An Intruder is a person who attempts to gain unauthorized access to a system, to damage that system, or to disturb data on that system. In summary, this person attempts to violate Security by interfering with system Availability, data Integrity or data Confidentiality.
Active Intruder and Passive Intruder
A passive intruder just listens and records the control and data messages on the channel and doesn’t make any modification to the message, while the active intruder can remove messages from the channel and/or add messages into the channel. An active intruder threat involves a situation where an individual or individuals access a system with the intention to cause serious harm.
Some systems monitor failed Authentication attempts, and if too many attempts to sign on with a single account are detected, the Account is locked. This mechanism is intended to deter an Intruder, who may attempt to guess the password for one or more Accounts.
An Audit Trail documents all security events. These include authentication attempts, change request input and authorization, access provisioning and deactivation events, Password Synchronization and reset, profile updates, etc.
Biometric Authentication is any process that validates the identity of a user who wishes to sign into a system by measuring some intrinsic characteristic of that user. Biometric samples include finger prints, retinal scans, face recognition, voice prints and even typing patterns.
Breach of Confidentiality
A Breach of Confidentiality is a Security violation where the Confidentiality of some data was lost.
A Cryptographic Certificate is a user's Public Key, which has been signed and encrypted using the private key of a well-known Certificate Authority. This allows the user to give out his or her Public Key to others, and allows those others to trust that it is, in fact, the user's correct Public Key. Ex. www.verisign.com
Encryption is a process of translating a message, called the Plaintext, into an encoded message, called the Ciphertext. This is usually accomplished using a secret Encryption Key and a cryptographic Cipher.
Two basic types of Encryption are commonly used:
Symmetric Encryption, where a single secret key is used for both encryption and decryption.
Asymmetric Encryption, where a pair of keys is used -- one for Encryption and the other for Decryption.
Decryption is the reverse process to Encryption. Frequently, the same Cipher is used for both Encryption and Decryption. While Encryption creates a Ciphertext from a Plaintext, Decryption creates a Plaintext from a Ciphertext.
An Encryption Key is a sequence of numbers used to encrypt or decrypt data.
A Private Key is a secret key, used in Asymmetric Encryption. It is mathematically equivalent to a Public Key, but is kept secret. This is one half of a matching key-pair.
A Public Key is a publicly distributed key, used in Asymmetric Encryption. It is mathematically equivalent to a Private Key, but is widely distributed. Public Key's are frequently certified by a Certificate Authority, so that users of this key can verify its authenticity.
Public key encryption system
AKA as Asymmetric Encryption. It uses two keys where, one key encrypts, only the other can decrypt. The keys are interchangeable, in the sense that if key A encrypts a message, then B can decrypt it, and if key B encrypts a message, then key A can decrypt it.
In public key encryption, one of the keys is known to both receiver and sender. The key is public in other word. The other key is known only by sender.
A Hash is a code, calculated based on the contents of a message. This code should have the property that it is extremely difficult to construct a message so that its Hash comes to a specific value. Hash's are useful because they can be attached to a message, and demonstrate that it has not been modified. If a message were to be modified, then its hash would have changed, and would no longer match the original hash value.
Denial of Service
A Security intrusion which causes a system to be damaged, and where the damage is sufficient to disable at least one of the services offered by that system, is called a Denial of Service.
Sytem includes multiple, redundant servers, and continues to offer full functionality even when one of those servers ceases to function.
It detects failures in updates to target systems, and automatically retries failed operations until they succeed.
Loss of Integrity
A set of data is said to have suffered a Loss of Integrity if some event has caused it to be corrupted or incorrectly altered. This constitutes a Security violation.
Session Hijacking is any Security attack, carried out by an Intruder, which attempts to insert commands into an active Login Session. On wide-area TCP/IP networks, this is frequently attempted using IP Spoofing. On local TCP/IP networks, this might be attempted with the help of a Packet Sniffer.
A Firewall is a system which limits network access between two or more networks. Normally, a Firewall is deployed between a trusted, protected private network and an untrusted public network. For example, the trusted network might be a corporate network, and the public network might be the Internet. A Firewall might grant or revoke access based on user Authentication, source and destination network addresses, network protocol, time of day, network service
or any combination of these. It might be implemented as an Application Level Firewall or a Packet Level Firewall. It might also implement a Content Filter, such as a Virus Wall.
Packet Level Firewall
A Packet Level Firewall protects an internal network against unauthorized access and attack from a public or external network by blocking some packets. Packets may be blocked based on source IP address, destination IP address, source or destination TCP port number, other packet header fields, time of day or user authentication. Filtering is carried out on a packet-by-packet basis, and the entire Packet Level Firewall may be implemented on a Router. Normally all filtering happens inside the Operating System, which makes this type of Firewall very fast.
IP is the Internet Protocol. It is a mechanism by which packets may be routed between computers on a network-of-networks. IP allows computers to be connected using various physical media, ranging from modems to Ethernet cabling, fiber-optic cables and even satellite and radio links. IP is designed to be robust, and to gracefully handle the loss of some connections. Individual packets of data are routed by hosts with little knowledge of the overall network structure - just a few local routing rules. The global Internet is constructed using the IP network protocol.
IP Spoofing is a security exploit where an Intruder attempts to send packets to a system which appear to originate from a source other than the Intruder's own. If the target system already has an authenticated TCP session with another system on the same IP network, and it mistakenly accepts a spoofed IP packet, then it
may be induced to execute commands in that packet, as though they came from the authenticated connection. Improved reliability and routing filters in major Internet routers make this attack largely obsolete on the Internet in cases where the Intruder and target system are topologically distant.
A Packet Sniffer is a program that can record all network packets that travel past a given network interface, on a given computer, on a network. It can be used to troubleshoot network problems, as well as to extract sensitive information such as Credentials from unencrypted Login Session's.
HTTP is the Hyper-Text Transfer Protocol. It is the most popular network protocol for exchanging documents on the World-Wide Web. Uses port 80.
Ftp is the file transfer protocol. It is based on the TCP/IP network protocols. Ftp allows a user on one machine to send files to or retrieve files from an Ftp server. FTP uses User ID / Password Credentials, sent as Plaintext over the network, with no Encryption, for Authentication. Uses port 21.
HTTPS is the Hyper-Text Transfer Protocol with SSL Encryption. It is the most popular network protocol for establishiing secure connections for exchanging documents on the World-Wide Web. It is basically HTTP carried over a TCP socket, which has been secured using SSL. (Uses port 443)
SSL is the Secure Socket Layer. It is a protocol that encrypts a single TCP session. Using this Asymmetric Encryption, all data exchanged over a TCP socket can be cryptographically protected. SSL is the base of HTTPS - the secure WWW protocol.
TCP is the Transmission Control Protocol. It is used to establish connection-oriented, sequenced and error-free sessions over IP networks.
UDP is the User Datagram Protocol. It is used to send individual packets across an IP network, in an unreliable fashion. This means that successful, error-free delivery of a message is not guaranteed.
SMTP is the Simple Mail Transfer Protocol. It is the most popular protocol for transferring electronic mail on the Internet. SMTP is quite robust, but provides no facilities for Authentication of the sender or recipient; for encryption; or for attaching non-ASCII data. (Port 25)
SNMP is the simple network management protocol. It is used by network management frameworks to manage and monitor network devices, such as hubs and routers. Some computer systems also respond to SNMP queries. (Port 161)
Telnet is a TCP/IP protocol that allows a User to remotely Login to a Unix, VMS or mainframe system, and execute commands in that Login Session. Telnet does not use Encryption. However, Ssh is functionally equivalent and secure. (Port 23)
POP is an application-layer Internet standard protocol used by local e-mail clients to retrieve e-mail from a remote server over a TCP/IP connection. (Port 110)
Simple Mail Transfer Protocol (SMTP)—used for e-mail routing between mail servers. The Internet standard for electronic mail (e-mail) transmission across Internet Protocol (IP) networks. (Port 25)
Ssh is the Secure Shell and improves on them by incorporating Asymmetric Encryption and a simple Public Key Infrastructure.
Internet Message Access Protocol (IMAP)—management of email messages. (Port 143)
Virtual Private Network
A Virtual Private Network is software hosted on two machines, which forwards network traffic between them. The packets exchanged between the machines is protected against Intruder's equipped with Packet Sniffer's using Encryption. All packets that pass through the network are encrypted, and so provide little or no
value to an Intruder.A Virtual Private Network makes it possible to pass private data over a public network, thus simulating a private network without the expense of separate, protected communication media.
A Proxy is a server that forwards requests from a community of users to the Internet, and retrieves those documents from the World-Wide Web. WWW Proxies are useful since they can cache documents (and avoid downloading them repeatedly), control access to documents (thus acting as a Content Filter) and scan for
Viruses (thus acting as a Virus Wall). They also can be used to access wesites annonymously hiding your IP.
Spam is unsolicited electronic mail, usually delivered over the Internet. Some SMTP servers can filter out Spam (thus making a Spam Filter). Some jurisdictions are trying to make Spam illegal.
A Spam Filter is software that processes electronic mail messages, either for a single user or an entire network. While processing these messages, the Spam Filter attempts to identify Spam messages, and deletes them.
Whis is a query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system. Ex. whois kaputa.com gives information on kaputa.com
Domain Name System (DNS)
The Domain Name System (DNS) is a hierarchical distributed naming system used in internet. DNS translates domain names to IP addresses needed by users of internet.