ON2IT Smarter IT Security

Glossary

We realize that the field of network security is full of jargon. We’ve compiled a glossary with the most common abbreviations and buzzwords to help you understand what it is all about.

Authentication tokens

‘Hardware keys’ that verify the identity of a user.

APT

Advanced Persistent Threats usually refers to a group, such as a foreign nation state government, with both the capability and the intent to persistently and effectively target a specific entity.

BitTorrent

A peer-to-peer file sharing protocol used for distributing large amounts of data.

Botnet

A collection of compromised computers, termed bots, that are used for malicious purposes.

Buffer overflow

Also called buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer’s boundary and overwrites adjacent memory. This may result in erratic program behavior, including memory access errors, incorrect results, a crash, or a breach of system security.

Bug

Common term used to describe an error, flaw, mistake, failure, or fault in a computer program or system that produces an incorrect or unexpected result, or causes it to behave in unintended ways.

Cross Site Scripting

A type of computer security vulnerability typically found in web applications that enables attackers to inject client-side script into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls.

Curve DNS

A security layer using elliptic curve cryptography residing ‘on top’ of DNS that makes it harder to exploit fairly easy and simple DNS vulnerabilities.

DNS

A hierarchical naming system built on a distributed database for computers, services, or any resource connected to the Internet or a private network. Most importantly, it translates domain names meaningful to humans into the numerical identifiers associated with networking equipment for the purpose of locating and addressing these devices worldwide.

DoS

Denial of Service, an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of person or persons to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely.

DDoS

Distributed Denial of Service. See above, but then distributed (many systems are taking part in the DoS)

E-mail filtering

Used to distinguish ‘spam’ (unwanted, unsollicited bulk e-mail) from ‘ham’ (legitimate e-mail). E-mail filtering is a must because it is estimated that 90% of worldwide e-mail traffic consists of spam.

Exploits

A piece of software, a chunk of data, or sequence of commands that takes advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerised). This frequently includes such things as gaining control of a computer system or allowing privilege escalation or a denial of service attack.

ESSO

Enterprise Single Sign On, eliminates the need to authenticate to multiple resources repeatedly, but provides for one (single) sign-on process.

Firewall

A device or set of devices designed to permit or deny network transmissions based upon a set of rules and is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass.

Hardening

Reinforcing the security of a computer system or infrastructure.

Hacker

A person who breaks into computers and computer networks for profit, in protest, or because they are motivated by the challenge.

Host security

Endpoint systems security (e.g. laptops, mobile devices)

IPS

Intrusion Prevention System, network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about said activity, attempt to block/stop activity, and report activity.

Malware

Short for malicious software, consists of programming (code, scripts, active content, and other software) designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, gain unauthorized access to system resources, and other abusive behavior.

Patching

A piece of software designed to fix problems[1] with, or update a computer program or its supporting data. This includes fixing security vulnerabilities[1] and other bugs, and improving the usability or performance.

Perimeter

Definition of the boundaries of a network.

P2P

Peer-to-peer.

Protocol

A formal description of digital message formats and the rules for exchanging those messages in or between computing systems and in telecommunications.

RADIUS

Remote Authentication Dial In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for computers to connect and use a network service.

SP3 Architecture

Single Pass Parallel Processing, a proprietary technique by Palo Alto Networks to run multiple types of inspection on network traffic in a single pass, saving time and resources.

SSL

Cryptographic protocols that provide communication security over the Internet.

Spyware

A type of malware that can be installed on computers, and which collects small pieces of information about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically, spyware is secretly installed on the user’s personal computer.

SQL injection

A code injection technique that exploits a security vulnerability occurring in the database layer of an application (like queries).

Trojan horse

A destructive program that masquerades as an application. The software initially appears to perform a desirable function for the user prior to installation and/or execution, but (perhaps in addition to the expected function) steals information or harms the system.[1] Unlike viruses or worms, Trojan horses do not replicate themselves, but they can be just as destructive.

UTM appliance

a comprehensive solution that has recently emerged in the network security industry and since 2004, has gained widespread currency as a primary network gateway defense solution for organizations.

Virus

A computer program that can copy itself[1] and infect a computer. The term “virus” is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability.

VPN

Virtual Private Network, a secure way of connecting to a private Local Area Network at a remote location, using the Internet or any unsecure public network to transport the network data packets privately, using encryption. The VPN uses authentication to deny access to unauthorized users, and encryption to prevent unauthorized users from reading the private network packets. The VPN can be used to send any kind of network traffic securely, including voice, video or data.

VPN tunnel

See VPN.

WAN

A computer network that covers a broad area (i.e., any network whose communications links cross metropolitan, regional, or national boundaries).

Web content filtering

Technique whereby content is blocked or allowed based on analysis of its content, rather than its source or other criteria.

Worm

A self-replicating malware computer program, which uses a computer network to send copies of itself to other nodes (computers on the network) and it may do so without any user intervention. This is due to security shortcomings on the target computer. Unlike a computer virus, it does not need to attach itself to an existing program. Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.