Chapter 1 Network Defense Fundamentals
permissive policy
A general approach to security that calls for a firewall and associated components to allow all traffic by default, blocking only specified traffic on a case-by-case basis.
packet monkeys
A derogatory term for unskilled crackers or hackers who steal program code and use it in denial of service attacks instead of creating the programs themselves.
hactivists
Computer attackers with political goals.
virus
Computer code that copies itself from one place to another surreptitiously and performs actions that range from benign to harmful. Viruses require some user action, such as clicking an executable attachment or viewing an infected Web page, to enable them to launch.
worm
Computer files that copy themselves repeatedly and consume disk space or other resources. Worms do not require user intervention to be launched; they are self-propagating.
scripts
Executable code attached to e-mail messages or downloaded files that is used to infiltrate a system.
signature files
Files used by antivirus programs that contain patterns of known viruses and malware.
crackers
Hackers who break into systems with the intent of doing harm or destroying data.
packet filters
Hardware or software tools that allow or deny packets based on specified criteria, such as port, IP address, or protocol.
confidentiality
Preventing intentional or unintentional disclosure of data during its creation, transmission, and storage.
signatures
Signs of possible attacks that include an IP address, a port number, and the frequency of access attempts; an IDPS uses signatures to detect possible attacks.
integrity
The accuracy and consistency of information during its creation, transmission, and storage.
availability
The assurance that authorized users can access resources in a reliable and timely manner.
nonrepudiation
The capability to prevent one participant in an electronic transaction from denying that it performed an action.
virus scanning
The process of examining files or messages for filenames, patterns, extensions, and other indications that a virus or other malware is present.
auditing
The process of recording which computers are accessing a network and what resources are being accessed, and then recording the information in a log file.
authentication
The process of verifying the identity of a user, computer, or service.
restrictive policy
A general approach to security that calls for a firewall and associated components to deny all traffic by default, allowing only specified traffic on a case-by-case basis.
Trojan program
A harmful computer program that appears to be something useful to deceive a user into installing it.
biometrics
A method of authenticating a user using physical information, such as retinal scans, fingerprints, or voiceprints.
socket
A network connection consisting of a port number combined with a computer's IP address.
virtual private network (VPN)
A network, typically the Internet, used to transmit confidential data secured by encryption, encapsulation, and authentication.
intrusion detection and prevention system (IDPS)
A security tool used to detect and sometimes prevent an attack.
demilitarized zone (DMZ)
A semitrusted subnet that lies outside the trusted internal network but is connected to the firewall to make services publicly available while still protecting the internal LAN.
defense in depth (DiD)
A strategy for achieving information security that uses multiple layers of defense.
macro
A type of script that automates repetitive tasks in Microsoft Word or similar applications.
script kiddie
A young, inexperienced computer programmer who spreads viruses and other malicious scripts and exploits weaknesses in computer systems using tools and techniques created by others.
discretionary access control (DAC)
An access control method that allows users to share information with other users; however, the risk of unauthorized disclosure is higher than with the MAC method.
mandatory access control (MAC)
An access control method that defines an uncompromising manner for how information can be accessed. With the MAC method, all access capabilities are defined in advance.
role-based access control (RBAC)
An access control method that establishes organizational roles to control access to information. The RBAC method limits access by job function or job responsibility.
port
An area in random access memory (RAM) reserved for the use of a program that "listens" for requests for the service it provides.
distributed denial of service (DDoS) attack
An attack in which many computers are hijacked and used to flood the target with so many false requests that the server cannot process them all, and normal traffic is blocked.
challenge/response authentication
An authentication method in which one party presents a question, called the challenge, and the other party must provide the correct response, usually a password, to be granted access.
basic authentication
An authentication method that uses a username/password pair to verify the identity of the user requesting access.
hacker
Anyone who attempts to gain access to unauthorized resources on a network, usually by finding a way to circumvent passwords, firewalls, or other protective measures.
logic bomb
Malware designed to be used at a specific time in the future or when a specified condition exists.
physical security
Measures taken to physically protect a computer or other network device from theft, fire, or environmental disaster.
botnets
Networks of computers owned by unsuspecting victims of exploitation and controlled from a central system.
back doors
Ways of gaining unauthorized access to a computer or other resource, such as an unused port or terminal service.