Glossary
A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  Q  R  S  T  U  V  W  X  Y  Z 

Packet
A unit of data that is formed when a protocol breaks down messages that are sent along the Internet or other networks. Messages are broken down into standard sized packets in order to avoid overloading lines of transmission with large chunks of data. Upon arrival at the recipient computer, the protocol recombines the packets into the original message.

Packet Filter
A firewall technique that examines the headers of packets requesting connection to a computer behind the firewall and either grants or denies permission to connect based on information held within the packet header according to a set of pre-established rules.

Password
A form of authentication, a password is a series of characters, letters and/or numbers that a user must enter before being granted permission to use a computer, a network or a service. Passwords are used to attempt to ensure that only authorized users are granted access to a service; however, passwords may be illicitly obtained and therefore the use of a password alone does not validate that the user is actually the person to whom authorization was granted.

Patch
Programming code that is used to repair an identified software bug or vulnerability.

Payload
The part of the packet, message or code that carries the data. In information security, the term payload generally refers to the part of malicious code that performs the destructive operation.

PGP or Pretty Good Privacy
Perhaps the most widely used encryption program, PGP is a freeware (for non-commercial users) encryption program that uses the "public key" approach - messages are encrypted using the publicly available key, but can only be deciphered by the intended recipient via the private key.

Ping or Packet Internet Groper
A program that systems administrators and hackers/crackers use to determine whether a specific computer is currently online and accessible. Pinging works by sending a packet to the specified IP address and waiting for a reply - if a reply is received the computer is deemed to be online and accessible.

POP or Post Office Protocol
A protocol that allows clients to retrieve e-mail from their mail server.

Port
A port is a logical abstraction that allows one computer to simultaneously communicate with multiple other machines. Packets are sent to a combination of an IP address and a port number. The recipient determines which application to send the data to based on the port number. Certain applications typically reside on the same port on every computer running the application. For example, web servers typically listen for requests on port 80. Attackers will often check a target computer for open ports as a means of determining which network services the target is running, so that they can exploit any weaknesses in those applications to gain entry.

Port Scan
Hackers often use software tools called 'port scanners' to find services currently running on target systems. This is done by scanning the target for open ports, usually by sending a connection request to each port and waiting for a response. If a response is received, the port is known to be open.

Privacy
For most in the Internet security community, the term privacy refers to protection from the unauthorized dissemination of personal information, such as credit card information or Net-surfing habits. Privacy has become and will continue to be a growing concern for Internet users, as many activities, such as browsing habits may be tracked and the information sold for profit.

Private key
Part of asymmetric encryption, which uses a private key in conjunction with a public key. The private key is kept secret while the public key is sent to those with whom a user expects to communicate. The private key is then used to encrypt the data, and the corresponding public key is used to decrypt it.

Protocol
In computers the term 'protocol' describes a set of rules for encoding and decoding data so that messages may be exchanged between computers so that each computer can fully understand their meaning. On the Internet, the exchange of information between different computers is made possible by the suite of protocols known as TCP/IP. Protocols may be stacked, meaning that one transmission may make use of two or more protocols. For example, an FTP session uses the FTP protocol to transfer files, the TCP protocol to manage connections, and the IP protocol to deliver data.

Proxy Server
A common and effective firewall technology, the proxy server stands between a network and its Internet server. The proxy server acts as a firewall in two ways, it receives requests from the computers on the network and passes them off to the Internet server so that all external computers will think of the proxy server as the lone computer on the external network. This function also allows the proxy to filter out requests to connect with or accept connections requests from sites that previously established rules have prohibited. Proxies may also cache (or store previously visited) Web pages, so that the next request can be obtained locally, saving time and money and minimizing exposure to external computers.

Public Key
Part of asymmetric encryption, the public key operates in conjunction with the private key. The sender looks up the public key of the intended recipient and uses the public key to encrypt the message. The recipient then uses his or her private key, which is not made public, to decrypt the message.

Public key cryptography:
Also known as asymmetric cryptography, a cryptographic system in which two different keys are used for encryption and decryption. See public key and private key. The sender of the message looks up the public key of the intended recipient and uses the public key to encrypt the message. The recipient then uses his or her private key, which is not made public, to decrypt the message. This method of encryption is considered more secure that symmetrical cryptography because one of the keys is kept strictly private.



 

Privacy Statement
Copyright 2010, SecurityFocus