Glossary of Security Terms

ARP and RARP - ARP stands for Address Resolution Protocol. RARP is Reverse ARP. ARP maps the IP address to the MAC address of a device.

ARP Poisoning - Breaking communication between two systems by poisoning the address table in the network switch between them with false data. This tactic can be used to intercept data on a switched network also as some switches will "flood" all packets to all ports when the ARP table is full or broken. There are freely available tools on the Internet that anyone can download and use.

ARP Spoofing - Used on switched networks to intercept data destined to the victim's computer. There are freely available tools on the Internet that anyone can download and use.

Enumeration - The tactic of mapping out your network topology, size, services, etc. for the purpose of finding your weaknesses and ultimately a point of entry. There are freely available tools on the Internet that anyone can download and use.

Firewall - A Firewall is a device usually employed at the gateway of a network. A Firewall allows or disallows traffic in and out of the network based on it's source and destination port, source and destination addresses, the state of the communication and other criteria. A Firewall controls data between networks. It can not interrupt or prevent attacks between hosts on the same network.

IP spoofing - Used to make traffic sent by an attacker appear that it is from another source. There are freely available tools on the Internet that anyone can download and use.

Land Attack - A type of Denial of Service (DOS) attack which confuses and crashes a number of Operating Systems (especially Windows 95) or uses up the CPU so the system can't do anything else (such as in Windows NT). A Land Attack is performed by launching TCP/IP packets with the same source and destination IP address and port. There are freely available tools that anyone can download and use which will perform a Land Attack.

Malware - Software that is designed specifically for evil purposes.

Port - A logical connection "channel" for network applications to talk to each other. Ports help applications know what traffic is destined for them rather than other applications on the same host. Certain applications communicate at certain ports. For example a typical e-mail client sends mail to the server on port 25, and checks for new mail on port 110. Your web browser requested this web page on port 80. There are 65,536 ports for the TCP protocol, and 65,536 for the UDP protocol.

Port Scan -A method an attacker uses to enumerate what services are running on your network. An attacker sends requests on different ports and takes note of which ports respond in certain way. This is how an attacker knows what attacks will work on which of your systems. Ports map to applications and applications map to attacks. We perform port scans during a Vulnerability Assessment to get the same view of your network that an attacker has, and to find evidence of an attackers presence.

Root-Kit - Sometimes, a stealthy attacker can be discovered accidentally by a Systems Administrator using some system tools to fix an unrelated problem but discovers anomalies caused by the attackers presence. Once an attacker has made their way into your network, they typically replace these system tools with their own re-written versions. These re-written versions behave normally, except that they obscure the attackers presence. This makes it extremely unlikely that the attacker will be discovered accidentally, even by a very attentive IT staff. There are many freely available root kits for some of the most common Operating Systems, available on the Internet for anyone to download and use.

Smurf Attack - A type of Denial of Service attack. If a "ping" is sent directly to a broadcast or multicast address on a network, the routers may forward the pings on to all of the hosts on the network, all of those hosts may respond. If they do, then an attacker can create many times more traffic on your network than they sent to it. Basically, this attack uses the broadcast address to magnify or amplify the amount of traffic the attack sends.

Sniffing - An attacker puts a computer on your network into "promiscuous mode", listening to every bit of traffic that goes by on the network and captures all the data. Normally a computer's network connection ignores traffic that is not addressed to it, but when sniffing the computer will pick up everything. This is an easy way to pick up clear text passwords. e-mail programs frequently use clear text passwords. Many users use the same password for everything. This allows an attacker to crawl deeper into your network. There are freely available tools on the Internet that anyone can download and use.

Social Engineering - When an attacker uses his skills of communication to get what he wants. A "CON", lying, trickery, etc. Some examples: Dressing up like an A/C Technician or phone company worker and just walk around your facility like they know what they are doing. Social Engineering may include calling unsuspecting employees, posing as someone as another person in the company and getting them to divulge confidential information.

Trojan - Beware of Greeks bearing gifts ! A Trojan is malicious software hidden inside a tempting and seemingly innocuous file. This tactic is used to get a user to run malware on their machine for the attacker. The Trojan, since executed by the victim on their computer, is now able to open other holes which allow the attacker to gain control of the victim's computer. Trojans are commonly distributed by e-mail with catchy file names, or text that ask the victim to see the contents of the attachment. There are freely available tools on the Internet that anyone can download and use.

Virus - Any self-replicating or infectious software. A Worm is a type of Virus.

Worm - A type of virus that uses the infected computer to infect other computers, but does so while living only in infected computers memory. They are usually discovered only after the activity of replicating to other systems causes the infected machines to slow down.