Searching network address space via DNS inverse queries.

A host purporting to be another, usually trusted, host.

The individual responsible for a system or network or systems. The firewall administrator is responsible for the firewall.

A protocol-specific data forwarder.

A version of POP that uses non-reusable passwords for authentication.

Allows a host to find the physical address of a target host on the same physical network, given only the target's IP address. The protocol is used to dynamically bind an IP Address to a physical hardware address. The use of ARP is restricted to a single physical network and is limited to networks that support hardware broadcast.

Method to guarantee that the sender of information is who the sender purports to be.

A secure computer that forms part of a security firewall and runs applications that communicate with computers outside an organization.

In UNIX, DNS is implemented by the BIND.

A portion of memory or storage that contains a “quick reference” to recently used information.

The chroot mechanism allows a program to irreversibly change its view of the filesystem by changing the where the root of the filesystem is. When a program chroots to a particular portion of a given filesystem, that portion becomes the whole filesystem and, in effect, the rest of the filesystem ceases to exist, from the program's point of view.

The piece of HTTP that specifies how user information is communicated to the server and from it to external programs.

A protocol gateway for a specific service type.

A (usually) FTP or Gopher request initiated by an untrusted client that appears to come from a trusted server.

An attack that is aimed entirely at preventing use of your own equipment.

The most widely used symmetric cryptosystem.

The online distributed database system used to map human-readable machine names into IP addresses. DNS servers throughout the Internet implement a hierarchical namespace that allows sites to assign machine names and addresses.

A part of the DNS naming hierarchy. Domain names consist of a sequence of names (labels) separated by periods (dots).

A mechanism for identifying a message source.

A dual-homed host has two network interfaces, and therefore two addresses, and acts as a router between the subnetworks to which those interfaces are attached.

A mechanism for changing the appearance of data. Encryption allows the creation of secure connections over insecure channels. Encrypting network traffic provides both privacy and authentication

A service that looks up information about a user who has an account on the machine being queried. It tells whether or not that user is currently logged into the machine and may include the person's real name, login, phone number, office location, and other information.

A configuration of routers and networks placed between an organization's internal internet and a connection to an external internet to provide security.

The TCP/IP standard, high-level protocol for file transfer from one machine to another. FTP uses TCP.

One of the programs that implement FTP.

A program run on a host or router that collects routing information from within one autonomous system and advertises the information to another autonomous system.

Dedicated host that interconnects two different services or applications.

A collection of users with a common security concern.

A term indicating that an operating system or application has been modified to eliminate elements that make it vulnerable to attack or failure.

The language used to implement network resource pages.

The primary application protocol that underlies the World Wide Web.

The program that listens for requests for services specified in the /etc/inetd.conf configuration file. When it hears such a request, it starts the proper server to process the request.

The network of machines protected by the firewall (inside the security perimeter).

A 32-bit integer address assigned to each host on the Internet.

When ISS is run from another system and directed at your system, it probes your system for software bugs and configuration errors commonly exploited by crackers.

A host that accepts e-mail; some mail exchangers forward the mail to other hosts.

Part of an electronic mail system that accepts a piece of mail and a list of addresses as input and sends a copy of the message to each address on the list.

A host that connects to two or more dissimilar electronic mail systems and transfers mail messages among them.

A program used with a multicast kernel to establish multicast routing.

The process of mapping a name into a corresponding address. The domain name system provides a mechanism for naming hosts in which programs use remote name servers to resolve a host name into an IP address.

A program that provides the capability of a TCP Wrapper.

The network permissions table (/usr/local/etc/netperm-table) that contains Gauntlet Firewall configuration information used by the kernel, proxies, and other applications. The configuration information is in the form of policy or applications rules.

A protocol developed by Sun Microsystems, Inc. that uses IP to allow a set of cooperating computers to access each other's file systems as if they were local.

The network of machines not protected by the firewall (outside the security perimeter). When a firewall protects a network connected to the Internet, the outside network is the rest of the Internet.

A method to select or deselect traffic from given network addresses.

A system that serves as a gateway for protocols using simple packet content rules.

The name of a program used with TCP/IP internets to test reachability of destinations by sending them an ICMP echo request and waiting for a reply.

A general-purpose program implemented as a proxy which allows data to flow from an inside host to an outside host.

A client-server protocol for handling user electronic mail boxes. The user's mailbox is kept on the server, rather than on the user's personal machine.

A specific pathway for data and control information.

To probe given ports to determine what type of data or control information is normally passed via the given ports.

A protocol for framing IP across a serial line. A more recent protocol than SLIP.

Most Ethernet and token ring interfaces can operate in this mode to view all packets on an Ethernet or token ring.

A formal description of message formats and the rules that must be followed to exchange those messages

Specialized applications or programs that run on a firewall host. These programs take users' requests for Internet services (such as FTP and TELNET) and forward them according to the site's security policy. Proxies are replacements for actual services and serve as application-level gateways to the services.

The technique in which a host or router answers ARP requests intended for another by supplying its own physical address. The purpose is to allow a site to use a single IP network address with multiple physical networks.

An encryption technique that generates encryption keys in pairs. One of the pair, used to decrypt, is kept secret, and the other, used to encrypt, is published.

The remote login protocol developed for UNIX by the University of California in Berkeley. It offers a service similar to TELNET.

A program devised for UNIX that implements the RIP protocol. Pronounced “route dee.”

A special purpose, dedicated machine that attaches to two or more networks and forwards packets from one to the other. An IP router forwards IP datagrams among the networks to which it is connected. An IP router uses the destination address on the datagram to choose the next hop to which it forwards a datagram.

A one-time password mechanism that allows a system to authenticate a user reliably. The S/Key encodes each key into a series of short words, so they are easier for a user to read and type, rather than generating random characters.

The type of router used in a packet filtering firewall.

The mechanisms used to protect a network of machines.

A framing protocol used to send IP across a serial line. SLIP is popular when sending IP over dialup phone lines but has been largely replaced by PPP.

A small program intended solely to handle incoming SMTP connections

A program that is invoked regularly (typically once a minute) to process the files queued in the queue directory, normally by handing them to sendmail for delivery.

The TCP/IP standard protocol for transferring electronic mail messages from one host to another. SMTP specifies how two hosts interact and the format of control messages they exchange to transfer mail.

A standard protocol used to monitor hosts, routers, and the networks to which they attach.

The abstraction provided by the UNIX operating system that allows an application program to access the TCP/IP protocols.

The SOCKS package is an example of the type of proxy system that requires custom clients.

A route that is determined by the source. In IP, a source route consists of a list of routers a datagram should visit; the route is specified as an IP option. Source routing is most often used for debugging but should be rejected by most hosts.

A system for verifying users which uses one-time, non-reusable passwords.

The portion of an IP address can be locally modified by using host address bits as additional network address bits. These newly designated network bits define a network within the larger network.

An extension of the IP addressing scheme that allows a site to use a single IP network address for multiple physical networks by dividing the destination address into a network portion and local portion.

A suite of data communications protocols.

The TCP wrapper package monitors incoming network traffic and controls network activity. It is a simple but effective piece of publicly available software set up to run whenever certain ports (corresponding to certain services) are connected.

A method for providing network access through a firewall without user interaction with the firewall. Access that is allowed at a site is done invisibly to the user.

The network of machines protected by the firewall.

The TCP/IP standard protocol that allows an application program on one host to send a datagram to an application program on another. UDP uses IP to deliver datagrams but UDP includes a protocol port number, allowing the sender to distinguish between application programs on a given remote host.

The network of machines not protected by the firewall, but from which the firewall accepts requests.

A string that gives the location of a information. The string begins with a protocol type (for example, FTP, HTTP) followed by the domain name of a server and the path name to a file on that server.

A physically disparate set of networks that share a common security perimeter through secured internetwork communication.

A software program that lets you access the World Wide Web. Netscape Navigator and Microsoft Internet Explorer are well-known Web browsers.

Any of a set of protocol port numbers assigned for specific uses by transport level protocols, (for example, SMTP and UDP). Each server listens at a well-known port so clients can locate it.

The large-scale information service that allows a user to browse through information. The Web offers a hypermedia system that can store information as text, graphics, audio, and so on.