Adding to the glossary

Students may suggest that a term be added to the glossary by sending an email to Please include the term and a suggested definition/description, which may be edited. Accepted terms will be attributed.
Glossary of SI110 Terms

These definitions and examples are intended to be appropriate only for an SI110 level of understanding.

A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  Q  R  S  T  U  V  W  X  Y  Z

A  (top)
absolute pathname a pathname that begins at the root directory of the filesystem.
access log a file located on the webserver where a history of client requests is recorded. The file contains information that is useful for computer forensics, such as client IP address, date/time of the request, the page requested, etc. Here's an example from the SI110 webserver: - - [26/Jun/2012:18:22:50 -0400] "GET /~si110/lec/l06/lec.html HTTP/1.1" 304 -
ACL (access control list) firewall configuration settings that establish a set of rules for filtering packets to grant/deny access to/from network services.
ad hoc A WLAN arrangement where host stations do not use a base station, but communicate directly (peer-to-peer). See infrastructure.
AES (Advanced Encryption Standard) a symmetric key block cipher using 128-bit blocks and a key length of 128, 192, or 256 bits. AES is approved by the National Security Agency for protecting SECRET information when using a 128 bit key, and for TOP SECRET when using the longer key lengths.
alert a Javascript function that displays its string argument as a message in a dialog window.
Example: alert( "Input error!");
Application Layer the top of the TCP/IP protocol stack. Protocols at this layer define the language used by client and server applications to communicate (e.g., the language a browser uses to "talk" with a webserver).
Example protocols include: HTTP, DNS, SSH, DHCP. Addressing is handled by lower layers.
APT (advanced persistent threat) an organization with the ability and intent to persistently and effectively carry out sophisticated cyber attack. Example: the March 2011 breach of the RSA SecurID that compromised 40 million two-factor authentication tokens has been attributed to China.
ARP (Address Resolution Protocol) a TCP/IP protocol stack Link Layer protocol used to resolve an IP address into a MAC address. A host will use data in its "ARP table" to determine which link to forward a packet to. The arp application (both Windows and UNIX) displays ARP table information, for example:
C:\>arp -a
Interface: --- 0x13
  Internet Address      Physical Address      Type          b8-ac-6f-13-5a-6f     dynamic        ff-ff-ff-ff-ff-ff     static       ff-ff-ff-ff-ff-ff     static
ASCII an encoding scheme for representing printable English characters (and some others). Each character is represented by a decimal integer value that is stored in one byte. Example: 'a' = 97 = 01100001
assignment (Javascript) an expression where the value of the expression on the right hand side of the assignment operator (=) gets stored in (changes) the variable on the left hand side.
Example: n = x*y + 7; (remember: the action goes from right to left).
asymmetric cryptography (public key cryptography) a cryptosystem using public/private key pairs. Plaintext encrypted with one of the two keys can only be decrypted with the other key. Example: RSA.
attribute a property of an HTML element, consisting of a name=value pair specified in the start tag.
Example: <b style="color:#00ff00"> sets the color to green.
Authentication one of the DoD Pillars of IA: a security measure designed to establish the validity of a transmission, message, or originator, or a means of verifying authorization to receive specific categories of information.
Availability one of the DoD Pillars of IA: timely, reliable access to data and information services for authorized users.
B  (top)
Backtrack a version of the Linux operating system used for computer forensics and penetration testing.
base station (also: WAP) a network device with a radio receiver/transmitter that serves as the hub of a wireless internet.
binary ("base-2") a representation for numbers that uses the two digit symbols 0 and 1, each of which is called a "bit". Data is stored in a computer as a binary number.
bit (binary digit) a base-2 digit, 0 or 1.
block (Javascript) one or more statements delimted by curly braces.
block cipher an encryption algorithm that operates on fixed length groups of bits, the "block size".
block size the unit of input data used by a block cipher, e.g., AES encrypts 128 bits at a time.
boolean representing the logical values true or false.
[ Submitted by: Eason 161782 ]
A collection of zombie computers.
branch a point in a computer program where a decision is made as to what code will be executed next. A Javascript if statement is an example branching construct.
broadcast address the address at which all hosts on a local network will be recipients. Packets sent to a broadcast address are not routable, i.e., they will never leave the local network. At the TCP/IP protocol stack Link Layer, the broadcast address is the MAC address FF:FF:FF:FF:FF:FF (if expressed in binary this would be "all ones") The IPv4 TCP/IP protocol stack Transport Layer has two broadcast addresses: (1) (if expressed in binary this would be "all ones"), and (2) the network prefix with "all ones" for the host identifier bits.
browser (web browser) a client application that retrieves and displays information from the World Wide Web. A browser uses HTTP(S).
brute force attack a technique for defeating a cipher or authentication mechanism by systematically searching through all possibilities (see dictionary attack).
BSS (Basic Service Set) a base station and the set of connected host stations, in either an ad hoc or infrastructure arrangement. A base station is identified by its BSSID.
BSSID (Basic Service Set ID) the MAC address of a base station, used to identify it to host stations.
byte a sequence of 8 bits.
C  (top)
Caesar Shift Cipher a symmetric key encryption method for alphabetic text where the key is an integer "shift" value. The ciphertext is formed by replacing each plaintext letter by the letter located the shift distance away from it in the alphabet. The Caesar Cipher is subject to frequency analysis attack.
certificate a PKI electronic document used to bind a public key with an identity. The certification rests in the digital signature of a Certificate Authority.
Certificate Authority (CA) an entity in the public key infrastructure (PKI). The CA is trusted to issue a digital certificate attesting that a particular public key belongs to a particular identity (e.g., that this public key belongs to this domain name, or that this public key belongs to this email address, or that the source of this software s this company).
charCodeAt( i ) a Javascript function that produces the ASCII code of the character at index location i in a string.
"abcXYZ".charCodeAt(1) gives the value 98 because in the string "abcXYZ", the character b is at index location 1, and the ASCII code for character b is 98.
chosen plaintext attack a cryptanalysis technique where the attacker attempts to glean information about a cipher by examining ciphertext that is known to include the encryption of some particular plaintext.
cipher an encryption/decryption algorithm. Examples: Caesar Shift, Vigenere, AES, RSA.
ciphertext the result of encrypting plaintext using an algorithm called a cipher.
client an application that makes use of a service provided by a server, typically from across a network. Example: a web browser is a client application of a webserver. The host on which the client application runs is also called a client.
client-side script script written in an HTML document and executed by the web browser after the document has been retrived from the webserver and the DOM has been constructed.
command and control server A threat host that remotely directs the actions of zombie computers.
command arguments a string that gets passed as a value to the command being executed.
Example: in the WINDOWS command, type hw.txt, the string hw.txt is an argument to the command type.
command options an argument that modifies the behavior of a command. Example: in the UNIX command, cat -n hw.txt, the argument -n is an option to the cat command (this option numbers the output lines).
computer a device that inputs, processes, outputs (and possibly stores) data.
computer forensics applying the scientific method to examine digital data for the purpose of reconstructing a sequence of events involving computers and information.
concatenation joining two strings. Javascript uses the + operator to concatenate strings, e.g., alert( "Blue" + "Force" ) displays the string BlueForce.
conclusion the final phase of a cyber-attack, where the threat achieves the intended objective and removes forensic evidence.
Confidentiality one of the DoD Pillars of IA: assurance that information is not disclosed to unauthorized individuals, processes, or devices.
cookie (HTTP cookie, browser cookie) a small piece of data that a webserver will request to be stored on the local host. The browser may subsequently send the cookie data back to the webserver on future website visits. Examples of cookie data: login name/password (authentication cookie), user's website preferences (personalization cookie), history of pages visited (tracking cookie).
CPU (central processing unit, “processor”) computer hardware that performs the instruction cycle.
CPU instruction a set of bits that encodes a basic CPU task (e.g.: fetch bytes from RAM, perform an arithmetic operation, compare two values).
cross-site scripting (XSS) an attack where code from one source gets executed with security credentials that belong to another source.
cryptosystem the collection of algorithms required by a particular method of encryption/decryption (e.g., for key generation, and for encryption/decryption).
cryptography the practice and study of techniques for secure communication in the presence of third parties.
D  (top)
data type a data attribute that determines its possible values. Javascript data types include: Number (for integers and reals), String (for sequences of ASCII characters), Boolean (for true/false).
decimal ("base-10") a representation for numbers that uses the ten digit symbols 0,1,2,3,4,5,6,7,8,9.
declaration (Javascript) a statement that specifies the name and possibly an initial value of a variable.
var n;
var firstname = "Trudy";
decryption the process of transforming encrypted information (ciphertext) to make it readable (plaintext).
DHCP (Dynamic Host Configuration Protocol) an Application Layer protocol to configure a computer's network parameters, including the host's IP address and subnet mask, and the IP address of a gateway router and DNS server. DHCP uses UDP and port 67 on a DHCP server, port 68 on a DCHP client.
dictionary attack a technique for defeating a cipher or authentication mechanism by searching only the likely possibilities (see brute force attack).
digital signature a feature of asymmetric cryptography that provides proof of message origination (non-repudiation).
Digitally signed data is the ciphertext ( S ) formed from the private key encryption of the hashed data ( D ):
S = Private( Hash(D) ).
If the recipient of S and D can verify that Public(S) = Hash(D), the message had to have originated from the possessor of the private key.
DNS (Domain Name System) (1) a distributed hierarchical system for naming hosts, and (2) the name of the protocol used for name service. The primary purpose of a DNS nameserver is to resolve a domain name into its IP address (although if so configured, can resolve an IP address into a domain name). Example: resolves to DNS uses UDP and port 53 for name resolution.
document a Javascript variable representing the root of the DOM tree. Web page content can be modified via this variable.
document.write( "hello" )
document.location( "" )
document.getElementById( "foo" ).innerHTML = "<b>This is now bold</b>"
DOM (Document Object Model) the browser's internal representation of how an HTML document should be rendered. The DOM is a tree structure accessible via Javascript to give web pages dynamic behavior by adding, changing, or deleting HTML elements.
domain name a string identifying a host in the Domain Name System (DNS).
dotted quad The four bytes of an IPv4 address written as decimal integers separated by periods.
E  (top)
element a component of an HTML document. In most cases an element consists of a start tag (e.g.: <b>) paired with an end tag (e.g.: </b>), between which is optional innerHTML. The start tag can have attributes.
Example: <b id="foo" style="color:#ff0000">How bold!</b>
encryption the process of transforming information (plaintext) using an algorithm (cipher) to make it unreadable (ciphertext) except to those who possess special knowledge (a key). Encryption is a tool used to provide Confidentiality.
escaping (Javascript) indicating to the Javascript interpreter that a character is to be treated as having other than the usual meanning. The 'escape' character is backslash: \. For example, single quotes delimit a string, but a single quote is sometimes needed as an apostrophe within a string:
Example: 'don\'t'   ← Here the inner quote is "escaped": the backslash tells the interpreter that the next single quote does not end the string.
ESS (Extended Service Set) a set of connected BSS.
ESSID (Extended Service Set ID) a character string identifying an ESS. Example: usna-wap.
Ethernet a Physical Layer protocol where the electrical signals are transmitted over wires.
Example: the "IEEE 802.3ab" protocol (also called "1000BASE-T") defines 1000 bits/sec data transmission over copper wire.
eval a Javascript function that evaluates or executes its argument. If the argument is an expression, it is evaluated to produce a value. If the argument is one or more JavaScript statements, they are executed. Examples:
eval( 2*3+4 ) evaluates to 10.
eval( N = prompt( "Guess again" ); ) assigns to variable N the user value entered in the prompt dialog window.
event an external action, typically initiated by the user, that the browser acts upon by executing built-in Javascript code called an event handler. Example event handlers include: onclick, onmouseover, onkeypress, onsubmit.
expression a combination of variables, operators, literals, and function calls that the browser evaluates to produce a value.
1 + 2 ← an arithmetic expression involving literals and the + operator
n = 80 ← an assignment expression involving the variable n
if( n < 80 ) alert( "ok!" );   n < 80 is a relational expression used in an if statement.
String.fromCharCode(97) ← a function expression.
F  (top)
file a logically related collection of bits existing on persistent media (e.g. on a HDD), used to store information.
file format the encoding used to represent the information stored in a file, e.g., an image could be stored using the JPG, GIF, or PNG format (or others).
file header a block of bytes at the beginning of a file that conveys information about the file format. For example, every JPG file starts with these 4 bytes (expressed here in hex): FF D8 FF E0
file name (filename) a string of characters used to identify a file within a directory (folder). The filename is the last component of an absolute pathname; a filename extension is the last component of a filename.
filename extension the suffix portion of a filename, which in correct practice is used to indicate the file format (e.g., .bmp = Windows Bitmap, .html = HTML). The filename extension is a hint to the operating system as to which application should be used to open the file (.e.g, WINDOWS opens .doc files with Microsoft WORD).
file permissions file (or folder/directory) privileges, .e.g., read, write, execute.
filesystem a logical organization of files and folders (directories). In a tree arrangement everything is located under the hierarchical top of the filesystem, called the "root directory". In a WINDOWS operating system the root directory is the C:\ folder; in a UNIX operating system the root directory is /.
file type the kind of data stored in a file; how the bits in a file are intended to be interpreted, e.g., as text, as an image, as CPU instructions, etc.
filtering the analysis performed by a firewall to drop or forward packets. Criteria are established by a set of ACL rules, and include: source or destination port or IP address, protocol, flow rate.
firewall hardware or software that controls access to network services by filtering packets.
<form> an HTML element for submitting user data to a webserver. Data entered by a user into one or more <input> elements that comprise the form is sent to the webserver in response to the onsubmit event (analagous to a paper form that is filled out and turned in).
frequency analysis attack an attack on a cipher based on the frequency of occurrence of letters or groups of letters in a ciphertext.
function Javascript code that performs a specific task when it is called. Examples: alert(), Math.random(), eval().
G  (top)
gateway (see router).
GET an HTTP command that requests a resource. An HTTP client will ask an HTTP server to GET something from the server's filesystem (an HTML file, an image file, ...).
gigabyte (GB) 2^30 bytes = 1,024 megabytes.
GUI (graphical user interface) an interface for giving commands to an OS that primarily does not require typing, rather, involves the user interacting with windows, icons, and menus using an on-screen pointer.
H  (top)
hash (hash value) the value produced by a hash function (also called a "message digest").
hashing (cryptographic hashing) a technique that computes an output value (a "hash") from input data (the "message", or "key"), by applying a hash function. When the hash function has certain properties, hashing is a tool that provides Integrity. Hashing is also often used in password authentication.
hash function (cryptographic hash function) the algorithm used to produce a hash. A hash function will take an arbitrary block of data and produce a fixed number of bytes To provide integrity it should be (a) easy to compute a hash from a message, (b) hard to produce a message from a hash, (c) hard to find two messages with the same hash. Example cryptographic hash functions: MD5, SHA-1.
hexadecimal ("base-16", "hex") a representation for numbers that uses the sixteen digit symbols 0,1,2,3,4,5,6,7,8,9,a,b,c,d,e,f, where the symbol a denotes the decimal value 10, b denotes 11, etc. Hex is a more compact representation than binary or decimal: there are 4 binary bits per hex digit.
HDD (hard disk drive, “hard disk”) computer hardware used for permanent data storage. Data is written to/read from magnetic media on rotating platters.
hop the network path between adjacent routers.
host a computing device connected to a network.
host identifer The low-order (i.e., suffix) bits of an IPv4 address that are unique to each host on the same internet.
HTML (Hypertext Markup Language) the written language used to annotate information for rendering by a browser. HTML consists of elements describing how information should appear on a web page (e.g.. <p> specifies a new paragraph).
HTTP (Hypertext Transfer Protocol) the application Layer protocol defining how web clients and webservers comunicate. HTTP uses TCP and port 80.
HTTPS (Hypertext Transfer Protocol Secure) HTTP that is encrypted/decrypted between the Application and Transport Layers using TLS. HTTPS uses TCP and port 443.
hub network hardware that connects multiple network devices. A hub operates below the TCP/IP protocol stack Link Layer and does not use addressing. A hub transmits electrical signals received on one connection to all other connections. Hubs were essentially made obsolete by cheap switch technology.
I  (top)
if statement ("conditional") a Javascript structure that is used to make a decision, i.e., either do one portion of code or another (i.e., an if statement forms a "branch"). Example:
if( a < b )
  alert( "ok!" );
  a = prompt( "Please enter a different value." );
infiltration the second phase of a cyber-attack where the threat gains control of a host on the target network.
Information Assurance (IA) (a) protecting and defending information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation (the "DoD Pillars of IA"), and (b) managing risks related to the use, processing, storage, and transmission of information, data, and the systems and processes used for those purposes. In the broadest sense, IA also deals with man-made and natural physical threats and national asset infrastructure such as power, water, agriculture, public health and finance.
infrastructure A WLAN arrangement where host stations use a base station. See ad hoc.
injection ("code injection") an attack resulting from an input validation failure that permits code to be input. This unexpected code is then executed.
innerHTML a property of elements that have both a start and an end tag. The innerHTML is the text appearing between the two. The following example changes the innerHTML of the bold tag from the word "Before" to the word "After":
<b id="foo"> Before </b>
<script> document.getElementById("foo").innerHTML = "After"; </script>
<input> an HTML element for entering user data into an HTML <form>. Various kinds of <input> elements are possible, e.g., text, checkbox, button, password, etc.
input validation ensuring input data is correct. Data can be examined based on various criteria including: type, value, character set, consistency, etc.
instruction cycle the repeated sequence performed by the CPU: fetch (an instruction from RAM), decode (the instruction to setup CPU circuitry), execute (the instruction to accomplish a basic CPU task).
Integrity one of the DoD Pillars of IA: protection against unauthorized modification or destruction of information.
(lowercase i)
one or more intranets.
(uppercase I)
the internet that uses the TCP/IP protocol stack.
Internet Layer the TCP/IP protocol stack layer responsible for communication between networks ("routing"), using IP addresses and the Internet Protocol.
Internet Protocol (IP) the protocol used at the Internet Layer of the TCP/IP protocol stack. Versions 4 (IPv4) and 6 (IPv6) are currently in use.
interpreter a Program that translates instructions written in a language that humans can understand (e.g., text written in Javascript), into instructions written in a language that a CPU can understand.
intranet a collection of hosts in an organizational structure. A "local network". Examples: hosts at USNA, hosts in the CS Dept of Univ of MD.
IP address (Internet Protocol Address) an integer assigned to and uniquely identifying every host on a TCP/IP network.
ipconfig (Windows) (ifconfig - UNIX) a command-line utility program that displays network interface information (e.g., IP Address, subnet mask, gateway router IP address)
IPv4 (Internet Protocol Version 4) an Internet Layer protocol employing 32-bit addresses (32-bits allows at most 2^32 = approx 4.3 billion network devices). The 4-bytes in an IPv4 address are usually expressed as a dotted quad, e.g.,, which logically has two parts, a network address and a host identifier, defined by a subnet mask:
Network Address:
Host Identifier:   0.  0.  0.5
IPv4 Address:
Subnet Mask:
IPv6 (Internet Protocol Version 6) an Internet Layer protocol employing 128-bit addresses. A 128-bit address length allows at most 2^128 = 340,282,366,920,938,463,463,374,607,431,768,211,456 network devices. An example IPv6 address: 2001:0db8:85a3:0000:0000:8a2e:0370:7334.
J  (top)
Javascript a scripting language primarily used to write programs ("scripts") that provide dynamic functionality to web pages. The web browser can execute Javascript code embedded in an HTML file.
K  (top)
key With respect to hashing: the input to the hash function F; it is the data that gets transformed into a hash value H: F(key) = H.
With respect to encryption: an input to the encryption algorithm that is used to transform between plaintext and cipertext. Examples: a Caesar Cipher key is an integer shift value, 0 ≤ key < 26; a Vigenere Cipher key is a string of ASCII characters; an AES key is a 128-, 192-, or 256-bit integer.
kilobyte (KB) 2^10 bytes = 1,024 bytes.
L  (top)
LAN local area network; a network located in a geographically limited area, e.g., an "office LAN".
likelihood a term in the risk equation. Likelihood is a function of threats and vulnerabilities.
link ("hyperlink") Usually appearing as underlined text on a web page, a link is a rendered anchor element that refers to further information. For example, this HTML: <a href=""> XKCD </a> ... results in this link: XKCD.
Link Layer the TCP/IP protocol stack layer responsible for communication between adjacent devices on the same network, using MAC addresses.
literal (Javascript) an explicitly written constant value (as opposed to a variable, a value that can change). Examples: 1, 3.141, "PWND!"
loop a Javascript structure that is used to repeat one or more statements a certain number of times.
while( N < 80 )
  N = prompt( "Guess again" );
M  (top)
MAC address (Media Access Control) the address used at the Link Layer of the TCP/IP protocol stack for sending a packet to an adjacent (i.e., physically connected) host. Every physical hardware network interface device has a unique MAC address "burned into" its circuitry at manufacture. 48-bit MAC addresses allow for 2^48 = 281,474,976,710,656 (~3 trillion) possible network interface devices. An example 48-bit MAC address, written in hex: 00-21-28-26-38-6C
malware malicious software.
man-in-the-middle attack an attack where the threat intercepts and forwards messages without his presence known by the communicating parties.
Math-dot the collection of Javascript math functions, e.g., Math.sqrt, Math.random, Math.floor
MD5 (Message Digest Algorithm) a cryptographic hash function; an MD5 hash is 16 bytes long.
megabyte (MB) 2^20 bytes = 1,048,576 bytes = 1,024 kilobytes.
Metasploit a framework for executing exploit code against a remote target machine, with anti-forensic tools.
N  (top)
name resolution the process of determining the IP address corresponding to a domain name. A user typically resolves a domain name using a tool such as nslookup.
nameserver a host providing name resolution service.
NAT (Network Address Translation) the modification done by a router to the address information contained in an IP packet. NAT is used to map a single public IP address into many private IP addresses. This technique is being used to alleviate IPv4 address exhaustion.
netcat a command-line tool that can directly read/write at the Transport Layer of the TCP/IP protocol stack.
netstat a command-line tool that displays information about the sockets being used.
network prefix The high-order bits of an IPv4 address that are common to all hosts on the same internet, usually written as a network address (the remaining bits form a unique host identifier).
network address A network prefix expressed as a dotted quad. Example: 131.122.88/24 defines a network address where the first 24 bits in an IP address are identical. A gateway router uses the network address to decide if a packet must be forwarded to a different network.
nmap a network reconnaissance tool for discovering hosts and services on a computer network ("mapping the network").
Non-repudiation one of the DoD Pillars of IA: assurance that the sender of data is provided with proof of delivery and that the recipient is provided with proof of the sender's identity, so neither can later deny having processed the data.
nslookup a command-line tool for name resolution.
O  (top)
one-time pad a cipher having the properties that the key is: (a) random, (b) at least as long as the message to be encrypted, and (c) used only once. It is mathematically provable that such a cipher is perfectly secure; in practice, it is difficult to generate truly random keys.
operating system (“OS”) the collection of programs that functions as an intermediary between users/applications and the hardware. The OS is responsible for access control, and manages user accounts, the filesystem, and processes.
operator (Javascript) used in an expression to perform an operation. Some examples:
Arithmetic operators: +  -  *  /  %
Relational operators: <  >  <=  >=  ==  !=
Logical (boolean) operators: &&  ||  !
Others: = (assignment), + (concatenation)
P  (top)
packet a unit of data transmitted on a network, consisting of a piece of the original message, plus addressing information. A message is disassembled into packets by the originating host, which are transmitted through possibly differing routes to the destination, which then re-assembles the packets into the message.
patch software that updates a program, to correct a security vulnerability.
pathname (path) a location in a filesystem hierarchy. Example: C:\Users\Public
pentration testing evaluating the security of a computer system or network, using tools and techniques a would-be attacker might employ.
peripheral a device connected to a computer, such as a keyboard, mouse, monitor, printer.
permissions attributes specifying privileges (on a file, a process, a network connection, ...)
phishing a social engineering attack that attempts to obtain information by masquerading as a trusted entity. Phishing tricks an unsuspecting user into "biting" at some type of bait - e.g., opening an enticing email or email attachment, clicking a harmful link on a fake website that appears genuine, etc.
Physical Layer the lowest layer in the TCP/IP protocol stack, responsible for transmitting/receiving data as bits on the physical network medium (e.g., copper wire, fiber optic cable, radio waves).
Pillars of IA availability, integrity, authentication, confidentiality, non-repudiation
ping a command-line tool for determining if a host on a network is visible ("up"). Ping uses the Internet Layer of the TCP/IP protocol stack. Note that hosts do not have to respond to pings.
PKI (Public Key Infrastructure) in cryptography: an arrangement that binds public keys with identities by means of a Certificate Authority. In general: the hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates.
plaintext the input to a cipher.
port number the address used at the Transport Layer of the TCP/IP protocol stack for communicating between processes. Communicating client and server processes will each be using an integer port number in the range 0 to 65,535. Network services are said to be "offered on a well-known port". As an example, a typically configured webserver will use port 80, the well-known port for web service (HTTP traffic); packets originating from web clients must be addressed to port 80 on the webserver host.
private IP address an IP address that cannot be routed to, from a host outside a gateway router.
privilege permission to perform an action.
process A program file loaded into RAM, in some state of execution; an "executing instance of a program".
Program (uppercase p) a set of CPU instructions stored in a file. After loaded into RAM, a Program is called a process.
program (lowercase p) a text file written in a programming language (e.g., Javascript, C++).
prompt a Javascript function that displays its string argument as a message in a dialog window, but also allows the user to input a text string (i.e., an alert dialog with a text input). Example: prompt( "Enter your guess:");
protocol an agreed upon scheme for network communication.
protocol stack the collection of protocols used for network communication, organized as an abstract set of layers.
public key cryptography (see asymmetric cryptography).
Q  (top)
R  (top)
rainbow table a precomputed table for reversing cryptographic hash functions (usually password hashes).
RAM (random access memory, “main memory”) computer hardware used for temporary data storage; temporary since data is lost from RAM when power is turned off.
RDP (Remote Desktop Protocol) a Microsoft Windows Application Layer protocol defining remote desktop service for remote display of a Windows desktop. RDP uses TCP and port 3389. rdesktop is an RDP client application for UNIX systems.
reconnaissance the first phase of a cyber-attack where the threat gains information about the target network.
redirect the technique of forwarding a web page to a URL other than the one currently rendered.
render to produce the visual, on-screen web page display by examining the DOM tree.
relative pathname a pathname that begins at the working directory of a process.
remote shell a shell that is executing on a host that is not the local host.
risk equation risk = likelihood x impact
router ("gateway") the network device responsible for forwarding packets between different networks. A router operates at the TCP/IP protocol stack Internet Layer and uses IP addressing
RSA an algorithm for public key cryptography that is based on the difficulty of factoring large integers.
S  (top)
salt extra bits added as input to a cryptographic hash function, used to defeat dictionary attack. In typical usage for password authentication, the salt is stored along with the hash of salt+password.
SCP (Secure Copy Protocol) an Application Layer protocol that uses SSH to provide remote file copy. Client applications include WinSCP (Windows) and scp (UNIX).
script a program.
SDD (solid state drive, “flash drive”) computer hardware used for permanent data storage. Data is written to/read from flash memory.
secret key cryptography (see symmetric cryptography).
server an application that provides a service to a client, typically across a network. The host providing the service is also called a server.
server-side script script contained in a file that is located on and executed by the webserver.
SFTP (SSH File Transfer Protocol) an Application Layer protocol that uses SSH to provide secure remote filesystem operations (including file copy). Client applications include WinSCP (Windows) and sftp (UNIX).
shell an interface for giving commands to an OS where the user types commands as text. Also called the “command-line interface”.
SMB (Server Message Block) an Application Layer protocol providing shared file and printer access on Microsoft Windows hosts. SMB uses TCP and port 445.
socket an endpoint of TCP/IP communication consisting of an IP Address, a port number, and a Transport Layer protocol. For example, a client nslookup process and a DNS nameserver process might be communicating using these sockets:
client socket =, port 45876, UDP
server socket =, port 53, UDP
spear phishing phishing targeted at specific users.
SSH (Secure Shell) an Application Layer protocol that uses public-key cryptography to secure data transmission on a network. SSH is used by SFTP and SCP, but is also frequently used to provide a secure remote shell. SSH uses TCP and port 22.
SSL (Secure Sockets Layer) a cryptographic protocol publicly introduced as SSL 2.0 with Version 2 of the Netscape Navigator browser in 1995. All versions of SSL have been shown to be vulnerable to man-in-the-middle attack. TLS 1.0 was intended to improve upon SSL 3.0, but has also been shown to be vulnerable.
statement Javascript that results in the browser performing an action. Unlike an expression, a statement is delimited by a semi-colon, and does not yield a value. Examples:
alert( "Try again!" ); ← a function call statement
var length; ← a declaration statement
cost = principal*(1+rate); ← an assignment statement
station a host that connects to a wireless network.
steganography the practice of concealing information in digital data, e.g., using every 100th bit of an image to hide a message.
string a Javascript data type consisting of a sequence of ASCII characters. Literal strings can be delimited either by single quotes or double quotes. Examples:
"This is a string"      'So is this'
String.fromCharCode( i ) a Javascript function that produces a single-character string corresponding to the decimal ASCII code i.
String.fromCharCode(65) produces the string "A" (65 is the ASCII code for "A").
subnet mask A 32-bit value that encodes the number of prefix bits in a network address, usually written as a dotted quad. Example: specifies a 24 bit network prefix, i.e., a network where all hosts have the same values for the first 3 components of their dotted quads.
superuser (root, administrator, admin) a special account with unlimited privilege, used to administer a system.
syntax The set of rules that defines the correct structure of written computer program code. For example in Javascript, a constant appearing on the left hand side of the assignment operator is a syntax error: 7 = 9*n; ← this is an error since it attempts to change the value of 7, a constant.
switch network hardware connecting multiple network devices that, unlike a hub, re-transmits a received packet only on the physical connection of the destination. A switch operates at the TCP/IP protocol stack Link Layer and uses MAC addressing.
symmetric key cryptography a cryptosystem using a key shared between the communicating parties, and otherwise kept secret. The same key is used to encrypt and decrypt. Example: AES.
T  (top)
tag part of an HTML element, in most cases having two parts: start and end. Tags consist of the element name in angle brackets, with the slash character / distinguishing the end tag, if present. Examples:
<a href=""> Click me </a>
<img src="kitteh.jpg"> ← the img element has no end tag
TCP (Transmission Control Protocol) the TCP/IP protocol stack Transport Layer protocol providing reliable connection-oriented transmission, error detection, flow and congestion control.
TCP/IP stack the most commonly used protocol stack, consisting of five layers:
threat someone who can and who wants to exploit a vulnerability.
TLD (Top Level Domain) a domain at the highest level in the DNS hierarchy. Examples include .com, .edu, .gov, ...
TLS (Transport Layer Security) a cryptographic protocol that encrypts/decrypts data between the Application and Transport Layers. TLS 1.0 has been shown to be vulnerable to man-in-the-middle attack (Sep 2011); TLS 1.2 (2008) is the currently accepted protocol for Transport Layer security.
traceroute (UNIX) (tracert - Windows) a command-line utility program that displays TCP/IP routing information.
Transport Layer (TCP/IP protocol stack) the layer responsible for network communication between processes, using port numbers as addresses.
two-factor authentication an authentication method which requires presenting two of three things: something you - "know", "have", "are".
Examples: (a) you have an ATM card and you know the PIN#, (b) you know a password and you have a fingerprint.
typeof a Javascript operator that evaluates to (returns) a string showing the data type of its argument.
typeof( 1 ) returns "Number",
typeof( "PWND!" ) returns "string",
typeof( 1 < 2 ) returns "boolean"
U  (top)
UDP (User Datagram Protocol) the TCP/IP protocol stack Transport Layer protocol providing unreliable connectionless transmission.
URL Uniform Resource Locator - a reference to a resource located somewhere on the web . The general form is: protocol://server:port/pathname?query
:port is optional. If not given, the default port for the given protocol is assumed (e.g., HTTP uses port 80).
?query is optional. If given, query indicates a script to be run on the server.
Example protocols: http, file, ftp
username (user name, login name, account name) the name associated with a login account.
V  (top)
variable (Javascript) a symbolic name representing a value that can change.
Vigenere Cipher a symmetric key encryption method for alphabetic text that uses a series of different Caesar ciphers. The Vigenere Cipher is subject to frequency analysis attack
[ Submitted by: Toohig 166462 ]
(computer virus) a type of malware that spreads by replicating itself from an infected computer to another computer, as a result of some user action.
vulnerability a weakness in an information system that can be exploited.
W  (top)
WAP (Wireless Access Point) a network device analagous to a hub, where the Physical Layer connections are wireless. A WAP is the base station in a WLAN. In typical use a WAP will also contain a router with a wired connection to the Internet.
WEP (Wired Equivalent Privacy) the wireless network security mechanism introduced with WiFi (1999). Although WEP remains in common use, it is considered obsolete and deprecated as the RC4 encryption algorithm it uses was shown to be vulnerable to various attacks. Note: RC4 is used by BitTorrent, SSL, and PDF.
WiFi (Wireless Fidelity) Physical Layer protocol where the electrical signals are transmitted via radio waves (i.e., wirelessly). "WiFi" is a brand name of the WiFi Alliance organization, and refers to a device using any of the IEEE 802.11 family of protocols, e.g., 802.11n.
WLAN (Wireless Local Area Network) one or more Basic Service Sets.
working directory (current directory) the filesystem location currently associated with a process. When a process uses a pathname that is not absolute it will use a relative pathname that starts at the current directory.
[ Submitted by: Hull 163096 ]
A form of malware that replicates across networks, without requiring user action.
World Wide Web (WWW, web) a client-server system using the HTTP protocol.
WPA (WiFi Protected Access) a wireless network security mechanism, intended as an interim replacement (2003) for WEP until WPA2 became available (2004). Like WEP, WPA is vulnerable to attack.
WPA2 the currently accepted wireless network security mechanism. WPA2 uses AES encryption.
X  (top)
X.509 a standard for PKI. An X.509 Certificate includes information such as the issuer (Certificate Authority), the issuer's digital signature, the subject whose public key is being certified, the subject's public key, and dates the certificate is valid.
Y  (top)
Z  (top)
zero day an attack that exploits a previously unknown vulnerability.
[ Submitted by: Livingston 163882 ]
A computer whose activities can be controlled by a Command and Control Server as a result of malware having been installed.