Algorithm - A list of well-defined instructions for accomplishing some task. In software this is a set of machine instructions designed to perform one or more specific actions.
Anti-Virus - Specialized
software designed to examine the contents of network traffic in
order to identify components believed to be a virus. This software
is searching for specific patterns, called signatures, of data that
have been determined to be viruses in the past.
Application-level
Packet Inspection - The third improvement to firewall security,
which goes beyond both simple packet inspection and stateful packet
inspection, is for the firewall to intercept and actively process
all the packets as if they were destined for the firewall itself.
This type of activity is one in which the firewall is acting as
an executive-assistant, or a proxy, for the real application (which
is why these filters are like proxy servers). The proxy has the
authority to reject some requests directly, while passing others
through. The proxy does not allow the outside client to know the
actual identity of the real server, because it behaves as if the
proxy is the real server. This is much like an executive assistant
acting for and protecting a key corporate officer.
Denial of Service
(DOS) - This is a malicious attempt to prevent a machine or local
network of machines from communicating with the outside world by
bombarding the machine or network entry point with meaningless network
traffic.
Encryption - This is the process of
transforming data/information (called plaintext) to make it unreadable
to anyone except someone having the information allowing the transformation
to be reversed, termed decryption. The purpose of encryption is
to protect the original information so that if it is somehow captured
or seen by an unauthorized individual, it would be extremely difficult
to extract the plaintext information.
Filtering (email) - The process
of removing or marking email though to be undesirable from the in-box
automatically before it is presented to a user. This is usually
done using a combination of rules and statistical matching processes.
The rules remove email based on the sender, specific words in the
title or content, or even the computer from which the email was
sent. Statistical matching is less precise, but is used to develop
a "score" for each
email based on the format of the email together with the words used.
Emails with a high score (a good match to patterns indicating spam
or other undesirable email) can be removed or marked.
Firewall -
A software "fence", usually running in a special
hardware appliance, that is responsible for preventing unauthorized
access to and from the network of computers it is protecting. The
firewall provides this protection by preventing un-authorized network
packets from entering or leaving the protected network. What constitutes "unauthorized" is
determined by a set of rules maintained in the firewall. These rules
are created and maintained by the manager(s) and installer(s) of
the firewall.
[TOP]
Hardware Appliance - A specialized computer which typically
has no display, keyboard, or mouse, and runs special-purpose software
to provide specific services. Such a computer starts automatically
when the power is applied and performs it service(s) without human
intervention required.
Internet Protocol (IP)
Address - The
number assigned to a specific ethernet connector in a specific
device. This number, at least within a viewable network (one in
which all devices can see all other devices) must be unique. This
number is visually represented as xxx.yyy.zzz.www (termed an octet
because it is made up of eight hexadecimal digits) and is referred
to as the "IP address" of that connector
on that machine. If two or more machines that can directly "see" each
other on the network have the same IP address, then neither will
be able to communicate reliably with any other machine. An IP address
is very much like a street address (including the house/building
number) assigned by a post office for regular mail delivery.
Intrusion
Detection Service (IDS) - In the most general form, an intrusion
is an unwanted and/or unauthorized manipulation of a computer system
or network component. This broad definition includes activities
from both inside the machine or network, and those from outside.
Intrusion detection is any means of recognizing and recording suspected
or actual intrusions. An intrusion detection system generally is
comprised of software sensors to detect a possible intrusion, a
console or other method to alert a responsible individual to a suspected
intrusion, and an engine that records all of the sensor and other
information gathered about the intrusion.
Malware - This term was
coined by combining the words malicious and software. As the name
implies, malware is software which is designed to do harm of some
type to a computer system without permission from, and sometimes
without the knowledge of, the user or administrator of that computer.
The term generally includes computer viruses, trojan horses, worms,
spyware, and hidden adware.
Packet (network) - A packet is the smallest
unit of data transferred on the Ethernet. Packets of some type are
central to the technology of "packet-switched" networks,
such as the Ethernet. A packet has a well-defined standardized structure
which is used to allow Ethernet hardware and software to transmit,
route, and receive communications. In the Ethernet protocol, a packet
is always sent from an IP address and port number to an IP address
and port number (although the destination in some cases can be "broadcast",
meaning anyone on the addressed network can receive the packet).
Packet
Filtering - Because every Ethernet packet must have an IP address
and port number to which it is addressed (its destination) as well
as where it originated (its source), the simplest form for firewall
protection is to filter out packets based on the source and/or the
destination. For example, if I did not want to receive any web-browser
packets (because I was not running a web site), then I would tell
the firewall to block any packets destined for port 80, regardless
of their IP address. I could receive web-browser packets from only
a certain machine by blocking all packets destined for port 80 unless
the source IP address was 88.66.33.2. Packet filtering is the simplest
firewall service requiring the least powerful processor, but is
also the weakest type of firewall because it is the least flexible,
and thus requires the greatest relaxation of constraints in order
for useful work to be supported. It is also the least secure because
it is the easiest type of firewall to "fool" into
allowing a connection.
[TOP]
Phishing - Phishing is a scam where Internet
fraudsters send spam or pop-up messages to lure personal and financial
information from unsuspecting victims. (from onguardonline.gov)
The idea behind Phishing is that from many contacts a few unsuspecting
people will respond to an email or message that appears to be legitimate.
For example, an email with a CitiBank return address asking you
to log in and change your password due to a suspected break-in to
their server, where the email includes a link to click on in order
to get to the site. The scam is that the included link actually
takes the reader to a false site which mimics the CitiBank site,
but records all the information you enter. In some sophisticated
attacks, the false site eventually connects to a real CitiBank site,
so that the user is not aware of the theft of personal information.
Port - A port in the Ethernet protocol is a designator of a specific
line of communication or service over a shared Ethernet pathway.
If the IP address of an Ethernet connector is equivalent to its
street address, then a port is equivalent to the individual named
on the envelope (or sometimes a group, such as the sales departmen).
To get to the correct place, an Ethernet packet must specify both
the IP address and port for the destination.
Redundant Network Failover - Some firewall devices which are also routers (such as SnapGear
and Sidewinder) have the ability to support two external (outside
world) connections at the same time, such as a cable modem together
with a DSL modem. These devices can be configured so that if one
of the modems fails, the firewall/router automatically switches
all of the traffic to the remaining good connection. Thus, the user
may suffer a slower network connection, but not a total loss of
connection. Because the duplicate paths can also be seen from by
the external users, they also can still access the internal network,
although it may be a slower access.
SOHO - Stands for Small Office/Home Office. These appliances often
provide a managed firewall and VPN capabilities. Some provide limited
anti-virus by subscription. The better devices offer Stateful Packet
Inspection, but not Application Level Packet Inspection.
SPAM - Spam
is unwanted and unrequested electronic transmissions, usually in
the form of email, but it can include instant messages, voice-mail
messages, and faxes. Such messages are often referred to as "junk".
Spam messages are normally sent in bulk (millions of messages at
a time) in the hope that a small percentage of the targets will
actually open, read, and respond to the spam. The ease and low cost
of sending such bulk messages has caused spam to become more than
90% of all email traffic.
Spyware - Software that, without either the knowledge or permission of the
computer user (typically a single-user personal computer), gathers
private information and transmits it to a remote computer/database.
The key difference between spyware and trojan horse software is
that spyware usually get installed as an un-announced consequence
of installing other desired software (often software offered as "free" software,
although most free software is legitimate and free from spyware).
Another key difference is that Trojan horse software does not install
itself to run continuously and restart whenever the computer is
booted, whereas spyware tends to become a hidden "service" of
the operating system software, and thus is restarted automatically
if it is stopped.
Stateful Packet Inspection -
The next more effective and secure filtering method beyond simple
packet inspection is called stateful packet inspection. For this,
not only the destination and source information, but some small
portions of the contents of packets are examined. To illustrate
what this means, consider that there is a computer outside of my
network sending out packets that report the ocean temperature at
Carlsbad beach. My firewall could easily block these packets just
by adding a rule based on the destination port for these packets.
However, if I were interested in obtaining that information, and
I program designed to connect to the temperature computer and listen
to those packets, then with stateful packet inspection the firewall
would automatically allow those temperature packets because my program,
from inside the firewall, had initiated the communication. Thus
stateful packet inspection automatically adapts to the current activities
performed (state of the computers inside the firewall) on a protected
computer.
[TOP]
T1 & T3 - These are two telecommunications
terms that are used to designate combinations of telephone lines
with special modems that are used to provide digital network communications.
A T1 line designates a set of 24 voice-grade lines that, in combination,
can transmit and receive at a rate of 1.544 megabits per second.
T3 is a group of 672 lines that can transmit/receive at a rate of
44.736 megabits per second. The advantage to these technologies
is that they are not shared (so no users from other networks using
the same wires can reduce your speed) and they offer the same speed
both into (download) and from (upload) your network. However, because
they require repeaters every few thousand feet (or closer for T3),
they are expensive when compared to cable modem and DSL alternatives.
Tokens (software & hardware) - A token, when used in computer
networking, is a hardware or software device which is used to authenticate
a user attempting to make a connection, such as a VPN connection,
or gain access to a computer system. These are most often used as
one-time passwords or for digital signatures. Different vendors
use different methods, many of which are patented, but the central
concept is that the computer or network which is verifying your
identify (called authenticating) is periodically generating a new
number using the same algorithm (method) as the hardware or software
token, and these are tied to some type of clock, so that each device
knows what the other is doing. A hardware token is a small device
that easily fits in the palm of your hand. A software token is a
specialized piece of software that runs on your computer (e.g. your
laptop computer) that does the same function, but does not require
you to carry an extra device. Regardless of whether they are hardware
or software, tokens are effective because they will not repeat the
same password number string for many years, thus making it virtually
impossible to guess a correct password within the limited time until
the token changes the password to a new one.
Trojan Horse - In computer
networking a Trojan Horse is a program that is malicious software
operating under the guise of doing something else. A Trojan horse
differs from a virus in that a Trojan horse does not insert its
code into other computer files and appears harmless until executed.
The term is a direct reference to the mythical Greek Trojan Horse.
Trojan horse software appears to be a useful or interesting program
(or at least harmless) to an unsuspecting user, but is harmful when
executed. For example, a program that runs a short humorous video,
but meanwhile is searching for private information on the computer
and transmitting it over the network to a distant database for use
in credit card fraud or identity theft.
TrustedSource - This is a database of "reputation scores" which
is maintained by Secure Computing's Global Threat Correlation Engine.
The database is a list of those computers/sites which have been
determined by Secure Computing to be sources of spam email messages.
See trustedsource.org for additional details.
URL (Uniform Resource
Locator) - A method by which sites with registers names may be located
without the user requiring any knowledge or information about the
specific IP address of the site or its actual location.
URL Filtering - A software algorithm with an associated database that allows undesirable
URL's to become invisible to a specific user or network of users.
This may be done for many reasons, including protection of children
from undesirable material, prevention of employees from using certain
sites while at work, or protection from sites known to have viruses
or other malware.
UTM - Unified
Threat Management is a term applied to firewalls capable of doing
both Stateful Packet Inspection and Application Level Packet Inspection,
plus able to monitor and record network intrusion.
Virus - A computer virus is a small software program which is designed
to accomplish two things: perform some action that interferes with
proper operation of a computer, and to spread a copy of itself to
another computer, usually over a network. Computer virus's can be
relatively harmless (like put up a window with a joke) or highly
destructive (like removing all your data files or making the computer
reboot repeatedly). Virus's can be spread as attachments to email,
hidden in downloads from the internet, or from running an automatically
downloaded program when you click on an item on a web site.
VPN (Virtual
Private Network) - A private communications connection done over
a public communications network to allow confidential communication.
VPN's are created by specialized software added to the networking
software. The VPN software limits the specific connections which
can be made (e.g. only certain computers or users with certain login
and password information), and encrypts all of the network packets
so that even if the packets are intercepted they cannot be easily
understood.
