M
MAC Address
A physical address; a numeric value that uniquely identifies that network device from every other device on the planet.
Malicious Code
Software (e.g., Trojan horse) that appears to perform a useful or desirable function, but actually gains unauthorized access to system resources or tricks a user into executing other malicious logic.
Malware
A generic term for a number of different types of malicious code.
Mandatory Access Control (MAC)
Mandatory Access Control controls is where the system controls access to resources based on classification levels assigned to both the objects and the users. These controls cannot be changed by anyone.
Masquerade Attack
A type of attack in which one system entity illegitimately poses as (assumes the identity of) another entity.
Measures of Effectiveness (MOE)
Measures of Effectiveness is a probability model based on engineering concepts that allows one to approximate the impact a give action will have on an environment. In Information warfare it is the ability to attack or defend within an Internet environment.
Monoculture
Monoculture is the case where a large number of users run the same software, and are vulnerable to the same attacks.
Morris Worm
A worm program written by Robert T. Morris, Jr. that flooded the ARPANET in November, 1988, causing problems for thousands of hosts.
Multi-Cast
Broadcasting from one host to a given set of hosts.
Multi-Homed
You are "multi-homed" if your network is directly connected to two or more ISP's.
Multiplexing
To combine multiple signals from possibly disparate sources, in order to transmit them over a single path.

--------------------------------------------------------------------------------

N
National Institute of Standards and Technology (NIST)
National Institute of Standards and Technology, a unit of the US Commerce Department. Formerly known as the National Bureau of Standards, NIST promotes and maintains measurement standards. It also has active programs for encouraging and assisting industry and science to develop and use these standards.
Natural Disaster
Any "act of God" (e.g., fire, flood, earthquake, lightning, or wind) that disables a system component.
Netmask
32-bit number indicating the range of IP addresses residing on a single IP network/subnet/supernet. This specification displays network masks as hexadecimal numbers. For example, the network mask for a class C IP network is displayed as 0xffffff00. Such a mask is often displayed elsewhere in the literature as 255.255.255.0.
Network Address Translation
The translation of an Internet Protocol address used within one network to a different IP address known within another network. One network is designated the inside network and the other is the outside.
Network-Based IDS
A network-based IDS system monitors the traffic on its network segment as a data source. This is generally accomplished by placing the network interface card in promiscuous mode to capture all network traffic that crosses its network segment. Network traffic on other segments, and traffic on other means of communication (like phone lines) can't be monitored. Network-based IDS involves looking at the packets on the network as they pass by some sensor. The sensor can only see the packets that happen to be carried on the network segment it's attached to. Packets are considered to be of interest if they match a signature.Network-based intrusion detection passively monitors network activity for indications of attacks. Network monitoring offers several advantages over traditional host-based intrusion detection systems. Because many intrusions occur over networks at some point, and because networks are increasingly becoming the targets of attack, these techniques are an excellent method of detecting many attacks which may be missed by host-based intrusion detection mechanisms.
Network Mapping
To compile an electronic inventory of the systems and the services on your network.
Network Taps
Network taps are hardware devices that hook directly onto the network cable and send a copy of the traffic that passes through it to one or more other networked devices.
Non-Printable Character
A character that doesn't have a corresponding character letter to its corresponding ASCII code. Examples would be the Linefeed, which is ASCII character code 10 decimal, the Carriage Return, which is 13 decimal, or the bell sound, which is decimal 7. On a PC, you can often add non-printable characters by holding down the Alt key, and typing in the decimal value (i.e., Alt-007 gets you a bell). There are other character encoding schemes, but ASCII is the most prevalent.
Non-Repudiation
Non-repudiation is the ability for a system to prove that a specific user and only that specific user sent a message and that it hasn't been modified.
Null Session
Known as Anonymous Logon, it is a way of letting an anonymous user retrieve information such as user names and shares over the network or connect without authentication. It is used by applications such as explorer.exe to enumerate shares on remote servers.

--------------------------------------------------------------------------------

O
Octet
A sequence of eight bits. An octet is an eight-bit byte.
One-Way Encryption
Irreversible transformation of plaintext to cipher text, such that the plaintext cannot be recovered from the cipher text by other than exhaustive procedures even if the cryptographic key is known.
One-Way Function
A (mathematical) function, f, which is easy to compute the output based on a given input. However given only the output value it is impossible (except for a brute force attack) to figure out what the input value is.
Open Shortest Path First (OSPF)
Open Shortest Path First is a link state routing algorithm used in interior gateway routing. Routers maintain a database of all routers in the autonomous system with links between the routers, link costs, and link states (up and down).
OSI
OSI (Open Systems Interconnection) is a standard description or "reference model" for how messages should be transmitted between any two points in a telecommunication network. Its purpose is to guide product implementers so that their products will consistently work with other products. The reference model defines seven layers of functions that take place at each end of a communication. Although OSI is not always strictly adhered to in terms of keeping related functions together in a well-defined layer, many if not most products involved in telecommunication make an attempt to describe themselves in relation to the OSI model. It is also valuable as a single reference view of communication that furnishes everyone a common ground for education and discussion.
OSI layers
The main idea in OSI is that the process of communication between two end points in a telecommunication network can be divided into layers, with each layer adding its own set of special, related functions. Each communicating user or program is at a computer equipped with these seven layers of function. So, in a given message between users, there will be a flow of data through each layer at one end down through the layers in that computer and, at the other end, when the message arrives, another flow of data up through the layers in the receiving computer and ultimately to the end user or program. The actual programming and hardware that furnishes these seven layers of function is usually a combination of the computer operating system, applications (such as your Web browser), TCP/IP or alternative transport and network protocols, and the software and hardware that enable you to put a signal on one of the lines attached to your computer. OSI divides telecommunication into seven layers. The layers are in two groups. The upper four layers are used whenever a message passes from or to a user. The lower three layers (up to the network layer) are used when any message passes through the host computer or router. Messages intended for this computer pass to the upper layers. Messages destined for some other host are not passed up to the upper layers but are forwarded to another host. The seven layers are: Layer 7: The application layer...This is the layer at which communication partners are identified, quality of service is identified, user authentication and privacy are considered, and any constraints on data syntax are identified. (This layer is not the application itself, although some applications may perform application layer functions.) Layer 6: The presentation layer...This is a layer, usually part of an operating system, that converts incoming and outgoing data from one presentation format to another (for example, from a text stream into a popup window with the newly arrived text). Sometimes called the syntax layer. Layer 5: The session layer...This layer sets up, coordinates, and terminates conversations, exchanges, and dialogs between the applications at each end. It deals with session and connection coordination. Layer 4: The transport layer...This layer manages the end-to-end control (for example, determining whether all packets have arrived) and error-checking. It ensures complete data transfer. Layer 3: The network layer...This layer handles the routing of the data (sending it in the right direction to the right destination on outgoing transmissions and receiving incoming transmissions at the packet level). The network layer does routing and forwarding. Layer 2: The data-link layer...This layer provides synchronization for the physical level and does bit-stuffing for strings of 1's in excess of 5. It furnishes transmission protocol knowledge and management. Layer 1: The physical layer...This layer conveys the bit stream through the network at the electrical and mechanical level. It provides the hardware means of sending and receiving data on a carrier.
Overload
Hindrance of system operation by placing excess burden on the performance capabilities of a system component.

--------------------------------------------------------------------------------

P
Packet
A piece of a message transmitted over a packet-switching network. One of the key features of a packet is that it contains the destination address in addition to the data. In IP networks, packets are often called datagrams.
Packet Switched Network
A packet switched network is where individual packets each follow their own paths through the network from one endpoint to another.
Partitions
Major divisions of the total physical hard disk space.
Password Authentication Protocol (PAP)
Password Authentication Protocol is a simple, weak authentication mechanism where a user enters the password and it is then sent across the network, usually in the clear.
Password Cracking
Password cracking is the process of attempting to guess passwords, given the password file information.
Password Sniffing
Passive wiretapping, usually on a local area network, to gain knowledge of passwords.
Patch
A patch is a small update released by a software manufacturer to fix bugs in existing programs.
Patching
Patching is the process of updating software to a different version.
Payload
Payload is the actual application data a packet contains.
Penetration
Gaining unauthorized logical access to sensitive data by circumventing a system's protections.
Penetration Testing
Penetration testing is used to test the external perimeter security of a network or facility.
Permutation
Permutation keeps the same letters but changes the position within a text to scramble the message.
Personal Firewalls
Personal firewalls are those firewalls that are installed and run on individual PCs.
Ping of Death
An attack that sends an improperly large ICMP echo request packet (a "ping") with the intent of overflowing the input buffers of the destination machine and causing it to crash.
Ping Scan
A ping scan looks for machines that are responding to ICMP Echo Requests.
Ping Sweep
An attack that sends ICMP echo requests ("pings") to a range of IP addresses, with the goal of finding hosts that can be probed for vulnerabilities.
Plaintext
Ordinary readable text before being encrypted into ciphertext or after being decrypted.
Point-to-Point Protocol (PPP)
A protocol for communication between two computers using a serial interface, typically a personal computer connected by phone line to a server. It packages your computer's TCP/IP packets and forwards them to the server where they can actually be put on the Internet.
Point-to-Point Tunneling Protocol (PPTP)
A protocol (set of communication rules) that allows corporations to extend their own corporate network through private "tunnels" over the public Internet.
Poison Reverse
Split horizon with poisoned reverse (more simply, poison reverse) does include such routes in updates, but sets their metrics to infinity. In effect, advertising the fact that there routes are not reachable.
Polyinstantiation
Polyinstantiation is the ability of a database to maintain multiple records with the same key. It is used to prevent inference attacks.
Polymorphism
Polymorphism is the process by which malicious software changes its underlying code to avoid detection.
Port
A port is nothing more than an integer that uniquely identifies an endpoint of a communication stream. Only one process per machine can listen on the same port number.
Port Scan
A port scan is a series of messages sent by someone attempting to break into a computer to learn which computer network services, each associated with a "well-known" port number, the computer provides. Port scanning, a favorite approach of computer cracker, gives the assailant an idea where to probe for weaknesses. Essentially, a port scan consists of sending a message to each port, one at a time. The kind of response received indicates whether the port is used and can therefore be probed for weakness.
Possession
Possession is the holding, control, and ability to use information.
Post Office Protocol, Version 3 (POP3)
An Internet Standard protocol by which a client workstation can dynamically access a mailbox on a server host to retrieve mail messages that the server has received and is holding for the client.
Practical Extraction and Reporting Language (Perl)
A script programming language that is similar in syntax to the C language and that includes a number of popular Unix facilities such as sed, awk, and tr.
Preamble
A preamble is a signal used in network communications to synchronize the transmission timing between two or more systems. Proper timing ensures that all systems are interpreting the start of the information transfer correctly. A preamble defines a specific series of transmission pulses that is understood by communicating systems to mean "someone is about to transmit data". This ensures that systems receiving the information correctly interpret when the data transmission starts. The actual pulses used as a preamble vary depending on the network communication technology in use.
Pretty Good Privacy (PGP)TM
Trademark of Network Associates, Inc., referring to a computer program (and related protocols) that uses cryptography to provide data security for electronic mail and other applications on the Internet.
Private Addressing
IANA has set aside three address ranges for use by private or non-Internet connected networks. This is referred to as Private Address Space and is defined in RFC 1918. The reserved address blocks are: 10.0.0.0 to 10.255.255.255 (10/8 prefix) 172.16.0.0 to 172.31.255.255 (172.16/12 prefix) 192.168.0.0 to 192.168.255.255 (192.168/16 prefix)
Program Infector
A program infector is a piece of malware that attaches itself to existing program files.
Program Policy
A program policy is a high-level policy that sets the overall tone of an organization's security approach.
Promiscuous Mode
When a machine reads all packets off the network, regardless of who they are addressed to. This is used by network administrators to diagnose network problems, but also by unsavory characters who are trying to eavesdrop on network traffic (which might contain passwords or other information).
Proprietary Information
Proprietary information is that information unique to a company and its ability to compete, such as customer lists, technical data, product costs, and trade secrets.
Protocol
A formal specification for communicating; an IP address the special set of rules that end points in a telecommunication connection use when they communicate. Protocols exist at several levels in a telecommunication connection.
Protocol Stacks (OSI)
A set of network protocol layers that work together.
Proxy Server
A server that acts as an intermediary between a workstation user and the Internet so that the enterprise can ensure security, administrative control, and caching service. A proxy server is associated with or part of a gateway server that separates the enterprise network from the outside network and a firewall server that protects the enterprise network from outside intrusion.
Public Key
The publicly-disclosed component of a pair of cryptographic keys used for asymmetric cryptography.
Public Key Encryption
The popular synonym for "asymmetric cryptography".
Public Key Infrastructure (PKI)
A PKI (public key infrastructure) enables users of a basically unsecured public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority. The public key infrastructure provides for a digital certificate that can identify an individual or an organization and directory services that can store and, when necessary, revoke the certificates.
Public-Key Forward Secrecy (PFS)
For a key agreement protocol based on asymmetric cryptography, the property that ensures that a session key derived from a set of long-term public and private keys will not be compromised if one of the private keys is compromised in the future.

--------------------------------------------------------------------------------

Q
QAZ
A network worm.

--------------------------------------------------------------------------------

R
Race Condition
A race condition exploits the small window of time between a security control being applied and when the service is used.
Radiation Monitoring
Radiation monitoring is the process of receiving images, data, or audio from an unprotected source by listening to radiation signals.
Reconnaissance
Reconnaissance is the phase of an attack where an attackers finds new systems, maps out networks, and probes for specific, exploitable vulnerabilities.
Reflexive ACLs (Cisco)
Reflexive ACLs for Cisco routers are a step towards making the router act like a stateful firewall. The router will make filtering decisions based on whether connections are a part of established traffic or not.
Registry
The Registry in Windows operating systems in the central set of settings and information required to run the Windows computer.
Request for Comment (RFC)
A series of notes about the Internet, started in 1969 (when the Internet was the ARPANET). An Internet Document can be submitted to the IETF by anyone, but the IETF decides if the document becomes an RFC. Eventually, if it gains enough interest, it may evolve into an Internet standard.
Resource Exhaustion
Resource exhaustion attacks involve tying up finite resources on a system, making them unavailable to others.
Response
A response is information sent that is responding to some stimulus.
Reverse Address Resolution Protocol (RARP)
RARP (Reverse Address Resolution Protocol) is a protocol by which a physical machine in a local area network can request to learn its IP address from a gateway server's Address Resolution Protocol table or cache. A network administrator creates a table in a local area network's gateway router that maps the physical machine (or Media Access Control - MAC address) addresses to corresponding Internet Protocol addresses. When a new machine is set up, its RARP client program requests from the RARP server on the router to be sent its IP address. Assuming that an entry has been set up in the router table, the RARP server will return the IP address to the machine which can store it for future use.
Reverse Engineering
Acquiring sensitive data by disassembling and analyzing the design of a system component.
Reverse Lookup
Find out the hostname that corresponds to a particular IP address. Reverse lookup uses an IP (Internet Protocol) address to find a domain name.
Reverse Proxy
Reverse proxies take public HTTP requests and pass them to back-end webservers to send the content to it, so the proxy can then send the content to the end-user.
Risk
Risk is the product of the level of threat with the level of vulnerability. It establishes the likelihood of a successful attack.
Risk Assessment
A Risk Assessment is the process by which risks are identified and the impact of those risks determined.
Rivest-Shamir-Adleman (RSA)
An algorithm for asymmetric cryptography, invented in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman.
Role Based Access Control
Role based access control assigns users to roles based on their organizational functions and determines authorization based on those roles.
Root
Root is the name of the administrator account in Unix systems.
Rootkit
A collection of tools (programs) that a hacker uses to mask intrusion and obtain administrator-level access to a computer or computer network.
Router
Routers interconnect logical networks by forwarding information to other networks based upon IP addresses.
Routing Information Protocol (RIP)
Routing Information Protocol is a distance vector protocol used for interior gateway routing which uses hop count as the sole metric of a path's cost.
Routing Loop
A routing loop is where two or more poorly configured routers repeatedly exchange the same packet over and over.
RPC Scans
RPC scans determine which RPC services are running on a machine.
Rule Set Based Access Control (RSBAC)
Rule Set Based Access Control targets actions based on rules for entities operating on objects.

--------------------------------------------------------------------------------

S
S/Key
A security mechanism that uses a cryptographic hash function to generate a sequence of 64-bit, one-time passwords for remote user login. The client generates a one-time password by applying the MD4 cryptographic hash function multiple times to the user's secret key. For each successive authentication of the user, the number of hash applications is reduced by one.
Safety
Safety is the need to ensure that the people involved with the company, including employees, customers, and visitors, are protected from harm.
Scavenging
Searching through data residue in a system to gain unauthorized knowledge of sensitive data.
Secure Electronic Transactions (SET)
Secure Electronic Transactions is a protocol developed for credit card transactions in which all parties (customers, merchant, and bank) are authenticated using digital signatures, encryption protects the message and provides integrity, and provides end-to-end security for credit card transactions online.
Secure Shell (SSH)
A program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another.
Secure Sockets Layer (SSL)
A protocol developed by Netscape for transmitting private documents via the Internet. SSL works by using a public key to encrypt data that's transferred over the SSL connection.
Security Policy
A set of rules and practices that specify or regulate how a system or organization provides security services to protect sensitive and critical system resources.
Segment
Segment is another name for TCP packets.
Sensitive Information
Sensitive information, as defined by the federal government, is any unclassified information that, if compromised, could adversely affect the national interest or conduct of federal initiatives.
Separation of Duties
Separation of duties is the principle of splitting privileges among multiple individuals or systems.
Server
A system entity that provides a service in response to requests from other system entities called clients.
Session
A session is a virtual connection between two hosts by which network traffic is passed.
Session Hijacking
Take over a session that someone else has established.
Session Key
In the context of symmetric encryption, a key that is temporary or is used for a relatively short period of time. Usually, a session key is used for a defined period of communication between two computers, such as for the duration of a single connection or transaction set, or the key is used in an application that protects relatively large amounts of data and, therefore, needs to be re-keyed frequently.
Shadow Password Files
A system file in which encryption user password are stored so that they aren't available to people who try to break into the system.
Share
A share is a resource made public on a machine, such as a directory (file share) or printer (printer share).
Shell
A Unix term for the interactive user interface with an operating system. The shell is the layer of programming that understands and executes the commands a user enters. In some systems, the shell is called a command interpreter. A shell usually implies an interface with a command syntax (think of the DOS operating system and its "C:>" prompts and user commands such as "dir" and "edit").
Signals Analysis
Gaining indirect knowledge of communicated data by monitoring and analyzing a signal that is emitted by a system and that contains the data but is not intended to communicate the data.
Signature
A Signature is a distinct pattern in network traffic that can be identified to a specific tool or exploit.
Simple Integrity Property
In Simple Integrity Property a user cannot write data to a higher integrity level than their own.
Simple Network Management Protocol (SNMP)
The protocol governing network management and the monitoring of network devices and their functions. A set of protocols for managing complex networks.
Simple Security Property
In Simple Security Property a user cannot read data of a higher classification than their own.
Smartcard
A smartcard is an electronic badge that includes a magnetic strip or chip that can record and replay a set key.
Smurf
The Smurf attack works by spoofing the target address and sending a ping to the broadcast address for a remote network, which results in a large amount of ping replies being sent to the target.
Sniffer
A sniffer is a tool that monitors network traffic as it received in a network interface.
Sniffing
A synonym for "passive wiretapping."
Social Engineering
A euphemism for non-technical or low-technology means - such as lies, impersonation, tricks, bribes, blackmail, and threats - used to attack information systems.
Socket
The socket tells a host's IP stack where to plug in a data stream so that it connects to the right application.
Socket Pair
A way to uniquely specify a connection, i.e., source IP address, source port, destination IP address, destination port.
SOCKS
A protocol that a proxy server can use to accept requests from client users in a company's network so that it can forward them across the Internet. SOCKS uses sockets to represent and keep track of individual connections. The client side of SOCKS is built into certain Web browsers and the server side can be added to a proxy server.
Software
Computer programs (which are stored in and executed by computer hardware) and associated data (which also is stored in the hardware) that may be dynamically written or modified during execution.
Source Port
The port that a host uses to connect to a server. It is usually a number greater than or equal to 1024. It is randomly generated and is different each time a connection is made.
Spam
Electronic junk mail or junk newsgroup postings.
Spanning Port
Configures the switch to behave like a hub for a specific port.
Split Key
A cryptographic key that is divided into two or more separate data items that individually convey no knowledge of the whole key that results from combining the items.
Split Horizon
Split horizon is a algorithm for avoiding problems caused by including routes in updates sent to the gateway from which they were learned.
Spoof
Attempt by an unauthorized entity to gain access to a system by posing as an authorized user.
SQL Injection
SQL injection is a type of input validation attack specific to database-driven applications where SQL code is inserted into application queries to manipulate the database.
Stack Mashing
Stack mashing is the technique of using a buffer overflow to trick a computer into executing arbitrary code.
Standard ACLs (Cisco)
Standard ACLs on Cisco routers make packet filtering decisions based on Source IP address only.
Star Property
In Star Property, a user cannot write data to a lower classification level without logging in at that lower classification level.
State Machine
A system that moves through a series of progressive conditions.
Stateful Inspection
Also referred to as dynamic packet filtering. Stateful inspection is a firewall architecture that works at the network layer. Unlike static packet filtering, which examines a packet based on the information in its header, stateful inspection examines not just the header information but also the contents of the packet up through the application layer in order to determine more about the packet than just information about its source and destination.
Static Host Tables
Static host tables are text files that contain hostname and address mapping.
Static Routing
Static routing means that routing table entries contain information that does not change.
Stealthing
Stealthing is a term that refers to approaches used by malicious code to conceal its presence on the infected system.
Steganalysis
Steganalysis is the process of detecting and defeating the use of steganography.
Steganography
Methods of hiding the existence of a message or other data. This is different than cryptography, which hides the meaning of a message but does not hide the message itself. An example of a steganographic method is "invisible" ink.
Stimulus
Stimulus is network traffic that initiates a connection or solicits a response.
Store-and-Forward
Store-and-Forward is a method of switching where the entire packet is read by a switch to determine if it is intact before forwarding it.
Straight-Through Cable
A straight-through cable is where the pins on one side of the connector are wired to the same pins on the other end. It is used for interconnecting nodes on the network.
Stream Cipher
A stream cipher works by encryption a message a single bit, byte, or computer word at a time.
Strong Star Property
In Strong Star Property, a user cannot write data to higher or lower classifications levels than their own.
Sub Network
A separately identifiable part of a larger network that typically represents a certain limited number of host computers, the hosts in a building or geographic area, or the hosts on an individual local area network.
Subnet Mask
A subnet mask (or number) is used to determine the number of bits used for the subnet and host portions of the address. The mask is a 32-bit value that uses one-bits for the network and subnet portions and zero-bits for the host portion.
Switch
A switch is a networking device that keeps track of MAC addresses attached to each of its ports so that data is only transmitted on the ports that are the intended recipient of the data.
Switched Network
A communications network, such as the public switched telephone network, in which any user may be connected to any other user through the use of message, circuit, or packet switching and control devices. Any network providing switched communications service.
Symbolic Links
Special files which point at another file.
Symmetric Cryptography
A branch of cryptography involving algorithms that use the same key for two different steps of the algorithm (such as encryption and decryption, or signature creation and signature verification). Symmetric cryptography is sometimes called "secret-key cryptography" (versus public-key cryptography) because the entities that share the key.
Symmetric Key
A cryptographic key that is used in a symmetric cryptographic algorithm.
SYN Flood
A denial of service attack that sends a host more TCP SYN packets (request to synchronize sequence numbers, used when opening a connection) than the protocol implementation can handle.
Synchronization
Synchronization is the signal made up of a distinctive pattern of bits that network hardware looks for to signal that start of a frame.
Syslog
Syslog is the system logging facility for Unix systems.
System Security Officer (SSO)
A person responsible for enforcement or administration of the security policy that applies to the system.
System-Specific Policy
A System-specific policy is a policy written for a specific system or device.

--------------------------------------------------------------------------------

T
T1, T3
A digital circuit using TDM (Time-Division Multiplexing).
Tamper
To deliberately alter a system's logic, data, or control information to cause the system to perform unauthorized functions or services.
TCP Fingerprinting
TCP fingerprinting is the user of odd packet header combinations to determine a remote operating system.
TCP Full Open Scan
TCP Full Open scans check each port by performing a full three-way handshake on each port to determine if it was open.
TCP Half Open Scan
TCP Half Open scans work by performing the first half of a three-way handshake to determine if a port is open.
TCP Wrapper
A software package which can be used to restrict access to certain network services based on the source of the connection; a simple tool to monitor and control incoming network traffic.
TCP/IP
A synonym for "Internet Protocol Suite;" in which the Transmission Control Protocol and the Internet Protocol are important parts. TCP/IP is the basic communication language or protocol of the Internet. It can also be used as a communications protocol in a private network (either an Intranet or an Extranet).
TCPDump
TCPDump is a freeware protocol analyzer for Unix that can monitor network traffic on a wire.
TELNET
A TCP-based, application-layer, Internet Standard protocol for remote login from one host to another.
Threat
A potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm.
Threat Assessment
A threat assessment is the identification of types of threats that an organization might be exposed to.
Threat Model
A threat model is used to describe a given threat and the harm it could to do a system if it has a vulnerability.
Threat Vector
The method a threat uses to get to the target.
Time to Live
A value in an Internet Protocol packet that tells a network router whether or not the packet has been in the network too long and should be discarded.
Tiny Fragment Attack
With many IP implementations it is possible to impose an unusually small fragment size on outgoing packets. If the fragment size is made small enough to force some of a TCP packet's TCP header fields into the second fragment, filter rules that specify patterns for those fields will not match. If the filtering implementation does not enforce a minimum fragment size, a disallowed packet might be passed because it didn't hit a match in the filter. STD 5, RFC 791 states: Every Internet module must be able to forward a datagram of 68 octets without further fragmentation. This is because an Internet header may be up to 60 octets, and the minimum fragment is 8 octets.
Token-Based Access Control
Token based access control associates a list of objects and their privileges with each user. (The opposite of list based.)
Token-Based Devices
A token-based device is triggered by the time of day, so every minute the password changes, requiring the user to have the token with them when they log in.
Token Ring
A token ring network is a local area network in which all computers are connected in a ring or star topology and a binary digit or token-passing scheme is used in order to prevent the collision of data between two computers that want to send messages at the same time.
Topology
The geometric arrangement of a computer system. Common topologies include a bus, star, and ring. The specific physical, i.e., real, or logical, i.e., virtual, arrangement of the elements of a network. Note 1: Two networks have the same topology if the connection configuration is the same, although the networks may differ in physical interconnections, distances between nodes, transmission rates, and/or signal types. Note 2: The common types of network topology are illustrated
Traceroute (tracert.exe)
Traceroute is a tool the maps the route a packet takes from the local machine to a remote destination.
Transmission Control Protocol (TCP)
A set of rules (protocol) used along with the Internet Protocol to send data in the form of message units between computers over the Internet. While IP takes care of handling the actual delivery of the data, TCP takes care of keeping track of the individual units of data (called packets) that a message is divided into for efficient routing through the Internet. Whereas the IP protocol deals only with packets, TCP enables two hosts to establish a connection and exchange streams of data. TCP guarantees delivery of data and also guarantees that packets will be delivered in the same order in which they were sent.
Transport Layer Security (TLS)
A protocol that ensures privacy between communicating applications and their users on the Internet. When a server and client communicate, TLS ensures that no third party may eavesdrop or tamper with any message. TLS is the successor to the Secure Sockets Layer.
Triple DES
A block cipher, based on DES, that transforms each 64-bit plaintext block by applying the Data Encryption Algorithm three successive times, using either two or three different keys, for an effective key length of 112 or 168 bits.
Triple-Wrapped
S/MIME usage: data that has been signed with a digital signature, and then encrypted, and then signed again.
Trojan Horse
A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program.
Trunking
Trunking is connecting switched together so that they can share VLAN information between them.
Trust
Trust determine which permissions and what actions other systems or users can perform on remote machines.
Trusted Ports
Trusted ports are ports below number 1024 usually allowed to be opened by the root user.
Tunnel
A communication channel created in a computer network by encapsulating a communication protocol's data packets in (on top of) a second protocol that normally would be carried above, or at the same layer as, the first one. Most often, a tunnel is a logical point-to-point link - i.e., an OSI layer 2 connection - created by encapsulating the layer 2 protocol in a transport protocol (such as TCP), in a network or inter-network layer protocol (such as IP), or in another link layer protocol. Tunneling can move data between computers that use a protocol not supported by the network connecting them.

--------------------------------------------------------------------------------

U
UDP Scan
UDP scans perform scans to determine which UDP ports are open.
Unicast
Broadcasting from host to host.
Uniform Resource Identifier (URI)
The generic term for all types of names and addresses that refer to objects on the World Wide Web.
Uniform Resource Locator (URL)
The global address of documents and other resources on the World Wide Web. The first part of the address indicates what protocol to use, and the second part specifies the IP address or the domain name where the resource is located. For example, http://www.pcwebopedia.com/index.html .
Unix
A popular multi-user, multitasking operating system developed at Bell Labs in the early 1970s. Created by just a handful of programmers, Unix was designed to be a small, flexible system used exclusively by programmers.
Unprotected Share
In Windows terminology, a "share" is a mechanism that allows a user to connect to file systems and printers on other systems. An "unprotected share" is one that allows anyone to connect to it.
User
A person, organization entity, or automated process that accesses a system, whether authorized to do so or not.
User Contingency Plan
User contingency plan is the alternative methods of continuing business operations if IT systems are unavailable.
User Datagram Protocol (UDP)
A communications protocol that, like TCP, runs on top of IP networks. Unlike TCP/IP, UDP/IP provides very few error recovery services, offering instead a direct way to send and receive datagrams over an IP network. It's used primarily for broadcasting messages over a network. UDP uses the Internet Protocol to get a datagram from one computer to another but does not divide a message into packets (datagrams) and reassemble it at the other end. Specifically, UDP doesn't provide sequencing of the packets that the data arrives in.

--------------------------------------------------------------------------------

V
Virtual Private Network (VPN)
A restricted-use, logical (i.e., artificial or simulated) computer network that is constructed from the system resources of a relatively public, physical (i.e., real) network (such as the Internet), often by using encryption (located at hosts or gateways), and often by tunneling links of the virtual network across the real network. For example, if a corporation has LANs at several different sites, each connected to the Internet by a firewall, the corporation could create a VPN by (a) using encrypted tunnels to connect from firewall to firewall across the Internet and (B) not allowing any other traffic through the firewalls. A VPN is generally less expensive to build and operate than a dedicated real network, because the virtual network shares the cost of system resources with other users of the real network.
Virus
A hidden, self-replicating section of computer software, usually malicious logic, that propagates by infecting - i.e., inserting a copy of itself into and becoming part of - another program. A virus cannot run by itself; it requires that its host program be run to make the virus active.
Vulnerability
A flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the system's security policy.

--------------------------------------------------------------------------------

W
War Chalking
War chalking is marking areas, usually on sidewalks with chalk, that receive wireless signals that can be accessed.
War Dialer
A computer program that automatically dials a series of telephone numbers to find lines connected to computer systems, and catalogs those numbers so that a cracker can try to break into the systems.
War Dialing
War dialing is a simple means of trying to identify modems in a telephone exchange that may be susceptible to compromise in an attempt to circumvent perimeter security.
War Driving
War driving is the process of traveling around looking for wireless access point signals that can be used to get network access.
Web of Trust
A web of trust is the trust that naturally evolves as a user starts to trust other's signatures, and the signatures that they trust.
Web Server
A software process that runs on a host computer connected to the Internet to respond to HTTP requests for documents from client web browsers.
WHOIS
An IP for finding information about resources on networks.
Windowing
A windowing system is a system for sharing a computer's graphical display presentation resources among multiple applications at the same time. In a computer that has a graphical user interface (GUI), you may want to use a number of applications at the same time (this is called task). Using a separate window for each application, you can interact with each application and go from one application to another without having to reinitiate it. Having different information or activities in multiple windows may also make it easier for you to do your work. A windowing system uses a window manager to keep track of where each window is located on the display screen and its size and status. A windowing system doesn't just manage the windows but also other forms of graphical user interface entities.
Windump
Windump is a freeware tool for Windows that is a protocol analyzer that can monitor network traffic on a wire.
Wired Equivalent Privacy (WEP)
A security protocol for wireless local area networks defined in the standard IEEE 802.11b.
Wireless Application Protocol
A specification for a set of communication protocols to standardize the way that wireless devices, such as cellular telephones and radio transceivers, can be used for Internet access, including e-mail, the World Wide Web, newsgroups, and Internet Relay Chat.
Wiretapping
Monitoring and recording data that is flowing between two points in a communication system.
World Wide Web ("the Web", WWW, W3)
The global, hypermedia-based collection of information and services that is available on Internet servers and is accessed by browsers using Hypertext Transfer Protocol and other information retrieval mechanisms.
Worm
A computer program that can run independently, can propagate a complete working version of itself onto other hosts on a network, and may consume computer resources destructively.
Wrap
To use cryptography to provide data confidentiality service for a data object.

--------------------------------------------------------------------------------

Z
Zone
Transfer A zone transfer is when a DNS server performs a complete dump of the database for a domain and sends the information from the primary DNS server to the secondary DNS servers.