Network security
Terms related to network security, including definitions about intrusion prevention and words and phrases about VPNs and firewalls.OCS - REV
- OCSP (Online Certificate Status Protocol) - OCSP (Online Certificate Status Protocol) is one of two common schemes for maintaining the security of a server and other network resources.
- OCTAVE - OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation) is a security framework for determining risk level and planning defenses against cyber assaults.
- offensive security - Offensive security is a proactive and antagonistic approach to protecting computer systems, networks and individuals from attacks.
- one-time pad - In cryptography, a one-time pad is a system in which a private key generated randomly is used only once to encrypt a message that is then decrypted by the receiver using a matching one-time pad and key.
- one-time password (OTP) - A one-time password (OTP) is an automatically generated numeric or alphanumeric string of characters that authenticates the user for a single transaction or login session.
- OneID - OneID is a digital identity management service that provides a repository for usernames and passwords, eliminating the need for people to remember numerous arcane character sequences.
- open security - Open security is an approach to safeguarding software, hardware and other information system components with methods whose design and details are publicly available.
- Open Source Hardening Project - The Open Source Hardening Project is an initiative of the United States Department of Homeland Security, created to improve the security of open source code.
- Open System Authentication (OSA) - Open System Authentication (OSA) is a process by which a computer can gain access to a wireless network that uses the Wired Equivalent Privacy (WEP) protocol.
- OpenAppID - OpenAppID is an application-layer network security plugin for the open source intrusion detection system Snort.
- OpenDNS - OpenDNS is the world’s largest reverse DNS service provider.
- OpenPGP - OpenPGP is an open and free version of the Pretty Good Privacy (PGP) standard that defines encryption formats to enable private messaging abilities for email and other message encryption.
- organizational unit (OU) - An organizational unit (OU) is a container within a Microsoft Active Directory domain which can hold users, groups and computers.
- output feedback (OFB) - In cryptography, output feedback (OFB) is a mode of operation for a block cipher.
- OWASP Top Ten - The OWASP Top Ten is a list of the 10 most dangerous current Web application security flaws, along with effective methods of dealing with those flaws.
- owned - Owned, in common slang, means decisively defeated, with the implication of domination and possession.
- ownership tag - An ownership tag is a security feature on Compaq computers, consisting of an encrypt ed text string that displays at startup to uniquely identify a computer.
- P versus NP (polynomial versus nondeterministic polynomial) - P versus NP (polynomial versus nondeterministic polynomial) refers to a theoretical question presented in 1971 by Leonid Levin and Stephen Cook, concerning mathematical problems that are easy to solve (P type) as opposed to problems that are difficult to solve (NP type).
- packet monkey - On the Internet, a packet monkey is someone (see cracker, hacker, and script kiddy) who intentionally inundates a Web site or network with data packets, resulting in a denial-of-service situation for users of the attacked site or network.
- Palladium - Palladium is a plan from Intel, AMD, and Microsoft to build security into personal computers and servers at the microprocessor level.
- palm vein recognition - Palm vein recognition is a biometric authentication method based on the unique patterns of veins in the palms of people’s hands.
- passive attack - A passive attack is a network attack in which a system is monitored and sometimes scanned for open ports and vulnerabilities.
- passive FTP - Passive FTP (sometimes referred to as PASV FTP because it involves the FTP PASV command) is a more secure form of data transfer in which the flow of data is set up and initiated by the File Transfer Program (FTP) client rather than by the FTP server program.
- passive reconnaissance - Passive reconnaissance is an attempt to gain information about targeted computers and networks without actively engaging with the systems.
- passive scanning - Passive scanning is a method of vulnerability detection that relies on information gleaned from network data that is captured from a target computer without direct interaction.
- passphrase - A passphrase is a string of characters longer than the usual password (which is typically from four to 16 characters long) that is used in creating a digital signature (an encoded signature that proves to someone that it was really you who sent a message) or in an encryption or a decryption of a message.
- password - A password is an unspaced sequence of characters used to determine that a computer user requesting access to a computer system is really that particular user.
- password blacklist - A password blacklist is a list of words disallowed as user passwords due to their commonplace use.
- password cracker - A password cracker is an application program that is used to identify an unknown or forgotten password to a computer or network resources.
- password entropy - Password entropy is a measurement of how unpredictable a password is.
- password hardening - Password hardening is any one of a variety of measures taken to make it more difficult for an intruder to circumvent the authentication process.
- password strength meter - A password strength meter is an indicator, either in graphical or text form, of the strength of a password as entered by a user.
- password synchronization - Password synchronization is an authentication process that coordinates user passwords across various computers and computing devices so a user only has to remember a single password instead of multiple passwords for different machines or devices.
- PCI DSS merchant levels - Merchant levels are used by the payment card industry (PCI) to determine risk levels and determine the appropriate level of security for their businesses.
- PCI forensic investigator program - A PCI forensic investigator program is a certification process for companies wishing to become eligible to perform investigations into data breaches on payment card industry (PCI) networks.
- PCI gap assessment - A PCI gap assessment is the identification, analysis and documentation of areas of non-compliance with the Payment Card Industry Data Security Standard (PCI DSS).
- PEAP (Protected Extensible Authentication Protocol) - PEAP (Protected Extensible Authentication Protocol) is a version of EAP, the authentication protocol used in wireless networks and Point-to-Point connections.
- peer-to-peer botnet (P2P botnet) - A peer-to-peer botnet is a decentralized group of malware-compromised machines working together for an attacker’s purpose without their owners’ knowledge.
- pen test (penetration testing) - Penetration testing, also called pen testing or ethical hacking, is the practice of testing a computer system, network or web application to find security vulnerabilities that an attacker could exploit.
- personal firewall (desktop firewall) - A personal firewall (sometimes called a desktop firewall) is a software application used to protect a single Internet-connected computer from intruders.
- personal health record (PHR) - A personal health record (PHR) is a collection of health-related information that is documented and maintained by the individual it pertains to.
- pharming - Pharming is a scamming practice in which malicious code is installed on a personal computer or server, misdirecting users to fraudulent Web sites without their knowledge or consent.
- phlashing - Phlashing is a permanent denial of service (PDoS) attack that exploits a vulnerability in network-based firmware updates.
- phreak - A phreak is someone who breaks into the telephone network illegally, typically to make free long-distance phone calls or to tap phone lines.
- physical attack surface - The physical attack surface is the totality of the security vulnerabilities in a given system that are available to an attacker in the same location as the target.
- piggybacking - Piggybacking, in a wireless communications context, is the unauthorized use of a wireless LAN.
- ping of death - On the Internet, ping of death is a denial of service (DoS) attack caused by an attacker deliberately sending an IP packet larger than the 65,536 bytes allowed by the IP protocol.
- ping sweep (ICMP sweep) - A ping sweep (also known as an ICMP sweep) is a basic network scanning technique used to determine which of a range of IP addresses map to live hosts (computers).
- piracy - Software piracy is the illegal copying, distribution, or use of software.
- PKI (public key infrastructure) - A public key infrastructure (PKI) supports the distribution and identification of public encryption keys, enabling users and computers to both securely exchange data over networks such as the Internet and verify the identity of the other party.
- plaintext - In cryptography, plaintext is ordinary readable text before being encrypted into ciphertext or after being decrypted.
- Point-to-Point Tunneling Protocol (PPTP) - Point-to-Point Tunneling Protocol (PPTP) is a protocol (set of communication rules) that allows corporations to extend their own corporate network through private "tunnels" over the public Internet.
- policy server - A policy server is a security component of a policy-based network that provides authorization services and facilitates tracking and control of files.
- policy-based management - Policy-based management is an administrative approach that is used to simplify the management of a given endeavor by establishing policies to deal with situations that are likely to occur.
- polymorphic virus - A polymorphic virus is a harmful, destructive or intrusive type of malware that can change or 'morph,' making it difficult to detect with antimalware programs.
- port 9875 (port of doom) - Port 9875 is a port often associated with setting up VoIP communications.
- Port Address Translation (PAT) - Port Address Translation (PAT), is an extension to network address translation (NAT) that permits multiple devices on a local area network (LAN) to be mapped to a single public IP address.
- port mirroring (roving analysis port) - Port mirroring is an approach to monitoring network traffic that involves forwarding a copy of each packet from one network switch port to another.
- port scan - A port scan is a series of messages sent by someone attempting to break into a computer to learn which computer network services, each associated with a "well-known" port number, the computer provides.
- presence technology - Presence technology is a type of application that makes it possible to locate and identify a computing device wherever it might be, as soon as the user connects to the network.
- Presidential Policy Directive 21 (PPD-21) - Presidential Policy Directive 21 (PPD-21): Critical Infrastructure Protection and Resilience is a directive that aims to strengthen and secure functioning and resilient critical infrastructure.
- Pretty Easy Privacy (pEp) - Pretty Easy Privacy (pEp) is an open source encryption tool designed to make it simple for users to protect their online communications.
- Pretty Good Privacy (PGP) - Pretty Good Privacy or PGP is a popular program used to encrypt and decrypt email over the Internet, as well as authenticate messages with digital signatures and encrypted stored files.
- principle of least privilege (POLP) - The principle of least privilege (POLP), an important concept in computer security, is the practice of limiting access rights for users to the bare minimum permissions they need to perform their work.
- privacy - On the Internet, privacy, a major concern of users, can be divided into these concerns: What personal information can be shared with whom Whether messages can be exchanged without anyone else seeing them Whether and how one can send messages anonymously Personal Information Privacy Most Web users want to understand that personal information they share will not be shared with anyone else without their permission.
- private certificate authority (CA) - Private CA stands for private certificate authority and is an enterprise specific certificate authority that functions like a publicly trusted CA but is exclusively run by or for the enterprise.
- private cloud (internal cloud or corporate cloud) - Private cloud is a type of cloud computing that delivers similar advantages to public cloud, including scalability and self-service, but through a proprietary architecture.
- private key - A private key, also known as a secret key, is a variable in cryptography that is used with an algorithm to encrypt and decrypt code.
- privilege - In the administration of a multi-user computer system, a privilege is an identified right that a particular user has to a particular system resource, such as a file folder, the use of certain system commands, or an amount of storage.
- privilege bracketing - Privilege bracketing is the practice of limiting temporarily increased permission levels to the briefest possible time period.
- privilege escalation attack - A privilege escalation attack is a type of network intrusion that takes advantage of programming errors or design flaws to grant the attacker elevated access to the network and its associated data and applications.
- Project Vault - Project Vault is a secure minicomputer contained on a Micro SD card; Vault is under development at Google ATAP, the company’s lab group for disruptive technologies.
- promiscuous mode - In a network, promiscuous mode allows a network device to intercept and read each network packet that arrives in its entirety.
- proof of concept (PoC) exploit - A proof of concept (PoC) exploit is a non-harmful attack against a computer or network.
- proxy firewall - A proxy firewall is a network security system that protects network resources by filtering messages at the application layer.
- proxy hacking - Proxy hacking, also known as proxy hijacking, is an attack technique designed to supplant an authentic Web page in a search engine's index and search results pages.
- pseudonymous profile - A pseudonymous profile is a collection of information about a particular computer user that identifies the user either by their computer's IP address or by a randomly-generated nickname.
- public key - In cryptography, a public key is a value provided by some designated authority as an encryption key that, combined with a private key derived from the public key, can be used to effectively encrypt messages and digital signatures.
- public key certificate - A public key certificate is a digitally signed document that serves to validate the sender's authorization and name.
- Public-Key Cryptography Standards (PKCS) - The Public-Key Cryptography Standards (PKCS) are a set of intervendor standard protocols for making possible secure information exchange on the Internet using a public key infrastructure (PKI).
- pulsing zombie - A pulsing zombie is a computer whose security has been compromised without its owner's knowledge by a cracker so that it intermittently carries out a denial-of-service attack on target computers in a network.
- PUP (potentially unwanted program) - A PUP (potentially unwanted program) is a program that may be unwanted, despite the possibility that users consented to download it.
- RADIUS (Remote Authentication Dial-In User Service) - Remote Authentication Dial-In User Service (RADIUS) is a client/server protocol and software that enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service.
- rainbow table - A rainbow table is a listing of all possible plaintext permutations of encrypted passwords specific to a given hash algorithm.
- RAT (remote access Trojan) - A remote access Trojan (RAT) is a malware program that gives an intruder administrative control over a target computer.
- RavMonE virus (W32/Rjump) - The RavMonE virus, also known as W32/Rjump, is a virus that opens a back door on a computer running Windows, creates a copy of itself in the Windows system directory and creates a log file containing the port number on which its back door component listens.
- redact - To redact is to edit, or prepare for publishing.
- Register of Known Spam Operations (ROKSO) - The Register of Known Spam Operations (ROKSO) is a list of over 500 professional spammers that is maintained by the Spamhaus Project, an organization dedicated to identifying and exposing spam operators.
- Regulation of Investigatory Powers Act (RIPA) - RIPA (Regulation of Investigatory Powers Act) is a law enacted in the United Kingdom in 2000 to govern the interception and use of electronic communications.
- relative identifier (RID) - In Windows 2000, the relative identifier (RID) is the part of a security ID (SID) that uniquely identifies an account or group within a domain.
- remote deposit capture (RDC) - Remote deposit capture (RDC) is a system that allows a customer to scan checks remotely and transmit the check images to a bank for deposit, usually via an encrypted Internet connection.
- Resource Access Control Facility (RACF) - RACF (Resource Access Control Facility) is the IBM security management product for its mainframe (large server) operating system, OS/390 (MVS) as well as for its VM operating system.
- retina scan - Retina scanning is a biometric verification technology that uses an image of an individual’s retinal blood vessel pattern as a unique identifying trait for access to secure installations.
- reverse brute-force attack - A reverse brute-force attack is a type of brute-force attack in which an attacker uses a common password against multiple usernames in an attempt to gain access to a network.
- reverse DNS (rDNS) - Reverse DNS (rDNS) is a method of resolving an IP address into a domain name, just as the domain name system (DNS) resolves domain names into associated IP addresses.