A
ACL (Access Control List) :-
A method of keeping in check the Internet traffic that attempts to flow through a given hub, router, firewall, or similar device. Access control is often accomplished by creating a list specifying the IP addresses and/or ports from which permitted traffic can come. The device stops any traffic coming from IP addresses or ports not on the ACL.
Active mode FTP (File Transfer Protocol) :-
One of two ways an FTP data connection is made. In active mode, the FTP server establishes the data connection. In passive mode, the client establishes the connection. In general, FTP user agents use active mode and Web user agents use passive mode.
AH (authentication header)
An IPSec header used to verify that the contents of a packet have not been modified while the packet was in transit.
Algorithm (Encryption)
A set of mathematical rules (logic) for the process of encryption and decryption.
ARP (Address Resolution Protocol)
Each device on a network has at least two addresses: a media access control (MAC) address, and an Internet Protocol (IP) address. The MAC address is the address of the physical network interface card inside the device, and never changes for the life of the device. The IP address can change if the machine moves to another part of the network or the network uses DHCP. ARP, one of the IP protocols, is used to match, or resolve, an IP address to its appropriate MAC address (and vice versa). ARP works by broadcasting a packet to all hosts attached to an Ethernet. The packet contains the IP address the sender is interested in communicating with. Most hosts ignore the packet. The target machine, recognizing that the IP address in the packet matches its own, returns an answer.
ARP table
A table of IP addresses stored on a local computer, used to match IP addresses to their corresponding MAC addresses.
Asymmetric Keys
A pair of encryption keys, composed of one public key and one private key. Each key is one way, meaning that a key used to encrypt data cannot be used to decrypt the same data. However, information encrypted using the public key can be decrypted using the private key, and vice versa. This technology is commonly applied to e-mails, which are encrypted for confidentiality en route.
Attack
An attempt to break into a system.
Authentication
1. The process of identifying an individual, usually based on a user name and password. Authentication iusually requires something a person has (such as a key, badge, or token), something a person knows (such as a password, ID number, or mother's maiden name), or something a person is (represented by a photo, fingerprint or retina scan, etc). When authentication requires two of those three things, it is considered strong authentication.
2. A method of associating a user name with a workstation IP address, allowing the tracking of connections based on name rather than IP address. With authentication, you can track users regardless of which machine a person chooses to work from.
Autopartitioning
A feature on some network devices that isolates a node within the workgroup when the node becomes disabled, so as not to affect the entire network or group.
Authorization
To convey official access or legal power to a person or entity.
B
Backdoor
A design fault, planned or accidental, that allows the apparent strength of the design to be easily avoided by those who know the trick.
Block Cipher
A procedure that translates plain text into coded text, operating on blocks of plain text of a fixed size (usually 64 bits). Every block is padded out to be the same size, making the encrypted message harder to guess.
Blocked Port
A security measure in which a specific port is disabled, stopping users outside the firewall from gaining access to the network through that port. The ports commonly blocked by network administrators are the ports most commonly used in attacks.
Botnet
Collection of computers that are infected with small bits of code (bots) that allow a remote computer to control some or all of the functions of the infected machines. The botmaster who controls the infected computers has the ability to manipulate them individually, or collectively as bot armies that act in concert. Botnets are typically used for disreputable purposes, such as Denial of Service attacks, click fraud, and spam.
C
CBC (Cipher Block Chaining)
A technique commonly used by encryption algorithms like Data Encryption Standard (DES) - CBC, where a plain text message is broken into sequential blocks. The first block is encrypted using a given cipher, creating cipher text. That cipher text is used to encrypt the second block of plain text. This pattern continues, with each subsequent block of plain text being encrypted using the cipher text encrypted just before it.
CERTIFICATE AUTHORITY (CA)
A trusted third party (TTP) who verifies the identity of a person or entity, then issues digital certificates vouching that various attributes (e. g., name, a given public key) have a valid association with that entity.
CHAP (Challenge Handshake Authentication Protocol)
A type of authentication where the person logging in uses secret information and some special mathematical operations to come up with a number value. The server he or she is logging into knows the same secret value and performs the same mathematical operations. If the results match, the person is authorized to access the server. One of the numbers in the mathematical operation is changed after every log-in, to protect against an intruder secretly copying a valid authentication session and replaying it later to log in.
Cipher Text
The result of encrypting either characters or bits using some algorithm. Cipher text is unreadable until it is decrypted.
CRL (Certificate Revocation List)
An up-to-date list of previously issued certificates that are no longer valid.
Cross-Site Scripting
An attack performed through Web browsers, taking advantage of poorly-written Web applications. Cross-site scripting attacks can take many forms. One common form is for an attacker to trick a user into clicking on a specially-crafted, malicious hyperlink. The link appears to lead to an innocent site, but the site is actually the attacker's, and includes embedded scripts. What the script does is up to the attacker; commonly, it collects data the victim might enter, such as a credit card number or password. The malicious link itself might also collect the victim's cookie data.
Cryptanalysis
The art or science of transferring cipher text into plain text without initial knowledge of the key used to encrypt the plain text.
CRYPTOCard
One element in a proprietary authentication system, which uses an offline card containing a large secret key to answer security "challenges" from the network. The large number inside the card, called a key, is like a hard-to-guess password used in encrypting and decrypting. The key is never stored on a computer, which increases its safety against unauthorized discovery.
Cryptography
The art and science of encoding and decoding messages using mathematical algorithms that utilize a secret key. The concept has broadened to include managing messages that have some combination of: privacy (by being unreadable to anyone but the sender and receiver); integrity (not modified while en route), and non-repudiation (digitally signed in such a way that the originator cannot plausibly claim he or she did not originate it).
D
Decrypt
To decode data that has been encrypted, turning it back into plain text.
DENIAL OF SERVICE ATTACK (DOS)
A type of attack aimed at making the targeted system or network unusable, often by monopolizing system resources. For example, in February 2000 a hacker directed thousands of requests to eBay's Web site. The network traffic flooded the available Internet connection so that no users could access eBay for a few hours. A distributed denial of service (DDoS) involves many computer systems, possibly hundreds, all sending traffic to a few choice targets. The term "Denial of Service" is also used imprecisely to refer to any outwardly-induced condition that renders a computer unusable, thus "denying service" to its rightful user.
DES (Data Encryption Standard)
A commonly-used encryption algorithm that encrypts data using a key of 56 bits, which is considered fairly weak given the speed and power of modern computers. Until recently it was the US government's encryption standard, but it has largely been replaced by Triple-DES and AES.
Dictionary Attack
An attempt to guess a password by systematically trying every word in a dictionary as the password. This attack is usually automated, using a dictionary of the hacker's choosing, which may include both ordinary words and jargon, names, and slang.
Diffie-Hellman
A mathematical algorithm that allows two users to exchange a secret key over an insecure medium without any prior secrets. This protocol, named after the inventors who first published it in 1976, is used in Virtual Private Networking (VPN).
Digital Signature
An electronic identification of a person or thing, intended to verify to a recipient the integrity of data sent to them, and the identity of the sender. Creating a digital signature involves elaborate mathematical techniques that the sender and recipient can both perform on the transmitted data. Performing identical formulas on identical data should produce identical results at both the sending and receiving end. If the recipient's results do not equal the sender's results, the message may have been tampered with en route. If the message was modified after being sent -- even if all someone did was change the punctuation on a sentence, or added an extra space between two of the words -- you could tell. A digital signature typically depends upon three elements: public key encryption, a Certificate Authority, and a digital certificate.
DMZ (Demilitarized Zone)
A partially-protected zone on a network, not exposed to the full fury of the Internet, but not fully behind the firewall. This technique is typically used on parts of the network which must remain open to the public (such as a Web server) but must also access trusted resources (such as a database). The point is to allow the inside firewall component, guarding the trusted resources, to make certain assumptions about the impossibility of outsiders forging DMZ addresses.
DNS (Domain Name System)
A network system of servers that translates numeric IP addresses into readable, hierarchical Internet addresses, and vice versa. This is what allows your computer network to understand that you want to reach the server at 192.168.100.1 (for example) when you type into your browser a domain name such as www.ccnpsecurity.blogspot.com.
DNS cache poisoning
A clever technique that tricks your DNS server into believing it has received authentic information when, in reality, it has been lied to. Why would an attacker corrupt your DNS server's cache? So that your DNS server will give out incorrect answers that provide IP addresses of the attacker's choice, instead of the real addresses. Imagine that someone decides to use the Microsoft Update Web site to get the latest Internet Explorer patch. But, the attacker has inserted phony addresses for update.microsoft.com in your DNS server, so instead of being taken to Microsoft's download site, the victim's browser arrives at the attacker's site and downloads the latest worm.
DNS lookup
The Domain Name Service act of matching a friendly, readable domain name (such aswww.ccnpsecurity.blogspot.com) to its associated IP address
DNS spoofing
An attack technique where a hacker intercepts your system's requests to a DNS server in order to issue false responses as though they came from the real DNS server. Using this technique, an attacker can convince your system that an existing Web page does not exist, or respond to requests that should lead to a legitimate Web site, with the IP address of a malicious Web site. This differs from DNS cache poisoning because in DNS spoofing, the attacker does not hack a DNS server; instead, he inserts himself between you and the server and impersonates the server.
Domain Name Hijacking
An attack technique where the attacker takes over a domain by first blocking access to the victim domain's DNS server, then putting up a malicious server in its place. For example, if a hacker wanted to take over fnark.com, he would have to remove the fnark.com DNS server from operation using a Denial of Service attack to block access to fnark's DNS server. Then, he would put up his own DNS server, advertising it to everyone on the Internet as fnark.com. When an unsuspecting user went to access fnark.com, he would get the attacker's domain instead of the real one.
