- authentication: The property of knowing that the data
received is the same as the data that was sent, and that the claimed
sender is in fact the actual sender.
- bastion Host: A computer system that must be highly
secured because it is vulnerable to attack, usually because it is
exposed to the Internet and is a main point of contact for users of
internal networks. It gets its name from the highly fortified
projects on the outer walls of medieval castles. Bastions overlook
critical areas of defense, usually having strong walls, room for
extra troops, and the occasional useful tub of boiling hot oil for
discouraging attackers.
- buffer overflow: Common coding style is to never
allocate large enough buffers, and to not check for overflows. When
such buffers overflow, the executing program (daemon or set-uid
program) can be tricked in doing some other things. Generally this
works by overwriting a function's return address on the stack to point
to another location.
- denial of service: A denial of service attack is when
an attacker consumes the resources on your computer for things it was
not intended to be doing, thus preventing normal use of your network
resources for legimite purposes.
- dual-homed Host: A general-purpose computer system that
has at least two network interfaces.
- firewall: A component or set of components that restricts
access between a protected network and the Internet, or between other
sets of networks.
- host: A computer system attached to a network.
- IP spoofing: IP Spoofing is a complex technical attack
that is made up of several components. It is a security exploit that
works by tricking computers in a trust-relationship that you are
someone that you really aren't. There is an extensive paper written
by daemon9, route, and infinity in the Volume Seven, Issue
fourty-Eight issue of Phrack Magazine.
- non-repudiation: The property of a receiver being able
to prove that the sender of some data did in fact send the data even
though the sender might later deny ever having sent it.
- packet: The fundamental unit of communication on the
Internet.
- packet filtering: The action a device takes to
selectively control the flow of data to and from a network. Packet
filters allow or block packets, usually while routing them from one
network to another (most often from the Internet to an internal
network, and vice-versa). To accomplish packet filtering, you set up
rules that specify what types of packets (those to or from a
particular IP address or port) are to be allowed and what types are to
be blocked.
- perimeter network: A network added between a protected
network and an external network, in order to provide an additional
layer of security. A perimeter network is sometimes called a DMZ.
- proxy server: A program that deals with external
servers on behalf of internal clients. Proxy clients talk to proxy
servers, which relay approved client requests to real servers, and
relay answers back to clients.
- superuser: An informal name for
root
.