Network Security and Firewalls

Network Security and Firewalls Glossary
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A firewall is a part of a computer system or network that is designed to block unauthorized access while permitting authorized communications.
It is a device or set of devices that is configured to permit or deny network transmissions based upon a set of rules and other criteria.
Firewalls can be implemented in either hardware or software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets.
All messages entering or leaving the intranet pass through the firewall, which inspects each message and blocks those that do not meet the specified security criteria.

Access control list (ACL): A list of individual users and groups of users associated with an object, and the rights that the user or group has when accessing that object.
Address Resolution Protocol (ARP): A network protocol that is used to convert IP addresses to physical network addresses by sending an ARP broadcast to request the address.
Algorithm: A computable set of steps to achieve a desired result.
Application-level gateway: Application gateways function at all four layers of the TCP/IP suite. They are typically implemented through software installed on a specialized server. Application gateways are sometimes known as proxy servers.
Asymmetric encryption: A type of encryption that uses one key to encrypt a message and another to decrypt the message. (Also, public-key encryption)
Asymmetric key algorithm: An algorithm used for asymmetric encryption.
Auditing: Reading and interpreting log files to identify hacker activity.
Authentication: The process of identifying an individual, usually based on a username and password.
Authorization: The process of giving individuals access to system objects based on their identity.
Back door: An intentional hole in a firewall or security apparatus that allows access around security measures.
Bastion host: Strongly secured devices that have a direct network connection to a public network such as the Internet. It can operate as any of the three types of firewalls.
Batch scripts: A list of commands executed by a computer’s operating system.
Brute-force attack: An attempt by a hacker to defeat authentication by obtaining a legitimate user's password.
Buffer overflow: A popular bug-based attack that works by sending more data than the target system is intended to receive at one time.
Bug: A computer program or hardware error that causes recurring malfunctions.
Certificate: An attachment to an electronic message used for security purposes. A digital certificate is commonly used to verify that a user sending a message is who he or she claims to be, and to provide the receiver with the means to encode a reply.
Certificate authority: A trusted third-party organization or company that issues digital certificates used to create digital signatures and public-private key pairs. The role of the CA in this process is to guarantee that the individual granted the unique certificate is, in fact, who he or she claims to be.
Checksum analysis: A simple means of checking the integrity of transmitted message using a numerical value based on the number of set bits in the message. A formula is applied to the message to produce the numerical value that is checked at the time of receipt by calculating the value again.
Choke point: An intersection between a company's private and a public network used to monitor, filter, and verify all inbound and outbound traffic.
Ciphertext: Text which has been encrypted by some encryption system.
Circuit-level gateway: Circuit-level gateways are similar to packet filters. The main advantage of circuit-level gateways is their ability to provide network address translation.
Classless Inter-Domain Routing (CIDR): Allocates blocks of Internet addresses assigned to an Internet Service Provider (ISP) by Internic.
Client/server: A network architecture in which each computer or process on the network is either a client, a PC or a workstation for users, or a server, computers dedicated to managing files, devices, or network traffic.
Common Gateway Interface (CGI): A protocol that allows a Web server to pass control to a software application, based on a user request. It also allows that program to receive and organize that information, then return it to the user in a consistent format. A CGI script resides on a Web server, enabling the CGI process.
Compressed Serial Line Internet Protocol (CSLIP): Compresses the IP and TCP headers, thus reducing the size of the packet and improving bandwidth.
Computer Emergency Response Team (CERT): An organization devoted to dealing with computer-related security issues. Based at the Carnegie Mellon University, CERT is a part of the Internet Society which establishes the protocols that govern the Internet. (http://www.cert.org)
Computer Security Division (www.itl.nist.gov): One of eight divisions within NIST's Information Technology Laboratory. The mission of the Division is to enable organizations and individuals to use information technology with the assurance and trust that the confidentiality, integrity, reliability and availability of information resources are protected.
Cryptanalysis: The science of recovering plaintext messages without knowledge of the key.
Cryptography: The science of encrypting and decrypting plain-text messages
Daemon: A process that performs a specified operation at a predefined time or in response to certain events. Daemon is a UNIX term. In other operating systems such as Windows, daemons are referred to as services.
Data confidentiality: The degree of confidentiality required for data transmitted, correlating to the security measures required to maintain confidentiality. Data confidentiality is provided by encryption.
Data encryption standard (des): A symmetric key algorithm that is fast and simple to implement.
Data integrity: The assurance that information has not been modified in transit to the destination.
Datagram: An IP packet.
Demilitarized zone (DMZ): Networks that are between a company's internal network and the external network. A DMZ is used as an additional buffer to further separate the public network from your internal private network.
Denial-of-service: An attempt by attackers to prevent legitimate users of a service from using that service by flooding a network, or by disrupting connections or services.
Dictionary file: A file comprised of common passwords used by a hacker in an attempt to gain entrance to a network.
Dictionary program: A program specifically written to break into a password-protected system. A dictionary program has a relatively large list of common password names that the program repeatedly uses to gain access.
Digital envelope: A type of security that uses two layers of encryption to protect a message. First, the message itself is encoded using symmetric encryption, and then the key to decode the message is encrypted using public-key encryption. This technique overcomes one of the problems of public-key encryption, which is that it is slower than symmetric encryption.
Digital signature: A digital code that can be attached to an electronically transmitted message that uniquely identifies the sender. Like a written signature, the purpose of a digital signature is to guarantee that the individual sending the message really is who he or she claims to be. Digital signatures are especially important for electronic commerce and are a key component of most authentication schemes.
Digital wallet: Encryption software that works like a physical wallet during electronic commerce transactions. A wallet can hold a user's payment information, a digital certificate to identify the user, and shipping information to speed transactions.
Domain name: A name that identifies one or more IP addresses. Domain names are used in URLs to identify particular Web pages. For example, in the URL http://www.distributednetworks.com/index.html, the domain name is distributednetworks.com.
Domain Name System (DNS) lookup: The system that allows a server, administrator or user to enter a host name to find out the corresponding Internet address. A reverse lookup is a procedure (usually automated) that occurs when a user requests the operation of a resource such as an e-mail server. It is an authentication technique.
Dual-homed bastion host: Identical in function to a bastion host but must have two network interfaces. Application gateways are typically installed on a dual-homed bastion host.
Dummy account: A false default account that generally triggers an alarm when accessed.
Dummy file: Intentionally misleading files to misinform an information seeker.
Electronic commerce: Conducting business on-line.
Electronic data interchange (edi): The inter-organizational exchange of documents in standardized electronic form directly between participating computers.
Encryption: The process of disguising a message to make it unreadable by humans. The resulting data is called ciphertext.
Event logs: A log of user actions or system occurrences.
Execution control list (ECL): A list of the resources and actions which a program can access/perform while it is executing.
Extranet: A business-to-business Web site that allows secure access between a company's intranet and designated, authenticated users from remote locations.
File Transfer Protocol (FTP): An approved method that allows the delivery of files across the Internet. An FTP server stores directories of files using a hierarchical structure. Normally, a user is a client and a company acts as the server.
Firewall: A security system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both.
Firewall token: A string of information that identifies a specific user as packets pass through the firewall. A token is usually encrypted.
Front-door attack: An attempt by a hacker to access a network by using a valid user name and password.
Gateway: A system that provides relay services between two devices. Gateways can range from an Internet application such as a common gateway interface (CGI) to a firewall gateway that process traffic between two hosts. The term is very generic and will be used for a firewall component that routes or processes data between two separate networks.
Glossary: To access all the items in the course glossary, click the Show All Terms button below.
Graphical user interface (GUI): A program interface that takes advantage of the computer's graphics capabilities to make the program easier to use.
Hacker: A user who breaks into sites for malicious purposes.
Hash algorithm: A numeric function which mixes the ordering of input values to hopefully get an even distribution. (Also, hash function)
Hashing: To generate a number from a string of text. The hash number is smaller than the text string.
Hyperlink: An element in an electronic document that links to another place in the same document or to an entirely different document. Typically, you click on the hyperlink to follow the link.
Hypertext Markup Language (HTML): The authoring language used to create documents on the World Wide Web.
Hypertext Transfer Protocol (HTTP): A TCP/IP application that uses a browser to access and retrieve Web pages from the server.
IETF: Short for Internet Engineering Task Force, the main standards organization for the Internet. The IETF is a large open international community of network designers, operators, vendors, and researchers concerned with the evolution of the Internet architecture and the smooth operation of the Internet.
Impression: An advertisement's appearance on an accessed Web page. For example, if you see two ads on a Web page, that's two impressions. Advertisers use impressions to measure the number of views their ads receive, and publishers often sell ad space according to impressions.
Intellectual property: Products such as written materials, musical compositions, trademarks and other things that are protected by copyright, trademark, or patent law.
Internal bastion host: Firewalls that reside inside the internal network and are normally used as application gateways that receive all incoming traffic from external hosts.
Internet Assigned Numbers Authority (IANA): Oversees and coordinates the assignment of every unique protocol identifier used on the Internet.
Internet Control Message Protocol (ICMP): A protocol used to communicate errors or other conditions at the IP layer
Internet Service Provider (ISP): An Internet Service Provider, a company that provides access to the Internet.
Internet Services Application Programming Interface (ISAPI): A method developed by Microsoft to write programs that communicate with Web servers through OLE.
Intra-company commerce: Business conducted between two different companies.
Intranet: Any network that provides similar services within an organization to those provided by the Internet outside it but which is not necessarily connected to the Internet. The commonest example is the use by a company of one or more World-Wide Web servers on an internal TCP/IP network for distribution of information within the company.
Intrusion detection: Intrusion detection is a relatively new technology used with firewalls. It allows firewalls to perform specified actions when suspicious activity occurs.
IP: An Internet protocol or IP address is a number that is used to uniquely identify computers connected to the Internet.
IP datagram: Individual pieces of information traveling from one host to another.
IP spoofing: A hacker imitating an Internet Protocol (IP) device that has an IP address allowing the hacker to gain access to the system.
Jail: A separate system that deliberately provides inaccurate information allowing an administrator time to detect and catch the hacker.
Key: A method of opening an encryption. A key can be as simple as a string of text characters, or a series of hexadecimal digits.
Lanham act: A 1964 law that was an important early step toward U.S. trademark legislation.
Login scripts: Scripts executed to customize a user’s environment after the user logs on with a valid user ID and password.
MD5: MD5 is one in the series (including MD2 and MD4) of message digest algorithms developed by Ron Rivest. It involves appending a length field to a message and padding it to a multiple of 512-bit blocks. Each of these 512-bit blocks is fed through a four-round process to result in a 128-bit message digest.
Melissa virus: A specific virus embedded in a Microsoft Word document, infecting the user's system when the document is opened.
Message digest: The representation of text in the form of a single string of digits, created using a formula called a one-way hash function. Encrypting a message digest with a private key creates a digital signature, which is an electronic means of authentication.
Narrowcast: To send data to a specific list of recipients.
Navigational bar: Insert definition here
Network address translation (NAT): Network Address Translation (NAT) hides internal IP addresses from the external network. When a firewall is configured to provide NAT, all internal addresses are translated to public IP addresses when connecting to an external source.
Network News Transfer Protocol (NNTP): A TCP/IP application that is one-to-many communication: a message is posted to a single location, and any number of users can contact the NNTP server to retrieve it.
Network topology: The type of network (ethernet or token ring), the IP address range, the subnet mask, and the naming scheme. The most common network topologies are the star, bus, ring and hybrid.
Non-repudiation: The ability to demonstrate that an information exchange or financial transaction took place.
Object: A file, program, service/daemon, or resource that is maintained and controlled by an operating system.
One-way encryption: A type of encryption where information is encrypted once and cannot be decrypted. One-way encryption is typically used for creating message digests.
Open network: A group of servers and computers, such as the Internet, which allows free access.
Open Systems Interconnect (OSI): A model for for network communications standardized by ISO, containing seven primary layers; the physical, data link, network, transport, session, presentation and applications.
Packet: In general usage, a packet is a unit of information transmitted as a whole from one device to another on a network. In packet-switching networks, a packet is defined more specifically as a transmission unit of fixed maximum size that consists of binary digits representing data, a header containing an identification number, source, and destination addresses, and sometimes error-control data.
Packet filter: A type of firewall devices that process network traffic on a packet-by-packet basis. Packet filter devices allow or block packets, and are typically implemented through standard routers.
Packet sniffer: A device or program that is used to monitor traffic on a network, can be installed anywhere in a networked system, and is virtually undetectable. Sniffers are used for legitimate network management functions or for stealing information off a network.
Packet trace: The activity of learning where a packet of information has come from. Since any information sent across the Internet has likely passed between at least five or six computers, it is often necessary to learn the route by which that information came.
Password authentication: A type of authentication that requires the use of a password to verify an entity’s authenticity.
Password cracking: An attempt by a hacker to access a network using possible passwords. A dictionary file is often used to crack passwords.
Password sniffing: Finding a way to intercept the transmission of a password during the authentication process. A sniffer is a program used to intercept passwords.
Patent: A patent for an invention is the grant of a property right to the inventor, issued by the Patent and Trademark Office. The term of a new patent is 20 years from the date on which the application for the patent was filed in the United States or, in special cases, from the date an earlier related application was filed, subject to the payment of maintenance fees. US patent grants are effective only within the US, US territories, and US possessions.
Payment gateway: The system (usually software) that interfaces between the merchant and the merchant’s bank to perform credit card authorizations.
Perl: A cross-platform programming language that enables users to write custom CGI programs, as well as system management programs.
Physical authentication: A type of authentication that uses what you have such as a physical key or card, to verify a person’s authenticity.
Physical line trace: The attempt to determine the port or telephone line a hacker has used.
Plaintext: A message before encryption or after decryption, i.e. in its usual form which anyone can read, as opposed to its encrypted form, ciphertext.
Point-to-Point Protocol (PPP): A protocol for connecting to the Internet. PPP provides error checking and compression of the IP and TCP headers.
Proxy server: Proxy servers communicate with external servers on behalf of the internal clients. When the terms application gateway or circuit-level gateway are used, they refer to the specific services provided by each form of firewall.
Public-key encryption: A cryptographic system that uses two keys, public key known to everyone and a private or secret key known only to the recipient of the message.
Push publishing: A means of reaching an audience by automatically delivering information, such as news headlines or product updates, directly to a user's computer in a customized format at designated times.
Remote access device: Devices that have access a network from a remote site.
Request for Comment (RFC): The written definitions of the protocols and policies of the Internet.
Reverse Address Resolution Protocol (RARP): A network protocol that causes a host to broadcasts its physical address. The RARP server then replies with the host’s IP address.
Reverse proxy service: A company's registered Web or email server located outside a network's firewall system is used to prevent public users from contacting the Web server directly. When public users access the reverse proxy Web server, it contacts the Web server that resides behind the firewall.
RSA: A standard for public-key cryptosystems named after its inventors, Ron Rivest, Avi Shamir, and Rick Adleman, who developed it in 1978 while working at MIT. Its security is based on factoring very large prime numbers. The size of the key used in RSA is completely variable, but for normal use, a key size of 512 bits is common. In applications where key compromise would have serious consequences or where the security must remain valid for many years into the future, 1024-bit and 2048-bit keys are used.
Sandboxed: Containing built-in constraints to protect a program from malicious activity or from accessing important resources.
Screened host firewall: A firewall that uses a bastion host to support both circuit- and application-level gateways and creates a demilitarized zone (DMZ) that functions as an isolated network between the Internet and the internal network.
Screened subnet firewall: A type of firewall that uses a bastion host to support both circuit- and application-level gateways and creates a demilitarized zone(DMZ) that functions as an isolated network between the Internet and the internal network.
Screening router: Examines inbound and outbound packets based upon filter rules. Screening router is another term for a packet filter.
Secure electronic transactions (set): A standard enabling secure credit card transactions on the Internet.
Secure hash algorithm (SHA).: This function was developed by the National Institute of Standards and Technology (NIST) and is based heavily on Ron Rivest's MD series of algorithms. The message is first padded with MD5, then fed through four rounds, which are more complex than the ones used in MD5. The resulting message digest is 160 bits long.
Secure HTTP (SHTTP): A form of encryption that takes place at the hypertext markup language level. This allows a Web browser to transfer sensitive information across the Internet.
Secure Multipurpose Internet Mail Extension (S/MIME): A specification for secure electronic mail. S/MIME was designed to add security to e-mail messages in MIME format. The security services offered are authentication (using digital signatures) and privacy (using encryption).
Secure Sockets Layer (SSL): A technology embedded in Web servers and browsers that encrypts traffic.
Security mechanism: The systems and software that provide the different security services (access control, authentication, data integrity, data confidentiality, and nonrepudiation).
Security service: A basic method for providing data security. Security services include authentication, access control, data integrity, data confidentiality, and nonrepudiation.
Security system: All components used by a company to provide a security strategy, including hardware, software, employee training, and a security policy.
Serial Line Internet Protocol (SLIP): A data link layer protocol, a simple form of connecting to the Internet.
Simple Mail Transfer Protocol (SMTP): The Internet standard protocol to transfer electronic mail messages from one computer to another. It specifies how two mail systems interact, as well as the format of control messages they exchange to transfer mail.
Simple Network Management Protocol (SNMP): A TCP/IP application that allows administrators to check the status and sometimes modify the configuration of SNMP nodes.
Single-homed bastion host: A bastion host that has only one network interface and is normally used for application-level gateway firewalls.
Single-purpose bastion host: A separate bastion host dedicated to a single application.
Smurf attack: A type of denial-of-service attack in which a series of pings are sent to a remote host to inundate the host's system.
Sniffer: A program used to intercept passwords.
Social engineering: The use of tricks and disinformation to gain access to passwords and other sensitive information.
Spoofing: A form of identity theft in which a hacker attempts to defeat authentication. Specific examples include IP spoofing, ARP spoofing, router spoofing, and DNS spoofing.
Stateful inspection: Stateful inspection, a term introduced by CheckPoint Corporation, allows a firewall to analyze packets and view them in context. (Also called stateful multi-layer inspection)
Symmetric encryption: A type of encryption where the same key is used to encrypt and decrypt the message.
System snooping: The action of a hacker who enters a computer network and begins mapping the contents of the system.
T1: A high-speed (1.5 Mbps) connection to the Internet using dial-up leased lines. In some localities, T1 lines can be leased for $3,000.00 per month or less.
Telnet: A TCP/IP application that is used for remote terminal access and can be used to administer a UNIX machine.
Transmission Control Protocol/Internet Protocol (TCP/IP): A suite of protocols that turns information into blocks of information called packets. These are then sent across networks such as the Internet.
Tripwire: An account in a network used to alert a security administrator of a potential hacker when penetration of the network begins.
Trojan (trojan horse): A file or program that purports to operate in a legitimate way, but which also has an alternative, secret operation, such as emailing sensitive company information to a hacker. A trojan horse is a specific program that destroys information on a hard drive.
UDP (User Datagram Protocol): A connectionless protocol at the transport layer of the TCP/IP protocol stack, often used for broadcast-type protocols such as audio or video traffic.
Value added network (VAN): A network that provides special communication over leased lines, usually offering enhanced services. A Value Added Network usually offers some service or information that is not readily available on public networks.
Virtual Private Network (VPN): An extended local area network (LAN) that enables an organization to conduct secure, real-time communication.
Virus: Self-replicating software used to infect a computer.
Web server: A central computer system that hosts a Web site and enables remote clients to access the pages of the site.
Web storefront: The part of a virtual enterprise that allows a client/end-user to interact with the server-side elements, usually in the form of buying and selling.
Winnuke: A program that exploits the Windows TCP/IP stack causing Windows machines running an older version of the TCP/IP protocol stack to either crash or lock up.