Chapter 8 - MIS 4600

Ace your homework & exams now with Quizwiz!

Soft phone

A PC with VoIP software.

Structured Query Language (SQL)

A computer language used to access, query, and manage databases.

return address

A memory address that points to the location in RAM that holds the address of the next command to be executed in the suspended program.

Simple Network Management Protocol (SNMP)

A protocol that allows a company to control many remote managed devices from a central manager.

SIP proxy server

A proxy server that checks the IP telephone's registration information and then contacts a proxy server in the called party's network.

Image spam

A spam message presented as a graphical image.

IP telephone

A telephone that can use an IP network to make voice calls.

Cross-site scripting (XSS)

A type of web application attack where one user's input can appear on the webpage of another user.

PSTN gateway

Allows VoIP calls to access a traditional voice network (PSTN), and vice versa.

Error-based inference

An attack method that makes assumptions about the underlying database based on error message received after making a query.

Blind SQL injection

An attack method that uses a series of SQL statements that produce different responses based on true/false questions or timed responses.

SQL injection

An attack that involves sending modified SQL statements to a web application that will, in turn, modify a database.

Buffer overflow

An attack that sends a message with more bytes than the programmer had allocated for a buffer. The attacker's information will spill over into other areas of RAM. A buffer overflow can cause a host to crash, give an attacker administrator-level access, allow the execution of any command, or simply do nothing at all.

Login screen bypass

An attack where an unauthenticated user gains access to information via a login screen that should only be accessed by authenticated users.

Directory traversal attack

An attack where attackers are able to move from public directories to private directories without proper authorization.

stack overflow

An attack where too much data is written to the stack causing it to spill over into other parts of memory.

Data buffer

Areas in RAM where information is temporarily stored.

Ajax

Asynchronous Javascript XML. Uses multiple technologies to create dynamic client-side applications.

Toll fraud

Breaking into a corporate VoIP system in order to place free long-distance and international telephone calls.

Electronic mail (e-mail)

Electronic messages exchanged between users over the Internet.

Codec

Hardware or software in a VoIP phone that converts the person's voice into a stream of digital bytes.

Danvers Doctrine

IETF consensus that security should be developed for all networking protocols.

Presence server

In IM systems, a type of server that allows two users to locate each other. Later messages are sent directly between the two users.

Relay server

In IM systems, a type of server that requires all messages be sent through the relay server.

Signaling

In telephony, communication used to manage the network.

Transport

In telephony, the carrying of voice between two parties.

Circles of trust

Inferred trust relationships. For example, if Person A trusts Person B and Person B trusts Person C, then Person A may trust Person C.

Internet Information Server (IIS)

Microsoft's webserver software that offers a number of services.

VBScript

Mobile coding language developed by Microsoft.

Pretty Good Privacy (PGP)

One of the earliest pieces of e-mail encryption software. It allowed users to send encrypted e-mails that could not be decrypted by government agencies.

Buffers

Places where data are stored temporarily.

JavaScript

Popular mobile coding language.

Apache

Popular open-source webserver.

Extrusion prevention

Preventing confidential or proprietary information from leaving the organization.

Active-X

Programming framework that can allow a web browser to download and execute programs.

SQL Statements

Query statements that use clauses (such as SELECT, UPDATE, WHERE) to specify which data is being accessed and how it is being manipulated.

RTP

Real Time Protocol, IETF standard for network voice and video data delivery.

Middleware server

Related to SQL injection, it is a server responsible for accepting values passed from users and formatting SQL statements.

Scripting language

Related to web browsers, code executed within a web browser to modify the webpage.

Inferential

SQL injection method that doesn't extract data directly from the database. Rather, information about the database is gathered from responses to malformed SQL statements.

In-band

SQL injection method that extracts data directly from the database and displays it in a web browser.

Out-of-band

SQL injection method that uses malformed statements to extract data through a different application such as e-mail.

S/MIME

Secure/Multipurpose Internet Mail Extensions.

Development servers

Server used exclusively for developing applications.

Testing server

Server used exclusively for testing applications.

Session Initiation Protocol

Signaling protocol that manages VoIP communication sessions.

Java applets

Small Java programs typically included in a webpage.

Cookie

Small text string stored on your computer by a website for later retrieval.

Eavesdropper

Someone who intercepts a message and reads it.

SQL

Structured Query Language

Website defacement

Taking over a computer and putting up a hacker-produced page instead of the normal home page.

Voice over IP (VoIP)

The ability to call someone over an IP internet instead of a public switched telephone network.

E-commerce service

The additional software needed for buying and selling, including online catalogs, shopping carts, checkout functions, connections to back-end databases within the firm, and links to outside organizations, such as banks.

WWW service

The basic functionality of HTTP webservers, including the retrieval of static files and the creation of dynamic webpages using software on the webserver.

Spam

Unsolicited commercial e-mail.

Spam over IP telephony (SPIT)

Unsolicited messages being sent over IP telephony.

After a program has been fully tested on the staging server, it should be moved to the ______________ that will provide services to users.

production server


Related study sets

Ch. 28 Growth and Development of the School age child

View Set

Module 4 - Bond & Stock Valuation Concepts

View Set

Deutsch 2 Kapitel 2-2 A - reflexive pronouns

View Set

Lesson 15: Chapter 15 Duality of Matter

View Set