A random string value that is combined with a password before it is encrypted to ensure that the encrypted values cannot be compared.
SAM database
Security Account Manager database. This is a Windows-implemented security database that holds local user accounts and passwords.
script kiddies
A derogatory term used for inexperienced crackers who use tools and scripts that others develop to scan and launch attacks on computer systems. Typically, script kiddies have no specific target in mind, but scan many systems searching for known vulnerabilities to exploit.
Secure Hash Algorithm 1
See SHA-1.
Security Account Manager database
See SAM database.
sequence numbers
In TCP-based applications, sequence numbers tell the receiving machine the correct order of the packets if they are received out of order.
Service Set Identifier
See SSID.
session hijacking
A security attack on a user session over a protected network. This is usually accomplished using IP spoofing, where the attacker assumes the IP address of one of the communicating nodes to impersonate an authenticated user.
session replay
A man-in-the-middle attack that captures packets and modifies the data before sending it to the target.
SGML
Standard Generalized Markup Language. A standard for specifying a document markup language or tag-set, although it is not in itself a document markup language.
SHA-1
Secure Hash Algorithm 1. A cryptographic message digest algorithm that produces a 160-bit digest based on the input. The algorithm produces passwords that are irreversible.
shellcode
A program written in assembly language that executes a UNIX or Windows shell. Typically used by a cracker to gain command line access to a system.
SMTP
Simple Mail Transfer Protocol. An Internet protocol that provides e-mail services.
Smurf attack
A denial-of-service attack using spoofed broadcast ping messages to flood a target system.
social engineering
The practice of gaining sensitive information about an organization by tricking its employees into disclosure.
SQL
Structured Query Language. A programming language that manipulates data contained in an RDBMS.
SSID
Service Set Identifier. This is a 32-character identifier attached to the header of a packet. It identifies the wireless access point you are attempting to communicate with.
Standard Generalized Markup Language
See SGML.
symmetric cryptography
A type of cryptography that uses an encryption algorithm whereby the same key is utilized for both encryption and decryption.
symmetric key
A key used in a symmetric encryption algorithm.
SYN flood
A type of denial-of-service attack. During the establishment of a TCP session, a 3-way handshake takes place, commencing with a SYN packet sent to the server that requests the connection. This should be followed with a SYN-ACK packet returned from the server and finally an ACK packet from the client. If the client fails to respond with the final ACK, a half-open connection results. These half-open connections consume resources on the server. By sending many SYN packets to the server without the corresponding ACK, an attacker can effectively prevent any further connections resulting in the denial of service.