The acknowledgement bit in a TCP packet. (ACKnowledgment code) - Code that communicates that a system is ready to receive data from a remote transmitting station, or code that acknowledges the error-free transmission of data.
ARCNET is a local area network (LAN) protocol, similar in purpose to Ethernet or Token Ring. ARCNET was the first widely available networking system for microcomputers and became popular in the 1980s for office automation tasks. It has since gained a following in the embedded systems market, where certain features of the protocol are especially useful.
Brute-force search is a trivial but very general problem-solving technique, that consists of systematically enumerating all possible candidates for the solution and checking whether each candidate satisfies the problem's statement.
For example, a brute force password attack would attempt to discover the password to a secure service by trying all known passwords one after another.
Error in a program that cause problems.
The CA is an authority trusted by one or more users to issue and manage certificates. The CA is the security solution for conducting business on the Internet. The CA ensures that electronic transactions are conducted with confidentiality, data integrity, proper user authentication, and protection against repudiation.
or CTR is a way of measuring the success of an online advertising campaign. A CTR is obtained by dividing the number of users who clicked on an ad on a web page by the number of times the ad was delivered (impressions). For example, if your banner ad was delivered 100 times (impressions delivered) and one person clicked on it (clicks recorded), then the resulting CTR would be 1 percent.
CVSS refers to the Common Vulnerability Scoring System and is a vendor-neutral, industry standard that conveys vulnerability severity and helps determine urgency and priority of response. It solves the problem of multiple, incompatible scoring systems and is usable and understandable by anyone. The CVSS can be understood form the CVSS Base Vectors and CVSS Temporal Vectors
CVSS vectors containing only base metrics take the following form:
The letters within brackets represent possible values of a CVSS metric. Exactly one option must be chosen for each set of brackets. Letters not within brackets are mandatory and must be included in order to create a valid CVSS vector. Each letter or pair of letters is an abbreviation for a metric or metric value within CVSS. These abbreviations are defined below.
Metric: AV = AccessVector (Related exploit range)
Possible Values: R = Remote, L = Local
Metric: AC = AccessComplexity (Required attack complexity)
Possible Values: H = High, L = Low
Metric: Au = Authentication (Level of authentication needed to exploit)
Possible Values: R = Required, NR = Not Required
Metric: C = ConfImpact (Confidentiality impact)
Possible Values: N = None, P = Partial, C = Complete
Metric: I = IntegImpact (Integrity impact)
Possible Values: N = None, P = Partial, C = Complete
Metric: A = AvailImpact (Availability impact)
Possible Values: N = None, P = Partial, C = Complete
Metric: B = ImpactBias (Impact value weighting)
Possible Values: N = Normal, C = Confidentiality, I = Integrity, A = Availability
CVSS vectors containing temporal metrics are formed by appending the temporal metrics to the base vector. The temporal metrics appended to the base vector take the following form:
Metric: E = Exploitability (Availability of exploit)
Possible Values: U = Unproven, P = Proof-of-concept, F = Functional, H = High
Metric: RL = RemediationLevel (Type of fix available)
Possible Values: O = Official-fix, T = Temporary-fix, W = Workaround, U = Unavailable
Metric: RC = ReportConfidence (Level of verification that the vulnerability exists)
Possible Values: U = Unconfirmed, Uc = Uncorroborated, C = Confirmed
Dynamic Host Configuration Protocol (DHCP) is a communications protocol that lets network administrators manage and automate the assignment of Internet Protocol (IP) addresses in an organization's network. DHCP allows devices to connect to a network and be automatically assigned an IP address.
The process of identifying a program error and the circumstances in which the error occurs, locating the source(s) of the error in the program and fixing the error.
A device is a group of target for scan IP Addresses and/or domains.
The procedure of allocating temporary IP addresses as they are needed. Dynamic IP's are often, though not exclusively, used for dial-up modems.
The person who uses a program after it's been compiled and distributed.
Ethernet is a frame-based computer networking technology for local area networks (LANs). The name comes from the physical concept of ether. It defines wiring and signaling for the physical layer, and frame formats and protocols for the media access control (MAC)/data link layer of the OSI model. Ethernet is mostly standardized as IEEEs 802.3. It has become the most widespread LAN technology in use during the 1990s to the present, and has largely replaced all other LAN standards such as token ring, FDDI, and ARCNET.
Provides a standard for data transmission in a local area network that can extend in range up to 200 kilometers (124 miles). The FDDI protocol uses as its basis the token ring protocol. In addition to covering large geographical areas, FDDI local area networks can support thousands of users. As a standard underlying medium it uses optical fiber (though it can use copper cable, in which case one can refer to CDDI). FDDI uses a dual-attached, counter-rotating token-ring topology.
type of file system.
File Transfer Protocol. This is the language used for file transfer from computer to computer across the WWW. An anonymous FTP is a file transfer between locations that does not require users to identify themselves with a password or log-in. An anonymous FTP is not secure, because it can be accessed by any other user of the WWW.
In Simple words, the protocol used on the Internet for exchanging files. FTP uses the Internet's TCP/IP protocols to enable data transfer. FTP is most commonly used to download a file from a server using the Internet or to upload a file to a server (eg, uploading a Web page file to a server.
An access method in HTTP.
The visual symbols and choices to control a program. Most GUI's use windows, menus, and toolbars. Most operating systems use GUI's because most users are uncomfortable with a less user friendly interface like a command line.
is the daily server vulnerability assessment and certification service that delivers essential, real time verification of your security credentials directly to your website customers.
HTTP (Hypertext Transfer Protocol) is the foundation protocol of the World Wide Web. It sets the rules for exchanges between browser and server. It provides for the transfer of hypertext and hypermedia, for recognition of file types, and other functions.
The Internet Protocol (IP) is a data-oriented protocol used by source and destination hosts for communicating data across a packet-switched internetwork.
An IP address is a numeric address that is used to identify a network interface on a specific network or subnetwork. Every computer or server on the Internet has an IP address. It is a unique number consisting of four parts separated by dots. For example, 220.127.116.11. The address contains two pieces of information : the network portion, known as the IP network address, and the local portion, known as the local or host address.
A company or organization that provides the connection between a local computer or network, and the larger Internet.
Internet Message Access Protocol'. IMAP is a method of distributing e-mail. It is different from the standard POP3 method in that with IMAP, e-mail messages are stored on the server, while in POP3, the messages are transferred to the client's computer when they are read. Thus, using IMAP allows you to access your e-mail from more than one machine, while POP3 does not. This is important because some email servers only work with some protocols.
Software/hardware that detects and logs inappropriate, incorrect, or anomalous activity. IDS are typically characterized based on the source of the data they monitor: host or network. A host-based IDS uses system log files and other electronic audit data to identify suspicious activity. A network-based IDS uses a sensor to monitor packets on the network to which it is attached.
An information security exposure is a mistake in software that allows access to information or capabilities that can be used by a hacker as a stepping-stone into a system or network.
In cryptography, an algorithm's key space refers to all possible keys that can be used to initialize it. Put in its most simplistic terms, the possibilities in the series A,B,C...Z represent a much smaller key space than AAA,AAB,AAC...ZZZ. A well-designed cryptographic algorithm should be highly computationally expensive when trying to brute-force through all possible key values.
A tarpit is a computer entity that will intentionally respond slowly to incoming requests. The goal is to delude clients so that unauthorized or illicit use of a fake service might be logged and slowed down. Note that some purists do not really consider a tarpit to be a honeypot, though it is certainly a fake information system resource that can delay any incoming aggressors. For example, to fight off spammers, some people run tarpits that look like open mail relays, but instead answer very slowly to SMTP commands. These are layer 7 tarpits. Other known tarpits are those that play with the TCP/IP stack in order to hold the incoming client's network socket open while forbidding any traffic over it.
The Labrea Tarpit is an excellent example that plays with the TCP/IP stack and has been used to slow down the spread of worms over the Internet.
To achieve this tarpit state, iptables accepts an incoming TCP/IP connection and then immediately switches to a window size of zero. This prohibits the attacker from sending any more data. Any attempt to close the connection is ignored because no data can be sent by the attacker to the target. Therefore the connection remains active. This consumes resources on the attacker's system but not on the Linux server or the firewall running the tarpit.
A local area network (LAN) is a computer network covering a small local area, like a home, office, or small group of buildings such as a home, office, or college. Current LANs are most likely to be based on switched Ethernet or Wi-Fi technology running at 10, 100 or 1,000 Mbit/s (1,000 Mbit/s is also known as 1 Gbit/s).
Short for Media Access Control address, a hardware address that uniquely identifies each node of a network.
A concise, bulleted list of actions that you need to take to achieve PCI compliance.
Network News Transfer Protocol - Refers to the standard protocol used for transferring Usenet news from machine to machine. A protocol is simply a format used to transfer data to two different machines. A protocol will set out terms to indicate what error checking method will be used, how the sending machine will indicate when it is has finished sending the data, and how the receiving machine will indicate that it has received the data.
Netstat is a command-line tool that displays a list of the active network connections the computer currently has, both incoming and outgoing. It is available on Unix, Unix-like, and Windows NT-based operating systems.
Networking is the scientific and engineering discipline concerned with communication between computer systems. Such networks involves at least two computers, which can be separated by a few inches (e.g. via Bluetooth) or thousands of miles (e.g. via the Internet). Computer networking is sometimes considered a sub-discipline of telecommunications.
Nessus is a comprehensive open-source vulnerability scanning program. It consists of nessusd, the Nessus daemon, which does the scanning, and nessus, the client, which presents the results to the user.
NIDS - Network-Based Intrusion Detection System. Detects intrusions based upon suspicious network traffic. A network intrusion detection system (NIDS) is a system that tries to detect malicious activity such as denial of service attacks, port-scans or even attempts to crack into computers by monitoring network traffic.
Nmap is free port scanning software designed to detect open ports on a target computer, determine which services are running on those ports, and infer which operating system the computer is running (this is also known as fingerprinting). It has become one of the de-facto tools in any network administrator's toolbox, and is used for penetration testing and general computer security.
The essential software to control both the hardware and other software of a computer. An operating system's most obvious features are managing files and applications. An OS also manages a computer's connection to a network, if one exists. Microsoft Windows, Macintosh OS, and Linux are operating systems.
Open Vulnerability and Assessment Language (OVAL) is an international, information security community baseline standard for how to check for the presence of vulnerabilities and configuration issues on computer systems. OVAL standardizes the three main steps of the process:
- collecting system characteristics and configuration information from systems for testing;
- testing the systems for the presence of specific vulnerabilities, configuration issues, and/or patches;
- presenting the results of the tests.
"OVAL-ID Compatible" means that a Web site, database, archive, or security advisory includes both of the following:
- OVAL-IDs used as references for security issues.
- The capability is searchable by OVAL-ID.
While it is important to the OVAL and information security communities that these types of capabilities include references to OVAL-IDs, for example, "OVAL8127", for the testing of the issues that they describe to their customers in their advisories, databases, etc., verbatim replication of OVAL definitions is not encouraged because any changes in the definition by the original author may not be brought forward to the copied version in a timely manner. For this reason, the capability must reference only OVAL-IDs and not the text of the definitions in order to be considered OVAL-ID compatible. Additionally, the ability to search through collections is required for a capability to be considered OVAL-ID compatible.
The Payment Card Industry Data Security Standards ( PCI DSS ) are a set of 12 regulations developed jointly by Visa, MasterCard, Discover and American Express to prevent consumer data theft and reduce online fraud. Compliance with these standards is mandatory for any organization that stores, transmits or processes credit card transactions.
Payment Card Industry (PCI) Compliance is an initiative which is being strongly enforced by the four major credit card companies (Visa, MasterCard, Discover and American Express). Currently, being PCI Compliance means that YOU are in compliance with the four major credit card companies.
Ping is a computer network tool used to test whether a particular host is reachable across an IP network.
A program that allows a Web browser to display a wider range of content than originally intended. For example: the Flash plugin allows Web browsers to display Flash content.
There are two versions of POP. The first, called POP2, became a standard in the mid-80's and requires SMTP to send messages. The newer version, POP3, can be used with or without SMTP.
POP3 is the abbreviation for Post Office Protocol - a data format for delivery of emails across the Internet.
Privacy Enhanced Mail (PEM) is a standard for message encryption and authentication of senders.
A control bit (reset), occupying no sequence space, indicating that the receiver should delete the connection without further interaction. The receiver can determine, based on the sequence number and acknowledgment fields of the incoming segment, whether it should honor the reset command or ignore it. In no case does receipt of a segment containing RST give rise to a RST in response.
A message format used by DOS and Windows to share files, directories and devices. NetBIOS is based on the SMB format, and many network products use SMB. These SMB-based networks include Lan Manager, Windows for Workgroups, Windows NT, and Lan Server. There are also a number of products that use SMB to enable file sharing among different operating system platforms.
Simple Mail Transfer Protocol is the de facto standard for e-mail transmission across the Internet. SMTP is a relatively simple, text-based protocol, where one or more recipients of a message are specified (and in most cases verified to exist) and then the message text is transferred.
Simple Network Management Protocol. The network management protocol used almost exclusively in TCP/IP networks. SNMP provides a means to monitor and control network devices, and to manage configurations, statistics collection, performance, and security.
Secure Sockets Layer is commonly used protocol for managing the security of a message transmission on the internet. Sockets refers to the sockets method of passing data back and forth between a client and a server program in a network or between program layers in the same computer. SSL uses the public- and private-key encryption system, which includes the use of a digital certificate.
SYN (synchronize) is a type of packet used by the Transmission Control Protocol (TCP) when initiating a new connection to synchronize the sequence numbers on two connecting computers. The SYN is acknowledged by a SYN/ACK by the responding computer.
An IP address which is the same every time you log on to the Internet. See IP for more information.
TCP stands for Transmission Control Protocol. TCP is one of the main protocols in TCP/IP networks. Whereas the IP protocol deals only with packets, TCP enables two hosts to establish a connection and exchange streams of data. TCP guarantees delivery of data and also guarantees that packets will be delivered in the same order in which they were sent.
LAN technology was developed and promoted by IBM in the early 1980s and standardised as IEEE 802.5 by the Institute of Electrical and Electronics Engineers. Initially very successful, it went into steep decline after the introduction of 10BASE-T for Ethernet and the EIA/TIA 568 cabling standard in the early 1990s. A fierce marketing effort led by IBM sought to claim better performance and reliability over Ethernet for critical applications due to its deterministic access method, but was no more successful than similar battles in the same era over their Micro Channel architecture. IBM no longer uses or promotes Token-Ring. Madge Networks, a one time competitor to IBM, is now considered to be the market leader in Token Ring.
A person who uses a computer, including a programmer or end user.
How the user controls a program. Perhaps the simplest UI is a keyboard and command line, to enter text commands. Sometimes called a "console".
In network security, a vulnerability refers to any flaw or weakness in the network defense that could be exploited to gain unauthorized access to, damage or otherwise affect the network.
The term Web server can mean one of two things:
1. A computer that is responsible for accepting HTTP requests from clients, which are known as Web browsers, and serving them Web pages, which are usually HTML documents and linked objects (images, etc.).
2. A computer program that provides the functionality described in the first sense of the term.
Wildcards are symbols that add flexibility to a keyword search by extending the parameters of a search word. This can help if you are not certain of spelling, or only know part of a term, or want all available spellings of a word (British and American English, for example). * stands for one-or-more characters (useful for all suffixes or prefixes), # stands for a single character, and ? stands for zero-to-nine characters.
Short for World-Wide Web. It is a global information space which people can read-from and write-to via a large number of different Internet-connected devices.