Included below are several of the most frequently used terms in
computer security. A comprehensive dictionary of computer security terms
is available in the LinuxSecurity.com
Dictionary
authentication: The process of
knowing that the data received is the same as the data that was
sent, and that the claimed sender is in fact the actual
sender.
bastion Host: A computer
system that must be highly secured because it is vulnerable to
attack, usually because it is exposed to the Internet and is a main
point of contact for users of internal networks. It gets its name
from the highly fortified projects on the outer walls of medieval
castles. Bastions overlook critical areas of defense, usually having
strong walls, room for extra troops, and the occasional useful tub
of boiling hot oil for discouraging attackers.
buffer overflow: Common coding
style is to never allocate large enough buffers, and to not check
for overflows. When such buffers overflow, the executing program
(daemon or set-uid program) can be tricked in doing some other
things. Generally this works by overwriting a function's return
address on the stack to point to another location.
denial of service: An attack
that consumes the resources on your computer for things it was not
intended to be doing, thus preventing normal use of your network
resources for legitimate purposes.
dual-homed Host: A
general-purpose computer system that has at least two network
interfaces.
firewall: A component or set
of components that restricts access between a protected network and
the Internet, or between other sets of networks.
host: A computer system
attached to a network.
IP spoofing: IP Spoofing is a
complex technical attack that is made up of several components. It
is a security exploit that works by tricking computers in a trust
relationship into thinking that you are someone that you really
aren't. There is an extensive paper written by daemon9, route, and
infinity in the Volume Seven, Issue Forty-Eight issue of Phrack
Magazine.
non-repudiation: The property
of a receiver being able to prove that the sender of some data did
in fact send the data even though the sender might later deny ever
having sent it.
packet: The fundamental unit
of communication on the Internet.
packet filtering: The action a
device takes to selectively control the flow of data to and from a
network. Packet filters allow or block packets, usually while
routing them from one network to another (most often from the
Internet to an internal network, and vice-versa). To accomplish
packet filtering, you set up rules that specify what types of
packets (those to or from a particular IP address or port) are to be
allowed and what types are to be blocked.
perimeter network: A network
added between a protected network and an external network, in order
to provide an additional layer of security. A perimeter network is
sometimes called a DMZ.
proxy server: A program that
deals with external servers on behalf of internal clients. Proxy
clients talk to proxy servers, which relay approved client requests
to real servers, and relay answers back to clients.
superuser: An informal name
for root.
