|
|
| |
|
| |
|
        
|
Security Glossary QTS has compiled this glossary of security related terms to assist you with learning and mastering this field. Special thanks to QTS partner Aladdin for much of this content, taken from their Sales Training Manual.
A B
C D E
F G H
I J K
L M
Active contentAuto-executive Java, ActiveX, or script files that are embedded in web pages or email messages. Active DesktopWindows Desktop program that can activate Web pages and ActiveX applications. ActiveXProgram designed to be executed by Internet clients containing support from ActiveX, usually Internet Explorer and Outlook. Unlike Java, these programs have no standard programming language. ActiveX has no built-in security, and ActiveX objects can do anything that the programmer wants. They can modify data in databases, delete files, steal files and send them to an outside user, instantly turn off a computer, format hard drives, launch DoS attacks, redial modems, and much more. These programs are automatically installed and executed by a web site, and cause immediate damage. AdversaryFrom an administrator?s viewpoint: a hacker or anyone expected to attack your network. A group, organization, or software agent (also known as a malicious agent). From an attacker?s viewpoint: anyone who is responsible for defending the computer resources that the hacker intends to attack. Therefore, attackers (hackers) and defenders (network administrators) are mutual adversaries. AlertAutomatic notification of a particular event when it occurs, such as a virus detection. Anomaly DetectionDetects any unacceptable deviation from expected behavior. A profile of expected behavior is defined in advance, either manually or automatically. Software that collects and processes characteristics of system behavior over time and forms a statistically valid sample of such behavior is used to create automatically-developed profiles. Some of these deviations do not require further examination and some do. An anomaly might include
Anti-virus (AV) scannerSoftware that scans files to detect and remove viruses. Traditional anti-virus scanners are incapable of dealing with today?s most serious content threats, namely active content vandals, including ActiveX, Java, and script vandals. ArchiveFile containing compressed data. Common archive formats include ZIP, ARJ, RAR, TAR, GZIP, and LHA. Attack (noun)A set of events (one or more) that has security consequences. From the perspective of a neutral observer, the attack can either be successful (an intrusion) or unsuccessful (an attempted to failed intrusion). An attack is mechanism to fulfill an intruder?s objective. Attack (verb)
To begin at act upon destructively, to begin to destroy, expose, alter, or disable. Attack Signature DetectionDetects patterns corresponding to know attacks. This includes both passive protocol analysis (use of sniffers in promiscuous mode) and signature analysis (interpretation of a specific series of packets or price of data contained in those packets, that represent a know pattern of attack). AttackerAn adversary who conducts an attack on a victim (e.g., host). Contrast with intrude. AuditingSystematically examining system data against documented expectation of behavior to verify conformance with documented expectations. Authentication (noun)
Mechanism that verifies the identity of a user. An authentication scheme for network security uses methods like certificates, passwords, and tokens to grant access privileges to specific users. Authentication (verb)
Act of ensuring that communication between two parties has not been tampered with. AuthenticodeMicrosoft?s cabinet file signing technology, which uses digital signatures to verify the identity of the author of executable, ActiveX and Java class code and that the code has not been tampered with since being signed. The use of Authenticode protects users who know and trust the author of the code and recognize the certificate as belonging to that author. Hackers can easily subvert this protection by creating certificates with names similar to those that the use trusts. AvailabilityThe ability of a system or system resource to be accessible and usable upon demand by an authorized entity, according tot system specifications. A system is available if it provides services according to the system design whenever users request them.
BackdoorA way into a network that a hacker has planted to circumvent a network?s security policy. For example, a modem connection that is not secure can serve as a back door. BackOrificeA Trojan horse that installs itself as a server on a machine, and allows a user with the BackOrifice client to control the host remotely. Hackers often distribute seemingly harmless executables that also install BackOfifice. Once installed, a hacker can access all files, system passwords, keystrokes, ad other confidential information to further compromise the network. BandwidthThe amount of information that can be passed through a communication channel in a given amount of time, usually expressed in ?bits per second?. BinaryData stored in binary form (0 and 1) that cannot be identified as any particular form. The data usually is organized in 8-bits groups. BINHEXMethod of encoding binary (or other non-printable character set) for transmission in a text-only media. This is used by Eudora email client and is also common among MacIntosh programs. BiometricsThe use of unique physical characteristics, such as fingerprints, voice patterns, or retinal scan, to authenticate a user. Black listList of known malicious objects (Websites, vandals, script commands, etc.) that should be blocked by default. BombsDoS attacks, where an email server is bombed with thousands of false email messages, therefore denying it access to the outside world. A number of hacker programs, such as Unabomber, set up unattended automatic email bombing. These programs also make minor changes to the email envelope conceal its source. BrowseNavigation from one site to another on the Internet. Buffer overrunAttack where a hacker exploits an unchecked buffer in a program to overwrite the program code. If the hacker overwrites the program code with new executables code, the hacker can change the program?s operation. If the hacker enters other data, it usually causes the program to crash.
CacheSpace reserved on your hard drive or internal memory for programs to store frequently used information. CachingRetaining a copy of a Web page on a server to enable quicker access. This is performed by a client browser or a proxy. Caching of previously validated material improves Content Security and reduces system load and Internet connection bandwidth. CertificateThe digital equivalent of credentials. A certificate contains the ender?s public key and verifies the sender?s identity. Certificates provide a safe method of distributing public keys because they can be validated and signed by trusted certificate authority. Certificates are used in a VPN during the key exchanging process to ensure that the keys are actually exchanged between two known parties. Certification Authority (CA)
A trusted organization that issues digital certificates and serves as a repository for these certificates. The CA accepts a user?s public key along with some proof of identity. Others can verify authenticity of a user?s certificate from the CA. Common Gateway Interface (CGI)
CGI scripts are commonly used to customize results at a Web site. Generally, when the visitor performs fills in a form of clicks a link, the serve executes a script that uses information that the visitor entered. In order to do this, the server executes a program using input provided by an outsider. This opens a security hole whereby an attacker can ?feed? a CGI script with input that lets the attacker hack the site. Furthermore, some CGI scripts record information such as a record of the contents of the current visitor?s virtual shopping basket, in temporary files. If the administrator configures the script correctly, the information can be written among the data files making up the Web site itself, thus enabling an informed attacker to retrieve the information later using Web browser. Communication portLogical address for channeling communication using a specific protocol. Each communication port s associated with protocol and physical port. Compressed filesFiles whose file size has been reduced using a compression method. Files are often compressed before sending them across a network, in order to ease network congestion and save server disk space. Different compression systems use different algorithms. Among the compression types are: ZIP, GZIP, ARC, LZH, TAR, and RAR. Compressed files are often used to hide vandals and viruses. Aladdin?s eSafe products decompress files before scanning in order t discover the true nature of their contents. ConfidentialityThe quality of not disclosing or providing unauthorized individuals, entities, or processes with access to information. Breaches of confidentiality can be deliberate or accidental. The premeditated distribution of a customer database may be a calculated act of sabotage. On the other hand, replying to al recipients of an email may leak confidential plans that are just as damaging, even if unintentional. Content Inspector (CI)
Aladdin eSafe's Scan engine that inspects the content of files and email. It is a generic component that can be installed anywhere on the network. The same CI can be used for different protocols and server types. You can add CIs for load balancing as traffic increases. Content Inspection Protocol Client (CIPC)
The CIPC is a protocol and server specific component of the CR. Also referred to the Data Source. Content Redirector (CR)
Aladdin eSafe's intelligent software unit that determines whether to redirect content to a CI and reroutes inspected content to its intended destination. It immediately performs a preliminary inspection to block files that you do not want under any circumstances and to allow files from sources that you trust. Each CR contains a Policy Manger that is managed by eConsole. Content Security Response Team (CSRT)
Aladdin?s dedicated team of Content Security experts that work around the clock to identify and provide solutions to malicious vandals, including viruses, Trojans, ActiveX, Java applets, and a host of script vandals. Content SecurityThe ability to specify the content of a communication as an element of security policy, in contrast to defining the security policy based on header information only. Effective Content Security requires that a content inspector be able to open and read the contents of the communication. Content Vectoring Protocol (CVP)
A Check Point Software OPESEC API that enables VPN-1 and Checkpoint?s FireWall-1 to send the contents of a file to a third party Content Security application, such as eSafe Gateway. This ensures that transmitted files are not dangerous to the network. CookieA text file placed on you computer by your browser to store and retrieve information each time you enter a specific site. Hackers can sometimes use cookies to reveal a computer?s true IP address even if it is hidden a proxy or firewall. CrackerGenerally refers to an individual skilled at breaking product license codes. This term can also refer to someone skilled at breaking through password protection.
Data Encryption Standard (DES)
A 64-bit block cipher encryption algorithm that was endorsed by the government in 1977. DES is often favored because of its speed. Due to its relatively short (56-bit) key length, triple DES (using three different DES keys is succession) is often used to address security concerns. Data exposureThe widespread connectivity, which organizations provide to their employees, has vastly improved productivity and profitability for most companies. However, more organizations are finding out every day that this connectivity is not without risk. Just as email connectivity allows employees to quickly access the information they need, it also allow them to transmit unauthorized confidential information worldwide at wire speed. Organizations are liable for what their employees do, and email is an uncontrolled route, which is often used for illegal or unproductive activities. Employees use company email to reveal confidential projects, business strategies, private customer information, and to conduct business on the side. Apart from tying up valuable bandwidth, these activities often expose organizations to legal liabilities. Lawsuits related to sexual harassment, discrimination, violated non-disclosure agreements, and negligence due to inappropriate use of email cost companies over $500 million a year. Data integrityAbility to know the level of protection against data modification or destruction. Default gatewayThe default host is used by internal computers as a gateway to communicate with the Internet. Demilitarized Zone (DMZ)
A network isolated from the rusted or secure network by a firewall. Network administrators often isolate public resources, such as Web or email servers in DMZ to prevent an intruder from attacking the internal network. Denial of Service (DoS)
Overwhelming a host with spurious data in order to cause legitimate connection attempts to fail. DoS attacks do not reveal sensitive data to the attacker, however they can cause untold damage to reputation as well as a lost business. According to the March 2000 Computer Crime and Security Survey of the FBI?s Computer Institute, 60% of detection of Denial of Service attacks. DeployTo distribute Content Security clients to desktops throughout a network. eSafe Enterprise manages, configures, and deploys the eSafe Enterprise Client to all desktops throughout a network of group of networks. This ensures 100% implementation of network Content Security policies. Digital signatureAn electronic message used to ensure that a message has not been tampered with in transit. In order to produce an electronic document that is used by VPNs to prove the identity of the sender and the authenticity of the enclosed data, the digital signature runs text through a one-way hash algorithm to produce a message digest and encrypts that digest with the sender?s private key. These are often used to prevent man-in-the-middle attacks. Directory ServiceA standard database that provides distributed, scalable, client/server-based repositories of data that are read much more frequently than they are modified. Users and applications can use directory access protocols (DAPs) to access these directories. Examples include Novell's NDS/eDirectory and Microsoft's Active Directory. Directory Services can be accessed via proprietary APIs or using LDAP. DisclaimerA message that is attached to outgoing email in order to reduce legal liability. As a result of recent litigation, the ability to add and customize email disclaimers has become an element to network security policy. Distributed Denial of Service (DDoS) AttackA DoS attack launched against a site from multiple sources. Generally the attacker places client software on a number of unsuspecting remote computers, then later uses these computers to launch an attack. A DDoS attack is more effective than a simple DoS attack and is more difficult to prevent. Domain Name System (DNS)
A scheme for translating numeric Internet addresses into strings of word segments that identify user names and locations. This consists of a hierarchical sequence of names, from the most specific to the most general (left to right). The most specific element comes first and is followed by an ?@? symbol. The remaining elements each separated by a dot. For example: you@yourcompany.com. DNS servers also provide other site and organization-specific information, such as MX (Mail eXchanger) records. MX records in the domain?s host file are used to resolve mail server names and addresses. MX records are listed in order to preferences for receiving SMTP mail. Hosts are rated according to preference, with the lowest preference rating being tried first. DNS SpoofingThe practice of getting a DNS to spoof out address of
sites that do not belong to it, in order to masquerade on the Internet as
someone else. For example, www.cleancontent.com
might return the address of a server that appears to be correct but
actually is www.infectedfiles.com. DomainLotus product suite that integrates a store and forward database, email and Web access. Aladdin?s eSafe Mail protects Domino servers from malicious incoming content and scan all public and private folders for malicious content. DomainName or address of a computer on the Internet. DownloadTransferring files or objects from a server to a client. The most common protocols used for downloading are FTP and HTTP. Although transferring files is a common occurrence on the Internet, it poses less of a treat than email and web surfing because it is activity usually undertaken by experienced users. However, by trusting a product?s description to be factual, a user can inadvertently download a program that, upon execution, does something unexpected. Dynamic Host Configuration Protocol (DHCP)
Protocol for temporary assignment of an available IP address to a machine when it needs to communicate. Dynamic IP AddressThe IP address is allocated by the network each time a device logs on.
eCommerce
The process of conduction business over the Internet. Normally encryption is used to ensure the security of financial transactions. eConsole
Aladdin's management console that lets you monitor and manage Content Security policies from anywhere on or off the network. When used with eSafe Enterprise, eConsole monitors and manages deployment of Content Security clients throughout a network. When used with eSafe Gateway and eSafe Mail, eConsole monitors and manages operation of each CR. All communications is secured by high security encryption. EICAREuropean Institute of Computer Research. A non-profit organization The most common application used on the Internet today. In addition to message text, emails can also include attachments of al kinds, as well as bobby-trapped shortcuts and vandals. Email attachments can carry vandals, Trojan horses, or viruses. Anybody can send and receive email containing hostile content or attachments without knowing that thy have been attacked. Without protection, the vandal attachment has access to any file on the network. Email PolicyPolicies that address issues, such as:
Encoded filesFiles with data that has been changed from8-bits to 7-bits to enable it to travel over SMTP. Encrypted emailA number of encryption schemes can be used to encrypt email. Regardless of the scheme used, encryption interferes with content inspection, which cannot take place as long as the email is encrypted. In order to protect against malicious content in encrypted email, a network wide desktop protection scheme, such as eSafe Enterprise must be used to ensure that the content is inspected the moment it is decrypted. Regularly scheduled eSafe mail scans of all public and private folders on MS Exchange and Lotus Notes/Domino Servers can also prevent malicious encrypted email from using these servers to replicate throughout your organization. EncapsulationPlacement of the contents of an entire packet inside a second packet. Encryption of encapsulated data can protect the identity to the sender and recipient, as well as the content of the data itself. EncryptionConversion of data into an unreadable format for transmission over an untrusted network. Encryption enables the use of VPNs to send private information. Symmetric encryption used the same key to encrypt and decrypt a message. Asymmetric encryption used two mathematically-related keys, one to encrypt and one to decrypt. Encryption algorithmA mathematically algorithm, such as DES, for encrypting and decrypting data. eSafe Desktop
Aladdin?s basic stand-alone Content Security product that protects an individual computer from known or unknown treats coming from the Internet. eSafe Enterprise
Aladdin?s network Content Security product that protect all computers in a network from known or unknown threats coming from the Internet. It enables central configuration of desktops protection and deploys this protection throughout the network. eSafe Enterprise Client
Aladdin?s Content Security client that enforces network security policies and protects individual computers in a network from known or unknown treats coming from the Internet. eSafe Gateway
Aladdin?s content inspection server that lets you filter out malicious content at the your network gateway, preventing damage before it occurs. eSafe Mail
Aladdin?s email content filter that protects your email server. When installed on an MS Exchange or Lotus Notes/Domino Server, it scans all public and private folders, as well as filtering incoming email. eToken
USB token for secure storage of certificates and user credentials. Executable fileFile that contains all the information necessary to start and run a program on your computer. When you double click a program in Windows Explorer, you actually activate a shortcut to the program?s executable file. The file extension for these files is normally EXE, COM, VSB, etc. Exploit (verb)
To take advantage of a vulnerability in a system in order to achieve an objective. All vulnerability exploitations are attacks but not all attacks exploits vulnerabilities. Exploit (noun)
Colloquially for exploit script: a script, program, mechanism, or other techniques by which vulnerability is used to achieve an information assurance objective. The terms exploit and exploit script are often used to refer to any mechanism, not just scripts that uses vulnerability. ExtranetA framework for secure communication and exchange of documents over the Internet. Extranets, such as the automotive Network Exchange (ANX), are a core component of eBusiness and typically used VPNs that allow authorized users to access specific information.
False alarmOccurs when the CI incorrectly identifies content as being hostile. False negativeOccurs when the CI fails to identify hostile content. False positiveOccurs when the CI incorrectly identifies content as being hostile. Also known as a false alarm. FTPFile Transfer Protocol. FTP is a protocol designed for sending files over the Internet. FirewallA rule-based gateway that determines when types of communication can take place. Firewalls decide whether to pass, reject, encrypt, or log communications. A separate content inspection product is necessary to ensure that communication that is allowed to pass through the firewall does not contain inappropriate or malicious content. Firewall policyA set of rules ranked in numerical order. FraudThe nature of the Internet makes it unusually susceptible to fraud. In order to combat fraud, organizations need to take measures to verify the source and integrity of data transmitted over the Internet. This includes the use of both certificates and anti-spoofing techniques, such as those employed by eSafe Gateway and eSafe Mail.
GatewayA device positioned between two networks, through which all communications must pass. A gateway provides a strategic location for enforcing security policies. Ghost MachineAn Aladdin eSafe technology that greatly improves detection rates for polymorphic viruses. This technology tricks viruses into revealing their identity while it is still hiding in its dormant state.
HackerAn individual that attempts to gain access to your network. Most hackers are motivated by the challenge rather than personal reward. However, their actions can be damaging both financially and to the reputation of an organization. More importantly, those hackers that are motivated by personal gain represent an even greater treat. HarassmentEffectively an issue of corporate liability to employees and those with whom employees communicate using the corporate network. Recent court cased have involved the use of email to transfer information of a sexual, racial or generally offensive nature. Increasingly the organization and not the employee is seen as the owner of email sent using the corporate network. For this reason the employees need to demonstrate that they have a security policy and the technology to police corporate communication, including scanning for key words and tracking of email. Header Verify
Anit-spam technology that analyzes the email header, and compares the actual IP address of the following origination SMTP server with the IP address listed in the message header. Heuristic analysisAnalysis of how a program behaves, rather than looking for a know virus signature in order it identity a virus. Heuristic scannerAnti-virus scanner that can evaluate file structure and activity patterns to identify previously unknown viruses. High availabilityConfiguration of clusters or redundant servers to provide continuous access to a network resource application, such as a VPN, firewall or Web server. The servers are continuously synchronized to provide automatic failover. High availability solutions enable redundant server to detect when the primary server is unavailable and transparently switch to a secondary server. History fileA file on your hard disk where your browser normally stores the URLs that you visit whenever you use the Internet. Hoax virusesEmail messages warning of a non-existent virus. The hoax can disrupt work in organizations that panic to deal with the hoax, while they wait for an update to their anti-virus software. The anti-virus software does not ?catch? hoax email because there is no virus to catch. HostA computer connected to a network. HTMLHyper Text Markup Language. This is the markup language used for creating documents on the World Wide Web. HTML allows for the use of scripts that can execute commands by themselves. This presents a security threat that must be dealt with before the script can run. Both eSafe Gateway and eSafe Mail provide such protection. Sandbox II used by eSAfe Enterprise prevents scripts and other active content from performing dangerous operations, even if it has not been identified as vandalous. HTTPHypertext Transfer Protocol. This protocol is used to transfer HTML pages and other objects to Internet browsers and similar applications.
In the WildCollection of viruses known to be in circulation throughout many organizational networks. This is in contrast a general collection of viruses, known as a ?zero?. Inappropriate ContentTransmission or access to unauthorized information. Some employees misuse their Internet privileges for illegal or unproductive activities such as running side businesses. Employees often use company Internet connection to download software for personal use, to download pornography, and to conduct business on the side. Apart from tying up valuable bandwidth, these activities often expose organizations to legal liabilities. Information assuranceThe information science that focuses on the conditions necessary to assure users of information systems and services that they can expect:
InspectionExamining a data resource or process to identify anomalous content or behavior in the data resource or process. Integrity (system)
The ability of a system to perform its intended function in an unimpaired manner, free from unauthorized manipulation. Integrity (data)
Data has not been changed, destroyed, or lost. Integrity fileA file created and updated in the directory of any file scanned when start scan heuristic is used. InternetA collection of computers and network, which can connect to each other anywhere in the world. The most common use of the Internet is the World Wide Wed (WWW), also referred to as the web. Internet Message Access Protocol (IMAP)
The industry standard protocol for accessing electronic information on a mail server. Originally developed at Stanford University in 1986, IMAP includes standards for:
Internet Protocol Security (IPSEC)
A simple version of emerging Internet IP security protocol. IPSEC includes ESP (Encapsulated Security Payload) protocol for encryption and AH (Automatic Header) protocol for authenticating TCP/IP packets. It is typically used to create VPNs across untrusted Internet links and is appropriate for data with a short lifespan. IntranetAn internal network using IP, connecting users within an organization. Specific external users, such as suppliers and customers may be given access to an Intranet. IntruderAn adversary who is conducting or has conducted an intrusion or attack against a victim host, site network, or organization. Since the label of intruder is assigned by the victim of the intrusion and is there fore contingent on the victim?s definition of encroachment, there can be no ubiquitous categorization of actions as being intrusive or not. From the victim?s viewpoint, an intruder is usually an entity (person or organization) that has successfully attacked the victim. It is unclear whether one who conducts an unsuccessful attack is an intruder. IF an intrusion is required to be an intruder, then is seems that all intruders are attackers, but all attackers are not necessarily intruders. IntrusionActual illegal or undesired logical entry into an information system; the act of violating the security policy or legal protections that pertain to an information system. Intrusion Detection System (IDS)
An application that detects and responds to network based attacks, such as DoS attacks. System responses can include termination of communication, logging and reconfiguration to prevent further attacks. Intrusion Detection TechnologiesA broader term (than intrusion detection system) meaning a combination of intrusion detection systems, intrusion analysis, ad other supporting tools (such as those that process raw network packets or log files). Used together, intrusion detection technologies can provide accurate indicators of whether or not an attack or intrusion has occurred. IPInternet Protocol. IP AddressA unique 32-bit number that identifies nodes on a TCP/IP network. IP RangeA low and high IP address that also represents all the IP addresses between them. IP SpoofingAlteration of a packet?s IP address to make it appear as if the packet originated in a part of the network with higher access privileges. Firewall and proxy servers can hide internal IP addresses from external users, thus making it more difficult for this technique to be used by an intruder attempting to gain access. ISPInternet Service Provider. An ISP acts as a middleman between you and the Internet. Your computer connects (using a modem) to the ISP?s equipment, which in turn connects to the Internet computers.
JavaProgram applets designed to be executed by Internet clients, which contain a Java Virtual Machine usually Netscape Navigator. Although the Java language itself (from Sun Microsystems) has some built-in security features, the applet is actually interpreted by the Java Virtual Machine, which is not created by Sun. Because of this hundreds of applets have been written that cause serious security risks despite the safeguards in the Java language. These applets can cause Denial-of-Service attacks, access unauthorized files on disk, steal passwords, or steal system resources from users who visit the web site. These programs are automatically installed and executed by a web site, and cause immediate damage. JavaScriptThis differs from java and currently can only run in a browser that supports it. However, under a browser, JavaScript is basically auto-executable. JavaScript is relatively easy to write and does not require a compiler, making it an ideal tool for many hackers to create vandals. An Active Server Page (ASP) containing JavaScript or a Window Scripting Host (WSH) script containing JavaScript is potentially dangerous because these environments allow scripts unrestricted access to machine resources (file system, registry, etc.) and application objects (via COM). Web administrators should take the same precautions for ASP pages as for CGI scripts. Junk MailAlso known as spam unwanted marketing and promotional email has become both disruptive and a source of viruses and vandals. In addition to random junk mail, other unsolicited email can be undesirable, such as email that attempts to lure employees with job offers.
Key ManagementThe entire mechanism for distributing encryption keys in a public key scheme. This includes generation of the keys, certification, and distribution. The mechanism can be either manual or automated.
Legitimate sitesJust because a user is viewing a ?trusted? web site does not mean that the content could not have been altered to include vandal programs. For example, in August 1996, the CIA Web Site was altered. Since then and until now, thousands of Website have been hacked, or as hackers call it, ?defaced?. In fact, hackers often target traditional bastions of security because of the challenge. If someone can change the working of graphics, they can also add a vandal program to damage or steal data. Lexical analysisThe ability to analyze text in email or Web downloads LicenseAn agreement between a software developer and end-user that states terms and conditions for using developers software product. Aladdin?s Privilege software can be used to enforce the terms of a license. Lightweight Directory Access Protocol
(LDAP)
Protocol that allows Internet clients to access and manage a database of directory services over a TCP/IP connection. LDAP is simplified version of X.500 directory access protocol that is becoming popular among major Internet vendors. Log fileA text file containing a record of each activity and the time in occurred. Logic bombA program that delivers its payload when launched. This is usually embedded in a Web page or attached to email. Logic bombs cause a user?s PC to follow the instructions into the program. The action of a logic bomb can range from playing ?Happy Birthday? to deleting everything from your hard drive. LoggingSystematically recording specified events in the order that they occurred to provide a data tail for subsequent analysis. Login/outConnecting to or disconnecting from a network. This event is used under the UNIX and other mainframe operating system. Also known as log on and log off.
Macro virusA virus written into an MS Office document using the VBA scripting language. Macro viruses are the number one cause of all virus infections. The early universal prevalence of Microsoft Office and the simplicity with which macro viruses can be created, continue to make macro viruses one of the fastest growing threats. All of Aladdin?s eSafe products use macro terminator technology to detect unknown viruses, along with more traditional scanning of known viruses. eSAfe Gateway and eSAfe Mail also allow to use Smart Script filtering and SmartStripping to selectively remove macros from traffic where they do not belong. Macro TerminatorAn Aladdin eSafe technology that enables the detection macro viruses so new that there are no known samples. MalwareAll types of software that prevent users from using their computers as they were intended. This includes hostile java applets, ActiveX vandals, Trojan horses, script vandals and viruses that are designed to corrupt or steal digital information. Managed Service Provider (MSP)
A company that provides Internet services beyond basic connectivity to other companies. An MSP may also implement and manage the services it provides. For example, and MSP use eSafe Gateway to filer content for companies that use it to connect to the Internet. MIMEMulti-purpose Internet Mail Extensions is a method of encoding objects other than text to enable it to be transmitted via SMTP. MIME is now used for other protocols as well. MonitoringObserving a data stream for specified events to provide data for subsequent action or analysis. NetworkGroup of computers interconnected and able to share data and other resources Network Address Translation (NAT)
Translation of internal IP address into ?legal? or public IP address. NAT enables the addition of an unlimited number of network IP address, and allows hosts with illegal IP addresses to communicate over the Internet. The use of NAT also prevents exposing the internal addresses. NICNetwork Interface Card NitrolnspectionAn Aladdin Content Inspection technology built around a concept similar to the ?stateful? inspection technologies that allows client and the CI receive the file at the same time. This method of scanning files is far superior to the older proxy method. As soon as the last packet is received, it is held until the CI complete inspection. Once the CI scans and approves the files, the final packet is forwarded to the requesting client. In the event that the file contains a content threat, the final packet is prevented form completing its journey to the requesting client. If the end user still attempts to open a file whose packet has been blocked, the operation system informs the user that the file is corrupted and cannot be executed. This prevents a malicious file from endangering the end-user. Non-productive contentAny distractive content, which is not work related according to corporate policy. It includes spam, and Web sites in subjects such as gambling, travel, sports, nudity, racism, etc. Some surveys estimate that 75 percent of web surfing occurs at work. Employees often use valuable time and bandwidth accessing unproductive sites contrary to company policy. Additionally, there are hundreds of web sites that hold collections of hackers tools or other malicious software. Employees with malicious intent often use these tools collections. Abuse of Internet privileges often leads to lost productivity, wasted bandwidth, or collection of illegal software and images. Non-repudiationThe use of asymmetrical encryption and digital signatures to ensure that a sender cannot deny having sent a file or message.
Object Linking and Embedding (OLE)
Microsoft Office programs enable different documents types to be embedded within a document using the OLE standard. DDE links between applications can also be sued to embed an object. On-access ScannerAnti-virus scanner that constantly checks files as you access them. One-time ScannerAnti-virus scanner that you initiate manually or using an automatic scheduler. This scanner actively opens and checks all files on the hard disk, floppy or other media that you decide to scan. One-time passwordAn authentication scheme that uses a different password for each session to prevent the interception and misuse for passwords. Open Platform for Secure Enterprise Connectivity (OPSEC)
A standardized environment launched by checkpoint Software Technologies that ensures that security policies can be defined for all complaint security products. OPSEC archives interoperability through a combination of published APIs, industry-standard protocols, and high-level scripting language.
Packet filterA firewall technology that makes decisions based on information contained in an IP packet header, such as service type, source, or destination. PasswordA short string of characters used to gain access to secure resources. PayloadThe malicious action caused by vandal or virus. Per user exceptionsIn every organization, there are certain individuals whose duties ad positions require that they have access to content not normally allowed. Therefore, Content Security solutions should be able to exempt ?VPNS from rules applied to most members or an organization. Permanent IP AddressAn IP address that is defined for the PC and is not used by any device on the network. Personal firewallA barrier for controlling access to ports on a single computer. PGPPretty Good Privacy. This is a propriety email and file encryption program that can also be used to create digital signatures. Ping of DeathA DoS exploit that used the Ping utility. The exploit requires the transmission of a packet greater than 65536 bytes. This leads to a buffer overflow on the receiving system, with sometimes disastrous and often unpredictable results. This exploit was widely used because many different platforms were susceptible, and the attacker only needed to know the system?s IP address. Most platforms now have effective patches and fixes, and the exploit is no longer as dangerous as it once was. Plug-inSoftware that is compatible with another program and servers a special purpose. This is most commonly used to refer to downloadable software that is compatible with you browser and allows you to render a particular data type. Your browser uses the mime type and sub-type to determine when to feed a data stream to a particular plug-in. Point-to Point Protocol (PPP)
A protocol for transmitting packets over serial point-to point links, such as a dial-up line. ISPs use PPP with dial-up connections that do not provide any data authentication or encryption. Policy-based Content SecurityDefinitions and enforcement of acceptable practices that protect individuals and organizations from harmful and Intranet transactions. Policy ManagementEstablishment and enforcement of a Content Security Policy Policy ManagerA generic component that communicates with both the management console (eConsole) and the CIs. Polymorphic virusA virus that attempts to evade all but the most advanced scanners by changing itself each time it creates a new copy. It does this by using different machines code command, which accomplish the same thing, or by re-arranging the order of the commands. Port scanningQueries to host to search for open ports through which a hacker can pass traffic. This is often used to find vulnerable on the Internet. Post Office Protocol (POP)
Protocol used between an SMTP server and its client. POP3 is the most common Post Office Protocol. Private KeyThe part of an asymmetric encryption scheme that is known only to the owner and never transmitted over the network. A sender can use a private key to ?sign? a message (or message digest), thereby allowing the recipient to authenticate the sender by using the sender?s public key. A private key can also be used by a recipient to decrypt a message that was encrypted using the recipient?s public key. Privilege (product)
Aladdin?s suite of electronic software licensing tools for pricing a software product differently within the same or different markets. Privilege (to use resource)
The ability to use certain computer resources. eSafe Desktop and eSafe Enterprise let you prevent some people from changing the Window desktop or other parts of their setup, while other people log on to Windows and perform these operations. Privilege elevationThe ability to gain unauthorized privilege on a machine or network. For example, adding oneself to the Administrator?s group. ProactiveActive approach that prevents problems before they occur, as apposed to a reactive approach that responds to problems after they occur. Proactive security measures prevent hackers from exploring the type of content that is difficult to prevent against using traditional anti-virus technologies. The most recent developments in vandal and virus activity have involved active content that traditional anti-virus protection can neither detect nor protect against. ProfanityThe use of bad language in email. Profanity is considered a Content Security threat because use of company email to send sexual or racial content can open a company up to legal liability and loss of reputation. ProtocolRules governing how communication takes place and is interpreted by the transmitter and receiver. ProxyA computer that acts as a barrier between your computer or network, and the Internet. Proxy InspectionProxy Inspection methods require that the content Security device receive the entire file and scan or approve it before allowing any traffic to reach the requesting client. This caused time-outs, user complaints, and bandwidth usage problems. eSafe Gateway avoids these problems by using NitroInspection technology instead. Public KeyThe published part of an asymmetric encryption scheme keys are included in digital certificates and are not private information. A sender can use the recipient?s public key to encrypt a message. Only the recipient, with private key, can decrypt the message. If a sender uses a private key to ?sign? a message (or message digest), the recipient can sue the sender?s public key to authenticate the sender. Public Key Cryptography Standards (PKCS)
Open standards developed and maintained by RSA Data Security Inc., that govern the control of encryption formats keys. Public Key Infrastructure (PK)
A system for authenticating the validity of each person involved in a secure transaction. This includes digital signatures, Certificates Authorities, and other registration authorities. A PKI is necessary for organizations to establish a trust relationship in order to set up and define the scope and participants of a VPN.
QuarantineA holding area to which suspicious or infected files are moved so that they are unavailable to the user, but not lost forever. This allows organizations to remove infected files from circulation without deleting them permanently. QueryCriteria for sorting out irrelevant information a report. For Example: by selecting only sandbox violations and a specific date, you can generate a report of sandbox violations that occurred on that date.
RegistryA central database used in Windows 95/98/NT/2000 to store information necessary to configure Windows, applications and hardware devices. RelayUse of a private mail-relay server by someone from outside of the organization. Hackers use this technique for mail-spoofing or for initiating Dos attacks against third-party mail servers, and can put unnecessary load on your mail servers. Remote attackAttacking a machine that the hacker is not logged onto and using that machine to launch an attack on another, normally a more secure machine. Remote controlThe use of client software to control a remote machine Report fileA compute file where a record of each eSafe activity is recorded. This data is sued by the report generator to create reports. Rescue disketteA locked virus-free floppy diskette containing its own boot files and all of the files necessary to successfully remove viruses from an infected hard disk and restore you hard drive. ResponseActions taken to protect and restore the normal operating condition of computers and the information stored in the when and attack or intrusion occurs. Also referred to as incident response or intrusion response. Restricted areasDrives, directories and files covered by a sandbox Root Certification AuthorityThe highest-level certificate authority, which is responsible for verification of all lower level certificate authorities and all certificates issued. If a Root CA?s private key is exposed, all certifications issued in its hierarchy become invalid. RSA EncryptionA public key scheme used for encryption and digital signatures.
S/MIMESecure Multi-purpose Internet Mail Extensions. This is a secure version of MIME that has become the industry standard for encryption or email. S/MIME can use a number of different signature and encryption algorithms. SandboxSterile environment where file are kept under close surveillance. In this closed system, the behavior of every object is closely monitored, and protection is based on a set of privileges for each application. Sandbox IIThe second generation of Aladdin?s proprietary sandbox mechanism that limits Internet applications to a confined area, there by preventing hackers from using your Internet applications to access area of drives containing vital information. ScriptsPrograms built into the HTML code of a web page that work on almost all Internet applications. They can also be used with a variety of applications that support their scripting syntax. One such application is Windows Scripting Host, an automation tool that was exploited by many vandals. Scripts can do almost anything ? infect a system with Trojan, Modify files, cause DoS attacks, or spend malicious code using Microsoft Networks or Microsoft Outlook. Scripts are written in VBScript, JavaScript, or other scripting languages. SecurityThe information science concerned with ensuring that information systems are secure, as well as the means of establishing, testing, auditing, and otherwise maintaining their security. Security AuditAn examination of networks an computer systems to determine and organization?s vulnerability to attacks from hackers, vandals viruses and other sources. Security policyA set of rules that defies who has access to what information and network resources. An effective security policy must include physical access, electronic access and content inspection. Silent modeThe relevant sandbox or Personal Firewall acts upon violations without notifying the user. The violations are logged to the report file. SiteA logical group of inter connected physical all under the control of a single administrative unit. The administrative unit itself. The DNS domain name of the administrative unit. A site almost always contains multiple systems. Any one of these systems is not necessarily wholly contained within the site. Generally, the machines that make up a site are collocated geographically, hence the name. A site is frequently equated with its DNS domain name. James attacked site blue. James attacked blue.com Smart cardAn authentication device containing a microprocessor and data, which is read by a smart-card reader. Often the data is sent across the network. Smart Cookie ManagementBy stripping links to all cookies or to selectively stripping according to trusted and restricted lists, administrators to manage the use of cookies. This ensures privacy by preventing hackers from using known cookies to gather confidential data. SmartScript filtering and Smart StrippingProactive security measures that identify and remove specific types of self-executable code, while leaving the rest of the code intact. eSafe Gateway allows you to define which types of code to strip. Furthermore, you can use lists to strip selectively, depending on the source of the code being inspected. SMTPSimple Mail Transfer Protocol, SMTP is a protocol designed for sending email over the Internet. This protocol is used between email servers. SnifferA program the monitors network traffic in order to capture data transmitted. SpamSpam, also referred to as unsolicited bulk mail, or ?junk? email is unrequested email that is sent to multiple recipients, with a purpose to promote, a business idea or service. Spam is also used by hackers to spread vandals and viruses in email, or to trick users into visiting hostile or hacked sites, which will attack innocent surfers. Spam usually promotes ?get rich quick? schemes, porn sales, travel/vacation services and a variety of other topics. ESafe Gateway and eSafe Mail can block incoming or outgoing email based on the sender, recipient, body text, or subject text. Administrators can block or get a copy of mail messages containing specific text. For example, they could block email containing profanity or confidential project names. This feature blocks messages that violate corporate policies, thereby allowing full unattended enforcement of these policies. It can also prevent attacks by allowing hackers or vandal programs that use AMTP as a way of sending stolen information out of a network. Spoofing (email)
Mail-spoofing is forging email senders addresses. This could be dangerous as someone might impersonate someone else. Spammers and hackers use it extensively. One example of a spoof is to send message to users that appear to come from the administrator, and to request that the user change their password to the new value provided in the message. Spoofing (file type)
When a file extension is changed to create a backup or disabled working copy of a file no harm is done. However, hackers can use this technique to hide the true nature of a file. eSafe Gateway and eSafe Mail protects against file-type spoofing by inspecting the actual file structure and comparing it with a lit of extension associated with that file. Stateful inspectionA technology developed by Check Point Software Technologies that accesses an analysis all data derived from all communications layers. The state and context data is stored and updated dynamically, providing virtual session information for tracking connectionless protocols. The cumulative data are used to decide on a appropriate action. SurfNavigation from one site to another on the Internet SurvivabilityThe capability of a system to fulfill its mission, in a timely manner, in the presence of attacks, failures, or accidents. Timeliness is a critical factor that is typically included in (or implied by) the very high-level requirements that defines mission. However, timeliness is such an important factor that we include it explicitly in the definition of survivability. It is important to recognize that is it the mission fulfillment that must survive, not any particular subsystem to fulfill its mission, even if significant portions of the system are damaged or destroyed. We will sometimes use the term survivable system as a less than perfectly precise shorthand for a system with the capability to fulfill a specified mission in the face of attacks, failures, or accidents. StrippingRemoval of specific types of self-executable code, while leaving the rest of the code intact. eSafe SmartScript filtering and SmartStripping technology allows you to selectively strip specific types of code, depending on the source of the code being inspected. Symmetric encryptionEncryption scheme using the same key for both encryption and decryption is usually faster, but less secure than asymmetric encryption Symmetric keyAn encryption key used to both encrypt and decrypt a message file. SystemOne or more interconnected physical machines (hosts) operation in corporation with one another to meet a particular mission. Systems are generally, although not necessarily, contained within one site. Hosts may participate in multiple systems. System may be wholly contained with in one host distributed across multiple hosts.
Target (noun)
The object of an attack, especially host, computer, network, system, site, person, organization, nation, company, government, or other group. Target (verb)
To use something or someone as a target. To plan or schedule something or someone to attain an objective. For many computer-based attacks, target selection and attack are tightly integrated and indistinguishable. TECSAladdin?s Total Enterprise Content Security architecture used by eSafe Gateway and eSafe Mail. The architecture is highly advanced, scalable, modular, and totally independent of the platform on which the firewall runs and includes built-in fail-over capabilities. Text analysisAnalysis of text to enforce Content Security policies regarding transmission of confidential information, harassment and other inappropriate content. TokenA password that can be used only once, typically generated as needed by a hardware device, such as eToken. Triple DESA 168-bit encryption algorithm that encrypts each piece of data with three different DES keys in succession. This is currently one of the most secure encryption algorithms available for use by VPNs. Trojan horseA malicious file hidden inside a different type of file. The name refers to the legend of a large wooden horse that the Greeks left as a gift of truce to the city of Troy. The Trojans accepted the horse, which contained a secret compartment with select band of Greek fighters, who broke out under cover of darkness to initiate an attack. The rest of the Greek force, which had merely sailed around the closest headland until nightfall, sailed back and piled in through the breached defenses to destroy the city of Troy.
URLUniversal Resource Locator. A URL is an Internet address which identifies the protocol used. For example: http://www.ealaddin.com http: refers to the protocol used www: refers to the name of the web server machine (World Wide Web) ealaddin.com: refers to the domain URL blockingPreventing communication with specific URLs. Use of an extensive URL database provides companies the ability to restrict access inappropriate sites. eSafe Gateway allows you to use SurfControl?s extensive list of URLs to block by category without spending the manpower and time necessary to manually keep URL lists of inappropriate site updated. Totaling over one million URLs and categorized into more than 48 categories, this URL list amount guarantees that inappropriate content will not enter your network. User authenticationThe process of verifying the identity of a user. In a IPSEC complaint VPN, digital certificates are normally used to accomplish this. User Datagram Protocol (UDP)
A connectionless Internet protocol often used by hackers UUEncodeA method of encoding binary data into a seven-bit all-printable characters stream
VandalMalicious auto-executable applications written into the code of Java applets. ActiveX objects, or other scripting language designed to enhance web pages. Vandal can and have been used to steal money and secretly redirect modems. VictimThat which is the target of an attack. An entity may be a victim of either a successful or unsuccessful attack. VIPAn individual, group, or mailbox that requires access to connect not normally allowed. Virtual Private Network (VPN)
A private network that is configured within a public network. Authentication and encryption are used to protect data integrity and confidentiality over the VPN. IT is far less expensive to create and maintain a VPN than a dedicated private network. VirusA program that attaches itself to an executable program file. Viruses actively copy themselves, infecting your computer or network in the same way that a biological virus infects the human body. Most viruses merely take up disk space and cause programs to act in unexpected ways. However, some viruses infect that seriously damage that files needed to start and load operating systems. Virus-like activityAn action which may be a legitimate action under certain circumstances, but can also be caused by viruses. You can change the default settings if you use software that caused a specific virus like activity under normal operation. Visual Basic Script (VBS)
A programming language for Windows that can be embedded in HTML files. VBS can be as powerful as any application. In fact, it can silently invoke any system function or run other applications. VulnerabilityA feature or a combination of features of a system that allows an adversary to place that system in a state is both contrary to the desires of the people responsible for the system and increases the risk (profitability or consequence) of undesirable behavior in or of the system. A feature or a combination of features of a system that prevents the successful implementation of a particular security policy for that system. A program with a buffer that can be overflowed with data supplied by the invoker will usually be considered vulnerability. A telephone procedure that provides private information about the caller without prior authentication will usually be considered to have vulnerability.
Web contentWeb surfing is the second most popular Internet activity, and it is the least secure. The newest Internet technologies, especially Java and ActiveX, are used to create dynamic content-driven web sites. Unfortunately, these compelling new technologies also pose the highest risk. Java applies and ActiveX controls are downloaded and executed automatically by simple viewing a web page. By viewing the page, the user allows the web pages to copy an unknown program to the network and run it. Instructing web browsers no to download any Java or ActiveX content is possible, but increasingly less practical as many web sites require these technologies to provide full functionality. White listList of known objects (web sites, script commands, etc.) that should be allowed, while all other objects of the same type are blocked. WormAn executable vandal file that can multiply if an unsuspecting user is tricked into opening it. Worms can increase the rate by which they spread by inserting commands into startup routines, such as AUTOEXEC.BAT.
ZipA command compression format. Zipped files support password protection with symmetric encryption. ZooCollection of viruses. These can be found on Web sites, even through they are generally illegal.
|
|
This site last updated 01/05/03 |
|