S

 < Day Day Up > 

salt

A random string value that is combined with a password before it is encrypted to ensure that the encrypted values cannot be compared.



SAM database

Security Account Manager database. This is a Windows-implemented security database that holds local user accounts and passwords.



script kiddies

A derogatory term used for inexperienced crackers who use tools and scripts that others develop to scan and launch attacks on computer systems. Typically, script kiddies have no specific target in mind, but scan many systems searching for known vulnerabilities to exploit.



Secure Hash Algorithm 1

See SHA-1.



Security Account Manager database

See SAM database.



sequence numbers

In TCP-based applications, sequence numbers tell the receiving machine the correct order of the packets if they are received out of order.



Service Set Identifier

See SSID.



session hijacking

A security attack on a user session over a protected network. This is usually accomplished using IP spoofing, where the attacker assumes the IP address of one of the communicating nodes to impersonate an authenticated user.



session replay

A man-in-the-middle attack that captures packets and modifies the data before sending it to the target.



SGML

Standard Generalized Markup Language. A standard for specifying a document markup language or tag-set, although it is not in itself a document markup language.



SHA-1

Secure Hash Algorithm 1. A cryptographic message digest algorithm that produces a 160-bit digest based on the input. The algorithm produces passwords that are irreversible.



shellcode

A program written in assembly language that executes a UNIX or Windows shell. Typically used by a cracker to gain command line access to a system.



SMTP

Simple Mail Transfer Protocol. An Internet protocol that provides e-mail services.



Smurf attack

A denial-of-service attack using spoofed broadcast ping messages to flood a target system.



social engineering

The practice of gaining sensitive information about an organization by tricking its employees into disclosure.



SQL

Structured Query Language. A programming language that manipulates data contained in an RDBMS.



SSID

Service Set Identifier. This is a 32-character identifier attached to the header of a packet. It identifies the wireless access point you are attempting to communicate with.



Standard Generalized Markup Language

See SGML.



symmetric cryptography

A type of cryptography that uses an encryption algorithm whereby the same key is utilized for both encryption and decryption.



symmetric key

A key used in a symmetric encryption algorithm.



SYN flood

A type of denial-of-service attack. During the establishment of a TCP session, a 3-way handshake takes place, commencing with a SYN packet sent to the server that requests the connection. This should be followed with a SYN-ACK packet returned from the server and finally an ACK packet from the client. If the client fails to respond with the final ACK, a half-open connection results. These half-open connections consume resources on the server. By sending many SYN packets to the server without the corresponding ACK, an attacker can effectively prevent any further connections resulting in the denial of service.



     < Day Day Up > 


    Penetration Testing and Network Defense
    Penetration Testing and Network Defense
    ISBN: 1587052083
    EAN: 2147483647
    Year: 2005
    Pages: 209

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net