Adding to the glossary

Students may suggest that a term be added to the glossary by sending an email to hoffmeis [AT] usna [DOT] edu. Please include the term and a suggested definition/description, which may be edited. Accepted terms will be attributed.

Glossary of SY110 Terms

These definitions and examples are intended to be appropriate only for an SY110 level of understanding.

A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  Q  R  S  T  U  V  W  X  Y  Z  #

A   (top)
absolute pathname
a pathname that beings at the root directory of the file system.
access log
a file located on the web server where a history of client requests is recorded. The file contains information that is useful for computer forensics, such as client IP address, date/time of the request, the page requested, etc. Here's an example from the SI110 web server:
131.122.91.61 - - [26/Jun/2012:18:22:50 -0400] "GET /~si110/lec/l06/lec.html HTTP/1.1" 304 -
ACL
(access control list) firewall configuration settings that establish a set of rules for filtering packets to grant/deny access to/from network services.
ad hoc
A WLAN arrangement where host stations do not use a base station, but communicate directly (peer-to-peer). See infrastructure.
AES
(Advanced Encryption Standard) a symmetric key block cipher using 128-bit blocks and a key length of 128, 192, or 256 bits. AES is approved by the National Security Agency for protecting SECRET information when using a 128 bit key, and for TOP SECRET when using the longer key lengths.
alert
a JavaScript function that displays its string argument as a message in a dialog window.
Example: alert( "Input error!");
Application Layer
the top of the TCP/IP protocol stack. Protocols at this layer define the language used by client and server applications to communicate (e.g., the language a browser uses to "talk" with a web server).
Example protocols include: HTTP, DNS, SSH, DHCP. Addressing is handled by lower layers.
APT
(advanced persistent threat) an organization with the ability and intent to persistently and effectively carry out sophisticated cyber attack. Example: the March 2011 breach of the RSA SecurID that compromised 40 million two-factor authentication tokens has been attributed to China.
ARP
(Address Resolution Protocol) a TCP/IP protocol stack Link Layer protocol used to resolve an IP address into a MAC address. A host will use data in its "ARP table" to determine which link to forward a packet to. The arp application (both Windows and UNIX) displays ARP table information, for example:
          C:\>arp -a
          Interface: 131.122.90.201 --- 0x13
          Internet Address      Physical Address      Type
          131.122.88.2          b8-ac-6f-13-5a-6f     dynamic
          131.122.91.255        ff-ff-ff-ff-ff-ff     static
          255.255.255.255       ff-ff-ff-ff-ff-ff     static
        
ASCII
an encoding scheme for representing printable English characters (and some others). Each character is represented by a decimal integer value that is stored in one byte.
Example: 'a' = 97 = 01100001
assignment
(JavaScript) an expression where the value of the expression on the right hand side of the assignment operator (=) gets stored in (changes) the variable on the left hand side.
Example: n = x*y + 7; (remember: the action goes from right to left).
asymmetric cryptography
(public key cryptography) a cryptosystem using public/private key pairs. Plaintext encrypted with one of the two keys can only be decrypted with the other key.
Example: RSA.
attribute
a property of an HTML element, consisting of a name=value pair specified in the start tag.
Example: <b style="color:#00ff00"> sets the color to green.
Authentication
one of the DoD Pillars of IA: a security measure designed to establish the validity of a transmission, message, or originator, or a means of verifying authorization to receive specific categories of information.
Availability
one of the DoD Pillars of IA: timely, reliable access to data and information services for authorized users.
B   (top)
Backtrack
a version of the Linux operating system used for computer forensics and penetration testing.
base station
(see also: WAP) a network device with a radio receiver/transmitter that serves as the hub of a wireless internet.
binary
("base-2") a representation for numbers that uses the two digit symbols 0 and 1, each of which is called a "bit". Data is stored in a computer as a binary number.
bit
(binary digit) a base-2 digit, 0 or 1.
block
(JavaScript) one or more statements delimited by curly braces.
block cipher
an encryption algorithm that operates on fixed length groups of bits, the "block size".
boolean
>representing the logical values true or false.
botnet
[ Submitted by: Eason 161782 ]
A collection of zombie computers.
box
A Slang term for a computer. E.g. "My USNA laptop is a Windows box."
branch
a point in a computer program where a decision is made as to what code will be executed next. A JavaScript if statement is an example branching construct.
broadcast address
the address at which all hosts on a local network will be recipients. Packets sent to a broadcast address are not routable, i.e., they will never leave the local network. At the TCP/IP protocol stack Link Layer, the broadcast address is the MAC address FF:FF:FF:FF:FF:FF (if expressed in binary this would be "all ones") The IPv4 TCP/IP protocol stack Transport Layer has two broadcast addresses: (1) 255.255.255.255 (if expressed in binary this would be "all ones"), and (2) the network prefix with "all ones" for the host identifier bits.
browser
(web browser) a client application that retrieves and displays information from the World Wide Web. A browser uses HTTP(S).
brute force attack
a technique for defeating a cipher or authentication mechanism by systematically searching through all possibilities (see dictionary attack).
BSS
(Basic Service Set) a base station and the set of connected host stations, in either an ad hoc or infrastructure arrangement. A base station is identified by its BSSID.
BSSID
(Basic Service Set ID) the MAC address of a base station, used to identify it to host stations.
byte
a sequence of 8 bits.
C   (top)
Caesar Shift Cipher
a symmetric key encryption method for alphabetic text where the key is an integer "shift" value. The cipher text is formed by replacing each plain text letter by the letter located the shift distance away from it in the alphabet. The Caesar Cipher is subject to frequency analysis attack.
certificate
a PKI electronic document used to bind a public key with an identity. The certification rests in the digital signature of a Certificate Authority.
Certificate Authority
(CA) an entity in the public key infrastructure (PKI). The CA is trusted to issue a digital certificate attesting that a particular public key belongs to a particular identity (e.g., that this public key belongs to this domain name, or that this public key belongs to this email address, or that the source of this software s this company).
charCodeAt( i )
a JavaScript function that produces the ASCII code of the character at index location i in a string.
Example: "abcXYZ".charCodeAt(1) gives the value 98 because in the string "abcXYZ", the character b is at index location 1, and the ASCII code for character b is 98.
chosen plain text attack
a cryptanalysis technique where the attacker attempts to glean information about a cipher by examining cipher text that is known to include the encryption of some particular plain text.
cipher
an encryption/decryption algorithm. Examples: Caesar Shift, Vigenere, AES, RSA.
cipher text
the result of encrypting plain text using an algorithm called a cipher.
client
an application that makes use of a service provided by a server, typically from across a network. Example: a web browser is a client application of a web server. The host on which the client application runs is also called a client.
client-server
A system in which one host (computer connected to a network) requests a service (information) from another host.
The requesting host is the client, the responding host (service/information provider) is the server.
client-side script
script written in an HTML document and executed by the web browser after the document has been retrieved from the web server and the DOM has been constructed.
command and control server
A threat host that remotely directs the actions of zombie computers.
command arguments
a string that gets passed as a value to the command being executed.
Example: in the WINDOWS command type hw.txt, the string hw.txt is an argument to the command type.
command options
an argument that modifies the behavior of a command.
Example: in the UNIX command, cat -n hw.txt, the argument -n is an option to the cat command (this option numbers the output lines).
compiled language
A programming language where source code is compiled (translated) by another program (compiler) into machine language (0's and 1's).
computer
a device that inputs, processes, outputs (and possibly stores) data.
computer forensics
applying the scientific method to examine digital data for the purpose of reconstructing a sequence of events involving computers and information.
concatenation
joining two strings. JavaScript uses the + operator to concatenate strings, e.g., alert( "Blue" + "Force" ) displays the string BlueForce.
conclusion
the final phase of a cyber-attack, where the threat achieves the intended objective and removes forensic evidence.
Confidentiality
one of the DoD Pillars of IA: assurance that information is not disclosed to unauthorized individuals, processes, or devices.
cookie
HTTP cookie, browser cookie) a small piece of data that a web server will request to be stored on the local host. The browser may subsequently send the cookie data back to the web server on future website visits. Examples of cookie data: login name/password (authentication cookie), user's website preferences (personalization cookie), history of pages visited (tracking cookie).
CPU
(central processing unit, “processor”) computer hardware that performs the instruction cycle.
CPU instruction
a set of bits that encodes a basic CPU task (e.g.: fetch bytes from RAM, perform an arithmetic operation, compare two values).
cross-site scripting
(XSS) an attack where code from one source gets executed with security credentials that belong to another source.
cryptosystem
the collection of algorithms required by a particular method of encryption/decryption (e.g., for key generation, and for encryption/decryption).
cryptography
the practice and study of techniques for secure communication in the presence of third parties.
D   (top)
Data Link Layer
the TCP/IP stack layer responsible for communication between adjacent devices on the same network, using MAC addresses.
data type
a data attribute that determines its possible values. JavaScript data types include: Number (for integer and real numbers), String (for sequences of ASCII characters), Boolean (for true/false).
decimal
("base-10") a representation for numbers that uses the ten digit symbols 0,1,2,3,4,5,6,7,8,9.
declaration
(JavaScript) a statement that specifies the name and possibly an initial value of a variable.
Examples:
var n;
var firstname = "Trudy";
decryption
the process of transforming encrypted information (cipher text) to make it readable (plain text).
DHCP
(Dynamic Host Configuration Protocol) an Application Layer protocol to configure a computer's network parameters, including the host's IP address and subnet mask, and the IP address of a gateway router and DNS server. DHCP uses UDP and port 67 on a DHCP server, port 68 on a DCHP client.
dictionary attack
a technique for defeating a cipher or authentication mechanism by searching only the likely possibilities (see brute force attack).
digital signature
a feature of asymmetric cryptography that provides proof of message origination (non-repudiation).
Digitally signed data is the cipher text ( S ) formed from the private key encryption of the hashed data ( D ): S = Private( Hash(D) ).
If the recipient of S and D can verify that Public(S) = Hash(D), the message had to have originated from the possessor of the private key.
DNS
(Domain Name System) (1) a distributed hierarchical system for naming hosts, and (2) the name of the protocol used for name service. The primary purpose of a DNS name server is to resolve a domain name into its IP address (although if so configured, can resolve an IP address into a domain name). Example: house.gov resolves to 143.228.181.132. DNS uses UDP and port 53 for name resolution.
document
a JavaScript variable representing the root of the DOM tree. Web page content can be modified via this variable. Examples:
document.write( "hello" )
document.location( "http://www.usma.edu" )
document.getElementById( "foo" ).innerHTML = "<b>This is now bold</b>"
DOM
(Document Object Model) the browser's internal representation of how an HTML document should be rendered. The DOM is a tree structure accessible via JavaScript to give web pages dynamic behavior by adding, changing, or deleting HTML elements.
domain name
a string identifying a host in the Domain Name System (DNS).
Examples: www.google.com, mich302csd01.cs.usna.edu
dotted quad
The four bytes of an IPv4 address written as decimal integers separated by periods.
Example: 1.1.1.100
E   (top)
element
a component of an HTML document. In most cases an element consists of a start tag (e.g.: <b>) paired with an end tag (e.g.: </b>), between which is optional innerHTML. The start tag can have attributes.
Example: <b id="foo" style="color:#ff0000">How bold!</b>
encode
To convert data from one system of communication into another.
E.g. ASCII, base64, Unicode, UTF-8
encryption
The process of transforming information (plain text) using an algorithm (cipher) to make it unreadable (cipher text) except to those who possess special knowledge (a key).
Encryption is a tool used to provide Confidentiality.
E.g. AES, DES, Blowfish, Twofish, Serpent
escaping
(JavaScript) indicating to the JavaScript interpreter that a character is to be treated as having other than the usual meaning. The 'escape' character is backslash: \. For example, single quotes delimit a string, but a single quote is sometimes needed as an apostrophe within a string:
Example: 'don\'t'   ← Here the inner quote is "escaped": the backslash tells the interpreter that the next single quote does not end the string.
Extended Service Set (ESS)
A set of BSSs that are interconnected and use a common SSID.
Extended Service Set IDentifier (ESSID)
A sequence of 32 bytes identifying an Extended Service Set.
An ESSID is commonly ASCII characters, but any sequence of 32 bytes can be used.
Example: usna-wap
Ethernet
a Link Layer protocol where the digital signals are transmitted over wires at the Physical Layer.
Example: the "IEEE 802.3ab" protocol (also called "1000BASE-T") defines 1000 Mbits/sec (1 Gbit/sec) data transmission over copper wire.
element
a component of an HTML document. In most cases an element consists of a start tag (e.g.: <b>) paired with an end tag (e.g.: </b>), between which is optional innerHTML. The start tag can have attributes.
Example: <b id="foo" style="color:#ff0000">How bold!</b>
encryption
the process of transforming information (plain text) using an algorithm (cipher) to make it unreadable (cipher text) except to those who possess special knowledge (a key). Encryption is a tool used to provide Confidentiality.
escaping
(JavaScript) indicating to the JavaScript interpreter that a character is to be treated as having other than the usual meaning. The 'escape' character is backslash: \. For example, single quotes delimit a string, but a single quote is sometimes needed as an apostrophe within a string:
Example: 'don\'t'   ← Here the inner quote is "escaped": the backslash tells the interpreter that the next single quote does not end the string.
ESS
(Extended Service Set) a set of connected BSS.
ESSID
(Extended Service Set ID) a character string identifying an ESS. Example: usna-wap.
Ethernet
a Link Layer protocol where the digital signals are transmitted over wires at the Physical Layer.
Example: the "IEEE 802.3ab" protocol (also called "1000BASE-T") defines 1000 bits/sec data transmission over copper wire.
eval
a JavaScript function that evaluates or executes its argument. If the argument is an expression, it is evaluated to produce a value. If the argument is one or more JavaScript statements, they are executed. Examples:
>
eval( 2*3+4 ) evaluates to 10.
eval( N = prompt( "Guess again" ); ) assigns to variable N the user value entered in the prompt dialog window.
event
an external action, typically initiated by the user, that the browser acts upon by executing built-in JavaScript code called an event handler. Example event handlers include: onclick, onmouseover, onkeypress, onsubmit.
expression
a combination of variables, operators, literals, and function calls that the browser evaluates to produce a value.
Examples:
1 + 2 ← an arithmetic expression involving literals and the + operator
n = 80 ← an assignment expression involving the variable n
if(n < 80) alert( "ok!" ); n < 80 is a relational expression used in an if statement.
String.fromCharCode(97) ← a function expression.
F   (top)
file
a logically related collection of bytes existing on persistent media (e.g. on a HDD), used to store information.
file format
the encoding used to represent the information stored in a file, e.g., an image could be stored using the JPG, GIF, or PNG format (or others).
file header
a block of bytes at the beginning of a file that conveys information about the file format. For example, every JPG file starts with these 4 bytes (expressed here in hex): FF D8 FF E0
file name
(file name) a string of characters used to identify a file within a directory (folder). The file name is the last component of an absolute pathname; a file name extension is the last component of a file name.
file name extension
the suffix portion of a file name, which in correct practice is used to indicate the file format (e.g., .bmp = Windows Bitmap, .html = HTML). The file name extension is a hint to the operating system as to which application should be used to open the file (.e.g, WINDOWS opens .doc files with Microsoft WORD).
file permissions
file (or folder/directory) privileges, .e.g., read, write, execute.
file system
a logical organization of files and folders (directories). In a tree arrangement everything is located under the hierarchical top of the file system, called the "root directory". In a WINDOWS operating system the root directory is the C:\ folder; in a UNIX operating system the root directory is /.
file type
the kind of data stored in a file; how the bytes in a file are intended to be interpreted, e.g., as text, as an image, as CPU instructions, etc.
filtering
the analysis performed by a firewall to drop or forward packets. Criteria are established by a set of ACL rules, and include: source or destination port or IP address, protocol, flow rate.
firewall
hardware or software that controls access to network services by filtering packets.
<form>
an HTML element for submitting user data to a web server. Data entered by a user into one or more <input> elements that comprise the form is sent to the web server in response to the onsubmit event (analogous to a paper form that is filled out and turned in).
frequency analysis attack
an attack on a cipher based on the frequency of occurrence of letters or groups of letters in a cipher text.
function
JavaScript code that performs a specific task when it is called. Examples: alert(), Math.random(), eval().
G   (top)
gateway
(see router).
GET
an HTTP command that requests a resource. An HTTP client will ask an HTTP server to GET something from the server's file system (an HTML file, an image file, ...).
gigabyte
(GB) 2^30 bytes = 1,024 megabytes.
GUI
(Graphical User Interface) an interface for giving commands to an OS that primarily does not require typing, rather, involves the user interacting with windows, icons, and menus using an on-screen pointer.
H   (top)
hash
(hash value) the value produced by a hash function (also called a "message digest").
hashing
(cryptographic hashing) a technique that computes an output value (a "hash") from input data (the "message", or "key"), by applying a hash function. When the hash function has certain properties, hashing is a tool that provides Integrity. Hashing is also often used in password authentication.
hash function
(cryptographic hash function) the algorithm used to produce a hash. A hash function will take an arbitrary block of data and produce a fixed number of bytes To provide integrity it should be (a) easy to compute a hash from a message, (b) hard to produce a message from a hash, (c) hard to find two messages with the same hash. Example cryptographic hash functions: MD5, SHA-1.
hexadecimal
("base-16", "hex") a representation for numbers that uses the sixteen digit symbols 0,1,2,3,4,5,6,7,8,9,a,b,c,d,e,f, where the symbol a denotes the decimal value 10, b denotes 11, etc. Hex is a more compact representation than binary or decimal: there are 4 binary bits per hex digit.
HDD
(hard disk drive, \223hard disk\224) computer hardware used for permanent data storage. Data is written to/read from magnetic media on rotating platters.
hop
the network path between adjacent routers.
host
a computing device connected to a network.
host identifier
The low-order (i.e., suffix) bits of an IPv4 address that are unique to each host on the same internet.
HTML (Hyper-Text Mark-up Language)
A type of content focused mark-up language that is the defacto language that web pages are written in.
Like other source code files, an HTML file is plain text.
In HTML Tags are used to mark-up the content.
Start tags indicate the start of a section of content, end tags indicate the end of a section of content.
HTML Tags form an HTML Element, HTML Elements can be nested.
Example: Hello World! (hello.html)
<HTML>
  <HEAD>
  </HEAD>
  <BODY>
    Hello World!
  </BODY>
</HTML>
HTTP
(Hypertext Transfer Protocol) the application Layer protocol defining how web clients and web servers communicate. HTTP uses TCP and port 80.
HTTPS
(Hypertext Transfer Protocol Secure) HTTP that is encrypted/decrypted between the Application and Transport Layers using TLS. HTTPS uses TCP and port 443.
hub
network hardware that connects multiple network devices. A hub operates below the TCP/IP protocol stack Link Layer and does not use addressing. A hub transmits electrical signals received on one connection to all other connections. Hubs were essentially made obsolete by cheap switch technology.
I   (top)
if statement
("conditional") a JavaScript structure that is used to make a decision, i.e., either do one portion of code or another (i.e., an if statement forms a "branch"). Example:
if( a < b )
  alert( "ok!" );
else
  a = prompt( "Please enter a different value." );
infiltration
the second phase of a cyber-attack where the threat gains control of a host on the target network.
Information Assurance
(IA) (a) protecting and defending information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation (the "DoD Pillars of IA"), and (b) managing risks related to the use, processing, storage, and transmission of information, data, and the systems and processes used for those purposes. In the broadest sense, IA also deals with man-made and natural physical threats and national asset infrastructure such as power, water, agriculture, public health and finance.
infrastructure
A WLAN arrangement where host stations use a base station. See ad hoc.
injection
("code injection") an attack resulting from an input validation failure that permits code to be input. This unexpected code is then executed.
innerHTML
a property of elements that have both a start and an end tag. The innerHTML is the text appearing between the two. The following example changes the innerHTML of the bold tag from the word "Before" to the word "After":
<b id="foo"> Before </b>
<script>document.getElementById("foo").innerHTML = "After";</script>
<input>
an HTML element for entering user data into an HTML <form>. Various kinds of <input> elements are possible, e.g., text, checkbox, button, password, etc.
input validation
ensuring input data is correct. Data can be examined based on various criteria including: type, value, character set, consistency, etc.
instruction cycle
the repeated sequence performed by the CPU: fetch (an instruction from RAM), decode (the instruction to setup CPU circuitry), execute (the instruction to accomplish a basic CPU task).
Integrity
one of the DoD Pillars of IA: protection against unauthorized modification or destruction of information.
internet(lowercase i)
one or more intranets.
Internet(uppercase I)
the internet that uses the TCP/IP protocol stack.
Internet Protocol
(IP) the protocol used at the Network Layer of the TCP/IP protocol stack. Versions 4 (IPv4) and 6 (IPv6) are currently in use.
interpreted language
A programming language where source code is interpreted by another program (interpreter).
The interpreter interprets the code, and then executes commands on the host system accordingly.
Also known as a scripting language.
interpreter
A program that translates instructions written in a programming language that humans can understand (e.g., text written in JavaScript), into instructions written in a language that a CPU can understand.
intranet
a collection of hosts in an organizational structure. A "local network". Examples: hosts at USNA, hosts in the CS Dept of Univ of MD.
IP address
(Internet Protocol Address) an integer assigned to and uniquely identifying every host on a TCP/IP network.
ipconfig (Windows)
(ifconfig - UNIX) a command-line utility program that displays network interface information (e.g., IP Address, subnet mask, gateway router IP address)
IPv4
(Internet Protocol Version 4) an Network Layer protocol employing 32-bit addresses (32-bits allows at most 2^32 = approx 4.3 billion network devices). The 4-bytes in an IPv4 address are usually expressed as a dotted quad, e.g., 94.136.40.82, which logically has two parts, a network address and a host identifier, defined by a subnet mask:
Network Address: 131.122.101.0
Host Identifier:   0.  0.  0.5
IPv4 Address:    131.122.101.5
Subnet Mask:     255.255.255.0
IPv6
(Internet Protocol Version 6) an Network Layer protocol employing 128-bit addresses. A 128-bit address length allows at most 2^128 = 340,282,366,920,938,463,463,374,607,431,768,211,456 network devices. An example IPv6 address: 2001:0db8:85a3:0000:0000:8a2e:0370:7334.
J   (top)
JavaScript
a scripting language primarily used to write programs ("scripts") that provide dynamic functionality to web pages. The web browser can execute JavaScript code embedded in an HTML file.
K   (top)
key
With respect to hashing: the input to the hash function F; it is the data that gets transformed into a hash value H: F(key) = H.
With respect to encryption: an input to the encryption algorithm that is used to transform between plain text and ciphertext. Examples: a Caesar Cipher key is an integer shift value, 0 ≤ key < 26; a Vigenere Cipher key is a string of ASCII characters; an AES key is a 128-, 192-, or 256-bit integer.
kilobyte
(KB) 2^10 bytes = 1,024 bytes.
L   (top)
Local Area Network (LAN)
a network located in a geographically limited area; e.g. an "office LAN".
likelihood
a term in the risk equation. Likelihood is a function of threats and vulnerabilities.
link
("hyperlink") Usually appearing as underlined text on a web page, a link is a rendered anchor element that refers to further information. For example, this HTML: <a href="http://xkcd.com"> XKCD </a> ... results in this link: XKCD.
Link Layer
the TCP/IP stack layer responsible for communication between adjacent devices on the same network, using MAC addresses.
literal
(JavaScript) an explicitly written constant value (as opposed to a variable, a value that can change). Examples: 1, 3.141, "PWND!"
loop
a programming structure that is used to repeat one or more statements a certain number of times.
Example:
while( N < 80 )
  N = prompt( "Guess again" );
M   (top)
MAC address
(Media Access Control) the address used at the Link Layer of the TCP/IP protocol stack for sending a packet to an adjacent (i.e., physically connected) host. Every physical hardware network interface device has a unique MAC address "burned into" its circuitry at manufacture. 48-bit MAC addresses allow for 2^48 = 281,474,976,710,656 (~3 trillion) possible network interface devices. An example 48-bit MAC address, written in hex: 00-21-28-26-38-6C
malware
malicious software.
man-in-the-middle attack
an attack where the threat intercepts and forwards messages without his presence known by the communicating parties.
Math-dot
the collection of JavaScript math functions, e.g., Math.sqrt, Math.random, Math.floor
MD5
(Message Digest Algorithm) a cryptographic hash function; an MD5 hash is 16 bytes long.
megabyte
(MB) 2^20 bytes = 1,048,576 bytes = 1,024 kilobytes.
Metasploit
a framework for executing exploit code against a remote target machine, with anti-forensic tools.
N   (top)
name resolution
the process of determining the IP address corresponding to a domain name. A user typically resolves a domain name using a tool such as nslookup.
name server
a host providing name resolution service.
NAT
(Network Address Translation) the modification done by a router to the address information contained in an IP packet. NAT is used to map a single public IP address into many private IP addresses. This technique is being used to alleviate IPv4 address exhaustion.
netcat
a command-line tool that can directly read/write at the Transport Layer of the TCP/IP protocol stack.
netstat
a command-line tool that displays information about the sockets being used.
network address
A network prefix expressed as a dotted quad. Example: 131.122.88/24 defines a network address where the first 24 bits in an IP address are identical. A gateway router uses the network address to decide if a packet must be forwarded to a different network.
network prefix
The high-order bits of an IPv4 address that are common to all hosts on the same internet, usually written as a network address (the remaining bits form a unique host identifier).
Network Layer
the TCP/IP protocol stack layer responsible for communication between networks ("routing"), using IP addresses and the Internet Protocol.
nmap
a network reconnaissance tool for discovering hosts and services on a computer network ("mapping the network").
Non-repudiation
one of the DoD Pillars of IA: assurance that the sender of data is provided with proof of delivery and that the recipient is provided with proof of the sender's identity, so neither can later deny having processed the data.
nslookup
a command-line tool for name resolution.
O   (top)
one-time pad
a cipher having the properties that the key is: (a) random, (b) at least as long as the message to be encrypted, and (c) used only once. It is mathematically provable that such a cipher is perfectly secure; in practice, it is difficult to generate truly random keys.
operating system
(\223OS\224) the collection of programs that functions as an intermediary between users/applications and the hardware. The OS is responsible for access control, and manages user accounts, the file system, and processes.
operator
(JavaScript) used in an expression to perform an operation. Some examples:
Arithmetic operators: +  -  *  /  %
Relational operators: <  >  <=  >=  ==  !=
Logical (boolean) operators: &&  ||  !
Others: = (assignment), + (concatenation)
P   (top)
packet
a unit of data transmitted on a network, consisting of a piece of the original message, plus addressing information. A message is disassembled into packets by the originating host, which are transmitted through possibly differing routes to the destination, which then re-assembles the packets into the message.
patch
software that updates a program, to correct a security vulnerability.
pathname
(path) a location in a file system hierarchy. Example: C:\Users\Public
penetration testing
evaluating the security of a computer system or network, using tools and techniques a would-be attacker might employ.
peripheral
a device connected to a computer, such as a keyboard, mouse, monitor, printer.
permissions
attributes specifying privileges (on a file, a process, a network connection, ...)
phishing
a social engineering attack that attempts to obtain information by masquerading as a trusted entity. Phishing tricks an unsuspecting user into "biting" at some type of bait - e.g., opening an enticing email or email attachment, clicking a harmful link on a fake website that appears genuine, etc.
Physical Layer
the lowest layer in the TCP/IP protocol stack, responsible for transmitting/receiving data as bits on the physical network medium (e.g., copper wire, fiber optic cable, radio waves).
Pillars of Cyber Security
Confidentiality, Availability, Integrity, Non-repudiation, Authentication
ping
a command-line tool for determining if a host on a network is visible ("up"). Ping uses the Network Layer of the TCP/IP protocol stack. Note that hosts do not have to respond to pings.
PKI
(Public Key Infrastructure) in cryptography: an arrangement that binds public keys with identities by means of a Certificate Authority. In general: the hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates.
plain text
the input to a cipher.
port number
the address used at the Transport Layer of the TCP/IP protocol stack for communicating between processes. Communicating client and server processes will each be using an integer port number in the range 0 to 65,535. Network services are said to be "offered on a well-known port". As an example, a typically configured web server will use port 80, the well-known port for web service (HTTP traffic); packets originating from web clients must be addressed to port 80 on the web server host.
private IP address
an IP address that cannot be routed to, from a host outside a gateway router.
privilege
permission to perform an action.
process
A program file loaded into RAM, in some state of execution; an "executing instance of a program".
program [executable]
A set of CPU instructions stored in a file.
program [source code]
A text file written in a programming language (e.g., JavaScript, C++).
The statements in the program are generally read by a compiler or interpreter in order: top-bottom, left-right
prompt
a JavaScript function that displays its string argument as a message in a dialog window, but also allows the user to input a text string (i.e., an alert dialog with a text input). Example: prompt( "Enter your guess:");
protocol
Previously agreed upon specification that describes how (format) hosts will communicate.
E.g. HTTP (Hyper-Text Transfer Protocol), HTTPS (Hyper-Text Transfer Protocol Secure), Transmission Control Protocol (TCP), User Datagram Protocol (UDP), Internet Protocol (IP).
protocol stack
the collection of protocols used for network communication, organized as an abstract set of layers.
public key cryptography
(see asymmetric cryptography).
Q   (top)
R   (top)
rainbow table
a precomputed table for reversing cryptographic hash functions (usually password hashes).
Random Access Memory (RAM)
Computer hardware used for temporary data storage, also called main memory
Temporary since data is lost from RAM when power is turned off.
Remote Desktop Protocol (RDP)
A Microsoft Windows Application Layer protocol defining remote desktop service for remote display of a Windows desktop. RDP uses TCP and port 3389. rdesktop is an RDP client application for UNIX systems.
reconnaissance
the first phase of a cyber-attack where the threat gains information about the target network.
redirect
the technique of forwarding a web page to a URL other than the one currently rendered.
render
to produce the visual, on-screen web page display by examining the DOM tree.
relative pathname
a pathname that begins at the working directory of a process.
remote shell
a shell that is executing on a host that is not the local host.
risk equation
risk = likelihood x impact
router
("gateway") the network device responsible for forwarding packets between different networks. A router operates at the TCP/IP protocol stack Network Layer and uses IP addressing
RSA
an algorithm for public key cryptography that is based on the difficulty of factoring large integers.
S   (top)
salt
extra bits added as input to a cryptographic hash function, used to defeat dictionary attack. In typical usage for password authentication, the salt is stored along with the hash of salt+password.
SCP
(Secure Copy Protocol) an Application Layer protocol that uses SSH to provide remote file copy. Client applications include WinSCP (Windows) and scp (UNIX).
script
a program.
SDD
(solid state drive, "flash drive") computer hardware used for permanent data storage. Data is written to/read from flash memory.
secret key cryptography
(see symmetric cryptography).
server
an application that provides a service to a client, typically across a network. The host providing the service is also called a server.
server side script
script contained in a file that is located on and executed by the web server.
Service Set
A set of BSSs that are interconnected and use a common SSID.
Service Set IDentifier (SSID)
A sequence of 32 bytes identifying a Service Set.
An SSID is commonly ASCII characters, but any sequence of 32 bytes can be used.
Example: dlink
SFTP
(SSH File Transfer Protocol) an Application Layer protocol that uses SSH to provide secure remote file system operations (including file copy). Client applications include WinSCP (Windows) and sftp (UNIX).
shell
an interface for giving commands to an OS where the user types commands as text. Also called the "command-line interface".
SMB
(Server Message Block) an Application Layer protocol providing shared file and printer access on Microsoft Windows hosts. SMB uses TCP and port 445.
socket
an endpoint of TCP/IP communication consisting of an IP Address, a port number, and a Transport Layer protocol. For example, a client nslookup process and a DNS name server process might be communicating using these sockets:
client socket = 128.56.19.80, port 45876, UDP
server socket = 131.122.4.21, port 53, UDP
spear phishing
phishing targeted at specific users.
SSH
(Secure Shell) an Application Layer protocol that uses public-key cryptography to secure data transmission on a network. SSH is used by SFTP and SCP, but is also frequently used to provide a secure remote shell. SSH uses TCP and port 22.
SSL
(Secure Sockets Layer) a cryptographic protocol publicly introduced as SSL 2.0 with Version 2 of the Netscape Navigator browser in 1995. All versions of SSL have been shown to be vulnerable to man-in-the-middle attack. TLS 1.0 was intended to improve upon SSL 3.0, but has also been shown to be vulnerable.
statement
JavaScript that results in the browser performing an action. Unlike an expression, a statement is delimited by a semi-colon, and does not yield a value. Examples:
alert( "Try again!" ); ← a function call statement
var length; ← a declaration statement
cost = principal*(1+rate); ← an assignment statement
station
a host that connects to a wireless network.
steganography
the practice of concealing information in digital data, e.g., using every 100th bit of an image to hide a message.
string (JavaScript)
a JavaScript data type consisting of a sequence of ASCII characters. Literal strings can be delimited either by single quotes or double quotes. Examples:
"This is a string"      'So is this'
String.fromCharCode( i )
a JavaScript function that produces a single-character string corresponding to the decimal ASCII code i.
Example:
String.fromCharCode(65) produces the string "A" (65 is the ASCII code for "A").
subnet mask
A 32-bit value that encodes the number of prefix bits in a network address, usually written as a dotted quad. Example: 255.255.255.0 specifies a 24 bit network prefix, i.e., a network where all hosts have the same values for the first 3 components of their dotted quads.
super-user
(root, administrator, admin) a special account with unlimited system privileges, used to administer a system.
syntax
The set of rules that defines the correct structure of written computer program code. For example in JavaScript, a constant appearing on the left hand side of the assignment operator is a syntax error: 7 = 9*n; ← this is an error since it attempts to change the value of 7, a constant.
switch
network hardware connecting multiple network devices that, unlike a hub, re-transmits a received packet only on the physical connection of the destination. A switch operates at the TCP/IP protocol stack Link Layer and uses MAC addressing.
symmetric key cryptography
a cryptosystem using a key shared between the communicating parties, and otherwise kept secret. The same key is used to encrypt and decrypt. Example: AES.
T   (top)
tag
part of an HTML element, in most cases having two parts: start and end. Tags consist of the element name in angle brackets, with the slash character / distinguishing the end tag, if present. Examples:
<a href="http://www.rickastley.com"> Click me </a>
<img src="kitteh.jpg"> ← the img element has no end tag
TCP
(Transmission Control Protocol) the TCP/IP protocol stack Transport Layer protocol providing reliable connection-oriented transmission, error detection, flow and congestion control.
TCP/IP stack
the most commonly used protocol stack, consisting of five layers:
Application
Transport
Internet
Link
Physical
threat
someone who can and who wants to exploit a vulnerability.
TLD
(Top Level Domain) a domain at the highest level in the DNS hierarchy. Examples include .com, .edu, .gov, ...
TLS
(Transport Layer Security) a cryptographic protocol that encrypts/decrypts data between the Application and Transport Layers. TLS 1.0 has been shown to be vulnerable to man-in-the-middle attack (Sep 2011); TLS 1.2 (2008) is the currently accepted protocol for Transport Layer security.
traceroute (UNIX)
(tracert - Windows) a command-line utility program that displays TCP/IP routing information.
Transport Layer
(TCP/IP protocol stack) the layer responsible for network communication between processes, using port numbers as addresses.
two-factor authentication
an authentication method which requires presenting two of three things: something you - "know", "have", "are".
Examples: (a) you have an ATM card and you know the PIN#, (b) you know a password and you have a fingerprint.
typeof
a JavaScript operator that evaluates to (returns) a string showing the data type of its argument.
Examples:
typeof( 1 ) returns "Number",
typeof( "PWND!" ) returns "string",
typeof( 1 < 2 ) returns "boolean"
U   (top)
UDP
(User Datagram Protocol) the TCP/IP protocol stack Transport Layer protocol providing unreliable connectionless transmission.
URL
Uniform Resource Locator - a reference to a resource located somewhere on the web. The general form is: protocol://server:port/pathname?query
:port is optional. If not given, the default port for the given protocol is assumed (e.g., HTTP uses port 80).
?query is optional. If given, query indicates a script to be run on the server.
Example protocols: http, file, ftp
user name
(login name, account name) the name associated with a login account.
V   (top)
variable
(JavaScript) a symbolic name representing a value that can change.
Vigenere Cipher
a symmetric key encryption method for alphabetic text that uses a series of different Caesar ciphers. The Vigenere Cipher is subject to frequency analysis attack
virus [ Submitted by: Toohig 166462 ]
(computer virus) a type of malware that spreads by replicating itself from an infected computer to another computer, as a result of some user action.
vulnerability
a weakness in an information system that can be exploited.
W   (top)
WAP
(Wireless Access Point) a network device analogous to a hub, where the Physical Layer connections are wireless. A WAP is the base station in a WLAN. In typical use a WAP will also contain a router with a wired connection to the Internet.
web client (browser)
An information system (hardware, OS, and software) that requests and renders (displays) content from a web server via HTTP or HTTPS.
web server
An information system (hardware, OS, and software) that serves web pages and other content to a web client via HTTP or HTTPS.
WEP
(Wired Equivalent Privacy) the wireless network security mechanism introduced with WiFi (1999). Although WEP remains in common use, it is considered obsolete and deprecated as the RC4 encryption algorithm it uses was shown to be vulnerable to various attacks. Note: RC4 is used by BitTorrent, SSL, and PDF.
WiFi
(Wireless Fidelity) a Link Layer protocol where the digital signals are transmitted via radio waves (i.e., wirelessly) at the Physical Layer. "WiFi" is a brand name of the WiFi Alliance organization, and refers to a device using any of the IEEE 802.11 family of protocols, e.g. 802.11n.
WLAN
(Wireless Local Area Network) one or more Basic Service Sets.
working directory
(current directory) the file system location currently associated with a process. When a process uses a pathname that is not absolute it will use a relative pathname that starts at the current directory.
worm [ Submitted by: Hull 163096 ]
A form of malware that replicates across networks, without requiring user action.
World Wide Web (www, web)
A global collection of servers and clients (web browsers) communicating over the Internet using HTTP (Hyper-Text Transfer Protocol) to communicate.
The web is an example of a client-server system.
The web is not the Internet, the web runs on top of the Internet (layers).
WPA
(WiFi Protected Access) a wireless network security mechanism, intended as an interim replacement (2003) for WEP until WPA2 became available (2004). Like WEP, WPA is vulnerable to attack.
WPA2
the currently accepted wireless network security mechanism. WPA2 uses AES encryption.
X   (top)
X.509
a standard for PKI. An X.509 Certificate includes information such as the issuer (Certificate Authority), the issuer's digital signature, the subject whose public key is being certified, the subject's public key, and dates the certificate is valid.
Y   (top)
Z   (top)
zero day
an attack that exploits a previously unknown vulnerability.
zombie [ Submitted by: Livingston 163882 ]
A computer whose activities can be controlled by a Command and Control Server as a result of malware having been installed.
#   (top)
42
The answer to life, the universe and everything.