Chapter 1
Virus Scanning
The process of examining files or messages for filenames, patterns, extensions, and other indications that a virus or other malware is present.
Auditing
The process of recording which computers are accessing a network and what resources are being accessed, and then recording the information in a log file.
Authentication
The process of verifying the identity of a user, computer, or service.
Discretionary Access Control (DAC)
An access control method that allows users to share information with other users; however, the risk of unauthorized disclosure is higher than with the MAC method.
Mandatory Access Control (MAC)
An access control method that defines an uncompromising manner for how information can be accessed. With the MAC method, all access capabilities are defined in advance.
Signature Files
Files used by antivirus programs that contain patterns of known viruses and malware.
Crackers
Hackers who break into systems with the intent of doing harm or destroying data.
Packet Filters
Hardware or software tools that allow or deny packets based on specified criteria, such as port, IP address, or protocol.
Logic Bomb
Malware designed to be used at a specific time in the future or when a specified condition exists.
Signatures
Signs of possible attacks that include an IP address, a port number, and the frequency of access attempts; an IDPS uses signatures to detect possible attacks.
Integrity
The accuracy and consistency of information during its creation, transmission, and storage.
Availability
The assurance that authorized users can access resources in a reliable and timely manner.
Nonrepudiation
The capability to prevent one participant in an electronic transaction from denying that it performed an action.
Packet Monkeys
A derogatory term for unskilled crackers or hackers who steal program code and use it in denial of service attacks instead of creating the programs themselves.
Permissive Policy
A general approach to security that calls for a firewall and associated components to allow all traffic by default, blocking only specified traffic on a case—by—case basis.
Restrictive Policy
A general approach to security that calls for a firewall and associated components to deny all traffic by default, allowing only specified traffic on a case—by—case basis.
Trojan Program
A harmful computer program that appears to be something useful to deceive a user into installing it.
Biometrics
A method of authenticating a user using physical information, such as retinal scans, fingerprints, or voiceprints.
Socket
A network connection consisting of a port number combined with a computer's IP address.
Virtual Private Network (VPN)
A network, typically the Internet, used to transmit confidential data secured by encryption, encapsulation, and authentication.
Intrusion Detection and Prevention System (IDPS)
A security tool used to detect and sometimes prevent an attack. Ideally, firewalls and proxy servers block intruders or malicious code from entering a network. An intrusion detection and prevention system (IDPS) works by recognizing the signs of a possible attack and sending a notification to an administrator that an attack is under way (intrusion detection). Possible attacks are commonly called signatures—combinations of IP addresses, port numbers, and the frequency of access attempts.
Demilitarized Zone (DMZ)
A semitrusted subnet that lies outside the trusted internal network but is connected to the firewall to make services publicly available while still protecting the internal LAN. A DMZ makes services like HTTP (Web server) and FTP (File Transfer Protocol) publicly available, yet protects the internal LAN. The DMZ is sometimes called a service network or Perimeter network.
Defense in Depth (DiD)
A strategy for achieving information security that uses multiple layers of defense.
Macro
A type of script that automates repetitive tasks in Microsoft Word or similar applications.
Script Kiddie
A young, inexperienced computer programmer who spreads viruses and other malicious scripts and exploits weaknesses in computer systems using tools and techniques created by others.
Role-Based Access Control (RBAC)
An access control method that establishes organizational roles to control access to information. The RBAC method limits access by job function or job responsibility.
Port
An area in random access memory (RAM) reserved for the use of a program that "listens" for requests for the service it provides.
Distributed Denial of Service (DDoS) attack
An attack in which many computers are hijacked and used to flood the target with so many false requests that the server cannot process them all, and normal traffic is blocked.
Challenge/Response Authentication
An authentication method in which one party presents a question, called the challenge, and the other party must provide the correct response, usually a password, to be granted access.
Basic Authentication
An authentication method that uses a username/password pair to verify the identity of the user requesting access.
Hacker
Anyone who attempts to gain access to unauthorized resources on a network, usually by finding a way to circumvent passwords, firewalls, or other protective measures.
Restrictive policy
Calls for a firewall and associated network security components to deny all traffic by default. The first rule denies all traffic on any service and using any port. To allow a specific type of traffic, a new rule must be placed ahead of the "deny all" rule.
Hactivists
Computer attackers with political goals.
Virus
Computer code that copies itself from one place to another surreptitiously and performs actions that range from benign to harmful. Viruses require some user action, such as clicking an executable attachment or viewing an infected Web page, to enable them to launch.
Worm
Computer files that copy themselves repeatedly and consume disk space or other resources. Worms do not require user intervention to be launched; they are self—propagating.
Scripts
Executable code attached to e—mail messages or downloaded files that is used to infiltrate a system.
Access Control Methods
Mandatory access control (MAC) — This is an uncompromising method for controlling how information can be accessed. With the MAC method, all access capabilities are defined in advance. System administrators establish what information users can and cannot share. I Discretionary access control (DAC) — With this method, network users are given more flexibility in accessing information. This method allows users to share information with other users; however, the risk of unauthorized disclosure is higher than with the MAC method. Role-based access control (RBAC) — This method establishes organizational roles to control access to information. The RBAC method limits access by job function or job responsibility. An employee could have one or more roles that allow access to specific information.
Physical Security
Measures taken to physically protect a computer or other network device from theft, fire, or environmental disaster.
Botnets
Networks of computers owned by unsuspecting victims of exploitation and controlled from a central system.
Confidentiality
Preventing intentional or unintentional disclosure of data during its creation, transmission, and storage.
Back Doors
Ways of gaining unauthorized access to a computer or other resource, such as an unused port or terminal service.