Chapter 8 - MIS 4600
Soft phone
A PC with VoIP software.
Structured Query Language (SQL)
A computer language used to access, query, and manage databases.
return address
A memory address that points to the location in RAM that holds the address of the next command to be executed in the suspended program.
Simple Network Management Protocol (SNMP)
A protocol that allows a company to control many remote managed devices from a central manager.
SIP proxy server
A proxy server that checks the IP telephone's registration information and then contacts a proxy server in the called party's network.
Image spam
A spam message presented as a graphical image.
IP telephone
A telephone that can use an IP network to make voice calls.
Cross-site scripting (XSS)
A type of web application attack where one user's input can appear on the webpage of another user.
PSTN gateway
Allows VoIP calls to access a traditional voice network (PSTN), and vice versa.
Error-based inference
An attack method that makes assumptions about the underlying database based on error message received after making a query.
Blind SQL injection
An attack method that uses a series of SQL statements that produce different responses based on true/false questions or timed responses.
SQL injection
An attack that involves sending modified SQL statements to a web application that will, in turn, modify a database.
Buffer overflow
An attack that sends a message with more bytes than the programmer had allocated for a buffer. The attacker's information will spill over into other areas of RAM. A buffer overflow can cause a host to crash, give an attacker administrator-level access, allow the execution of any command, or simply do nothing at all.
Login screen bypass
An attack where an unauthenticated user gains access to information via a login screen that should only be accessed by authenticated users.
Directory traversal attack
An attack where attackers are able to move from public directories to private directories without proper authorization.
stack overflow
An attack where too much data is written to the stack causing it to spill over into other parts of memory.
Data buffer
Areas in RAM where information is temporarily stored.
Ajax
Asynchronous Javascript XML. Uses multiple technologies to create dynamic client-side applications.
Toll fraud
Breaking into a corporate VoIP system in order to place free long-distance and international telephone calls.
Electronic mail (e-mail)
Electronic messages exchanged between users over the Internet.
Codec
Hardware or software in a VoIP phone that converts the person's voice into a stream of digital bytes.
Danvers Doctrine
IETF consensus that security should be developed for all networking protocols.
Presence server
In IM systems, a type of server that allows two users to locate each other. Later messages are sent directly between the two users.
Relay server
In IM systems, a type of server that requires all messages be sent through the relay server.
Signaling
In telephony, communication used to manage the network.
Transport
In telephony, the carrying of voice between two parties.
Circles of trust
Inferred trust relationships. For example, if Person A trusts Person B and Person B trusts Person C, then Person A may trust Person C.
Internet Information Server (IIS)
Microsoft's webserver software that offers a number of services.
VBScript
Mobile coding language developed by Microsoft.
Pretty Good Privacy (PGP)
One of the earliest pieces of e-mail encryption software. It allowed users to send encrypted e-mails that could not be decrypted by government agencies.
Buffers
Places where data are stored temporarily.
JavaScript
Popular mobile coding language.
Apache
Popular open-source webserver.
Extrusion prevention
Preventing confidential or proprietary information from leaving the organization.
Active-X
Programming framework that can allow a web browser to download and execute programs.
SQL Statements
Query statements that use clauses (such as SELECT, UPDATE, WHERE) to specify which data is being accessed and how it is being manipulated.
RTP
Real Time Protocol, IETF standard for network voice and video data delivery.
Middleware server
Related to SQL injection, it is a server responsible for accepting values passed from users and formatting SQL statements.
Scripting language
Related to web browsers, code executed within a web browser to modify the webpage.
Inferential
SQL injection method that doesn't extract data directly from the database. Rather, information about the database is gathered from responses to malformed SQL statements.
In-band
SQL injection method that extracts data directly from the database and displays it in a web browser.
Out-of-band
SQL injection method that uses malformed statements to extract data through a different application such as e-mail.
S/MIME
Secure/Multipurpose Internet Mail Extensions.
Development servers
Server used exclusively for developing applications.
Testing server
Server used exclusively for testing applications.
Session Initiation Protocol
Signaling protocol that manages VoIP communication sessions.
Java applets
Small Java programs typically included in a webpage.
Cookie
Small text string stored on your computer by a website for later retrieval.
Eavesdropper
Someone who intercepts a message and reads it.
SQL
Structured Query Language
Website defacement
Taking over a computer and putting up a hacker-produced page instead of the normal home page.
Voice over IP (VoIP)
The ability to call someone over an IP internet instead of a public switched telephone network.
E-commerce service
The additional software needed for buying and selling, including online catalogs, shopping carts, checkout functions, connections to back-end databases within the firm, and links to outside organizations, such as banks.
WWW service
The basic functionality of HTTP webservers, including the retrieval of static files and the creation of dynamic webpages using software on the webserver.
Spam
Unsolicited commercial e-mail.
Spam over IP telephony (SPIT)
Unsolicited messages being sent over IP telephony.
After a program has been fully tested on the staging server, it should be moved to the ______________ that will provide services to users.
production server