An umbrella term that describes all forms of malicious software designed to wreak havoc on a computer. Common forms include: viruses, trojans, worms and ransomware.
A type of malware aimed to corrupt, erase or modify information on a computer before spreading to others. However, in more recent years, viruses like Stuxnet have caused physical damage. A form of malware that deliberately prevents you from accessing files on your computer — holding your data hostage. It will typically encrypt files and request that a ransom be paid in order to have them decrypted or recovered.
For example, WannaCry Ransomware. For more information on Ransomware, check out our free Ransomware Guide. A piece of malware that can replicate itself in order to spread the infection to other connected computers.
A type of software application or script that performs tasks on command, allowing an attacker to take complete control remotely of an affected computer. A type of malware that functions by spying on user activity without their knowledge. These are the bunny boilers of the hacking community. They are similar to white hats in that they exist to thwart black hats. A white hat will be satisfied with blocking the black hat attack, but the red hat wants vengeance.
Red won't be happy until they vanquishes the intruder with viruses or, in extreme cases, blows up their computer from the inside to the point where it has to be replaced. Green Hat. In this context, 'green' does not refer to 'environmentally friendly', but fresh, or n00b. Passionate about their adopted craft, they ask many questions and soak up information eagerly. Blue Hat. Blue Hat Hacker has a legal definition. This is an external consultant who is invited into a company to apply white hat, or ethical hacking techniques, to identify weaknesses in a system before it is launched.
Microsoft hired blue hats to find vulnerabilities in Windows software. You may learn how to use tools such as: Cookie Cadger , a graphical utility that is used to identify information leakage from applications that use insecure HTTP GET requests.
DotDotPwn , an intelligent fuzzer. Fuzzing , an automated testing technique used to identify bugs in software, networks or operating systems. BlindElephant , an open source tool used to 'fingerprint', or identify, which web apps and plug-ins are running on a website before the black hats get their hands on them.
TrueCrack , along with RainbowCrack and others, is an example of a password-cracking tools. IP splicing attacks may occur after an authentication has been made, permitting the attacker to assume the role of an already authorized user.
Primary protections against IP splicing rely on encryption at the session or network layer. IP Spoofing An attack whereby a system attempts to illicitly impersonate another system by using IP network address. Key A symbol or sequence of symbols or electrical or mechanical correlates of symbols applied to text in order to encrypt or decrypt. Key Escrow The system of giving a piece of a key to each of a certain number of trustees such that the key can be recovered with the collaboration of all the trustees.
Keystroke Monitoring A specialized form of audit trail software, or a specially designed device, that records every key struck by a user and every character of the response that the AIS returns to the user. LAN Local Area Network — A computer communications system limited to no more than a few miles and using high-speed connections 2 to megabits per second. A short-haul communications system that connects ADP devices in a building or group of buildings within a few square kilometers, including workstations, front-end processors, controllers, switches, and gateways.
Launch-close Popups that open when you click on a link which at the same time closes the page being viewed. Leapfrog Attack Use of userid and password information obtained illicitly from one host to compromise another host.
Under UNIX, a letterbomb can also try to get part of its contents interpreted as a shell command to the mailer. The results of this could range from silly to denial of service. Mailbombing is widely regarded as a serious offense. Malicious Code Hardware, software, of firmware that is intentionally included in a system for an unauthorized purpose; e.
Malware A generic term increasingly being used to describe any form of malicious software; eg, viruses, trojan horses, malicious active content, etc. Metric A random variable x representing a quantitative measure accumulated over a period. Mockingbird A computer program or process which mimics the legitimate behavior of a normal system feature or other apparently useful function but performs malicious activities once invoked by the user.
Multihost Based Auditing Audit data from multiple hosts may be used to detect intrusions. Nak Attack Negative Acknowledgment — A penetration technique which capitalizes on a potential weakness in an operating system that does not handle asynchronous interrupts properly and thus, leaves the system in an unprotected state during such interrupts. Net Send Spam Windows messenger vulnerability also known as net send spam, messenger spam or winpopup. Network Based Network traffic data along with audit data from the hosts used to detect intrusions.
Network Level Firewall A firewall in which traffic is examined at the network protocol IP packet level. Network Security Protection of networks and their services from unauthorized modification, destruction, or disclosure, and provision of assurance that the network performs its critical functions correctly and there are no harmful side-effects. Network security includes providing for data integrity. Network Security Officer Individual formally appointed by a designated approving authority to ensure that the provisions of all applicable directives are implemented throughout the life cycle of an automated information system network.
Open Security Environment that does not provide environment sufficient assurance that applications and equipment are protected against the introduction of malicious logic prior to or during the operation of a system. Open Systems Security Provision of tools for the secure internetworking of open systems. Operational Data Security The protection of data from either accidental or unauthorized, intentional modification, destruction, or disclosure during input, processing, or output operations.
Operations Security Definition 1 The process of denying adversaries information about friendly capabilities and intentions by identifying, controlling, and protecting indicators associated with planning and conducting military operations and other activities. Definition 2 An analytical process by with the U. Government and its supporting contractors can deny to potential adversaries information about capabilities and intentions by identifying, controlling, and protecting evidence of the planning and execution of sensitive activities and operations.
A set of internationally accepted and openly developed standards that meet the needs of network resource administration and integrated network utility. Packet A block of data sent over the network transmitting the identities of the sending and receiving stations, error-control information, and message.
Packet Filter Inspects each packet for user defined content, such as an IP address but does not track the state of sessions. This is one of the least secure types of firewall. Packet Filtering A feature incorporated into routers and bridges to limit the flow of information based on predetermined communications such as source, destination, or type of service being provided by the network. Packet filters let the administrator limit protocol specific traffic to one network segment, isolate e-mail domains, and perform many other traffic control functions.
Packet Sniffer A device or program that monitors the data traveling between computers on a network. Passive Threat The threat of unauthorized disclosure of information without changing the state of the system.
A type of threat that involves the interception, not the alteration, of information. Penetration Signature The description of a situation or set of conditions in which a penetration could occur or of system events which in conjunction can indicate the occurrence of a penetration in progress. Penetration Testing The portion of security testing in which the evaluators attempt to circumvent the security features of a system.
The evaluators may be assumed to use all system design and implementation documentation, that may include listings of system source code, manuals, and circuit diagrams. The evaluators work under the same constraints applied to ordinary users. Perimeter Based Security The technique of securing a network by controlling access to all entry and exit points of the network. Perpetrator The entity from the external environment that is taken to be the cause of a risk. An entity in the external environment that performs an attack, i.
Personnel Security The procedures established to ensure that all personnel who have access to any classified information have the required authorizations as well as the appropriate clearances. Phage A program that modifies other programs or databases in unauthorized ways; especially one that propagates a virus or Trojan horse.
PHF Phone book file demonstration program that hackers use to gain access to a computer system and potentially read and capture password files. PHF hack A well-known and vulnerable CGI script which does not filter out special characters such as a new line input by a user. Phreak er An individual fascinated by the telephone system. Commonly, an individual who uses his knowledge of the telephone system to make calls at the expense of another.
Physical Security The measures used to provide physical protection of resources against deliberate and accidental threats. Ping of Death The use of Ping with a packet size higher than 65, This will cause a denial of service. Popup blocker A program that helps to prevent unsolicited windows from appearing on your screen; these windows usually contain advertisements.
Popup stopper A program that helps to prevent unsolicited windows from appearing on your screen; these windows usually contain advertisements. Popup A new browser window that appears unrequested by you on your screen. A gratuitous, easily-programmed visual effect exploited by many web sites often to the consternation of the hapless user.
Commonly used for advertisements. Particularly annoying are those termed exit popups: browser windows that spring to life when you leave a site or when you close a browser window.
We have never encountered one of these that was useful. Port scanning, a favorite approach of computer cracker, gives the assailant an idea where to probe for weaknesses. Essentially, a port scan consists of sending a message to each port, one at a time.
The kind of response received indicates whether the port is used and can therefore be probed for weakness. Private Key Cryptography An encryption methodology in which the encryptor and decryptor use the same key, which must be kept secret.
This methodology is usually only used by a small group. Probe Any effort to gather information about a machine or its users for the apparent purpose of gaining unauthorized access to the system at a later date.
Promiscuous Mode Normally an Ethernet interface reads all address information and accepts follow-on packets only destined for itself, but when the interface is in promiscuous mode, it reads all information sniffer , regardless of its destination.
Protocol Agreed-upon methods of communications used by computers. A specification that describes the rules and procedures that products should follow to perform activities on a network, such as transmitting data. Sometimes called the syntax layer. Layer 5: The session layer This layer sets up, coordinates, and terminates conversations, exchanges, and dialogs between the applications at each end.
It deals with session and connection coordination. Layer 4: The transport layer This layer manages the end-to-end control for example, determining whether all packets have arrived and error-checking. It ensures complete data transfer. Layer 3: The network layer This layer handles the routing of the data sending it in the right direction to the right destination on outgoing transmissions and receiving incoming transmissions at the packet level. The network layer does routing and forwarding.
Layer 2: The data-link layer This layer provides synchronization for the physical level and does bit-stuffing for strings of 1's in excess of 5. It furnishes transmission protocol knowledge and management. Layer 1: The physical layer This layer conveys the bit stream through the network at the electrical and mechanical level.
It provides the hardware means of sending and receiving data on a carrier. Overload Hindrance of system operation by placing excess burden on the performance capabilities of a system component. Packet A piece of a message transmitted over a packet-switching network. One of the key features of a packet is that it contains the destination address in addition to the data. In IP networks, packets are often called datagrams. Packet Switched Network A packet switched network is where individual packets each follow their own paths through the network from one endpoint to another.
Password Authentication Protocol PAP Password Authentication Protocol is a simple, weak authentication mechanism where a user enters the password and it is then sent across the network, usually in the clear.
Password Cracking Password cracking is the process of attempting to guess passwords, given the password file information. Password Sniffing Passive wiretapping, usually on a local area network, to gain knowledge of passwords. Patch A patch is a small update released by a software manufacturer to fix bugs in existing programs.
Patching Patching is the process of updating software to a different version. Penetration Gaining unauthorized logical access to sensitive data by circumventing a system's protections. Penetration Testing Penetration testing is used to test the external perimeter security of a network or facility. Permutation Permutation keeps the same letters but changes the position within a text to scramble the message. Personal Firewalls Personal firewalls are those firewalls that are installed and run on individual PCs.
Almost all users use a URL like www. At the pseudo website, transactions can be mimicked and information like login credentials can be gathered. With this the attacker can access the real www. Phishing The use of e-mails that appear to originate from a trusted source to trick a user into entering valid credentials at a fake website. Typically the e-mail and the web site looks like they are part of a bank the user is doing business with.
Ping of Death An attack that sends an improperly large ICMP echo request packet a "ping" with the intent of overflowing the input buffers of the destination machine and causing it to crash. Ping Sweep An attack that sends ICMP echo requests "pings" to a range of IP addresses, with the goal of finding hosts that can be probed for vulnerabilities. Plaintext Ordinary readable text before being encrypted into ciphertext or after being decrypted.
Point-to-Point Protocol PPP A protocol for communication between two computers using a serial interface, typically a personal computer connected by phone line to a server.
Point-to-Point Tunneling Protocol PPTP A protocol set of communication rules that allows corporations to extend their own corporate network through private "tunnels" over the public Internet.
Poison Reverse Split horizon with poisoned reverse more simply, poison reverse does include such routes in updates, but sets their metrics to infinity. In effect, advertising the fact that there routes are not reachable.
Polyinstantiation Polyinstantiation is the ability of a database to maintain multiple records with the same key. It is used to prevent inference attacks. Polymorphism Polymorphism is the process by which malicious software changes its underlying code to avoid detection.
Port A port is nothing more than an integer that uniquely identifies an endpoint of a communication stream. Only one process per machine can listen on the same port number. Port Scan A port scan is a series of messages sent by someone attempting to break into a computer to learn which computer network services, each associated with a "well-known" port number, the computer provides. Port scanning, a favorite approach of computer cracker, gives the assailant an idea where to probe for weaknesses.
Essentially, a port scan consists of sending a message to each port, one at a time. The kind of response received indicates whether the port is used and can therefore be probed for weakness.
Possession Possession is the holding, control, and ability to use information. Post Office Protocol, Version 3 POP3 An Internet Standard protocol by which a client workstation can dynamically access a mailbox on a server host to retrieve mail messages that the server has received and is holding for the client. Practical Extraction and Reporting Language Perl A script programming language that is similar in syntax to the C language and that includes a number of popular Unix facilities such as sed, awk, and tr.
Preamble A preamble is a signal used in network communications to synchronize the transmission timing between two or more systems. Proper timing ensures that all systems are interpreting the start of the information transfer correctly. A preamble defines a specific series of transmission pulses that is understood by communicating systems to mean "someone is about to transmit data". This ensures that systems receiving the information correctly interpret when the data transmission starts.
The actual pulses used as a preamble vary depending on the network communication technology in use. The reserved address blocks are: Program Infector A program infector is a piece of malware that attaches itself to existing program files.
Program Policy A program policy is a high-level policy that sets the overall tone of an organization's security approach. Promiscuous Mode When a machine reads all packets off the network, regardless of who they are addressed to. This is used by network administrators to diagnose network problems, but also by unsavory characters who are trying to eavesdrop on network traffic which might contain passwords or other information.
Proprietary Information Proprietary information is that information unique to a company and its ability to compete, such as customer lists, technical data, product costs, and trade secrets. Protocol A formal specification for communicating; an IP address the special set of rules that end points in a telecommunication connection use when they communicate. Protocols exist at several levels in a telecommunication connection. Proxy Server A server that acts as an intermediary between a workstation user and the Internet so that the enterprise can ensure security, administrative control, and caching service.
A proxy server is associated with or part of a gateway server that separates the enterprise network from the outside network and a firewall server that protects the enterprise network from outside intrusion. Public Key The publicly-disclosed component of a pair of cryptographic keys used for asymmetric cryptography. Public Key Infrastructure PKI A PKI public key infrastructure enables users of a basically unsecured public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority.
The public key infrastructure provides for a digital certificate that can identify an individual or an organization and directory services that can store and, when necessary, revoke the certificates. Public-Key Forward Secrecy PFS For a key agreement protocol based on asymmetric cryptography, the property that ensures that a session key derived from a set of long-term public and private keys will not be compromised if one of the private keys is compromised in the future.
Race Condition A race condition exploits the small window of time between a security control being applied and when the service is used. Radiation Monitoring Radiation monitoring is the process of receiving images, data, or audio from an unprotected source by listening to radiation signals. Ransomware A type of malware that is a form of extortion. It works by encrypting a victim's hard drive denying them access to key files. The victim must then pay a ransom to decrypt the files and gain access to them again.
Reconnaissance Reconnaissance is the phase of an attack where an attackers finds new systems, maps out networks, and probes for specific, exploitable vulnerabilities.
The router will make filtering decisions based on whether connections are a part of established traffic or not. Registry The Registry in Windows operating systems in the central set of settings and information required to run the Windows computer.
Typically developers will create a set of regression tests that are executed before a new version of a software is released. Also see "fuzzing".
Eventually, if it gains enough interest, it may evolve into an Internet standard. Resource Exhaustion Resource exhaustion attacks involve tying up finite resources on a system, making them unavailable to others. A network administrator creates a table in a local area network's gateway router that maps the physical machine or Media Access Control - MAC address addresses to corresponding Internet Protocol addresses.
Assuming that an entry has been set up in the router table, the RARP server will return the IP address to the machine which can store it for future use.
Reverse Engineering Acquiring sensitive data by disassembling and analyzing the design of a system component. Reverse Lookup Find out the hostname that corresponds to a particular IP address. Reverse lookup uses an IP Internet Protocol address to find a domain name.
Reverse Proxy Reverse proxies take public HTTP requests and pass them to back-end webservers to send the content to it, so the proxy can then send the content to the end-user.
Risk Risk is the product of the level of threat with the level of vulnerability. It establishes the likelihood of a successful attack. Risk Assessment A Risk Assessment is the process by which risks are identified and the impact of those risks determined. Risk Averse Avoiding risk even if this leads to the loss of opportunity. For example, using a more expensive phone call vs. Role Based Access Control Role based access control assigns users to roles based on their organizational functions and determines authorization based on those roles.
Rootkit A collection of tools programs that a hacker uses to mask intrusion and obtain administrator-level access to a computer or computer network. Router Routers interconnect logical networks by forwarding information to other networks based upon IP addresses. Routing Information Protocol RIP Routing Information Protocol is a distance vector protocol used for interior gateway routing which uses hop count as the sole metric of a path's cost. Routing Loop A routing loop is where two or more poorly configured routers repeatedly exchange the same packet over and over.
The client generates a one-time password by applying the MD4 cryptographic hash function multiple times to the user's secret key. For each successive authentication of the user, the number of hash applications is reduced by one. Safety Safety is the need to ensure that the people involved with the company, including employees, customers, and visitors, are protected from harm.
Scavenging Searching through data residue in a system to gain unauthorized knowledge of sensitive data. Secure Electronic Transactions SET Secure Electronic Transactions is a protocol developed for credit card transactions in which all parties customers, merchant, and bank are authenticated using digital signatures, encryption protects the message and provides integrity, and provides end-to-end security for credit card transactions online.
Secure Shell SSH A program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. Security Policy A set of rules and practices that specify or regulate how a system or organization provides security services to protect sensitive and critical system resources.
Sensitive Information Sensitive information, as defined by the federal government, is any unclassified information that, if compromised, could adversely affect the national interest or conduct of federal initiatives. Separation of Duties Separation of duties is the principle of splitting privileges among multiple individuals or systems. Server A system entity that provides a service in response to requests from other system entities called clients.
Session A session is a virtual connection between two hosts by which network traffic is passed. Session Key In the context of symmetric encryption, a key that is temporary or is used for a relatively short period of time.
Usually, a session key is used for a defined period of communication between two computers, such as for the duration of a single connection or transaction set, or the key is used in an application that protects relatively large amounts of data and, therefore, needs to be re-keyed frequently. Shadow Password Files A system file in which encryption user password are stored so that they aren't available to people who try to break into the system. Share A share is a resource made public on a machine, such as a directory file share or printer printer share.
Shell A Unix term for the interactive user interface with an operating system. The shell is the layer of programming that understands and executes the commands a user enters. In some systems, the shell is called a command interpreter. Signals Analysis Gaining indirect knowledge of communicated data by monitoring and analyzing a signal that is emitted by a system and that contains the data but is not intended to communicate the data. Signature A Signature is a distinct pattern in network traffic that can be identified to a specific tool or exploit.
Simple Integrity Property In Simple Integrity Property a user cannot write data to a higher integrity level than their own. A set of protocols for managing complex networks.
Simple Security Property In Simple Security Property a user cannot read data of a higher classification than their own. Smartcard A smartcard is an electronic badge that includes a magnetic strip or chip that can record and replay a set key. Smurf The Smurf attack works by spoofing the target address and sending a ping to the broadcast address for a remote network, which results in a large amount of ping replies being sent to the target. Sniffer A sniffer is a tool that monitors network traffic as it received in a network interface.
Social Engineering A euphemism for non-technical or low-technology means - such as lies, impersonation, tricks, bribes, blackmail, and threats - used to attack information systems. Socket The socket tells a host's IP stack where to plug in a data stream so that it connects to the right application. Socket Pair A way to uniquely specify a connection, i.
SOCKS A protocol that a proxy server can use to accept requests from client users in a company's network so that it can forward them across the Internet. SOCKS uses sockets to represent and keep track of individual connections.
Software Computer programs which are stored in and executed by computer hardware and associated data which also is stored in the hardware that may be dynamically written or modified during execution. Source Port The port that a host uses to connect to a server. It is usually a number greater than or equal to It is randomly generated and is different each time a connection is made. Spanning Port Configures the switch to behave like a hub for a specific port. Split Horizon Split horizon is a algorithm for avoiding problems caused by including routes in updates sent to the gateway from which they were learned.
Split Key A cryptographic key that is divided into two or more separate data items that individually convey no knowledge of the whole key that results from combining the items. Spoof Attempt by an unauthorized entity to gain access to a system by posing as an authorized user.
SQL Injection SQL injection is a type of input validation attack specific to database-driven applications where SQL code is inserted into application queries to manipulate the database. Stack Mashing Stack mashing is the technique of using a buffer overflow to trick a computer into executing arbitrary code. Star Property In Star Property, a user cannot write data to a lower classification level without logging in at that lower classification level.
State Machine A system that moves through a series of progressive conditions. Stateful Inspection Also referred to as dynamic packet filtering. Stateful inspection is a firewall architecture that works at the network layer.
Unlike static packet filtering, which examines a packet based on the information in its header, stateful inspection examines not just the header information but also the contents of the packet up through the application layer in order to determine more about the packet than just information about its source and destination. Static Host Tables Static host tables are text files that contain hostname and address mapping. Static Routing Static routing means that routing table entries contain information that does not change.
Stealthing Stealthing is a term that refers to approaches used by malicious code to conceal its presence on the infected system. Steganalysis Steganalysis is the process of detecting and defeating the use of steganography. Steganography Methods of hiding the existence of a message or other data. This is different than cryptography, which hides the meaning of a message but does not hide the message itself.
An example of a steganographic method is "invisible" ink. Stimulus Stimulus is network traffic that initiates a connection or solicits a response. Store-and-Forward Store-and-Forward is a method of switching where the entire packet is read by a switch to determine if it is intact before forwarding it. Straight-Through Cable A straight-through cable is where the pins on one side of the connector are wired to the same pins on the other end.
0コメント