Payson Technology Group, LLC - Computer Network Security Glossary

Access Control

Refers to mechanisms and policies that restrict access to computer resources. An access control list (ACL), for example, specifies what operations different users can perform on specific files and directories.

Active Content

Active content refers to material that is downloaded that makes something happen, as opposed to static content, such as text or simple images that do nothing but get displayed. Active content includes such things as JavaScript animations, ActiveX controls, Java spreadsheets...anything that actually does something.


ActiveX is Microsoft's answer to the Java technology from Sun Microsystems. An ActiveX control is roughly equivalent to a Java applet. ActiveX is the name Microsoft has given to a set of "strategic" object-oriented program technologies and tools. The main thing that you create when writing a program to run in the ActiveX environment is a component, a self-sufficient program that can be run anywhere in your ActiveX network (currently a network consisting of Windows and Macintosh systems). This component is known as an ActiveX control.

Address Book

An automated e-mail address directory that allows you to address your messages easily. Generally comes in personal and public versions.

Address Resolution Protocol (ARP)


Advanced Encryption Standard (AES)

The Advanced Encryption Standard (AES) is a Federal Information Processing Standard (FIPS) Publication that will specify a cryptographic algorithm for use by U.S. Government organizations to protect sensitive (unclassified) information. This standard specifies Rijndael as a FIPS-approved symmetric encryption algorithm that may be used by U.S. Government organizations (and others) to protect sensitive information.

Anti-Replay Service

With anti-replay service, each IP packet passing within the secure association is tagged with a sequence number. On the receiving end, each packet's sequence number is checked to see if it falls within a specified range. If an IP packet tag number falls outside of the range, the packet is blocked.


A software program designed to identify and remove a known or potential computer virus

API (Application program interface)

An API is the specific methodology by which a programmer writing an application program may make requests of the operating system or another application.

Application Gateway Firewall

Application gateways look at data at the application layer of the protocol stack and serve as proxies for outside users, intercepting packets and forwarding them to the application. Thus, outside users never have a direct connection to anything beyond the firewall. The fact that the firewall looks at this application information means that it can distinguish among such things as Telnet, file transfer protocol (FTP), or Lotus Notes traffic. Because the application gateway understands these protocols, it provides security for each application it supports.


An archive is a collection of computer files that have been packaged together for backup, to transport to some other location, for saving away from the computer so that more hard disk storage can be made available, or for some other purpose. An archive can include a simple list of files or files organized under a directory or catalog structure (depending on how a particular program supports archiving).

ARP (Address Resolution Protocol)

A protocol used to obtain the physical addresses (such as MAC addresses) of hardwareunits in a network environment. A host obtains such a physical address by broadcastingan ARP request, which contains the IP address of the target hardware unit. If the requestfinds a unit with that IP address, the unit replies with its physical hardware address.

ASIC (Application Specific Integrated Circuit)

a chip designed for a particular application. ASICs are built by connecting existing circuit building blocks in new ways. Since the building blocks already exist in a library, it is much easier to produce a new ASIC than to design a new chip from scratch.

Asymmetrical Key Exchange

Asymmetric or public key cryptography is based on the concept of a key pair. Each half of the pair (one key) can encrypt information so that only the other half (the other key) can decrypt it. One part of the key pair, the private key, is known only by the designated owner; the other part, the public key, is published widely but is still associated with the owner.


A file that a user adds to an email message to transfer it to another user.


The process of determining the identity of a user that is attempting to access a network. Authentication occurs through challenge/response, time-based code sequences or other techniques. See CHAP and PAP.

Authentication Header (AH)

The Authentication Header is a mechanism for providing strong integrity and authentication for IP datagrams. It might also provide non-repudiation, depending on which cryptographic algorithm is used and how keying is performed. For example, use of an asymmetric digital signature algorithm, such as RSA, could provide non- repudiation.


The process of determining what types of activities or access are permitted on a network. Usually used in the context of authentication: once you have authenticated a user, they may be authorized to have access to a specific service.


Generally speaking, bandwidth is directly proportional to the amount
of data transmitted or received per unit time. In digital systems, bandwidth is proportional to the data speed in bits per second (bps). Thus, a modem that works at 57,600 bps has twice the bandwidth of a modem that works at 28,800 bps.

Bastion host

A specific host that is used to intercept packets entering or leaving a network. and the system that any outsider must ordinarily connect with to access a system or service that is inside the network's firewall. Typically the bastion host must be highly secured because it is vulnerable to attack due to its placement. See dual-homed gateway.

Buffer Overflow Attack

A buffer overflow attack works by exploiting a known bug in one of the applications running on a server. It then causes the application to overlay system areas, such as the system stack, thus gaining administrative rights. In most cases, this gives a hacker complete control over the system. Also referred to as stack overflow.

CA (Certificate Authority)

See Certificate Authority

CA Signature

A digital code that vouches for the authenticity of a digital certificate. The CA signature is provided by the certificate authority (CA) that issued the certificate.

CGI exploit

When a denial of service attack is aimed at the CGI (common gateway interface), it is referred to as a CGI exploit. The CGI is a standard way for a Web server to pass a Web user's request to an application program and to receive data back to forward to the user.  It is part of the Web's HTTP protocol.

Certificate Authority (CA)

A certificate authority is an authority in a network that issues and manages security credentials and public keys for message encryption and decryption. As part of a public key infrastructure ( PKI), a CA checks with a registration authority ( RA) to verify information provided by the requestor of a digital certificate . If the RA verifies the requestor's information, the CA can then issue a certificate.


A common authentication technique whereby an individual is prompted (the challenge) to provide some private information (the response). Most security systems that rely on smart cards are based on challenge-response. A user is given a code (the challenge) which he or she enters into the smart card. The smart card then displays a new code (the response) that the user can present to log in.

CHAP (Challenge-Handshake Authentication Protocol)

An authentication technique where after a link is established, a server sends a challenge to the requestor. The requestor responds with a value obtained by using a one-way hash function. The server checks the response by comparing it its own calculation of the expected hash value. If the values match, the authentication is acknowledged otherwise the connection is usually terminated.

Checksum or hash

A checksum is a count of the number of bits in a transmission unit that is
included with the unit so that the receiver can check to see whether the same number of bits arrived. If the counts match, it's assumed that the complete transmission was received.

Circuit-level gateways

Circuit-level gateways run proxy applications at the session layer instead of the application layer. They can't distinguish different applications that run on the same protocol stack. However, these gateways don't need a new module for every new application, either. Circuit-level gateway is a firewall feature which can, when needed, serve as an alternative to packet filtering or application gateway functionality.

Cleanup interval

A setting in the Ravlin Node Manager that specifies how long a Ravlin unit waits before performing automatic internal cleanup. In general, the busier the network, the more often system cleanups should be performed.


A client is the requesting program or user in a client/server relationship. For example, the user of a Web browser is effectively making client requests for pages from servers all over the Web. The browser itself is a client in its relationship with the computer that is getting and returning the requested HTML file.

Community string

A character string used to identify valid sources for SNMP requests, and to limit the scope of accessible information. Ravlin units use the community string like a password, allowing only a limited set of management stations to access its MIB

Content blocking

The ability to block network traffic based on actual packet content.

Content filtering, scanning or screening

The ability to review the actual information that an end user sees when using a specific Internet application. For example, the content of e-mail.

Content virus

See data driven attack. Commonly protected against with a virus scanner.


A message given to a Web browser by a Web server. The browser stores the message in a text file called cookie.txt. The message is then sent back to the server each time the browser requests a page from the server.

CoS (Class of Service)

Class of Service (CoS) is a way of managing traffic in a network by grouping similar types of traffic (for example, e-mail, streaming video, voice, large document file transfer) together and treating each type as a class with its own level of service priority.


A RedCreek hardware implementation that offloads the heavy computational load usually imposed by cryptographic tasks, freeing system resources and thus allowing rapid encryption.


A branch of complex mathematics and engineering devoted to protecting information from unwanted access. In the context of computer networking, cryptography consists of encryption, authentication, and authorization.


A program that runs continuously and exists for the purpose of handling periodic service requests that a computer system expects to receive. The daemon program forwards the requests to other programs (or processes) as appropriate. Each server of pages on the Web has an HTTPD or Hypertext Transfer Protocol daemon that continually waits for requests to come in from Web clients and their users.

Data driven attack

A form of intrusion in which the attack is encoded in seemingly innocuous data, and it is subsequently executed by a user or other software to actually implement the attack.

DES (Data Encryption Standard)

A widely-used method of data encryption using a private (secret) key that was judged so difficult to break by the U.S. government that it was restricted for exportation to other countries. There are 72,000,000,000,000,000 (72 quadrillion) or more possible encryption keys that can be used. For each given message, the key is chosen at random from among this enormous number of keys. Like other private key cryptographic methods, both the sender and the receiver must know and use the same private key.

Denial of service attack

A user or program takes up all the system resources by launching a multitude of requests, leaving no resources and thereby "denying" service to other users. Typically, denial-of-service attacks are aimed at bandwidth control.

DHCP (Dynamic Host Configuration Protocol)

DHCP enables individual computers on an IP network to extract their configurations from a server (the 'DHCP server') or servers, in particular, servers that have no exact information about the individual computers until they request the information. The overall purpose of this is to reduce the work necessary to administer a large IP network. The most significant piece of information distributed in this manner is the IP address.


The Diffie-Hellman Method For Key Agreement allows two hosts to create and share a secret key. VPNs operating on the IPSec standard use the Diffie-Hellman method for key management. Key management in IPSec begins with the overall framework called the Internet Security Association and Key Management Protocol (ISAKMP). Within that framework is the Internet Key Exchange (IKE) protocol. IKE relies on yet another protocol known as OAKLEY and it uses Diffie-Hellman.

DiffServ (Differentiated Services

Differential service mechanisms allow providers to allocate different levels of service to different users of the Internet. Broadly speaking, any traffic management or bandwidth control mechanism that treats different users differently - ranging from simple Weighted Fair Queuing to RSVP and per-session traffic scheduling - counts. However, in common Internet usage the term is coming to mean any relatively simple, lightweight mechanism that does not depend entirely on per-flow resource reservation.

Digital Certificate

A digital certificate is an electronic "credit card" that establishes your credentials when doing business or other transactions on the Web. It is issued by a certification authority (CA). It contains your name, a serial number, expiration dates, a copy of the certificate holder's public key (used for encrypting and decrypting messages and digital signatures), and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real.

Digital Signature

A digital signature is an electronic rather than a written signature that can be used by someone to authenticate the identity of the sender of a message or of the signer of a document. It can also be used to ensure that the original content of the message or document that has been conveyed is unchanged. Additional benefits to the use of a digital signature are that it is easily transportable, cannot be easily repudiated, cannot be imitated by someone else, and can be automatically time-stamped.

DMZ (de-militarized zone)

A network added between a protected network and an external network in order to provide an additional layer of security. Sometimes called a perimeter network.

DNS (Domain Name System)

The Internet protocol for mapping host names, domain names and aliases to IP addresses.

DNS spoofing

Breaching the trust relationship by assuming the DNS name of another system. This is usually accomplished by either corrupting the name service cache of a victim system or by compromising a domain name server for a valid domain.


The unique name used to identify an Internet network.

Domain name server

A repository of addressing information for specific Internet hosts. Name servers use the domain name system to map IP addresses to Internet hosts.


A "downloadable" is a file that has been transmitted from one computer system to another, usually smaller computer system. From the Internet user's point-of-view, to download a file is to request it from another computer (or from a Web page on another computer) and to receive it.

Downstream post office

A post office that communicates with a mail server through another post office or other post offices.

DSL (Digital Subscriber Line)

DSL (Digital Subscriber Line) is a technology for bringing high-bandwidth information to homes and small businesses over ordinary copper telephone lines. xDSL refers to different variations of DSL, such as ADSL, HDSL, and RADSL. A DSL line can carry both data and voice signals and the data part of the line is continuously connected.

DSS (Digital Signature Standard

The Digital Signature Standard (DSS) is a cryptographic standard promulgated by the National Institute of Standards and Technology (NIST) in 1994. It has been adopted as the federal standard for authenticating electronic documents, much as a written signature verifies the authenticity of a paper document.

DSX (Dynamic Security Extension)

A proprietary technology that is patented and works in the following way. The operating system has a system call (or vector) table that contains memory address pointers for each system call. These pointers point to a location in memory where the actual kernel code of the system calls resides. DSX stores the address pointers for the security sensitive system calls and then redirects these pointers to the corresponding SECURED system call code, which is located elsewhere in memory.

Dual-homed gateway

A system that has two or more network interfaces, each of which is connected to a different network. In firewall configurations, a dual-homed gateway usually acts to block or filter some or all of the traffic trying to pass between the networks.


e-business" ("electronic business," derived from such terms as "e-mail" and "e-commerce") is the conduct of business on the Internet, not only buying and selling but also servicing customers and collaborating with business partners.


e-commerce (electronic commerce or EC) is the buying and selling of goods and services on the Internet, especially the World Wide Web. In practice, this term and e-business are often used interchangeably. For online retail selling, the term e-tailing is sometimes used.

email client

An application from which users can create, send and read e-mail messages.

email server

An application that controls the distribution and storage of e-mail messages.


Scrambling data in such a way that it can only be unscrambled through the application of the correct cryptographic key.

Encryption-In-Place (EIP)

A security mode in which a Ravlin unit encrypts the IP packet's payload only (without encrypting the packet header). Because EIP does not require encryption of the IP header or encapsulation of the IP packet, overhead is lower and performance enhanced.

Endpoint Group

In a policy enforced network, an endpoint group represents subnets or an individual host protected by a security appliance. By creating and configuring endpoint groups, you can permit hosts in one subnet to exchange data securely with hosts in another subnet. Endpoint groups along with their associated policy enforcement points are generally members of a policy group

Enterprise Object

Within a policy enforced network,  the enterprise is the highest-level object category. It encompasses all management domains and all lower-level divisions in the organization's secure networking environment.

ESP (Encapsulated Security Payload)

The Encapsulating Security Payload provides confidentiality for IP datagrams or packets, which are the message units that the Internet Protocol deals with and that the Internet transports, by encrypting the payload data to be protected. I


A local-area network (LAN) protocol developed by Xerox Corporation in cooperation with DEC and Intel in 1976. Ethernet uses a bus or star topology and supports data transfer rates of 100Mbps.


An executable is a file that contains a program - that is, a particular kind of file that is capable of being executed or run as a program in the computer.

Extended MAPI (Extended Messaging Application Programming Interface)

An interface developed by Microsoft that provides messaging functions including addressing, sending, receiving and storing messages.

FDDI (Fiber Distributed Data Interface

A set of ANSI protocols for sending digital data over fiber optic cable. FDDI networks are token-passing networks, and support data rates of up to 100 Mbps (100 million bits) per second. FDDI networks are typically used as backbones for wide-area networks.


A filter is a program or section of code that is designed to examine each input or output request for certain qualifying criteria and then process or forward it accordingly. .


A firewall is a program that protects the resources of one network from users from other networks. Typically, an enterprise with an intranet that allows its workers access to the wider Internet will want a firewall to prevent outsiders from accessing its own private data resources.

Firewall denial-of service

The firewall is specifically subjected to a denial-of-service attack.

FTP (File Transfer Protocol)

FTP is the simplest way to exchange files between computers on the Internet. Like the Hypertext Transfer Protocol (HTTP), which transfers displayable Web pages and related files, and the Simple Mail Transfer Protocol (SMTP), which transfers e-mail, FTP is an application protocol that uses the Internet's TCP/IP protocols.


A gateway is a network point that acts as an entrance to another network. In a company network, a proxy server acts as a gateway between the internal network and the Internet. A gateway may also be any machine or service that passes packets from one network to another network in their trip across the Internet.

Green Screen Terminal

Terminals that are designed to be centrally-managed, configured with only essential equipment, and devoid of CD-ROM players, diskette drives, and expansion slots (and therefore lower in cost).


Hacker is a term used by some to mean "a clever programmer" and by others, especially journalists or their editors, to mean "someone who tries to break into computer systems."

Headend or Head End

A central control device required by some networks (e.g., LANs or VPNs) to provide such centralized functions as administration, diagnostic control, and network access.

Highjacking or hijacking

Control of a connection is taken by the attacker after the user authentication has been established.

HMAC (Header Message Authentication Codes )

HMAC is a hash function based message authentication code that was designed to meet the requirements of the IPsec working group in the IETF, and is now a standard.

HTML (HyperText Markup Language)

A standard set of commands used to structure documents and format text so that it can be used on the Web.

HTTP (HyperText Transfer Protocol)

HTTP is the set of rules for exchanging files (text, graphic images, sound, video, and other multimedia files) on the World Wide Web. Relative to the TCP/IP suite of protocols (which are the basis for information exchange on the Internet), HTTP is an application protocol.

HTTPS (Secure Hypertext Transfer Protocol)

The secure hypertext transfer protocol (HTTPS) is a communications protocol designed to transfer encrypted information between computers over the World Wide Web. HTTPS is http using a Secure Socket Layer (SSL).

Hybrid Auth

The Hybrid Auth extension allows the asymmetric use of digital certificates between client and server. The client verifies the authenticity of the server's credentials (certificate), and the server verifies the authenticity of the client's credentials. Companies benefit from the interoperability of standards-based IPSec with IKE as well as the increased security of the PKI at the central site, with no disruption to remote users.

I2O (Intelligent Input/Output)

Intelligent Input/Output (I2O) is a hardware specification that describes a model for offloading I/O processing from the CPU. The model is after the style of what has been used in very large mainframes for years. It is not a replacement for the PCI architecture.

ICSA (International Computer Security Association

An organization with the mission to continually improve commercial computer security through certification of firewalls, anti-virus products and web sites. ICSA also shares and disseminates information concerning information security.

Insider attack

An attack originating from inside a protected network.

Internet Key Exchange (IKE)

A hybrid protocol whose purpose is to negotiate, and provide authenticated keying material for, security associations in a protected manner. Processes which implement this protocol can be used for negotiating virtual private networks (VPNs) and also for providing a remote user from a remote site (whose IP address need not be known beforehand) access to a secure host or network.

Intrusion detection

Detection of break-ins or break-in attempts by reviewing logs or other information available on a network.

IP (Internet Protocol)

The Internet Protocol is the method or protocol by which data is sent from one computer to another on the Internet. Each computer (known as a host) on the Internet has at least one address that uniquely identifies it from all other computers on the Internet.

IP spoofing

An attack where the attacker impersonates a trusted system by using its IP network address.

IP hijacking

An attack where an active, established session is intercepted and taken over by the attacker. May take place after authentication has occurred which allows the attacker to assume the role of an already authorized user.

IPSec (Internet Protocol Security )

A developing standard for security at the network or packet processing layer of network communication. IPSec provides two choices of security service: Authentication Header (AH), which essentially allows authentication of the sender of data, and Encapsulating Security Payload (ESP), which supports both authentication of the sender and encryption of data as well.

ISDN (Integrated Services Digital Network

A set of communications standards allowing a single wire or optical fibre to carry voice, digital network services and video. ISDN gives a user up to 56 kbps of data bandwidth on a phone line that is also used for voice, or up to 128 kbps if the line is only used for data.


Java is a programming language expressly designed for use in the distributed environment of the Internet. It was designed to have the "look and feel" of the C++ language, but it is simpler to use than C++ and enforces a completely object-oriented view of programming. Java can be used to create complete applications that may run on a single computer or be distributed among servers and clients in a network. It can also be used to build small application modules or applets for use as part of a Web page. Applets make it possible for a Web page user to interact with the page.


Kerberos was created by MIT as a solution to network security problems. The Kerberos protocol uses strong cryptography so that a client can prove its identity to a server (and vice versa) across an insecure network connection. After a client and server has used Kerberos to prove their identity, they can also encrypt all of their communications to assure privacy and data integrity as they go about their business.


In cryptography, a key is a variable value that is applied using an algorithm to a string or block of unencrypted text to produce encrypted text. The length of the key generally determines how difficult it will be to decrypt the text in a given message.

Key Management

The establishment and enforcement of message encryption and authentication procedures, in order to provide privacy-enhanced mail (PEM) services for electronic mail transfer over the Internet.

LDAP (Lightweight Directory Access Protocol)

LDAP (Lightweight Directory Access Protocol) is an emerging software protocol for enabling anyone to locate organizations, individuals, and other resources such as files and devices in a network, whether on the Internet or on a corporate intranet. LDAP is a "lightweight" (smaller amount of code) version of DAP (Directory Access Protocol), which is part of X.500, a standard for directory services in a network.

Litigation Protection

Litigation protection is both the review and recording of Internet, intranet and extranet communications that is done in order to avoid litigation or the documentation of the communications parties and content in the event of litigation.

MAC (Media Access Control)

On a network, the MAC (Media Access Control) address is your computer's unique hardware number. The MAC address is used by the Media Access Control sublayer of the Data-Link Control (DLC) layer of telecommunication protocols. There is a different MAC sublayer for each physical device type. The Data-Link Layer is the protocol layer in a program that handles the moving of data in and out across a physical link in a network.

Macro Virus

Macro viruses are small programs written using the internal programming language of a specific application program that replicate within documents created by the application program. Common examples of application programs that use macros include word processors such as Word and spreadsheets such as Excel.

Malicious Code

Malicious code is any code added, changed, or removed from a software system in order to intentionally cause harm or subvert the intended function of the system. Traditional examples of malicious code include viruses, worms, Trojan Horses, and attack scripts, while more modern examples include Java attack applets and dangerous ActiveX controls.

Management Domain

In a policy enforced network, a management domain consists of one or more policy groups. A management domain usually encompasses a large category of users. For example, a management domain might contain all users who work with an organization's financial data or with an insurance company's patient records. Management domains may also be specific to business relationships such as extranet partnerships or branch-office data transfer.

MAPI (Messaging Application Programming Interface)

An interface developed by Microsoft that provides messaging functions including addressing, sending, receiving and storing messages. Simple MAPI includes some of these functions. Extended MAPI includes all of these functions.

MIB (Management Information Base)

A database of objects that can be monitored by an SNMP-based network management system. Standardized MIB formats allow any SNMP tool to monitor any device defined by a MIB.

MIME (Multipurpose Internet Mail Extensions)

A protocol used for transmitting documents with different formats via the Internet.


A view of individual user activity on a network, generally in real time. Provides administrators with the ability to view the content of user utilized applications.

MPLS (Multiprotocol Label Switching

A base technology for using label switching in conjunction with network layer routing and for the implementation of that technology over various link level technologies, which may include Packet-over-Sonet, Frame Relay, ATM, and Ethernet 

NAPT (Network Address Port Translation

NAPT is a special case of NAT, where many IP numbers are hidden behind a number of addresses, but in contrast to the original  NAT this does not mean there can be only that number of connections at a time. In NAPT an almost arbitrary number of connections is multiplexed using TCP port information. The number of simultaneous connections is limited by the number of addresses multiplied by the number of TCP ports available.

NAR (Network Address Retention)

A simplified IP addressing capability that eliminates the need to establish an intermediate IP address between a router and a firewall. Sometimes called Proxy-ARP. This feature allows the implementation of a firewall into an existing network without having to establish a new IP address scheme.

NAT (Network Address Translation)

Network Address Translation allows your Intranet to use addresses that are different from what the outside Internet thinks you are using. It permits many users to share a single external IP address at the same time. The NAT provides what some people call "address hiding", which is, as it suggests, security through obscurity at best.

Network Service Access Policy

A high level, issue specific policy which defines those services that will be allowed or explicitly denied from a restricted network, the way in which these services will be used, and the conditions for exceptions to the policy.

NNTP (Network News Transfer Protocol

NNTP (Network News Transfer Protocol) is the predominant protocol used by computers (servers and clients) for managing the notes posted on  newsgroups. NNTP replaced the original Usenet protocol, UNIX-to-UN


The goal of nonrepudiation is to prove that a message has been sent and received. This is extremely important in networks where commands and status must be issued and responded to, where financial transactions must be verifiably completed, and where signed contracts are transmitted.

ODBC (Open Database Connectivity

ODBC is a standard or open application programming interface (API) for accessing a database. By using ODBC statements in a program, you can access files in a number of different databases, including Access, dBase, DB2, Excel, and Text. In addition to the ODBC software, a separate module or driver is needed for each database to be accessed.


A packet is the unit of data that is routed between an origin and a destination on the Internet or any other packet-switched network. When any file (e-mail message, HTML file, GIF file, URL request, and so forth) is sent from one place to another on the Internet, the Transmission Control Protocol (TCP) layer of TCP/IP divides the file into "chunks" of an efficient size for routing. Each of these packets is separately numbered and includes the Internet address of the destination. The individual packets for a given file may travel different routes through the Internet. When they have all arrived, they are reassembled into the original file (by the TCP layer at the receiving end).

Packet Filters

Packet filters keep out certain data packets based on their source and destination addresses and service type. Filters can be used to block connections from or to specific hosts, networks or ports. Packet filters are simple and fast. However, they make decisions based on a very limited amount of information.

Packet Sniffing

Intercepting packets of information (including such things for example as a credit card number ) that are traveling between locations on the Internet.

PAP (Password Authentication Procedure)

A procedure used to validate a connection request. After the link is established, the requestor sends a password and an id to the server. The server either validates the request and sends back an acknowledgement, terminates the connection, or offers the requestor another chance.

Password-based attacks

An attack where repetitive attempts are made to duplicate a valid log-in and/or password sequence.

Perimeter network

See DMZ.

PGP (Pretty Good Privacy)

A cryptographic product family that enables people to securely exchange  messages, and to secure files, disk volumes and network connections with both privacy and strong authentication.

Ping of Death Attack

A notorious exploit that (when first discovered) could be easily used to crash a wide variety of machines by overrunning the size limits in their TCP/IP stacks. The term is now used to refer to any nudge delivered by hackers over the network that causes bad things to happen on the system being nudged.

PKCS (Public-Key Cryptography Standards)

The Public-Key Cryptography Standards are specifications produced by RSA Laboratories in cooperation with secure systems developers worldwide for the purpose of accelerating the deployment of public-key cryptography. First published in 1991 as a result of meetings with a small group of early adopters of public-key technology, the PKCS documents have become widely referenced and implemented.

PKI (Public Key Infrastructure)

A PKI (public key infrastructure) enables users of a basically unsecure public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority.

Platform attack

An attack that is focuses on vulnerabilities in the operating system hosting the firewall.

PPP (Point-to-Point Protocol)

Point-to-Point Protocol (PPP) is a protocol for communication between two computers using a serial interface, typically a personal computer connected by phone line to a server.

PPPoE (Point-to-Point Protocol over Ethernet)

PPP over Ethernet (PPPoE) provides the ability to connect a network of hosts over a simple bridging access device to a remote Access Concentrator (Server).

PPTP (Point-to-Point Tunneling Protocol)

Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables the secure transfer of data from a remote client to a private enterprise server by creating a virtual private network (VPN) across TCP/IP-based data networks. PPTP supports on-demand, multi-protocol, virtual private networking over public networks, such as the Internet.

Policy Enforced Network (PEN)

A Policy Enforced Network is a management architecture in which the creation, delivery and enforcement of business rules in an information network are defined and automated. Policy Enforced Networking is  designed to bring structure and organization to information networks whether they are within a campus or are distributed around the globe.

Policy Enforcement Points (PEP)

In a policy enforced network, a policy enforcement point represents a security appliance used to protect one or more endpoints. PEPs are also points for monitoring the health and status of a network. PEPs are generally members of a policy group.

Policy Groups

In a policy enforced network (PEN), a policy group represents endpoint groups and their associated policy enforcement points. A policy group also contains business rules concerning membership, access privileges, and traffic flow (including data authentication, encryption, and address translation). In most cases, a policy group’s members are related to each other in ways useful to the organization. Policy groups are generally members of a management domain.

Policy Management Zone (PMZ)

The Policy Management Zone protects communications between trusted parties and firewalls access to untrusted domains in an information network.

Policy Rules

In a policy enforced network (PEN), policy rules determine how the members and endpoint groups of a policy group communicate.

Polymorphic virus

Polymorphic viruses encrypt the body of the virus in an attempt to hide its signature from anti-virus programs.

POP3 (Post Office Protocol 3)

An e-mail protocol used to retrieve e-mail from a remote server over an Internet connection.

Private Key

In cryptography, a private or secret key is an encryption/decryption key known only to the party or parties that exchange secret messages. In traditional secret key cryptography, a key would be shared by the communicators so that each could encrypt and decrypt messages. The risk in this system is that if either party loses the key or it is stolen, the system is broken. A more recent alternative is to use a combination of public and private keys. In this system, a public key is used together with a private key.


A special set of rules for communicating that the end points in a telecommunication connection use when they send signals back and forth. Protocols exist at several levels in a telecommunication connection. There are hardware telephone protocols. There are protocols between the end points in communicating programs within the same computer or at different locations. Both end points must recognize and observe the protocol. Protocols are often described in an industry or international standard.

Protocol Attacks

A protocol attack is when the characteristics of network services are exploited by the attacker. Examples include the creation of infinite protocol loops which result in denial of services (e.g., echo packets under IP), the use of information packets under the Network News Transfer Protocol to map out a remote site, and use of the Source Quench protocol element to reduce traffic rates through select network paths.


An agent that acts on behalf of a user, typically accepting a connection from a user and completing a connection on behalf of the user with a remote host or service. See also gateway and proxy server.

Proxy Server

A proxy server is one that acts on behalf of one or more other servers, usually for screening, firewall, caching, or a combination of these purposes. Gateway is often used as a synonym for "proxy server." Typically, a proxy server is used within a company or enterprise to gather all Internet requests, forward them out to Internet servers, and then receive the responses and in turn forward them to the original requestor within the company.

Public Key

A public key is a value provided by some designated authority as a key that, combined with a private key derived from the public key, can be used to effectively encrypt and decrypt messages and digital signatures. The use of combined public and private keys is known as asymmetric encryption. A system for using public keys is called a public key infrastructure (PKI).

QoS (Quality of Service)

On the Internet and in other networks, QoS is the idea that transmission rates, error rates, and other characteristics can be measured, improved, and, to some extent, guaranteed in advance. QoS is of particular concern for the continuous transmission of high-bandwidth video and multimedia information.

RA (Registration Authority)

An RA (registration authority) is an authority in a network that verifies user requests for a digital certificate and tells the certificate authority (CA) to issue it. RAs are part of a public key infrastructure (PKI), a networked system that enables companies and users to exchange information and money safely and securely.


RADIUS (Remote Authentication Dial-In User Service) is a client/server protocol and software that enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service. RADIUS allows a company to maintain user profiles in a central database that all remote servers can share.

RAS (Remote Access Services)

A feature built into Windows NT that enables users to log into an NT-based LAN using a modem, X.25 connection or WAN link. RAS works with several major network protocols, including TCP/IP, IPX, and NetBEUI.

Replay Prevention

To provide protection against replay attacks in which a message is stored and re-used later, replacing or repeating the original. See also Anti-replay service.

RIP (Routing Information Protocol)

The oldest routing protocol on the Internet and the most commonly used routing protocol on local area IP networks. Routers use RIP to periodically broadcast which networks they know how to reach.

Routing Agent

On the Internet, an agent (also called an intelligent agent) is a program that gathers information or performs some other service without your immediate presence and on some regular schedule. Typically, an agent program, using parameters you have provided, searches all or some part of the Internet, gathers information you're interested in, and presents it to you on a daily or other periodic basis.

RSA (Rivest-Shamir-Adleman)

One of the fundamental encryption algorithms or series of mathematical actions developed in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman. The RSA algorithm is the most commonly used encryption and authentication algorithm and is included as part of the Web browsers from Netscape and Microsoft.

RSACi (Recreational Software Advisory Council on the Internet)

A computer software ratings system of Web site content developed by RSACI in response to the passage of US federal legislation prohibiting the transmittal of offensive, or indecent, materials over the Internet. RSACi was developed with the express intent of providing a simple, yet effective rating system for web sites which protect both children, by providing and empowering parents with detailed information about site content, and the rights of free speech of everyone who publishes on the World Wide Web.


Criteria that are used to organize and control incoming messages automatically. When you set up a rule, you designate the criteria that selects a specific class of messages and then you select one or more actions to handle the messages that meet the criteria.

Screening router

A router configured to permit or deny traffic based on a set of permission rules installed by the administrator.

Security Association (SA)

A Security Association (SA) is a relationship between two or more entities that describes how the entities will utilize security services to communicate securely. This relationship is represented by a set of information that can be considered a contract between the entities. The information must be agreed upon and shared between all the entities.

Secure Hash Algorithm-1 (SHA-1)

A one-way cryptographic function which takes a message produces a 160-bit message digest. A message digest is a value generated for a message or document that is unique to that message, and is sometimes referred to as a "fingerprint" of that message or data. Once a message digest is computed, any subsequent change to the original data will, with a very high probability, cause a change in the message digest, and the signature will fail to verify. This process is used to compress large data strings to a 20-byte length which is used in a cryptographic process. The reduced data length relieves computational requirements for data encryption.

Self-signed Certificate

A self-signed certificate uses its own certificate request as a signature rather than the signature of a CA. A self-signed certificate will not provide the same functionality as a CA-signed certificate. A self-signed certificate will not be automatically recognized by users' browsers, and a self-signed certificate does not provide any guarantee concerning the identity of the organization that is providing the website.


In the Open Systems Interconnection (OSI)  communications model, the Session layer (sometimes called the "port layer") manages the setting up and taking down of the association between two communicating end points that is called a connection. A connection is maintained while the two end points are communicating back and forth in a conversation or session of some duration. Some connections and sessions last only long enough to send a message in one direction. However, other sessions may last longer, usually with one or both of the communicating parties able to terminate it.

Shared POP3 mailbox

A mailbox that stores messages for an entire domain that allows organizations with part-time Internet connections to exchange mail.

Shared Secret

An authentication method used to establish trust between computers in a VPN that utilizes a password, also termed pre-shared authentication keys, for establishing trust—not for application data packet protection.


Viruses employ signatures by which they identify themselves to themselves and thereby avoid corrupting their own code. Standard viruses, including most macro viruses, use character-based signatures. More complex viruses, such as polymorphic viruses, use algorithmic signatures.


SLIP is a TCP/IP protocol used for communication between two machines that are previously configured for communication with each other. SLIP has been largely supplanted by PPP.

Smart Card

About the size of a credit card, a smart card is a plastic card with an embedded microchip that can be loaded with data, used for telephone calling, electronic cash payments, and other applications, and then periodically "recharged" for additional use. Currently used to establish your identity when logging on to an Internet access provider.

S/MIME (Secure/ Multipurpose Mail Extensions)

S/MIME is an E-mail security protocol. It was designed to prevent the interception and forgery of E-mail by using encryption and digital signatures. S/MIME builds security on top of the MIME protocol and is based on technology originally developed by RSA Data Security, Inc.

SMF (Standard Message Format)

A message file format established by Novell and used by many e-mail applications.

SMTP (Simple Mail Transport Protocol)

The standard protocol used for Internet e-mail messages.

SNMP (Simple Network Management Protocol)

The protocol governing network management and the monitoring of network
devices and their functions.

Social engineering

An attack based on tricking or deceiving users or administrators into revealing passwords or other information that compromises a target system's security. Social engineering attacks are typically carried out by telephoning users or operators and pretending to be an authorized user.


Normal IP packets have only source and destination addresses in their headers, leaving the actual route taken to the routers in between the source and the destination. Source-routed IP packets have additional information in the header that specifies the route the packet should take. This additional routing is specified by the source host, hence the name source-routed.

Source-Route Attack

A form of spoofing whereby the routing, as indicated in the source routed  packet, is not coming from a trusted source and therefore the packet is being routed illicitly.


The term for establishing a connection with a  forged sender address. This normally involves exploiting a trust relationship that exists between source and destination addresses/systems.

Spool File

A report that has been sent to the printer control software on the AS400, to be disposed of by the printer agent. Similar to Print Manager on Windows.

SSH (Secure Shell)

A protocol which permits secure remote access over a network from one computer to another. SSH negotiates and establishes an encrypted connection between an SSH client and an SSH server.

SSL (Secure Sockets Layer)

A program layer created by Netscape for managing the security of message transmissions in a network. Netscape's idea is that the programming for keeping your messages confidential ought to be contained in a program layer between an application (such as your Web browser or HTTP) and the Internet's TCP/IP layers. The "sockets" part of the term refers to the sockets method of passing data back and forth between a client and a server program in a network or between program layers in the same computer.


Stateful and stateless are adjectives that describe whether a computer or computer program is designed to note and remember one or more preceding events in a given sequence of interactions with a user, another computer or program, a device, or other outside element. Stateful means the computer or program keeps track of the state of interaction, usually by setting values in a storage field designated for that purpose.

Stateful inspection

Analysis of data within the lowest levels of the protocol stack and comparing the  current session to previous ones in order to detect suspicious activity. Unlike application level gateways, stateful inspection uses business rules defined by the user and therefore does not rely on predefined application information. Stateful inspection also takes less processing power than application level analysis. Stateful inspection firewalls do not recognize specific applications and thus are unable to apply different rules to different applications.

Stealth Virus

Stealth viruses hide the modifications they make to your files or boot records, attempting to defeat anti-virus programs.

STOP (Stack Overflow Protection)

Stack or buffer overflow attacks continue to be a favorite technique used by hackers for breaking into servers. STOP reallocates the location of the system stack. The stack is the area to which the attacker is trying to have the data overflow. This is like reshuffling the cards in a deck, making it very difficult for the attacker to predict the location for the overflow data. This simple and transparent approach renders overflow attacks unsuccessful.

S/WAN (Secure Wide Area Network)

An initiative to promote the deployment of Internet based Virtual Private Networks (VPN)

Symmetric Encryption

The oldest form of key-based cryptography is called secret-key or symmetric encryption. In this scheme, both the sender and recipient possess the same key, which means that both parties can encrypt and decrypt data with the key.

SYN Flood Attack

A TCP connection is initiated when a client issues a request to a server with the SYN flag set in the TCP header. Normally the server will issue a SYN/ACK back to the client identified by the 32-bit source address in the IP header. The client will then send an ACK to the server and data transfer can commence. When the client IP address is spoofed (changed) to be that of an unreachable host, however, the targeted TCP cannot complete the three-way hand-shake and will keep trying until it times out. That is the basis for the attack.

TCP/IP (Transmission Control Protocol/Internet Protocol)

The standard family of protocols for communicating with Internet devices.


A terminal emulation program for TCP/IP networks such as the Internet. The Telnet program runs on your computer and connects your PC to a server on the network. You can then enter commands through the Telnet program and they will be executed as if you were entering them directly on the server console

Triple DES (3DES)

Triple DES is simply another mode of DES operation. It takes three 64-bit keys, for an overall key length of 192 bits. The procedure for encryption is exactly the same as regular DES, but it is repeated three times. Hence the name Triple DES. The data is encrypted with the first key, decrypted with the second key, and finally encrypted again with the third key.

Token Ring

A type of computer network in which all the computers are arranged (schematically) in a circle. A token, which is a special bit pattern, travels around the circle. To send a message, a computer catches the token, attaches a message to it, and then lets it continue to travel around the network.


The logging of inbound and outbound messages based on a predefined criteria. Logging is usually done to allow for further analysis of the data at a future date or time.

Trojan horse

A software entity that appears to do something quite normal but which, in fact, contains a trapdoor or attack program.


The path established by one network to send its data via another network's connections. Tunneling works by encapsulating a network protocol within packets carried by the second network. For example, Microsoft's PPTP technology enables organizations to use the Internet to transmit data across a virtual private network (VPN). It does this by embedding its own network protocol within the TCP/IP packets carried by the Internet.

Tunneling router

A router or system capable of routing traffic by encrypting it and encapsulating it for transmission across an untrusted network, for eventual de-encapsulation and decryption.

UDP (User Datagram Protocol

A connectionless protocol that, like TCP, runs on top of IP networks. Unlike TCP/IP, UDP/IP provides very few error recovery services, offering instead a direct way to send and receive datagrams over an IP network. It's used primarily for broadcasting messages over a network.

URL (Uniform Resource Locator)

An address in a standard format that locates files (resources) on the Internet and the Web. The type of resource depends on the Internet application protocol. Using the World Wide Web's protocol, the Hypertext Transfer Protocol (HTTP) , the resource can be an HTML page (like the one you're reading), an image file, a program such as a CGI application or Java applet, or any other file supported by HTTP. The URL contains the name of the protocol required to access the resource, a domain name that identifies a specific computer on the Internet, and a hierarchical description of a file location on the computer.

URL Blocking

The tracking and denying of user access to undesirable web sites based on   predefined site content. 

User Administration

User Administration is a process aimed at creating users efficiently, controlling what they can do, limiting the damage they can cause, and monitoring their activities on a system or network.

ULA (User Level Authentication)

User Level Authentication refers to the ability to track the usage of a VPN connection Ito a given individual, on a specific machine, during a specific time period, by the assignment of a unique username. It also implies the restriction of patron use of the VPN in an anonymous manner.

UUCP (UNIX-to-UNIX Copy Protocol)

A set of UNIX programs for copying (sending) files between different UNIX systems and for sending commands to be executed on another system.


A data encoding standard developed to translate or convert a file or e-mail attachment (it can be an image, a text file, or a program) from its binary or bit-stream representation into the 7-bit ASCII set of text characters.


A vandal is an executable file, usually an applet or an ActiveX control, associated with a Web page that is designed to be harmful, malicious, or at the very least inconvenient to the user. Since such applets or little application programs can be embedded in any HTML file, they can also arrive as an e-mail attachment or automatically as the result of being pushed to the user. Vandals can be viewed as viruses that can arrive over the Internet stuck to a Web page. Vandals are sometimes referred to as "hostile applets."

VBScript (Visual Basic Script)

VBScript is an interpreted script language from Microsoft that is a subset of its Visual Basic programming language. VBScript can be compared to other script languages designed for the Web such as Netscape's JavaScript


A virus is a piece of programming code inserted into other programming to cause some unexpected and, for the victim, usually undesirable event. Viruses can be transmitted by downloading programming from other sites or be present on a diskette. The source of the file you're downloading or of a diskette you've received is often unaware of the virus. The virus lies dormant until circumstances cause its code to be executed by the computer. Some viruses are playful in intent and effect and some can be quite harmful, erasing data or causing your hard disk to require reformatting.

Virus Scanner

A program that searches files for possible viruses, including email and attachments.

VPN (Virtual Private Networking)

A VPN is a technology that overlays communications networks with a management and security layer. Though VPN technology, network managers can set up secure relationships while still enjoying the low cost of a public network such as the Internet.

WAP (Wireless Application Protocol)

An open global standard for communications between a mobile handset and the Internet or other computer applications as defined by the WAP forum.

Web Attack

Any attack from the outside aimed at Web server vulnerabilities.

Web Browser

A Web browser is a client program that uses the Hypertext Transfer Protocol (HTTP) to make requests of Web servers throughout the Internet on behalf of the browser user.

Web denial-of-service

The Web server is specifically subjected to denial-of-service attacks.

WinNuke Attack
WinNuke is a Windows DoS (Denial of Service) attack which can cause Windows NT & 95 (and in some cases, Windows 3.11) stations to panic and lose their network connections. WinNuke sends a string (in the original source code the string is "bye") to your NETBIOS port (139) using OOB (Out Of Band data). The port is open by default on most Windows machines and is used for networking over TCP/IP. The problem is that Windows, although it supports OOB's, doesn't know what to do with them all the time. Windows 95 goes for the exception handler, and fails, leaving most users with a blue screen.

A type of virus that disables a computer by creating a large number of copies of itself within  the computer's memory, forcing out other programs. Worm viruses are generally constructed to also copy themselves to other linked computers.

X.500 Directory

X.500 Directory Service is a standard way to develop an electronic directory of people in an organization so that it can be part of a global directory available to anyone in the world with Internet access. Such a directory is sometimes called a global White Pages directory.


The most widely used standard for defining digital certificates. X.509 is actually an ITU Recommendation, which means that has not yet been officially defined or approved. As a result, companies have implemented the standard in different ways. For example, both Netscape and Microsoft use X.509 certificates to implement SSL in their Web servers and browsers. But an X.509 Certificate generated by Netscape may not be readable by Microsoft products, and vice versa.


The XAuth extension to the IKE protocol allows two-factor authentication for remote users: The digital certificate authenticates the user's machine or desktop, while the use of passwords or tokens binds that user to his digital ID and authorizes him for network access.