Network Security Fundementals

auditing

The process of reviewing records of network computer activity; these records identify who is connecting to a computer, the resources being requested, and whether access is granted or blocked.

authentication

The process of verifying the identity of a user, computer, or service.

availability

The assurance that authorized users can access resources in a reliable and timely manner.

back doors

Ways of gaining unauthorized access to a computer or other resource, such as an unused port or terminal service.

basic authentication

An authentication method that uses a username/password pair to verify the identity of the user requesting access.

biometrics

A method of authenticating a user using physical information, such as retinal scans, fingerprints, or voiceprints.

botnets

Networks of computers owned by unsuspecting victims of exploitation and controlled from a central system.

challenge/response authentication

An authentication method in which one party presents a question, called the challenge, and the other party must provide the correct response, usually a password, to be granted access.

confidentiality

Preventing intentional or unintentional disclosure of data during its creation, transmission, and storage.

crackers

Hackers who break into systems with the intent of doing harm or destroying data.

Defense in Depth (DiD)

A strategy for achieving information security that uses multiple layers of defense.

Demilitarized Zone (DMZ)

A semitrusted subnet that lies outside the trusted internal network but is connected to the firewall to make services publicly available while still protecting the internal LAN.

Discretionary Access Control

An access control method that allows users to share information with other users; however, the risk of unauthorized disclosure is higher than with the MAC method.

Distributed Denial of Service

An attack in which many computers are hijacked and used to flood the target with so many false requests that the server cannot process them all, and normal traffic is blocked.

Intrusion Detection and Prevention System (IPS)

A network security measure that can consist of applications and hardware devices deployed on the network, hosts, or both to prevent, detect, and respond to traffic interpreted as an intrusion.

logic bomb

Malware designed to be used at a specific time in the future or when a specified condition exists.

macro

A type of script that automates repetitive tasks in Microsoft Word or similar applications.

Mandatory Access Control (MAC)

An access control method that defines an uncompromising manner for how information can be accessed. With the MAC method, all access capabilities are defined in advance.

Nonrepudiation

The capability to prevent one participant in an electronic transaction from denying that it performed an action.

packet filters

Hardware or software tools that allow or deny packets based on specified criteria, such as port, IP address, or protocol.

packet monkeys

A derogatory term for unskilled crackers or hackers who steal program code and use it in denial of service attacks instead of creating the programs themselves.

permissive policy

A general approach to security that calls for a firewall and associated components to allow all traffic by default, blocking only specified traffic on a case-by-case basis.

port

An area in random access memory (RAM) reserved for the use of a program that “listens” for requests for the service it provides.

restrictive policy

A general approach to security that calls for a firewall and associated components to deny all traffic by default, allowing only specified traffic on a case-by-case basis.

Role Based Access Control (RBAC)

An access control method that establishes organizational roles to control access to information. The method limits access by job function or job responsibility.

script kiddie

A young, inexperienced computer programmer who spreads viruses and other malicious scripts and exploits weaknesses in computer systems using tools and techniques created by others.

scripts

Executable code attached to e-mail messages or downloaded files that is used to infiltrate a system.

signature files

Files used by antivirus programs that contain patterns of known viruses and malware.

signatures

Signs of possible attacks that include an IP address, a port number, and the frequency of access attempts; an IDPS uses signatures to detect possible attacks.

sockets

The end point of a computer-to-computer connection defined by an IP address and port address.

trojan program

A harmful computer program that appears to be something useful to deceive a user into installing it.

VPN

A cost-effective way for networks to create a secure private connection using public lines (usually the Internet). VPN endpoints establish connections (tunnels) to transmit and receive data, and then tear down the connections when they are no longer needed. Combinations of encryption, authentication, and encapsulation help ensure the confidentiality, privacy, and integrity of information.

virus scanning

The process of examining files or messages for filenames, patterns, extensions, and other indications that a virus or other malware is present.

worm

Computer files that copy themselves repeatedly and consume disk space or other resources. Worms do not require user intervention to be launched; they are self-propagating.