| Term |
Definition |
| ARP |
Address Resolution Protocol. A TCP/IP
protocol used to convert an IP address into a physical address (called a
DLC address), such as an Ethernet address. A host wishing to obtain a
physical address broadcasts an ARP request onto the TCP/IP network. The
host on the network that has the IP address in the request then replies
with its physical hardware address. |
| Authenticity |
Proof that the information came from the
person or location that reportedly sent it. One example of
authenticating software is through digital signatures. |
| Back Door |
A deliberately planned security breach in
a program. Back doors allow special access to a computer or program.
Sometimes back doors can be exploited and allow a cracker unauthorized
access to data. |
| BackOrifice |
BackOrifice is a remote administration
tool that allows a user to control a computer across a TCP/IP connection
using a simple console or GUI application. BackOrifice is a potentially
disastrous Trojan horse since it can provide the user unlimited access
to a system. |
| Blue Screen of
Death (BSoD) |
When a Windows NT based system encounters
a serious error, the entire operating system halts and displays a screen
with information regarding the error. The name comes from the blue color
of the error screen. |
| Brute Force
Hacking |
A technique used to find passwords or
encryption keys. Brute Force Hacking involves trying every possible
combination of letters, numbers, etc. until the code is broken. |
| Camping Out |
Staying in a "safe" place once a
hacker has broken into a system. The term can be used with a physical
location, electronic reference, or an entry point for future attacks. |
| Cipher Text |
Text that has been scrambled or encrypted
so that it cannot be read without deciphering it. See Encryption |
| Cookie |
A string of characters saved by a web
browser on the user's hard disk. Many web pages send cookies to track
specific user information. Cookies can be used to retain information as
the user browses a web site. For example, cookies are used to 'remember'
the items a shopper may have in a shopping cart. |
| Countermeasures |
Techniques, programs, or other tools that
can protect your computer against threats. |
| Cracker |
Another term for hackers. Generally, the
term cracker refers specifically to a person who maliciously attempts to
break encryption, software locks, or network security. |
| Cracker Tools |
Programs used to break into computers.
Cracker tools are widely distributed on the Internet. They include
password crackers, Trojans, viruses, war-dialers, and worms. |
| Cracking |
The act of breaking into computers or
cracking encryptions. |
| Cryptoanalysis |
The act of analyzing secure documents or
systems that are protected with encryption for the purpose of breaking
into the systems or exposing weaknesses. |
| Decryption |
The act of restoring an encrypted file to
its original, plain text state. |
| Denial of
Service (DoS) |
Act of preventing customers, users,
clients, or other machines from accessing data on a computer. Denial of
service is usually accomplished by interrupting or overwhelming the
computer with bad or excessive information requests. |
| Digital
Signature |
Digital code that authenticates whomever
signed the document or software. E-mail, software, messages, and other
electronic documents can be signed electronically so that they cannot be
altered by anyone else. If someone alters a signed document, the
signature is no longer valid. Digital signatures are created when
someone generates a hash from a message, then encrypts and sends both
the hash and the message to the intended recipient. The recipient
decrypts the hash and original message, makes a new hash on the message
itself, and compares the new hash with the old one. If the hashes are
the same, the recipient knows that the message has not been changed.
Also see Public-key encryption. |
| DNS |
Domain Name System. A database of domain
names and their IP addresses. DNS is the primary naming system for many
distributed networks, including the Internet. |
| Encryption |
The act of substituting numbers and
characters in a file so that the file is unreadable until it is
decrypted. Encryption is usually done using a mathematical formula that
determines how the file is decrypted. |
| Firewall |
A hardware or software barrier that
restricts access in and out of a network. Firewalls are most often used
to separate an internal LAN or WAN from the Internet. See Gateway. |
| FTP |
File Transfer Protocol. A common protocol
used for exchanging files between two sites across a network. FTP is
popular on the Internet because it allows for speedy transfer of large
files between two systems. Like all networking protocols, it too has
some significant vulnerabilities. |
| Gateway |
A gateway is a system that provides access
between two or more networks. Gateways are typically used to connect
unalike networks together. A gateway can also serve as a firewall
between two or more networks. |
| Grinding |
See password grinding. |
| Hacker |
Generally, a hacker is anyone who enjoys
experimenting with technology, including computers and networks. Not all
hackers are criminals breaking into systems. Many are legitimate users
and hobbyists. Nevertheless, some are dedicated criminals or vandals.
See Cracker. |
| HTTP |
Hyper Text Transfer Protocol. The most
common protocol used on the Internet. HTTP is the primary protocol used
for web sites and web browsers. It is also prone to certain kinds of
attacks. |
| ICMP |
Internet Control Message Protocol. ICMP,
an extension to the Internet Protocol (IP), supports packets containing
error, control, and informational messages. The PING command, for
example, uses ICMP to test an Internet connection. |
| IDS |
Intrusion Defense System (or Software). A
class of networking products devoted to detecting, monitoring, and
blocking attacks from hackers. This often is comprised of a number of
related components such as a firewall and protocol analyzer working
together to stop hackers. |
| Integrity |
Proof that the data is the same as
originally intended. Unauthorized software or people have not altered
the original information. |
| Internet Worm |
See Worm. |
| Intruder |
Person or software interested in breaking
computer security to access, modify, or damage data. Also see Cracker. |
| IP |
Internet Protocol. Specifies the format of
packets, also called datagrams, and the addressing scheme. Most networks
combine IPs with a higher-level protocol called Transport Control
Protocol (TCP), which establishes a virtual connection between a
destination and a source. IP by itself is something like the postal
system. It allows you to address a package and drop it in the system,
but there's no direct link between you and the recipient. TCP/IP, on the
other hand, establishes a connection between two hosts so that they can
send messages back and forth for a period of time. Current IP standards
use 4 numbers between 0 and 255 separated by periods to create the
32-bit numeric IP address. For example, an IP address could be: 192.168.10.55 |
| IRC |
Internet Relay Chat. IRC was developed in
the late 1980s as a way for multiple users on a system to
"chat" over the network. Today IRC is a very popular way to
"talk" in real time with other people on the Internet.
However, IRC is also one avenue hackers use to get information from you
about your system and your company. Moreover, IRC sessions are prone to
numerous attacks that, while not dangerous, can cause your system to
crash. |
| LAN |
Local-Area Network. LAN is a computer
network that spans a relatively small area. One LAN connected via
telephone lines or radio waves to other LANs over any distance create a
WAN (a Wide-Area network). |
| Linux |
A version of the UNIX operating system. |
| Logic Bomb |
A virus that only activates itself when
certain conditions are met. Logic bombs usually damage files or cause
other serious problems when they are activated. |
| MAC Address |
Media Access Control Address. A unique
identification code used in all networked devices. The MAC address
defines a specific network node at the hardware level and cannot be
altered by any software. |
| Name Resolution |
The allocation of an IP address to a host
name. See DNS. |
| NetBIOS |
Network Basic Input / Output System.
NetBIOS is an extension of the DOS BIOS that enables a PC to connect to
and communicate with a LAN (Local Area Network). |
| NetBEUI |
NetBIOS Extended User Interface. A
non-routable networking protocol developed in the 1980s by IBM. NetBEUI
is ideal for smaller, non-subnetted networks for internal
communications. Because NetBEUI is not routable, network transmissions
sent via NetBEUI cannot be transmitted over the Internet. |
| NAT |
Network Address Translation. An Internet
standard that enables LAN, WAN (Wide Area Network), and MAN networks to
use extended IP addresses for internal use by adding an extra number to
the IP address. This standard translates internal IP addresses into
external IP addresses and vice versa. In doing so, it generates a type
of firewall by hiding internal IP addresses. |
| Packet Filter |
A filter used in firewalls that scans
packets and decides whether to let them through. |
| Password
Cracker |
A program that uses a dictionary of words,
phrases, names, etc. to guess a password. |
| Password
Caching |
The storage of a user's username and
password in a network administrator database or encrypted file on a
computer. Also called password shadowing. |
| Password
encryption |
A system of encrypting electronic files
using a single key or password. Anyone who knows the password can
decrypt the file. |
| Password
Grinding |
The process of systematically testing all
character combinations on a password until the correct character string
is identified. Password grinding is a very slow, but effective way to
crack password files. There are numerous, freely available computer
programs that can grind password files. |
| Penetration |
Gaining access to computers or networks by
bypassing security programs and passwords. |
| Phreaking |
Breaking into phone or other communication
systems. Phreaking sites on the Internet are popular among crackers and
other criminals. |
| Ping |
Packet Internet Groper. PING is a utility
to determine whether a specific IP address is accessible. It works by
sending a packet to the specified address and waiting for a reply. PING
is used primarily to troubleshoot Internet connections. |
| Ping Attack |
An attack that slows down the network
until it is unusable. The attacker sends a "ping" command to
the network repeatedly to slow it down. See also Denial of Service. |
| Pirate |
Someone who steals or distributes software
without paying the legitimate owner for it. This category of computer
criminal includes several different types of illegal activities
- Making copies
of software for others to use.
- Distributing
pirated software over the Internet or a Bulletin Board System.
- Receiving or
downloading illegal copies of software in any form.
|
| Pirated
Software |
Software that has been illegally copied,
or that is being used in violation of the software's licensing
agreement. Pirated software is often distributed through pirate bulletin
boards or on the Internet. In the Internet underground it is known as
Warez. |
| Plain Text |
The opposite of Cipher Text, Plain Text is
unencrypted text readable to any system that intercepts network
communications. |
| POP |
Post Office Protocol. This is a common
protocol used for retrieving mail messages. |
| Port |
A connection point where a computer
communicates with other devices. Computers have hardware ports such as
parallel ports for printers or USB ports for digital cameras. Networks
use virtual ports for assigning a communications channel that the
computer can control. For example, when browsing the web, most HTTP
based communications take place using the TCP port 80. When a computer
needs to access a web site, it opens a channel on TCP port 80, sends the
packets through that port and then receives them back. There are two
types of ports, TCP and UDP. UDP is the same as a TCP port except it
lacks the error checking mechanism that TCP uses. There are over 131,000
ports available for use in a TCP/IP environment (64K TCP, 64K UDP). Most
of these ports are unused, unassigned, or restricted. Some are very
common ports, such as port 80. Others are used exclusively for a brand
of software. For example, Quake games use TCP port 26000 (and others)
for network games.
When hackers
break into a system they typically exploit ports that are either
accidentally or purposefully opened. For example, one of the easiest
ways to see if the Trojan application BackOrifice is installed on a
computer is to scan for activity on TCP port 54320. This is the TCP port
BackOrifice uses when communicating with other systems.
|
| Promiscuous
Packet Capture |
Actively capturing packet information from
a network. Most computers only collect packets specifically addressed to
them. Promiscuous packet capture acquires all network traffic it can
regardless of where the packets are addressed. |
| Protocol |
A "language" for communicating
on a network. Protocols are sets of standards or rules used to define,
format, and transmit data across a network. There are many different
protocols used on networks. For example, most web pages are transmitted
using the HTTP protocol. |
| Proxy Server |
A server that performs network operations
in lieu of other systems on the network. Proxy Servers are most often
used as parts of a firewall to mask the identity of users inside a
corporate network yet still provide access to the Internet. When a user
connects to a proxy server, via a web browser or other networked
application, he submits commands to the proxy server. The server then
submits those same commands to the Internet, yet without revealing any
information about the system that originally requested the information.
Proxy servers are an ideal way to also have all users on a corporate
network channel through one point for all external communications. Proxy
servers can be configured to block certain kinds of connections and stop
some hacks. |
| Public Key
Encryption |
System of encrypting electronic files
using a key pair. The key pair contains a public key used during
encryption, and a corresponding private key used during decryption. |
| Reconnaissance |
The finding and observation of potential
targets for a cracker to attack. |
| Router |
A device that connects two networks
together. Routers monitor, direct, and filter information that passes
between these networks. Because of their location, routers are a good
place to install traffic or mail filters. Routers are also prone to
attacks because they contain a great deal of information about a
network. |
| SATAN |
A UNIX program that gathers information on
networks and stores it in databases. It is helpful in finding security
flaws such as incorrect settings, software bugs and poor policy
decisions. It shows network services that are running, the different
types of hardware and software on the network, and other information. It
was written to help users find security flaws in their network systems. |
| Shoulder
Surfing |
Looking over someone's shoulder to see the
numbers they dial on a phone, or the information they enter into a
computer. |
| SMB |
Server Message Block. SMB is a message
format used by DOS and Windows to share files, directories and devices.
NetBIOS is based on the SMB format, and many network products use SMB.
These SMB-based networks include LAN Manager, Windows for Workgroups,
Windows NT, and LAN Server. There are also a number of products that use
SMB to enable file sharing among different operating system platforms. A
product called Samba, for example, enables UNIX and Windows machines to
share directories and files. |
| SMTP |
Simple Mail Transfer Protocol. SMTP is a
protocol for sending e-mail messages between servers. Most e-mail
systems that send mail over the Internet use SMTP to send messages from
one server to another; the messages can then be retrieved with an e-mail
client. In addition, SMTP is generally used to send messages from a mail
client to a mail server. |
| SNMP |
Simple Network Management Protocol. SNMP
is a set of protocols for managing complex networks. The first versions
of SNMP were developed in the early 80s. SNMP works by sending messages,
called protocol data units (PDUs), to different parts of a network. SNMP-compliant
devices, called agents, store data about themselves in Management
Information Bases (MIBs) and return this data to the SNMP requesters. |
| Sniffer |
Sniffer is a registered trademark of
Network Associates, Inc although it has come to identify a whole class
of products that can capture network transmissions and encode the
information in those packets into evidence files. BlackICE uses
Sniffer-style files for evidence capture. |
| Snooping |
Passively watching a network for
information that could be used to a hacker's advantage, such as
passwords. Usually done while Camping Out. |
| SOCKS |
A protocol that handles TCP traffic
through proxy servers. SOCKS acts like a simple firewall because it
checks incoming and outgoing packets and hides the IP addresses of
client applications. |
| SPAM |
Unwanted e-mail, usually in the form of
advertisements or "get rich quick" schemes. |
| Spoof |
To forge something, such as an IP address.
IP Spoofing is a common way for hackers to hide their location and
identity. |
| SSL (Secured
Socket Layer) |
Technology that allows you to send
information that only the server can read. SSL allows servers and
browsers to encrypt data as they communicate with each other. This makes
it very difficult for third parties to understand the communications. |
| TCP |
Transmission Control Protocol. TCP is one
of the main protocols in TCP/IP networks. Whereas the IP protocol deals
only with packets, TCP enables two hosts to establish a connection and
exchange streams of data. TCP guarantees delivery of data and also
guarantees that packets will be delivered in the same order in which
they were sent. |
| Telnet |
A program that connects a computer to a
server on a network. It allows a user to control some server functions
and to communicate with other servers on the network. Telnet sessions
generally require a valid username and password. Hackers commonly use
Telnet to hack into corporate network systems. |
| Tempest |
Illegal interception of data from
computers and video signals. |
| Trojan or
Trojan Horse |
Like the fabled gift to the residents of
Troy, a Trojan Horse is an application designed to look innocuous. Yet,
when you run the program it installs a virus or memory resident
application that can steal passwords, corrupt data, or provide hackers a
back door into your computer. Trojan applications are particularly
dangerous since they can often run exactly as expected without showing
any visible signs of intrusion. |
| UDP |
User Datagram Protocol. UDP is a
connectionless protocol that, like TCP, runs on top of IP networks.
Unlike TCP/IP, UDP/IP provides very few error recovery services,
offering instead a direct way to send and receive datagrams (packets)
over an IP network. UDP is used primarily for transmitting
time-sensitive information over a network such as streaming media or
interactive games. |
| UNIX |
A widely used operating system in large
networks. |
| VPN |
Virtual Private Network. These networks
use public connections (such as the Internet) to transfer information.
That information is usually encrypted for security purposes. |
| Vulnerability |
Point where a system can be attacked. |
| War Dialer |
A program that automatically dials phone
numbers looking for computers on the other end. They catalog numbers so
that hackers can call back and try to break in. |
| Warez |
A term that describes Pirated Software on
the Internet. Warez include cracked games or other programs that
software pirates distribute on the Internet. |
| Wire Tapping |
Connecting to a network and monitoring all
traffic. Most wire tapping features can only monitor the traffic on
their subnet. |
| Worm |
A program that seeks access into other
computers. Once a worm penetrates another computer it continues seeking
access to other areas. Worms are often equipped with dictionary-based
password crackers and other cracker tools that enable them to penetrate
more systems. Worms often steal or vandalize computer data. Many viruses
are actually worms that use e-mail or database systems to propagate
themselves to other victim. |
