Chapter 1 Network Defense Fundamentals

permissive policy

A general approach to security that calls for a firewall and associated components to allow all traffic by default, blocking only specified traffic on a case-by-case basis.

packet monkeys

A derogatory term for unskilled crackers or hackers who steal program code and use it in denial of service attacks instead of creating the programs themselves.

hactivists

Computer attackers with political goals.

virus

Computer code that copies itself from one place to another surreptitiously and performs actions that range from benign to harmful. Viruses require some user action, such as clicking an executable attachment or viewing an infected Web page, to enable them to launch.

worm

Computer files that copy themselves repeatedly and consume disk space or other resources. Worms do not require user intervention to be launched; they are self-propagating.

scripts

Executable code attached to e-mail messages or downloaded files that is used to infiltrate a system.

signature files

Files used by antivirus programs that contain patterns of known viruses and malware.

crackers

Hackers who break into systems with the intent of doing harm or destroying data.

packet filters

Hardware or software tools that allow or deny packets based on specified criteria, such as port, IP address, or protocol.

confidentiality

Preventing intentional or unintentional disclosure of data during its creation, transmission, and storage.

signatures

Signs of possible attacks that include an IP address, a port number, and the frequency of access attempts; an IDPS uses signatures to detect possible attacks.

integrity

The accuracy and consistency of information during its creation, transmission, and storage.

availability

The assurance that authorized users can access resources in a reliable and timely manner.

nonrepudiation

The capability to prevent one participant in an electronic transaction from denying that it performed an action.

virus scanning

The process of examining files or messages for filenames, patterns, extensions, and other indications that a virus or other malware is present.

auditing

The process of recording which computers are accessing a network and what resources are being accessed, and then recording the information in a log file.

authentication

The process of verifying the identity of a user, computer, or service.

restrictive policy

A general approach to security that calls for a firewall and associated components to deny all traffic by default, allowing only specified traffic on a case-by-case basis.

Trojan program

A harmful computer program that appears to be something useful to deceive a user into installing it.

biometrics

A method of authenticating a user using physical information, such as retinal scans, fingerprints, or voiceprints.

socket

A network connection consisting of a port number combined with a computer's IP address.

virtual private network (VPN)

A network, typically the Internet, used to transmit confidential data secured by encryption, encapsulation, and authentication.

intrusion detection and prevention system (IDPS)

A security tool used to detect and sometimes prevent an attack.

demilitarized zone (DMZ)

A semitrusted subnet that lies outside the trusted internal network but is connected to the firewall to make services publicly available while still protecting the internal LAN.

defense in depth (DiD)

A strategy for achieving information security that uses multiple layers of defense.

macro

A type of script that automates repetitive tasks in Microsoft Word or similar applications.

script kiddie

A young, inexperienced computer programmer who spreads viruses and other malicious scripts and exploits weaknesses in computer systems using tools and techniques created by others.

discretionary access control (DAC)

An access control method that allows users to share information with other users; however, the risk of unauthorized disclosure is higher than with the MAC method.

mandatory access control (MAC)

An access control method that defines an uncompromising manner for how information can be accessed. With the MAC method, all access capabilities are defined in advance.

role-based access control (RBAC)

An access control method that establishes organizational roles to control access to information. The RBAC method limits access by job function or job responsibility.

port

An area in random access memory (RAM) reserved for the use of a program that "listens" for requests for the service it provides.

distributed denial of service (DDoS) attack

An attack in which many computers are hijacked and used to flood the target with so many false requests that the server cannot process them all, and normal traffic is blocked.

challenge/response authentication

An authentication method in which one party presents a question, called the challenge, and the other party must provide the correct response, usually a password, to be granted access.

basic authentication

An authentication method that uses a username/password pair to verify the identity of the user requesting access.

hacker

Anyone who attempts to gain access to unauthorized resources on a network, usually by finding a way to circumvent passwords, firewalls, or other protective measures.

logic bomb

Malware designed to be used at a specific time in the future or when a specified condition exists.

physical security

Measures taken to physically protect a computer or other network device from theft, fire, or environmental disaster.

botnets

Networks of computers owned by unsuspecting victims of exploitation and controlled from a central system.

back doors

Ways of gaining unauthorized access to a computer or other resource, such as an unused port or terminal service.