Network Security Glossary: with over 80 helpful terms
Sometimes you just need a network security glossary. . .
There are a lot of words being thrown around the technology world. Here is a network security glossary for your reference.
Programs that secretly gather personal information through the Internet and relay it back to another computer, generally for advertising purposes. This is often accomplished by tracking information related to Internet browser usage or habits.
A backdoor is a tool installed after a compromise to give an attacker easier access to the compromised system around any security mechanisms that are in place.
Boot Record Infector
A boot record infector is a piece of malware that inserts malicious code into the boot sector of a disk.
Bots are quintessential Trojan Horses. They try to disguise the fact that they are on the desktop. They have control channels and can communicate back to whoever created them. Some have software update features. Most now have a financial variant. First they become a spam relay. When that gets shut down, they become Distributed Denial of Service facilitators. Later they can become keystroke loggers hunting for financial or software license information. 70 to 80 percent of all spam comes from bots.
A cryptanalysis technique or other kind of attack method involving an exhaustive procedure that tries all possibilities, one-by-one.
A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information – which has to go somewhere – can overflow into adjacent buffers, corrupting or overwriting the valid data held in them.
Cache Cramming is the technique of tricking a browser to run cached Java code from the local disk, instead of the internet zone, so it runs with less restrictive permissions.
Malicious or misleading data from a remote name server is saved [cached] by another name server. Typically used with DNS cache poisoning attacks.
Data exchanged between an HTTP server and a browser (a client of the server) to store state information on the client side and retrieve it later for server use. An HTTP server, when sending data to a client, may send along a cookie, which the client retains after the HTTP connection closes. A server can use this mechanism to maintain persistent client-side state information for HTTP-based applications, retrieving the state information in later connections.
Cookie poisoning is the modification of a cookie (personal information in a Web user’s computer) by an attacker to gain unauthorized information about the user for purposes such as identity theft. The attacker may use the information to open new accounts or to gain access to the user’s existing accounts.
Denial of Service
The prevention of authorized access to a system resource or the delaying of system operations and functions.
Programs that use a system, without your permission or knowledge, to dial out through the Internet to a 900 number or FTP site, typically to accrue charges.
The process of taking a binary program and deriving the source code from it.
Distributed Scans are scans that use multiple source addresses to gather information.
Domain hijacking is an attack by which an attacker takes over a domain by first blocking access to the domain’s DNS server and then putting his own server up in its place.
Dumpster Diving is obtaining passwords and corporate directories by searching through discarded media.
False Rejects are when an authentication system fails to recognize a valid user
Sending strange packets to a system in order to gauge how it responds to determine the operating system.
A forest is a set of Active Directory domains that replicate their databases with each other.
A Fork Bomb works by using the fork() call to create a new process which is a copy of the original. By doing this repeatedly, all available processes on the machine can be taken up.
Fragment Overlap Attack
A TCP/IP Fragmentation Attack that is possible because IP allows packets to be broken down into fragments for more efficient transport across various media. The TCP packet (and its header) are carried in the IP packet. In this attack the second fragment contains incorrect offset. When packet is reconstructed, the port number will be overwritten.
An Internet file sharing utility. Gnutella acts as a server for sharing files while simultaneously acting as a client that searches for and downloads files from other users
Tools used by a hacker to gain unauthorized access to your computer. One example of a hack tool is a keystroke logger, a program that tracks and records individual keystrokes and can send this information back to the hacker.
A form of active wiretapping in which the attacker seizes control of a previously established communication association.
Programs that simulate one or more network services that you designate on your computer’s ports. An attacker assumes you’re running vulnerable services that can be used to break into the machine. A honey pot can be used to log access attempts to those ports including the attacker’s keystrokes. This could give you advanced warning of a more concerted attack.
Usually an email that gets mailed in chain letter fashion describing some devastating, highly unlikely type of virus. Hoaxes are detectable as having no file attachment, no reference to a third party who can validate the claim, and by the general tone of the message.
A Hybrid Attack builds on the dictionary attack method by adding numerals and symbols to dictionary words.
Inference Attacks rely on the user to make logical connections between seemingly unrelated pieces of information.
Information Warfare is the competition between offensive and defensive players over information resources.
A denial of service attack that sends a host more echo request (“ping”) packets than the protocol implementation can handle
The technique of supplying a false IP address.
Jitter or Noise is the modification of fields in a database while preserving the aggregate characteristics of that make the database useful in the first place.
Programs that change or interrupt the normal behavior of your computer, creating a general distraction or nuisance. Harmless programs that cause various benign activities to display on your computer (for example, an unexpected screen saver).
Lightweight Directory Access Protocol (LDAP)
A software protocol for enabling anyone to locate organizations, individuals, and other resources such as files and devices in a network, whether on the public Internet or on a corporate Intranet.
A physical address; a numeric value that uniquely identifies that network device from every other device on the planet.
A generic term for “malicious software” – any program or file that is harmful to a computer user. The term includes computer viruses, worms, Trojan horses, and also spyware programming that gathers information about a computer user without permission.
A type of attack in which one system entity illegitimately poses as (assumes the identity of) another entity.
A worm program written by Robert T. Morris, Jr. that flooded the ARPANET in November, 1988, causing problems for thousands of hosts.
Network taps are hardware devices that hook directly onto the network cable and send a copy of the traffic that passes through it to one or more other networked devices
Known as Anonymous Logon, it is a way of letting an anonymous user retrieve information such as user names and shares over the network or connect without authentication. It is used by applications such as explorer.exe to enumerate shares on remote servers.
Passive wiretapping, usually on a local area network, to gain knowledge of passwords.
Tricking Internet users into providing personal data for malicious or fraudulent use. Over 60 percent of all Internet users have visited a spoofed site and over 15 percent have been tricked into providing personal data.
Ping of Death
An attack that sends an improperly large ICMP echo request packet (a “ping”) with the intent of overflowing the input buffers of the destination machine and causing it to crash.
A ping scan looks for machines that are responding to ICMP Echo Requests.
An attack that sends ICMP echo requests (“pings”) to a range of IP addresses, with the goal of finding hosts that can be probed for vulnerabilities.
Split horizon with poisoned reverse (more simply, poison reverse) does include such routes in updates, but sets their metrics to infinity. In effect, advertising the fact that there routes are not reachable.
Polymorphism is the process by which malicious software changes its underlying code to avoid detection.
A port scan is a series of messages sent by someone attempting to break into a computer to learn which computer network services, each associated with a “well-known” port number, the computer provides. Port scanning, a favorite approach of computer cracker, gives the assailant an idea where to probe for weaknesses. Essentially, a port scan consists of sending a message to each port, one at a time. The kind of response received indicates whether the port is used and can therefore be probed for weakness.
A program infector is a piece of malware that attaches itself to existing program files.
A network worm.
A race condition exploits the small window of time between a security control being applied and when the service is used.
Radiation monitoring is the process of receiving images, data, or audio from an unprotected source by listening to radiation signals.
Reconnaissance is the phase of an attack where an attackers finds new systems, maps out networks, and probes for specific, exploitable vulnerabilities.
Resource exhaustion attacks involve tying up finite resources on a system, making them unavailable to others.
Programs that allow another computer to gain information or to attack or alter your computer, usually over the Internet. Remote access programs detected in virus scans may be recognizable commercial software, which are brought to the user’s attention during the scan.
A collection of tools (programs) that a hacker uses to mask intrusion and obtain administrator-level access to a computer or computer network.
A routing loop is where two or more poorly configured routers repeatedly exchange the same packet over and over.
Take over a session that someone else has established.
A Signature is a distinct pattern in network traffic that can be identified to a specific tool or exploit.
The Smurf attack works by spoofing the target address and sending a ping to the broadcast address for a remote network, which results in a large amount of ping replies being sent to the target.
A sniffer is a tool that monitors network traffic as it received in a network interface.
A synonym for “passive wiretapping”
A euphemism for non-technical or low-technology means – such as lies, impersonation, tricks, bribes, blackmail, and threats – used to attack information systems.
Electronic junk mail or junk newsgroup postings. There is probably no end in sight because it is a huge source of profit. More than serving as an irritant, spam serves as a gateway for artificially generated web traffic, phishing, identity theft and credential theft.
Attempt by an unauthorized entity to gain access to a system by posing as an authorized user.
Stand-alone programs that can secretly monitor system activity. These may detect passwords or other confidential information and transmit them to another computer.
Spyware can be downloaded from Web sites (typically in shareware or freeware), email messages, and instant messengers. A user may unknowingly trigger spyware by accepting an End User License Agreement from a software program linked to the spyware.
SQL injection is a type of input validation attack specific to database-driven applications where SQL code is inserted into application queries to manipulate the database.
Stack mashing is the technique of using a buffer overflow to trick a computer into executing arbitrary code.
Stealthing is a term that refers to approaches used by malicious code to conceal its presence on the infected system.
Methods of hiding the existence of a message or other data. This is different than cryptography, which hides the meaning of a message but does not hide the message itself. An example of a steganographic method is “invisible” ink.
A denial of service attack that sends a host more TCP SYN packets (request to synchronize sequence numbers, used when opening a connection) than the protocol implementation can handle.
Tiny Fragment Attack
With many IP implementations it is possible to impose an unusually small fragment size on outgoing packets. If the fragment size is made small enough to force some of a TCP packet’s TCP header fields into the second fragment, filter rules that specify patterns for those fields will not match. If the filtering implementation does not enforce a minimum fragment size, a disallowed packet might be passed because it didn’t hit a match in the filter. STD 5, RFC 791 states: Every Internet module must be able to forward a datagram of 68 octets without further fragmentation. This is because an Internet header may be up to 60 octets, and the minimum fragment is 8 octets.
A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program.
UDP scans perform scans to determine which UDP ports are open.
A hidden, self-replicating section of computer software, usually malicious logic, that propagates by infecting – i.e., inserting a copy of itself into and becoming part of – another program. A virus cannot run by itself; it requires that its host program be run to make the virus active.
A flaw or weakness in a system’s design, implementation, or operation and management that could be exploited to violate the system’s security policy.
War chalking is marking areas, usually on sidewalks with chalk, that receive wireless signals that can be accessed.
A computer program that automatically dials a series of telephone numbers to find lines connected to computer systems, and catalogs those numbers so that a cracker can try to break into the systems.
War driving is the process of traveling around looking for wireless access point signals that can be used to get network access
An IP for finding information about resources on networks.
A computer program that can run independently, can propagate a complete working version of itself onto other hosts on a network, and may consume computer resources destructively.
Hopefully, this network security glossary was helpful. Have any questions (or words to add)? Contact us today.