295 lines
5.4 KiB
HTML
295 lines
5.4 KiB
HTML
|
<HTML
|
||
|
><HEAD
|
||
|
><TITLE
|
||
|
>Glossary</TITLE
|
||
|
><META
|
||
|
NAME="GENERATOR"
|
||
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
|
||
|
REL="HOME"
|
||
|
TITLE="Linux Security HOWTO"
|
||
|
HREF="index.html"><LINK
|
||
|
REL="PREVIOUS"
|
||
|
TITLE="Security Sources"
|
||
|
HREF="sources.html"><LINK
|
||
|
REL="NEXT"
|
||
|
TITLE="Frequently Asked Questions"
|
||
|
HREF="q-and-a.html"></HEAD
|
||
|
><BODY
|
||
|
CLASS="sect1"
|
||
|
BGCOLOR="#FFFFFF"
|
||
|
TEXT="#000000"
|
||
|
LINK="#0000FF"
|
||
|
VLINK="#840084"
|
||
|
ALINK="#0000FF"
|
||
|
><DIV
|
||
|
CLASS="NAVHEADER"
|
||
|
><TABLE
|
||
|
SUMMARY="Header navigation table"
|
||
|
WIDTH="100%"
|
||
|
BORDER="0"
|
||
|
CELLPADDING="0"
|
||
|
CELLSPACING="0"
|
||
|
><TR
|
||
|
><TH
|
||
|
COLSPAN="3"
|
||
|
ALIGN="center"
|
||
|
>Linux Security HOWTO</TH
|
||
|
></TR
|
||
|
><TR
|
||
|
><TD
|
||
|
WIDTH="10%"
|
||
|
ALIGN="left"
|
||
|
VALIGN="bottom"
|
||
|
><A
|
||
|
HREF="sources.html"
|
||
|
ACCESSKEY="P"
|
||
|
>Prev</A
|
||
|
></TD
|
||
|
><TD
|
||
|
WIDTH="80%"
|
||
|
ALIGN="center"
|
||
|
VALIGN="bottom"
|
||
|
></TD
|
||
|
><TD
|
||
|
WIDTH="10%"
|
||
|
ALIGN="right"
|
||
|
VALIGN="bottom"
|
||
|
><A
|
||
|
HREF="q-and-a.html"
|
||
|
ACCESSKEY="N"
|
||
|
>Next</A
|
||
|
></TD
|
||
|
></TR
|
||
|
></TABLE
|
||
|
><HR
|
||
|
ALIGN="LEFT"
|
||
|
WIDTH="100%"></DIV
|
||
|
><DIV
|
||
|
CLASS="sect1"
|
||
|
><H1
|
||
|
CLASS="sect1"
|
||
|
><A
|
||
|
NAME="AEN1357"
|
||
|
></A
|
||
|
>12. Glossary</H1
|
||
|
><P
|
||
|
> Included below are several of the most frequently used terms in computer
|
||
|
security. A comprehensive dictionary of computer security terms is available
|
||
|
in the <A
|
||
|
HREF="http://www.linuxsecurity.com/dictionary/"
|
||
|
TARGET="_top"
|
||
|
>LinuxSecurity.com Dictionary</A
|
||
|
>
|
||
|
</P
|
||
|
><P
|
||
|
>
|
||
|
<P
|
||
|
></P
|
||
|
><UL
|
||
|
><LI
|
||
|
><P
|
||
|
> <EM
|
||
|
>authentication:</EM
|
||
|
> The process of knowing that the data
|
||
|
received is the same as the data that was sent, and that the claimed
|
||
|
sender is in fact the actual sender.
|
||
|
</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> <EM
|
||
|
>bastion Host:</EM
|
||
|
> A computer system that must be highly
|
||
|
secured because it is vulnerable to attack, usually because it is
|
||
|
exposed to the Internet and is a main point of contact for users of
|
||
|
internal networks. It gets its name from the highly fortified
|
||
|
projects on the outer walls of medieval castles. Bastions overlook
|
||
|
critical areas of defense, usually having strong walls, room for
|
||
|
extra troops, and the occasional useful tub of boiling hot oil for
|
||
|
discouraging attackers.
|
||
|
</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> <EM
|
||
|
>buffer overflow:</EM
|
||
|
> Common coding style is to never
|
||
|
allocate large enough buffers, and to not check for overflows. When
|
||
|
such buffers overflow, the executing program (daemon or set-uid
|
||
|
program) can be tricked in doing some other things. Generally this
|
||
|
works by overwriting a function's return address on the stack to point
|
||
|
to another location.
|
||
|
</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> <EM
|
||
|
>denial of service:</EM
|
||
|
> An attack that consumes the
|
||
|
resources on your computer for things it was
|
||
|
not intended to be doing, thus preventing normal use of your network
|
||
|
resources for legitimate purposes.
|
||
|
</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> <EM
|
||
|
>dual-homed Host:</EM
|
||
|
> A general-purpose computer system that
|
||
|
has at least two network interfaces.
|
||
|
</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> <EM
|
||
|
>firewall:</EM
|
||
|
> A component or set of components that restricts
|
||
|
access between a protected network and the Internet, or between other
|
||
|
sets of networks.
|
||
|
</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> <EM
|
||
|
>host:</EM
|
||
|
> A computer system attached to a network.
|
||
|
</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> <EM
|
||
|
>IP spoofing:</EM
|
||
|
> IP Spoofing is a complex technical attack
|
||
|
that is made up of several components. It is a security exploit that
|
||
|
works by tricking computers in a trust relationship into thinking that
|
||
|
you are someone that you really aren't. There is an extensive paper
|
||
|
written by daemon9, route, and infinity in the Volume Seven, Issue
|
||
|
Forty-Eight issue of Phrack Magazine.
|
||
|
</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> <EM
|
||
|
>non-repudiation:</EM
|
||
|
> The property of a receiver being able
|
||
|
to prove that the sender of some data did in fact send the data even
|
||
|
though the sender might later deny ever having sent it.
|
||
|
</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> <EM
|
||
|
>packet:</EM
|
||
|
> The fundamental unit of communication on the
|
||
|
Internet.
|
||
|
</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> <EM
|
||
|
>packet filtering:</EM
|
||
|
> The action a device takes to
|
||
|
selectively control the flow of data to and from a network. Packet
|
||
|
filters allow or block packets, usually while routing them from one
|
||
|
network to another (most often from the Internet to an internal
|
||
|
network, and vice-versa). To accomplish packet filtering, you set up
|
||
|
rules that specify what types of packets (those to or from a
|
||
|
particular IP address or port) are to be allowed and what types are to
|
||
|
be blocked.
|
||
|
</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> <EM
|
||
|
>perimeter network:</EM
|
||
|
> A network added between a protected
|
||
|
network and an external network, in order to provide an additional
|
||
|
layer of security. A perimeter network is sometimes called a DMZ.
|
||
|
</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> <EM
|
||
|
>proxy server:</EM
|
||
|
> A program that deals with external
|
||
|
servers on behalf of internal clients. Proxy clients talk to proxy
|
||
|
servers, which relay approved client requests to real servers, and
|
||
|
relay answers back to clients.
|
||
|
</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> <EM
|
||
|
>superuser:</EM
|
||
|
> An informal name for <TT
|
||
|
CLASS="literal"
|
||
|
>root</TT
|
||
|
>.
|
||
|
</P
|
||
|
></LI
|
||
|
></UL
|
||
|
>
|
||
|
|
||
|
</P
|
||
|
></DIV
|
||
|
><DIV
|
||
|
CLASS="NAVFOOTER"
|
||
|
><HR
|
||
|
ALIGN="LEFT"
|
||
|
WIDTH="100%"><TABLE
|
||
|
SUMMARY="Footer navigation table"
|
||
|
WIDTH="100%"
|
||
|
BORDER="0"
|
||
|
CELLPADDING="0"
|
||
|
CELLSPACING="0"
|
||
|
><TR
|
||
|
><TD
|
||
|
WIDTH="33%"
|
||
|
ALIGN="left"
|
||
|
VALIGN="top"
|
||
|
><A
|
||
|
HREF="sources.html"
|
||
|
ACCESSKEY="P"
|
||
|
>Prev</A
|
||
|
></TD
|
||
|
><TD
|
||
|
WIDTH="34%"
|
||
|
ALIGN="center"
|
||
|
VALIGN="top"
|
||
|
><A
|
||
|
HREF="index.html"
|
||
|
ACCESSKEY="H"
|
||
|
>Home</A
|
||
|
></TD
|
||
|
><TD
|
||
|
WIDTH="33%"
|
||
|
ALIGN="right"
|
||
|
VALIGN="top"
|
||
|
><A
|
||
|
HREF="q-and-a.html"
|
||
|
ACCESSKEY="N"
|
||
|
>Next</A
|
||
|
></TD
|
||
|
></TR
|
||
|
><TR
|
||
|
><TD
|
||
|
WIDTH="33%"
|
||
|
ALIGN="left"
|
||
|
VALIGN="top"
|
||
|
>Security Sources</TD
|
||
|
><TD
|
||
|
WIDTH="34%"
|
||
|
ALIGN="center"
|
||
|
VALIGN="top"
|
||
|
> </TD
|
||
|
><TD
|
||
|
WIDTH="33%"
|
||
|
ALIGN="right"
|
||
|
VALIGN="top"
|
||
|
>Frequently Asked Questions</TD
|
||
|
></TR
|
||
|
></TABLE
|
||
|
></DIV
|
||
|
></BODY
|
||
|
></HTML
|
||
|
>
|