P

A firewall technology that accepts or rejects packets based on their content.

The process of breaking messages into packets at the sending router for easier transmission over a WAN. See also frame relay.

A number of characters often added to a data before an operation such as hashing takes place. Most often unique values, known as onetime pads, are added to make the resulting hash unique. While slight differences exist, the term salt can be used interchangeably for most purposes.

See Password Authentication Protocol.

The process of breaking a network into smaller components that can each be individually protected.

A type of intruder detection that logs all network events to a file for an administrator to view later.

A non-active response such as logging. This is the most common type of response to many intrusions. In general, passive responses are the easiest to develop and implement.

One of the simplest forms of authentication. Authentication is accomplished by sending the username and password to the server and having them verified. The passwords are sent as cleartext and, therefore, easily seen if intercepted. This is why whenever possible PAP should not be used, but instead replaced with CHAP or something stronger.

Attempting to enter a password by guessing its value.

List of passwords that have already been used.

See Port Address Translation.

A fix for a known software problem.

The act of gaining access.

Security set up on the outside of the network or server to protect it.

See Pretty Good Privacy.

A virus that modifies and alters other programs and databases.

Control access measures used to restrict physical access to the server(s).

Objects, such as locked doors, used to restrict physical access to the network components.

The first layer of the OSI model that controls the functional interface. See also Open Systems Interconnect.

Security that guards the physical aspects of the network.

A TCP/IP utility used to test whether another host is reachable. An ICMP request is sent to the host, who responds with a reply if it is reachable. The request times out if the host is not reachable.

A large ICMP packet sent to overflow the remote host's buffer. This usually causes the remote host to reboot or hang.

Network communication in which two devices have exclusive access to a network medium. For example, a printer connected to only one workstation would be using a point-to-point connection.

A full duplex line protocol that supersedes SLIP (Serial Line Internet Protocol). It is a part of the standard TCP/IP suite and often used in dial-up connections.

An extension to PPP that is used in VPNs. An alternative to PPTP is L2TP.

Rules or standards governing usage.

An attribute that some viruses possess which allows them to mutate and appear differently each time they crop up. The mutations make it harder for virus scanners to detect (and react) to them.

An e-mail access program that can be used to retrieve e-mail from an e-mail server.

See Post Office Protocol Version 3.

Some kind of opening that allows network data to pass through. See also physical port.

An interface on a computer where you can connect a device.

Similar to NAT (which translates addresses between public and private), PAT translates between ports on a public and private network.

A port scanner is the actual item (physical or software) that scans a server for open ports that can be taken advantage of. Port scanning is the process of sending messages to ports to see which ones are available and which ones are not.

Anything that occurs "after the fact," such as an audit or review.

The protocol used to download e-mail from an SMTP e-mail server to a network client. See also Simple Mail Transfer Protocol.

Standard telephone service, as opposed to other connection technologies like DSL.

Devices that "condition" the electrical supply to take out spikes and surges.

Devices that provide electrical power.

See Point-to-Point Protocol.

See Point-to-Point Tunneling Protocol.

The sixth layer of the OSI model; responsible for formatting data exchange, such as graphic commands, and conversion of character sets. Also responsible for data compression, data encryption, and data stream redirection. See also Open Systems Interconnect.

The process of controlling access to evidence, often by placing it in a controlled access area, with a single custodian responsible for all access.

A state of security in which information is not being seen by unauthorized parties without the express permission of the party involved.

A system that allows users to connect voice, data, pagers, networks, and almost any other conceivable application into a single telecommunications system. In short, a PBX system allows a company to be its own phone company.

Information that is not for public knowledge.

A shareware implementation of RSA encryption. See also RSA Data Security, Inc.

A technology in which both the sender and the receiver have the same key. A single key is used to encrypt and decrypt all messages. See also public key.

The part of a network that lies behind a firewall and is not "seen" on the Internet. See also firewall.

Audits performed to verify that no user is accessing information, or able to access information, beyond the security level at which they should be operating.

The term used to describe a user obtaining access to a resource they would not normally be able to access. This can be done inadvertently—by running a program with SUID (Set User ID) or SGID (Set Group ID) permissions—or by temporarily becoming another user (via su or sudo in Unix/Linux or RunAs in Windows 2000).

The list of processes currently running on the system. In Windows NT/2000, this can be seen with Task Manager, while the ps command will show such in Unix/Linux. This is one of the first places to look for rogue processes running on a server.

With network interface cards, this is a mode wherein they intercept all traffic crossing the network wire, and not just that intended for them.

A software and hardware troubleshooting tool that is used to decode protocol information to try to determine the source of a network problem and to establish baselines.

Standards or rules.

A type of firewall that prevents direct communication between a client and a host by acting as an intermediary. See also firewall.

An implementation of a web proxy. The server receives an HTTP request from a web browser and makes the request on behalf of the sending workstation. When the response comes, the proxy cache server caches a copy of the response locally. The next time someone makes a request for the same web page or Internet information, the proxy cache server can fulfill the request out of the cache instead of having to retrieve the resource from the Web.

A proxy server that also acts as a firewall, blocking network access from external networks.

A type of server that makes a single Internet connection and services requests on behalf of many users.

A technology that uses two keys to facilitate communication, a public key and a private key. The public key is used to encrypt or decrypt a message to a receiver. See also private key.

A set of voluntary standards created by RSA security and industry security leaders.

A twokey encryption system wherein messages are encrypted with a private key and decrypted with a public key.

The working group formed by the IETF to develop a standards and models for the PKI environment.

Encryption systems that employ a key that is known to users beyond the recipient.

Information that is publicly made available to all.

The part of a network on the outside of a firewall that is exposed to the public. See also firewall.