional Internet Registry (RIR): The five regional organizations that oversee and monitor the allocation and registration of IP addresses (both IPv4 and IPv6). RIR consists of American Registry for Internet Numbers (ARIN), RIPE Network Coordination Center (RIPE NCC), Asia-Pacific Network Information Centre (APNIC), Latin American and Caribbean Internet Address Registry (LACNIC) and African Network Information Centre (AfriNIC).
Rekeying: The process of triggering the generation of a new symmetric encryption key and secure exchange of that key. Rekeying can take place based on time, idleness, volume, randomness, or election.
Remote access: A communications link that enables access to network resources using a wide area network (WAN) link to connect to a geographically distant network. In effect, remote access creates a local network link for a system not physically local to the network. Over a remote access connection, a client system can technically perform all the same tasks as a locally connected client, with the only difference being the speed or the bandwidth of the connection.
Remote access server (RAS) or network access server (NAS): A network server that accepts inbound connections from remote clients. Also known as a network access server (NAS).
Remote-to-home VPN: A VPN used to connect a remote or mobile host into a home computer or network. Also known as a host-to-host VPN.
Remote-to-office VPN: A VPN used to connect a remote or mobile host into office network workstation. Also known as a host-to-host VPN.
Remote control: The ability to use a local computer system to remotely take control of another computer over a network connection. Often used for remote technical assistance.
Replay attack: This attack occurs when a hacker uses a network sniffer to capture network traffic and then retransmits that traffic back on to the network at a later time. Replay attacks often focus on authentication traffic in the hope that retransmitting the same packets that allowed the real user to log into a system will grant the hacker the same access.
Request for comment (RFC): A document that defines or describes computer and networking technologies. RFCs exist for hardware, operating systems, protocols, security services, and much more.
Resources: Any data item or service available on a computer or network accessible by a user to perform a task.
Return on Investment (ROI): A business evaluation technique to determine whether an investment will earn back equivalent or greater benefit within a specific time.
Reverse proxy: The function of routing traffic from an external source received on a specific pre-defined IP address and port combination (also known as a socket) to an internal resource server. Also known as port forwarding and static network address translation (NAT).
RFC 1918 addresses: IP addresses that, by convention, are not routed outside a private or closed network. Class A: 10.0.0.0-10.255.255.255; Class B: 172.16.0.0-172.31.255.255; Class C: 192.168.0.0-192.168.255.255
Ring topology: A network design where host segments are attached to a central cable ring.
Risk: The likelihood or potential for a threat to take advantage of a vulnerability and cause harm or loss. Risk is a combination of an asset's value, exposure level, and rate of occurrence of the threat. A goal of security is to recognize, understand, and eliminate risk.
Risk assessment: Risk assessment is the process of examining values, threat levels, likelihoods, and total cost of compromise versus the value of the resource and the cost of the protection. This involves the use of values and calculations, such as AV, EF, SLE, ARO, ALE, and the cost/benefit equation.
Risk management: Performing risk assessment, and then acting on the results to reduce or mitigate risk. Often risk assessment establishes a new security policy and then aids in revising it over time.
Roles: or job roles A collection of tasks and responsibilities defined by a security policy or job description for an individual essential productivity, or security position.
Rootkit: A form of malware that hackers can upload and deploy on a target system. It often replaces multiple components of the host operating system with altered code. A rootkit may have stealth capability, which means that when activated, it can camouflage itself, logs, other files, or resources by intercepting calls to the operating system and generating its own reply. For example, the directory command "DIR" can be reprogrammed to suppress the display of the rootkit files A rootkit acts a somewhat like a device driver and positions itself between the kernel (the core program of an operating system) and the hardware. From there, the rootkit can selectively hide files on storage devices and active process in memory from being viewable, accessible, or detectible by the OS. Rootkits often hide other forms of malware or hacker tools. Rootkits can include other malware functions in addition to their stealth abilities.
Round-robin: A form of load balancing which hands out tasks in a repeating non-priority sequence.
Round-robin database Tool (RRDtool): Round-Robin Database Tool, aimed to handle time-series data like network bandwidth, temperatures, CPU load, and so on. The data are stored in a round-robin database (circular buffer), thus the system storage footprint remains constant over time.
Router: A network device responsible for directing traffic towards its stated destination along the best-known current available path.
Rule: A written expression of an item of concern (protocol, port, service, application, user, IP address) and one or more actions to take when the item of concern appears in traffic. Also known as a filter or ACL.
Rule set: The list of rules on a firewall (or router or switch) that determine what traffic is and is not allowed to cross the filtering device. Most rule sets employ a first-match-apply-action process.

S

Sacrificial host: A firewall positioned at the initial entry point where a network interfaces with the Internet serving as the first line of defense for the network. Also known as a bastion host.
Scalability: The ability of a product or service to provide adequate performance across changes in size, load, scope, or volume.
Scanning: The act of probing a network using custom crafted packets. Scanning can determine the IP addresses in use and whether ports are open or closed. The tool nmap can be used to perform scanning.
Screening router: A router that can perform basic static packet filtering services in addition to routing functions. A screening router is the predecessor of modern firewalls.
Script kiddie: A new, inexperienced, or ignorant hacker who uses pre-built attack tools and scripts instead of writing his or her own or customizing existing ones. Even though a derogatory term in the hacker community, "script kiddie" still describes a serious threat to network security.
Sector: A subdivision of computer storage medium that represents a fixed size of user-accessible data. Magnetic disks typically have 512-byte sectors; optical disks have 2,048-byte sectors. When a device is formatted, sectors are grouped into clusters.
Secure Shell (SSH): A network protocol that allows data exchange using a secure channel between two networked devices. It is used primarily on GNU/Linux and UNIX based systems to access shell accounts. SSH was a replacement for Telnet and other insecure remote shells, which send information, notably passwords, in plaintext, rendering them susceptible to packet analysis. The encryption used by SSH provides confidentiality and integrity of data over an insecure network, such as the Internet.
Secure Sockets Layer (SSL): A security protocol that operates at the top of the Transport layer (Layer 4) and resides as the payload of a TCP session. Netscape designed SSL in 1997 for secure Web e-commerce, but it can encrypt any traffic above the Transport layer. It uses public key certificates to identify the endpoints of session and uses symmetric encryption to protect transferred data. SSL v3.0 is the last version of SSL; TLS is replacing SSL.
Secured VPN: A VPN that uses encryption to protect the confidentiality of its transmissions.
Security goals and security objectives: Sets of stated purposes or targets for network security activity. Standard goals include confidentiality, integrity, and availability. Objectives are generally more oriented towards achieving or maintaining the goals, such as ensuring the confidentiality of resources.
Security policy: A written document prescribing security goals, missions, objectives, standards, procedures, and implementations for a given organization. Also identifies what assets need protection based on their value.
Security Technical Implementation Guides (STIGS): A security guideline, procedure, or recommendation manual.
Security through obscurity: A form of security based on hiding details of a system, or creating convolutions that are difficult to understand. Such strategies do not usually resist a persistent attack, and are used when true security is poorly understood or the perceived threat is insufficient to overcome the obscure methodology. For example, proprietary source encryption algorithms can be labeled security through obscurity, as no forum for peer review or for formal testing exists to examine whether the methodology is cryptographically sound.
Segment: The collection of data at the Transport layer (Layer 4) of the OSI model. It consists of the payload from the Session layer (Layer 5) above and the Transport layer header. TCP segments are a common example. (Note: UDP segments are called datagrams as they are connectionless, rather than connection-oriented).
Senior management: The individual or group of highest controlling and responsible authority within an organization. Ultimately the success or failure of network security rests with senior management.
Separation of duties: An administrative rule whereby no single individual possesses sufficient rights to perform certain actions. Achieved by dividing administrative level tasks and powers among compartmentalized administrators.
Server: A host on a network. A server is the computer system that hosts resources accessed by users from clients.
Session: A logical connection between a client and a resource server. May exist at Layer 3, 4, or 5 of the OSI model. Also known as a circuit or a state.
Session hijacking: When a hacker is able to take over a connection after a client has authenticated with a server. To perform this attack, a hacker must eavesdrop on the session to learn details, such as the addresses of the session endpoints and the sequencing numbers. With this information, the hacker can desynchronize the client, take on the client's addresses, and then inject crafted packets into the data stream. If the server accepts the initial false packets as valid, then the session has been hijacked.
Session layer (Layer 5): The fifth layer of the OSI model. This layer manages the communication channel, known as a session, between the endpoints of the network communication. A single transport layer connection between two systems can support multiple simultaneous sessions.
Shell code: The content of an exploit to be executed on or against a target system.
Signature-based detection: A form of IDS/IPS detection based on a collection of samples, patterns, signatures, and so on stored in a database of known malicious traffic and events. All traffic or events that match an item in the database is considered abnormal and potentially malicious. Also known as database, knowledge, and pattern-matching-based detection.
Simple Mail Transfer Protocol (SMTP): An application-layer protocol used by e-mail clients to send messages to an e-mail server and is also used to relay messages between e-mail servers. The default TCP/IP port is 25, and it does not encrypt communications. The companion POP protocol receives messages from an e-mail server.
Single-factor authentication: The use of only a single element of validation or verification to prove the identity of a subject. Considered much weaker than multi-factor authentication.
Single loss expectancy (SLE): The calculation of the loss potential across of a single incident for a given asset and a specific threat. SLE calculations are part of risk assessment. SLE = AV × EF.
Single point of failure: Any element of a system or network infrastructure, which is the primary or only pathway through which a process occurs. The compromise of such an element could result in system failure. Network design should avoid single points of failure by including redundancy and defense in depth.
Single sign-on (SSO): A network security service that allows a user to authenticate to an entire domain through a single client log on process. All domain members will accept this single authentication. Local authorization is used to control access to individual resources. Such a single authentication can be more complex, since multiple logons for each individual server are not required.
Site-to-site VPN: A VPN used to connect networks. Also known as a LAN-to-LAN VPN and WAN VPN.
Slack space: The unused portion of the last cluster allocated to a stored file. It may contain remnants of prior files stored in that location. Hackers can hijack slack space to create hidden storage compartments.
Slideware: An industry term referring to any product that appears in a vendor's PowerPoint slide deck, but is not yet available in one of its products. Also sometimes known as "vaporware."
Sniffer: A software utility or hardware device that captures network communications for investigation and analysis. Also known as packet analyzer, network analyzer, and protocol analyzer.
Social engineering: The craft of manipulating people into performing tasks or releasing information that violates security. Social engineering relies on telling convincing lies to manipulate people or take advantage of the victim's desire to be helpful.
Socket: The combination of an IP address and a port number as a complete address.
Software firewall: A host firewall installed on a client or server.
Software VPN: A VPN crafted by software rather than hardware. Software VPN may be a feature of the operating system or a third-party application.
SOHO (small office, home office) network: Any small network, workgroup, or client/server, deployed by a small business, a home-based business, or just a family network in a home.
Spam: Unwanted and often unsolicited messages. Spam is not technically malicious software, but spam can have a serious negative effect on IT infrastructures through sheer volume. Estimates vary, but spam may represents up to 95 percent of all e-mail (which implies for every legitimate e-mail there are up to 19 unrelated spam e-mails.)
Split tunnel: A VPN connection that allows simultaneous access to the secured VPN link and unsecured access to the Internet across the same connection.
Spoofing: The falsification of information. Often spoofing is the attempt to hide the true identity of a user or the true origin of a communication.
Spyware: An advancement of keystroke logging to monitor and record many other user activities. Spyware varies greatly, but it can collect a list of applications launched, URLs visited, e-mail sent and received, chats sent and received, and names of all files opened. It can also record network activity, gather periodic screen captures, and even recording from a microphone or Web cam. Can be linked with adware.
SQL injection: A form of Web site/application attack in which a hacker submits SQL expressions to cause authentication bypass, extraction of data, planting of information, or access to a command shell.
Star topology: A network design in which host segments radiate from a central node.
State: A logical connection between a client and a resource server. May exist at Layer 3, 4, or 5 of the OSI model. Also known as a session or a circuit.
Stateful inspection: The process of automatically tracking sessions or states to allow inbound responses to previous outbound requests. Also called dynamic packet filtering.
Static electricity discharge (SED) or Electrostatic discharge (ESD): A sudden and momentary electric current, usually of high voltage and low amperage, that flows between two objects. Commonly caused by low humidity environments. Humans, polyester, and plastics are prone to static build-up. SED can damage most computer components.
Static NAT: The static coding of a translation pathway across a NAT service. Also known as port forwarding and reverse proxy.
Static packet filtering: A method of filtering using a static or fixed set of rules to filter network traffic. The rules can focus on source or destination IP address, source or destination port number, IP header protocol field value, ICMP types, fragmentation flags, and IP options. Static packet filtering is therefore mainly focused on the Network layer (Layer 3), but can also include Transport layer (Layer 4) elements. Static packet filtering focuses on header contents and does not examine the payload of packets or segments.
Subnetting: The process of dividing a block of computer network addresses into smaller blocks that contain a common set of high-order address bits, called a routing prefix. A subnet is typically served by a single router.
Sunk cost: Time, money, and effort already spent on a project, event, or device. In economics, sunk costs are irrelevant to future decisions. Emotionally, however, people often use sunk costs as a rationalization to continue failing processes or procedures.
Switch: A device, which provides network segmentation through hardware. Across a switch, temporary dedicated electronic communication pathways are created between the endpoints of a session (such as a client and server). This switched pathway prevents collisions. Additionally, switches allow the communication to use the full potential throughput capacity of the network connection, instead of 40 percent or more being wasted by collisions (as occurs with hubs).
Symmetric cryptography: Cryptography based on algorithms that use a single shared secret key. The same key encrypts and decrypts data and the same key must be shared with all communication partners of the same session.
Synchronous dynamic random access memory (SDRAM): Dynamic random access memory (DRAM) that has a synchronous interface. Traditionally, dynamic random access memory (DRAM) has an asynchronous interface, which means that it responds as quickly as possible to changes in control inputs. SDRAM has a synchronous interface, meaning that it waits for a clock signal before responding to control inputs and is therefore synchronized with the computer's system bus.
Systems Network Architecture (SNA): A legacy networking protocol developed by IBM commonly used to support communications between mainframes. Mostly replaced by TCP/IP.

T

Tangible cost/value: Costs or values directly related to budgetary funds. They can include, but are not limited to: purchase, license, maintenance, management, administration, support, utilities, training, troubleshooting, hardware, software, updates/upgrades, and so forth.
Tcpdump: A common packet analyzer that runs at the command line. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached.
Telco: Short for telecommunications company or corporation. Used to refer to any company that sells or leases WAN connection services whether wired or wireless.
Telecommuting: The act of working from a home, remote, or mobile location while connecting into "the employer's private network, often using a VPN.
Telnet: A protocol and a service used to remotely control or administer a host through a plaintext command line interface.
Terminal server/services/session: A modern form of legacy thin client operation. A thin client software utility connects to a central terminal server, which simulates remote control. A terminal service system can support multiple simultaneous terminal client connections. When terminal services are in use, the client workstation coverts to thin client status. All operations of storage and processing then take place on the terminal server.
Thin client: A legacy terminal concept used to control mainframes. Thin clients had no local processing or storage capability. Modern thin clients simulate these limitations and perform all operations on the terminal server, remote control server, or thin client server.
Threat: Any potential harm to a resource or node on the network. Threats can be natural or artificial, caused by mother nature or man, or by the result of ignorance or malicious intent. Threats originate internally and externally.
Topology: An arrangement of networking segments, hosts, and nodes. Common examples include bus, star, ring, full mesh, partial mesh, tree, and line.
Traceroute: A computer network tool used to show the route taken by packets across an IP network. An IPv6 variant, traceroute6, is also widely available.
Traffic congestion: The problem when too much data crosses a network segment. This results in reduced throughput, increased latency, and lost data.
Training: The second level of knowledge distribution offered by an organization to educate users about job task focused security concerns. More rigorous than awareness; less rigorous than education.
Transmission Control Protocol (TCP): The connection-oriented protocol operating at the Transport layer (Layer 4) of the OSI model.
Transport layer (Layer 4): The fourth layer of the OSI model. This layer formats and handles data transportation. This transportation is independent of and transparent to the application.
Transport Layer security (TLS): A security protocol that operates at the top of the Transport layer (Layer 4) and resides as the payload of a TCP session. It uses public key certificates to identify the endpoints of session and uses symmetric encryption to protect transferred data. TLS 1.0 is the replacement for SSL 3.0.
Transport mode encryption: A form of encryption also known as point-to-point or host-to-host encryption. Transport mode encryption protects only the payload of traffic and leaves the header in plain-text original form.
Trapdoor: A form of unauthorized access to a system. A trapdoor is any access method or pathway that circumvents access or authentication mechanisms. Also known as a backdoor.
Tree topology: A network design that organizes hosts into a hierarchy. Each host is connected upstream to a single parent, but can be connected downstream to none, one, or many hosts.
Triple-homed firewall: A firewall that has three network interfaces. Each network interface is located in a unique network segment. This allows for true isolation of the segments and forces the firewall to filter all traffic traversing from one segment to another.
Trojan horse: A mechanism of distribution or delivery more than a specific type of malware. The Trojan horse embeds a malicious payload within a seemingly benign carrier or host program. When the host program is executed or otherwise accessed, the malware is delivered. The gimmick of a Trojan horse is the act of fooling someone (a type of social engineering attack) into accepting the Trojan program as safe.
Trust: Confidence in the expectation that others will act in your best interest, or that a resource is authentic. On computer networks, trust is the confidence that other users will act in accordance with the organization's security rules and not attempt to violate stability, privacy, or integrity of the network and its resources.
Trusted Platform Module (TPM): A dedicated microchip found on some motherboards that host and protect the encryption key for whole hard drive encryption.
Trusted third party: A mechanism of authentication using a third entity known and trusted by two parties. The trusted third party allows the two communicating parties, who were originally strangers to each other, to establish an initial level of inferred trust.
Trusted VPN: A VPN that uses dedicated channels, rather than VPNs, to provide privacy to its transmissions.
Tunnel mode encryption: A form of encryption also known as site-to-site, LAN-to-LAN, gateway-to-gateway, host-to-LAN, and remote access encryption. Tunnel mode encryption performs a complete encapsulation of the original traffic into a new tunneling protocol. The entire original header and payload are encrypted and a temporary link or tunnel header guides the data across the intermediary network.
Tunneling: The act of transmitting a protocol across an intermediary network by encapsulating it in another protocol. See encapsulation.
Two-factor authentication: A method of proving identity using two different authentication factors. Authentication factors are something you know, something you have, or something you are. Examples include a smart card (something you have) with a PIN (something you know), a biometric device (something you are) coupled with a password (something you know), or a proximity card (something you have) that activates a fingerprint reader (something you are).

U

Unified threat management (UTM): The deployment of a firewall as an all-encompassing primary gateway security solution. The idea behind UTM is a single device can be designed to perform firewall filtering, IPS, antivirus scanning, anti-spam filtering, VPN end-point hosting, content filtering, load-balancing, detailed logging, and potentially other security services, performance enhancements, or extended capabilities.
Unpartitioned space: The area on a storage device not contained within a partition. Unpartitioned space is not directly accessible by the OS.
Upstream filtering: The management of traffic by a firewall or other filtering device located one or more hops away (upstream) from a private network.
URL injector: Malware that replaces URLs in HTTP GET requests for alternative addresses. These injected URLs cause a different Web page to appear in the browser than the one requested by the user's request. These replaced Web pages could be advertisement sites, generate traffic to falsify search engine optimization (SEO), or lead to fake or spoofed sites.
USENET newsgroups: Persistent public messaging forums accessed over the NNTP (Network News Transfer Protocol). USENET has existed since 1980. Although the Web, e-mail, and BitTorrent are more widely known, USENET is still in use today.
User Datagram Protocol (UDP): The connectionless protocol operating at the Transport layer (Layer 4) of the OSI model.

V

Virtual private network (VPN): A mechanism to establish a secure remote access connection across an intermediary network, often the Internet. This allows inexpensive insecure links to replace expensive security links. VPNs allow for cheap longdistance connections established over the Internet. Both endpoints need only a local Internet link. The Internet itself serves as a "free" long-distance carrier. VPNs employ encapsulation and tunneling protocols, such as IPSec.
Virus: Malware that needs a host object to infect. Most viruses infect files, such as executables, device drivers, DDLs, system files, and sometimes even document, audio, video, and image files. Some viruses infect the boot sector of a storage device, including hard drives, floppies, optical discs, and USB drives. Viruses are spread through the actions of users, and spread file-to-file (compare to worms).
VPN appliance: A hardware VPN device.
VPN Fingerprinting: A technique used by an attacker to identify the vendor, and in some cases, the software version, of a VPN server.
Vulnerability: A weakness or flaw in a host, node, or any other infrastructure component that a hacker can discover and exploit. Security management aims to discover and eliminate such vulnerabilities.
Vulnerability management: The technology and business processes used to identify, track, and mitigate known weaknesses on hosts within a computing environment.
Vulnerability scanning: A form of investigation that aims at checking whether or not a target system is subject to attack based on a database of tests, scripts, and simulated exploits.

W

WAN VPN: A VPN between two networks over an intermediary network. Also known as LAN-to-LAN VPN and site-to-site VPN.
War dialing: A method of discovering active modems by dialing a range of phone numbers.
War driving: A method of discovering wireless networks by moving around a geographic area with a detection device.
White list: A type of filtering concept where the network denies all activities except for those on the white list. Also known as an "allow" or "permissions list."
Whois: A tool used to view domain registration information. Whois is a command line function of Linux and Unix, but is also a tool on most domain registrar Web sites.
Whole hard drive encryption: The process of encrypting an entire hard drive rather than just individual files. In most cases, whole hard drive encryption provides better security against unauthorized access than file encryption, because it encrypts temporary directories and slack space.
Wide area network (WAN): A network not limited by any geographic boundaries. A WAN network can span a few city blocks, reach across the globe, and even extend into outer space. A distinguishing characteristic of a WAN is its use of leased or external connections and links. Often, telcos own these external connections.
Wirespeed: The maximum communication or transmission capability of a network segment. Often used to describe a network device's ability to perform tasks on traffic, while being able to maintain overall network transmission speeds without introducing delay, lag, or latency.
Workgroup: A form of networking where each computer is a peer. Peers are equal to each other in terms of how much power or controlling authority any one system has over the other members of the same workgroup. All workgroup members are on equal footing because they can manage their own local resources and users, but not those of any other workgroup member.
Worm: Malware that does not need a host object; instead, a worm is a self-sustaining program in its own right. Worms are designed around specific system flaws. The worm scans other systems for this flaw and exploits the flaw to gain access to another victim. Once hosted on another system, the worm seeks to spread itself by repeating the process. Worms can act as carriers to deposit other forms of malicious code as they multiply and spread across networked hosts.
Wrapper: A tool used to create Trojan horses by embedding malware inside of a host file or program.
Write-once read-many (WORM): A form of storage device that can be written to once, but once written cannot be electronically altered. Examples include DVD-R, WORM tapes, and WORM hard drives.

Z

Zero-day exploits: New and previous unknown attacks for which are there no current specific defenses. "Zero day" refers to the newness of an exploit, which may be known in the hacker community for days or weeks. When such an attack occurs for the first time, defenders are given zero days of notice (hence the name.) Such attacks usually exploit previously unidentified system flaws.
Zeroization: The process of purging a storage device by writing zeros to all addressable locations on the device. A zeroized device contains no data remnants that other users could potentially recover.
Zombie army: A network of zombie/bot/agent-compromised systems controlled by a hacker. The network consists of the bots, agents, or zombies that intercommunicate over the Internet. Another term for botnet.
Zombies: Malicious software programs distributed by hackers to take over control of victims' computers. Also known as bots or agents. Zombies are commonly used to construct botnets (or zombie armies).
Zone of risk: Any segment, subnet, network, or collection of networks that represent a certain level of risk. The higher the risk, the higher the security need to protect against that risk. The less the risk of a zone, the lower security need because fewer threats exist or existing threats are less harmful. The flip side of risk zones is zones of trust.
Zone of trust: Any segment, subnet, network, or collection of networks that represent a certain level of trust. Highly trusted zones require less security, while low trusted zones require more security. The flip side of trust zones is zones of risk.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Glossary of Key Terms

Create new playlist

Sign In

Sign Up

Glossary of Key Terms

A

B

C

D

E

F

G

H

I

J

K

L

M

N

O

P

R

S

T

U

V

W

Z

Table of Contents for
Glossary of Key Terms