Shelter In Computers
: Our Aim & Mission as a Organization to Promote Information
Technology , Cyber Secuirty , Entrepreneurship Education into Young Generation
, Teach , Train & Employee them in Eduction Sector , Banks & Different
Industries and Bulid them Future Leaders.
Web Security Glossary
The Web Security Glossary is an alphabetical index of terms and terminology
relating to web application security. The purpose of the Glossary is to clarify
the language used within the community.
size: 140 kilobytes
Abuse of Functionality: An
attack technique that uses the features and functionality of a web site to
consume, defraud, or circumvent the sites access controls. See also Denial
ActiveX controls: A
program, called a control, developed using ActiveX controls technologies.
ActiveX controls controls can be downloaded and executed within
technology-enabled Web browsers. ActiveX controls is a set of rules for how
applications should share information. ActiveX controls controls can be
developed in C, C++, Visual Basic, and Java. See also Java,
AJAX: AJAX stands
website to perform additional resource requests without refreshing the user page
measure that prevents automated programs from exercising web site functionality
by administering the Turing Test to a user, which only a human could pass. See
Application Server: A
software server, normally using HTTP, which has the ability to execute dynamic
web applications. Also known a middleware, this piece of software is normally
installed on or near the web server where it can be called upon. See also Web
process of verifying the identity or location of a user, service or application.
Authentication is performed using at least one of three mechanisms: something
you have, something you know or something you are. The authenticating
application may provide different services based on the location, access method,
time of day, etc. See also Insufficient
determination of what resources a user, service or application has permission to
access. Accessible resources can be URLs, files, directories, servlets,
databases, execution paths, etc. See also Insufficient
Backup File Disclosure: (Obsolete)
Basic Authentication: A
simple form of client-side authentication supported in HTTP. The http-client
sends a request header to the web server containing a Base64 encoded username
and password. If the username/password combination is valid, the web server
grants the client access to the requested resource. See also Authentication,
Brute Force: An
automated process of trial and error used to guess the secret protecting a
system. Examples of these secrets include usernames, passwords or cryptographic
keys. See also Authentication,
Recover System, Weak
Password Recovery Validation.
Buffer Overflow: An
exploitation technique that alters the flow of an application by overwriting
parts of memory. Buffer Overflows are a common cause of malfunctioning software.
If the data written into a buffer exceeds its size, adjacent memory space will
be corrupted and normally produce a fault. An attacker may be able to utilize a
buffer overflow situation to alter an application's process flow. Overfilling
the buffer and rewriting memory-stack pointers could be used to execute
arbitrary operating-system commands.
CGI Scanner: Automated
security program that searches for well-known vulnerabilities in web servers and
off-the-shelf web application software. Often CGI Scanners are not very
stateful in their analysis and only test a series HTTP requests against known
CGI strings. See also, Web
Application Vulnerability Scanner.
CGI Security: (Obsolete)
Client-Side Scripting: Web
browser feature that extends the functionality and interactivity of static
HyperText markup language (HTML) web pages. Examples of Client-Side Scripting
Common Gateway Interface: (Acronym
- CGI) Programming standard for software to interface and execute applications
residing on web servers. See also Web
Configuration File Disclosure: (Obsolete)
Content Spoofing: An
attack technique used to trick a user into thinking that fake web site content
is legitimate data.
Cookie: Small amount
of data sent by the web server, to a web client, which can be stored and
retrieved at a later time. Typically cookies are used to keep track of a users
state as they traverse a web site. See also Cookie
Cookie Manipulation: Altering
or modification of cookie values, on the clients web browser, to exploit
security issues within a web application. Attackers will normally manipulate
cookie values to fraudulently authenticate themselves to a web site. This is an
example of the problem of trusting the user to provide reasonable input. See
Cookie Poisoning: (Obsolete)
Cross-Site Scripting: (Acronym
XSS) An attack technique that forces a web site to echo client-supplied data,
which execute in a users web browser. When a user is Cross-Site Scripted, the
attacker will have access to all web browser content (cookies, history,
application version, etc). See also Client-Side
Debug Commands: Application
debugging features or commands that assist in identifying programming errors
during the software development process.
Denial of Service: (Acronym
DoS) An attack technique that consumes all of a web sites available resources
with the intent of rendering legitimate use impossible. Resources include CPU
time, memory utilization, bandwidth, disk space, etc. When any of these
resources reach full capacity, the system will normally be inaccessible to
normal user activity. See also Abuse
Directory Browsing: (Obsolete)
Directory Enumeration: (Obsolete)
Directory Indexing: A
feature common to most popular web servers, that exposes contents of a directory
when no index page is present. See also Predictable
Directory Traversal: A
technique used to exploit web sites by accessing files and commands beyond the
document root directory. Most web sites restrict user access to a specific
portion of the file-system, typically called the document root directory or CGI
root directory. These directories contain the files and executables intended for
public use. In most cases, a user should not be able to access any files beyond
DOM Based Cross Site Scrpiting: DOM
based cross-site scripting (or "DOM based XSS" in short) is a cross-site
client side) programming that takes place in response pages, to effectively
execution in a target page (in the attacked domain) by providing it with data in
the URL or the Referer, which the script insecurely uses. The script may apply
the eval() function to the malicious data, or embed it in the DOM (thus making
to "standard" XSS, where the malicious data is embedded to the page at the
server side. In some cases, DOM based XSS can even be conducted in such way that
the malicious payload doesn't even reach the server, which makes this attack
Encoding Attacks: An
exploitation technique that aids an attack by changing the format of
user-supplied data to bypass sanity checking filters. See also Null
Extension Manipulation: (Obsolete)
File Enumeration: (Obsolete)
Filename Manipulation: An
attack technique used to exploit web sites by manipulating URL filenames to
cause application errors, discover hidden content, or display the source code of
an application. See also Predictable
Filter-Bypass Manipulation: See
Forced Browsing: See
Form Field Manipulation: Altering
or modification of HTML Form-Field input values or HTTP post-data to exploit
security issues within a web application. See also Parameter
Format String Attack: An
exploit technique that alters the flow of an application by using string
formatting library features to access other memory space.
Frame Spoofing: (Obsolete)
HyperText Transfer Protocol: (Acronym
HTTP) A protocol scheme used on the World Wide Web. HTTP describes the way a
web-client requests data and how a web server responds to those requests. See
HTTP Request Smuggling: HTTP
Request Smuggling works by taking advantage of the discrepancies in parsing when
one or more HTTP devices/entities (e.g. cache server, proxy server, web
application firewall, etc.) are in the data flow between the user and the web
server. HTTP Request Smuggling enables various attacks � web
cache poisoning, session
scripting as well as the ability to bypass web application firewall
protection. The attacker sends multiple specially-crafted HTTP requests that
cause the two attacked entities (e.g. a proxy server and a web server, or a
firewall and a web server) to see two different sets of requests, allowing the
hacker to smuggle a request to one device without the other device being aware
HTTP Response Smuggling: HTTP
response smuggling is an enhancement of the basic HTTP
response splitting technique, which can evade anti- HTTP response splitting
measures. HTTP response smuggling makes use of HTTP
request smuggling-like techniques to exploit the discrepancies between what
an anti- HTTP Response Splitting mechanism would consider to be the HTTP
response stream, and the response stream as parsed by a proxy server (or a
browser). So, while an anti- HTTP response splitting mechanism may consider a
particular response stream harmless (single HTTP response), a proxy/browser may
still parse it as two HTTP responses, and hence be susceptible to all the
outcomes of the original HTTP response splitting technique. For example, some
anti- HTTP response splitting mechanisms in use by some application engines
forbid the application from inserting a header containing CR+LF to the response.
Yet an attacker can force the application to insert a header containing CRs,
thereby circumventing the defense mechanism. Some proxy servers may still treat
CR (only) as a header (and response) separator, and as such the combination of
web server and proxy server will still be vulnerable to an attack that may
poison the proxy's cache.
HTTP Response Splitting: An
HTTP response splitting attack causes the web server to send out two HTTP
responses, where it typically only sends out one HTTP response (hence the name -
"response splitting"). This can be described as HTTP response injection, and is
typically conducted by injecting malicious data into an HTTP response header,
and using CR+LF characters to shape and terminate the first response, and then
completely shape and control the additional response. Having this second,
"unexpected" response enables the attacker to fool a client that receives this
extra response by forcing this client to first emit a second request. The client
then matches the second, attacker-controlled response to the second,
attacker-controlled request. The net result (looking at the second
request-response pair) is that the client is forced to send an arbitrary request
to the vulnerable server, and in response, the client receives an arbitrary
response crafted by the attacker. This condition enables cross-site
scripting and cache
Information Leakage: When
a web site reveals sensitive data, such as developer comments or error messages,
which aids an attacker in exploiting the system. See also Verbose
Insufficient Authentication: When
a web site permits an attacker to access sensitive content or functionality
without verifying their identity. See also Authentication.
Insufficient Authorization: When
a web site permits an attacker to access sensitive content or functionality that
should require increased access control restrictions. See also Authorization.
Insufficient Session Expiration: When
a web site permits an attacker to reuse old session credentials or session IDs
for authorization. See also Session
Insufficient Process Validation: When
a web site permits an attacker to bypass or circumvent the intended flow control
of an application.
Java: A popular
programming language developed by Sun Microsystems(tm). See also ActiveX
Java Applets: An
applet is a program written in the Java programming language that can be
included in a web page. When a Java enabled web browser views a page containing
an applet, the code is executed by the Java Virtual Machine (JVM). See also Web
popular web browser client-side scripting language used to create dynamic web
page content. See also Active
Known CGI file: See
Known Directory: See
LDAP Injection: A
technique for exploiting a web site by altering backend LDAP statements through
manipulating application input. Similarly to the methodology of SQL Injection.
See also Parameter
Meta-Character Injection: An
attack technique used to exploit web sites by sending in meta-characters, which
have special meaning to a web application, as data input. Meta-characters are
characters that have special meaning to programming languages, operating system
commands, individual program procedures, database queries, etc. These special
characters can adversely alter the behavior of a web application. See also Null
Null Injection: An
exploitation technique used to bypass sanity checking filters by adding URL
encoded null-byte characters to user-supplied data. When developers create web
applications in a variety of programming languages, these web applications often
pass data to underlying lower level C-functions for further processing and
functionality. If a user-supplied string contains a null character (\0), the web
application may stop processing the string at the point of the null. Null
Injection is a form of a meta-character Injection attack. See also Encoding
Tampering, Meta Character Injection.
OS Command Injection: See
OS Commanding: An
attack technique used to exploit web sites by executing operating-system
commands through manipulating application input. See also Parameter
Page Sequencing: (Obsolete)
Parameter Tampering: Altering
or modification of the parameter name and value pairs in a URL. Also known as
URL Manipulation. See also Uniform
Password Recovery System: An
automated process that allows a user to recover or reset his password in the
event that it has been lost or forgotten. See also Weak
Password Recovery Validation.
Predictable File Location: A
technique used to access hidden web site content or functionality by making
educated guesses, manually or automatically, of the names and locations of
files. Predictable file locations may include directories, CGIs, configuration
files, backup files, temporary files, etc.
Secure Sockets Layer: (Acronym
SSL) An industry standard public-key protocol used to create encrypted tunnels
between two network-connected devices. See also Transport
Session Credential: A
string of data provided by the web server, normally stored within a cookie or
URL, which identifies a user and authorizes them to perform various actions. See
Session Fixation: An
attack technique that forces a users session credential or session ID to an
explicit value. See also Session
Session Forging: See
Session Hi-Jacking: The
result of a users session being compromised by an attacker. The attacker could
reuse this stolen session to masquerade as the user. See also Session
Session ID: A string
of data provided by the web server, normally stored within a cookie or URL. A
Session ID tracks a users session, or perhaps just his current session, as he
traverse the web site.
Session Manipulation: An
attack technique used to hi-jack another users session by altering a session ID
or session credential value. See also Session
Session Prediction: An
attack technique used to create fraudulent session credentials or guess other
users current session IDs. If successful, an attacker could reuse this stolen
session to masquerade as another user. See also Session
Session Replay: When
a web site permits an attacker to reuse old session credentials or session IDs
for authorization. See also Session
Session Tampering: See
SQL Injection: An
attack technique used to exploit web sites by altering backend SQL statements
through manipulating application input. See also Parameter
SSI Injection: A
server-side exploit technique that allows an attacker to send code into a web
application, which will be executed by the web server. See also "Meta-Character
Transport Layer Security: (Acronym
TLS) The more secure successor to SSL. The TLS protocol provides
communications privacy over the Internet. The protocol allows client/server
applications to communicate in a way that is designed to prevent eavesdropping,
tampering, or message forgery. TLS is based on the SSL protocol, but the two
systems are not interoperable. See also Secure
Universal Resource Locator: (Acronym
URL) A standard way of specifying the location of an object, normally a web
page, on the Internet. See also Parameter
Unvalidated Input: When
a web application does not properly sanity-check user-supplied data input.
URL Manipulation: Altering
or modification of a web applications parameter name and value pairs. Also known
User-Agent Manipulation: A
technique used to bypass web site browser requirement restrictions by altering
the value sent within an HTTP User-Agent header. See also Cookie
Verbose Messages: Detailed
pieces of information revealed by a web site, which could aid an attacker in
exploiting the system.
Visual Verification: Visual
oriented method of anti-automation that prevents automated programs from
exercising web site functionality by determining if there is presence of mind.
See also Anti-Automation.
Weak Password Recovery Validation: When
a web site permits an attacker to illegally obtain, change or recover another
users password. See also Password
Web Application: A
software application, executed by a web server, which responds to dynamic web
page requests over HTTP. See also Web
Web Application Scanner: See
Application Vulnerability Scanner.
Web Application Security: Science
of information security relating to the World Wide Web, HTTP and web application
software. Also known as Web
Web Application Firewall: An
intermediary device, sitting between a web-client and a web server, analyzing
OSI Layer-7 messages for violations in the programmed security policy. A web
application firewall is used as a security device protecting the web server from
attack. See also Web
Application Security, Web
Web Application Vulnerability Scanner: An
automated security program that searches for software vulnerabilities within web
applications. See also Web
Web Browser: A
program used to display HyperText markup language (HTML) web pages sent by a web
server. See also ActiveX
Web (or browser) cache poisoning: The
act of adding/overwriting a cache entry (of a caching proxy server, or a
browser) with forged and possibly malicious data is called cache poisoning. In
its most potent form, an attacker can force an arbitrary entry (URL of choice,
page contents of choice) to the cache. In HTTP response splitting [LINK], the
attacker can choose the URL's path and query (the host, port and scheme must be
the vulnerable host's), and the entire page contents. In HTTP request smuggling,
the attacker can choose URL as in HTTP response splitting, but the page contents
must be obtained from a URL on the site. At any rate, cache poisoning can be
considered a form of defacement, whose scope is determined by the coverage of
the cache (i.e. browser - 1 user, forward proxy - 1 ISP/organization, reverse
proxy - all users), and the strength of the attack (full page control over /index.html
vs. partial control).
Web Security: See Web
Web Security Assessment: A
process of performing a security review of a web application by searching for
design flaws, vulnerabilities and inherent weaknesses. See also Web
Web Security Scanner: See
Application Vulnerability Scanner.
Web Server: A
general-purpose software application that handles and responds to HTTP requests.
A web server may utilize a web application for dynamic web page content. See
Web Service: A
software application that uses Extensible Markup Language (XML) formatted
messages to communicate over HTTP. Typically, software applications interact
with web services rather than normal users. See also Web
Glossary of Security Terms - A
Access Control ensures that resources are only granted to those users who are
entitled to them.
Access Control List (ACL)
A mechanism that implements access control for a system resource by listing the
identities of the system entities that are permitted to access the resource.
Access Control Service
A security service that provides protection of system resources against
unauthorized access. The two basic mechanisms for implementing this service are
ACLs and tickets.
Access Management Access
Management is the maintenance of access information which consists of four
tasks: account administration, maintenance, monitoring, and revocation.
An Access Matrix uses rows to represent subjects and columns to represent
objects with privileges listed in each cell.
Account Harvesting is the process of collecting all the legitimate account names
on a system.
ACK piggybacking is the practice of sending an ACK inside another packet going
to the same destination.
Program code embedded in the contents of a web page. When the page is accessed
by a web browser, the embedded code is automatically downloaded and executed on
the user's workstation. Ex. Java, ActiveX (MS)
Activity monitors aim to prevent virus infection by monitoring for malicious
activity on a system, and blocking that activity when possible.
Address Resolution Protocol (ARP)
Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol
address to a physical machine address that is recognized in the local network. A
table, usually called the ARP cache, is used to maintain a correlation between
each MAC address and its corresponding IP address. ARP provides the protocol
rules for making this correlation and providing address conversion in both
Advanced Encryption Standard (AES)
An encryption standard being developed by NIST. Intended to specify an
unclassified, publicly-disclosed, symmetric encryption algorithm.
A finite set of step-by-step instructions for a problem-solving or computation
procedure, especially one that can be implemented by a computer.
Java programs; an application program that uses the client's web browser to
provide a user interface.
Advanced Research Projects Agency Network, a pioneer packet-switched network
that was built in the early 1970s under contract to the US Government, led to
the development of today's Internet, and was decommissioned in June 1990.
Public-key cryptography; A modern branch of cryptography in which the algorithms
employ a pair of keys (a public key and a private key) and use a different
component of the pair for different steps of the algorithm.
Asymmetric warfare is the fact that a small investment, properly leveraged, can
yield incredible results.
Auditing is the information gathering and analysis of assets to ensure such
things as policy compliance and security from vulnerabilities.
Authentication is the process of confirming the correctness of the claimed
Authenticity is the validity and conformance of the original information.
Authorization is the approval, permission, or empowerment for someone or
something to do something.
One network or series of networks that are all under one administrative control.
An autonomous system is also sometimes referred to as a routing domain. An
autonomous system is assigned a globally unique number, sometimes called an
Autonomous System Number (ASN).
Availability is the need to ensure that the business purpose of the system can
be met and that it is accessible to those who need to use it.
Glossary of Security Terms - B
A backdoor is a tool installed after a compromise to give an attacker easier
access to the compromised system around any security mechanisms that are in
Commonly used to mean the capacity of a communication channel to pass data
through the channel in a given amount of time. Usually expressed in bits per
A banner is the information that is displayed to a remote user trying to connect
to a service. This may include version information, system information, or a
warning about authorized use.
Basic Authentication is the simplest web-based authentication scheme that works
by sending the username and password with each request.
A bastion host has been hardened in anticipation of vulnerabilities that have
not been discovered yet.
BIND stands for Berkeley Internet Name Domain and is an implementation of DNS.
DNS is used for domain name to IP address resolution.
Biometrics use physical characteristics of the users to determine access.
The smallest unit of information storage; a contraction of the term "binary
digit;" one of two symbolsั"0" (zero) and "1" (one) - that are used to represent
A block cipher encrypts one block of data at a time.
Boot Record Infector
A boot record infector is a piece of malware that inserts malicious code into
the boot sector of a disk.
Border Gateway Protocol (BGP)
An inter-autonomous system routing protocol. BGP is used to exchange routing
information for the Internet and is the protocol used between Internet service
A botnet is a large number of compromised computers that are used to create and
send spam or viruses or flood a network with messages as a denial of service
A product that connects a local area network (LAN) to another local area network
that uses the same protocol (for example, Ethernet or token ring).
British Standard 7799
A standard code of practice and provides guidance on how to secure an
information system. It includes the management framework, objectives, and
control requirements for information security management systems.
To simultaneously send the same message to multiple recipients. One host to all
hosts on network.
An address used to broadcast a datagram to all hosts on a given network using
UDP or ICMP protocol.
A client computer program that can retrieve and display information from servers
on the World Wide Web.
A cryptanalysis technique or other kind of attack method involving an exhaustive
procedure that tries all possibilities, one-by-one.
A buffer overflow occurs when a program or process tries to store more data in a
buffer (temporary data storage area) than it was intended to hold. Since buffers
are created to contain a finite amount of data, the extra information - which
has to go somewhere - can overflow into adjacent buffers, corrupting or
overwriting the valid data held in them.
Business Continuity Plan (BCP)
A Business Continuity Plan is the plan for emergency response, backup
operations, and post-disaster recovery steps that will ensure the availability
of critical resources and facilitate the continuity of operations in an
Business Impact Analysis (BIA)
A Business Impact Analysis determines what levels of impact to a system are
A fundamental unit of computer storage; the smallest addressable unit in a
computer's architecture. Usually holds one character of information and usually
means eight bits.
Glossary of Security Terms - C
Pronounced cash, a special high-speed storage mechanism. It can be either a
reserved section of main memory or an independent high-speed storage device. Two
types of caching are commonly used in personal computers: memory caching and
Cache Cramming is the technique of tricking a browser to run cached Java code
from the local disk, instead of the internet zone, so it runs with less
Malicious or misleading data from a remote name server is saved [cached] by
another name server. Typically used with DNS cache poisoning attacks.
Call Admission Control (CAC)
The inspection and control all inbound and outbound voice network activity by a
voice firewall based on user-defined policies.
A cell is a unit of data transmitted over an ATM network.
Certificate-Based Authentication is the use of SSL and certificates to
authenticate and encrypt HTTP traffic.
Common Gateway Interface. This mechanism is used by HTTP servers (web servers)
to pass parameters to executable scripts in order to generate responses
Chain of Custody
Chain of Custody is the important application of the Federal rules of evidence
and its handling.
Challenge-Handshake Authentication Protocol (CHAP)
The Challenge-Handshake Authentication Protocol uses a challenge/response
authentication mechanism where the response varies every challenge to prevent
A value that is computed by a function that is dependent on the contents of a
data object and is stored or transmitted together with the object, for the
purpose of detecting changes in the data.
A cryptographic algorithm for encryption and decryption.
Ciphertext is the encrypted form of the message being sent.
Circuit Switched Network
A circuit switched network is where a single continuous physical circuit
connected two endpoints where the route was immutable once set up.
A system entity that requests and uses a service provided by another system
entity, called a "server." In some cases, the server may itself be a client of
some other server.
Cold/Warm/Hot Disaster Recovery Site
* Hot site. It contains fully redundant hardware and software, with
telecommunications, telephone and utility connectivity to continue all primary
site operations. Failover occurs within minutes or hours, following a disaster.
Daily data synchronization usually occurs between the primary and hot site,
resulting in minimum or no data loss. Offsite data backup tapes might be
obtained and delivered to the hot site to help restore operations. Backup tapes
should be regularly tested to detect data corruption, malicious code and
environmental damage. A hot site is the most expensive option. * Warm site. It
contains partially redundant hardware and software, with telecommunications,
telephone and utility connectivity to continue some, but not all primary site
operations. Failover occurs within hours or days, following a disaster. Daily or
weekly data synchronization usually occurs between the primary and warm site,
resulting in minimum data loss. Offsite data backup tapes must be obtained and
delivered to the warm site to restore operations. A warm site is the second most
expensive option. * Cold site. Hardware is ordered, shipped and installed, and
software is loaded. Basic telecommunications, telephone and utility connectivity
might need turning on to continue some, but not all primary site operations.
Relocation occurs within weeks or longer, depending on hardware arrival time,
following a disaster. No data synchronization occurs between the primary and
cold site, and could result in significant data loss. Offsite data backup tapes
must be obtained and delivered to the cold site to restore operations. A cold
site is the least expensive option.
A collision occurs when multiple systems transmit simultaneously on the same
Competitive Intelligence is espionage using legal, or at least not obviously
Computer Emergency Response Team (CERT)
An organization that studies computer and network INFOSEC in order to provide
incident response services to victims of attacks, publish alerts concerning
vulnerabilities and threats, and offer other information to help improve
computer and network security.
A collection of host computers together with the sub-network or inter-network
through which they can exchange data.
Confidentiality is the need to ensure that information is disclosed only to
those who are authorized to view it.
Establish a known baseline condition and manage it.
Data exchanged between an HTTP server and a browser (a client of the server) to
store state information on the client side and retrieve it later for server use.
An HTTP server, when sending data to a client, may send along a cookie, which
the client retains after the HTTP connection closes. A server can use this
mechanism to maintain persistent client-side state information for HTTP-based
applications, retrieving the state information in later connections.
A threat action that undesirably alters system operation by adversely modifying
system functions or data.
Cost Benefit Analysis
A cost benefit analysis compares the cost of implementing countermeasures with
the value of the reduced risk.
Reactive methods used to prevent an exploit from successfully occurring once a
threat has been detected. Intrusion Prevention Systems (IPS) commonly employ
countermeasures to prevent intruders form gaining further access to a computer
network. Other counter measures are patches, access control lists and malware
Covert Channels are the means by which information can be communicated between
two parties in a covert fashion using normal system operations. For example by
changing the amount of hard drive space that is available on a file server can
be used to communicate information.
Cron is a Unix application that runs jobs for users and administrators at
scheduled times of the day.
A crossover cable reverses the pairs of cables at the other end and can be used
to connect devices directly together.
The mathematical science that deals with analysis of a cryptographic system in
order to gain knowledge needed to break or circumvent the protection that the
system is designed to provide. In other words, convert the cipher text to
plaintext without knowing the key.
Cryptographic Algorithm or Hash
An algorithm that employs the science of cryptography, including encryption
algorithms, cryptographic hash algorithms, digital signature algorithms, and key
Cut-Through is a method of switching where only the header of a packet is read
before it is forwarded to its destination.
Cyclic Redundancy Check (CRC)
Sometimes called "cyclic redundancy code." A type of checksum algorithm that is
not a cryptographic hash but is used to implement data integrity service where
accidental changes to data are expected.
Glossary of Security Terms - D
A program which is often started at the time the system boots and runs
continuously without intervention from any of the users on the system. The
daemon program forwards the requests to other programs (or processes) as
appropriate. The term daemon is a Unix term, though many other operating systems
provide support for daemons, though they're sometimes called other names.
Windows, for example, refers to daemons and System Agents and services.
Data Aggregation is the ability to get a more complete picture of the
information by analyzing several different types of records at once.
A Data Custodian is the entity currently using or manipulating the data, and
therefore, temporarily taking responsibility for the data.
Data Encryption Standard (DES)
A widely-used method of data encryption using a private (secret) key. There are
72,000,000,000,000,000 (72 quadrillion) or more possible encryption keys that
can be used. For each given message, the key is chosen at random from among this
enormous number of keys. Like other private key cryptographic methods, both the
sender and the receiver must know and use the same private key.
Data Mining is a technique used to analyze existing information, usually with
the intention of pursuing new avenues to pursue business.
A Data Owner is the entity having responsibility and authority for the data.
Data Warehousing is the consolidation of several previously independent
databases into one location.
Request for Comment 1594 says, "a self-contained, independent entity of data
carrying sufficient information to be routed from the source to the destination
computer without reliance on earlier exchanges between this source and
destination computer and the transporting network." The term has been generally
replaced by the term packet. Datagrams or packets are the message units that the
Internet Protocol deals with and that the Internet transports. A datagram or
packet needs to be self-contained without reliance on earlier exchanges because
there is no connection of fixed duration between the two communicating points as
there is, for example, in most voice telephone conversations. (This kind of
protocol is referred to as connectionless.)
The "Day Zero" or "Zero Day" is the day a new vulnerability is made known. In
some cases, a "zero day" exploit is referred to an exploit for which no patch is
available yet. ("day one"-> day at which the patch is made available).
Decapsulation is the process of stripping off one layer's headers and passing
the rest of the packet up to the next higher layer on the protocol stack.
Decryption is the process of transforming an encrypted message into its original
Defacement is the method of modifying the content of a website in such a way
that it becomes "vandalized" or embarrassing to the website owner.
Defense In-Depth is the approach of using multiple layers of security to guard
against failure of a single security component.
Demilitarized Zone (DMZ)
In computer security, in general a demilitarized zone (DMZ) or perimeter network
is a network area (a subnetwork) that sits between an organization's internal
network and an external network, usually the Internet. DMZ's help to enable the
layered security model in that they provide subnetwork segmentation based on
security requirements or policy. DMZ's provide either a transit mechanism from a
secure source to an insecure destination or from an insecure source to a more
secure destination. In some cases, a screened subnet which is used for servers
accessible from the outside is referred to as a DMZ.
Denial of Service
The prevention of authorized access to a system resource or the delaying of
system operations and functions.
An attack that tries all of the phrases or words in a dictionary, trying to
crack a password or key. A dictionary attack uses a predefined list of words
compared to a brute force attack that tries all possible combinations.
A key agreement algorithm published in 1976 by Whitfield Diffie and Martin
Hellman. Diffie-Hellman does key establishment, not encryption. However, the key
that it produces may be used for encryption, for further key management
operations, or for any other cryptography.
Digest Authentication allows a web client to compute MD5 hashes of the password
to prove it has the password.
A digital certificate is an electronic "credit card" that establishes your
credentials when doing business or other transactions on the Web. It is issued
by a certification authority. It contains your name, a serial number, expiration
dates, a copy of the certificate holder's public key (used for encrypting
messages and digital signatures), and the digital signature of the
certificate-issuing authority so that a recipient can verify that the
certificate is real.
A digital envelope is an encrypted message with the encrypted session key.
A digital signature is a hash of a message that uniquely identifies the sender
of the message and proves the message hasn't changed since transmission.
Digital Signature Algorithm (DSA)
An asymmetric cryptographic algorithm that produces a digital signature in the
form of a pair of large numbers. The signature is computed using rules and
parameters such that the identity of the signer and the integrity of the signed
data can be verified.
Digital Signature Standard (DSS)
The US Government standard that specifies the Digital Signature Algorithm (DSA),
which involves asymmetric cryptography.
The process of taking a binary program and deriving the source code from it.
Disaster Recovery Plan (DRP)
A Disaster Recovery Plan is the process of recovery of IT systems in the event
of a disruption or disaster.
Discretionary Access Control (DAC)
Discretionary Access Control consists of something the user can manage, such as
a document password.
A circumstance or event that interrupts or prevents the correct operation of
system services and functions.
Distance vectors measure the cost of routes to determine the best route to all
Distributed Scans are scans that use multiple source addresses to gather
A sphere of knowledge, or a collection of facts about some program entities or a
number of network points or addresses, identified by a name. On the Internet, a
domain consists of a set of network addresses. In the Internet's domain name
system, a domain is a name with which name server records are associated that
describe sub-domains or host. In Windows NT and Windows 2000, a domain is a set
of network resources (applications, printers, and so forth) for a group of
users. The user need only to log in to the domain to gain access to the
resources, which may be located on a number of different servers in the network.
Domain hijacking is an attack by which an attacker takes over a domain by first
blocking access to the domain's DNS server and then putting his own server up in
A domain name locates an organization or other entity on the Internet. For
example, the domain name "www.sans.org" locates an Internet address for "sans.org"
at Internet point 184.108.40.206 and a particular host server named "www". The "org"
part of the domain name reflects the purpose of the organization or entity (in
this example, "organization") and is called the top-level domain name. The
"sans" part of the domain name defines the organization or entity and together
with the top-level is called the second-level domain name.
Domain Name System (DNS)
The domain name system (DNS) is the way that Internet domain names are located
and translated into Internet Protocol addresses. A domain name is a meaningful
and easy-to-remember "handle" for an Internet address.
Due care ensures that a minimal level of protection is in place in accordance
with the best practice in the industry.
Due diligence is the requirement that organizations must develop and deploy a
protection plan to prevent fraud, abuse, and additional deploy a means to detect
them if they occur.
DumpSec is a security tool that dumps a variety of information about a system's
users, file system, registry, permissions, password policy, and services.
Dumpster Diving is obtaining passwords and corporate directories by searching
through discarded media.
Dynamic Link Library
A collection of small programs, any of which can be called when needed by a
larger program that is running in the computer. The small program that lets the
larger program communicate with a specific device such as a printer or scanner
is often packaged as a DLL program (usually referred to as a DLL file).
Dynamic Routing Protocol
Allows network devices to learn routes. Ex. RIP, EIGRP Dynamic routing occurs
when routers talk to adjacent routers, informing each other of what networks
each router is currently connected to. The routers must communicate using a
routing protocol, of which there are many to choose from. The process on the
router that is running the routing protocol, communicating with its neighbor
routers, is usually called a routing daemon. The routing daemon updates the
kernel's routing table with information it receives from neighbor routers.
Glossary of Security Terms - E
Eavesdropping is simply listening to a private conversation which may reveal
information which can provide access to a facility or network.
An echo reply is the response a machine that has received an echo request sends
An echo request is an ICMP message sent to a machine to determine if it is
online and how long traffic takes to get to it.
Filtering outbound traffic.
Gaining direct knowledge of communicated data by monitoring and resolving a
signal that is emitted by a system and that contains the data but is not
intended to communicate the data.
The inclusion of one data structure within another structure so that the first
data structure is hidden for the time being.
Cryptographic transformation of data (called "plaintext") into a form (called
"cipher text") that conceals the data's original meaning to prevent it from
being known or used.
Also called a transient port or a temporary port. Usually is on the client side.
It is set up when a client application wants to connect to a server and is
destroyed when the client application terminates. It has a number chosen at
random that is greater than 1023.
Escrow Passwords are passwords that are written down and stored in a secure
location (like a safe) that are used by emergency personnel when privileged
personnel are unavailable.
The most widely-installed LAN technology. Specified in a standard, IEEE 802.3,
an Ethernet LAN typically uses coaxial cable or special grades of twisted pair
wires. Devices are connected to the cable and compete for access using a CSMA/CD
An event is an observable occurrence in a system or network.
Exponential Backoff Algorithm
An exponential backoff algorithm is used to adjust TCP timeout values on the fly
so that network devices don't continue to timeout sending data over saturated
A threat action whereby sensitive data is directly released to an unauthorized
Extended ACLs (Cisco)
Extended ACLs are a more powerful form of Standard ACLs on Cisco routers. They
can make filtering decisions based on IP addresses (source or destination),
Ports (source or destination), protocols, and whether a session is established.
Extensible Authentication Protocol (EAP)
A framework that supports multiple, optional authentication mechanisms for PPP,
including clear-text passwords, challenge-response, and arbitrary dialog
Exterior Gateway Protocol (EGP)
A protocol which distributes routing information to the routers which connect
Glossary of Security Terms - F
False Rejects are when an authentication system fails to recognize a valid user.
Fast File System
The first major revision to the Unix file system, providing faster read access
and faster (delayed, asynchronous) write access through a disk cache and better
file system layout on disk. It uses inodes (pointers) and data blocks.
Protection method used by botnets consisting of a continuous and fast change of
the DNS records for a domain name through different IP addresses.
Fault Line Attacks
Fault Line Attacks use weaknesses between interfaces of systems to exploit gaps
File Transfer Protocol (FTP)
A TCP/IP protocol specifying the transfer of text or binary files across the
A filter is used to specify which packets will or will not be used. It can be
used in sniffers to determine which packets get displayed, or by firewalls to
determine which packets get blocked.
An inter-network router that selectively prevents the passage of data packets
according to a security policy. A filtering router may be used as a firewall or
part of a firewall. A router usually receives a packet from a network and
decides where to forward it on a second network. A filtering router does the
same, but first decides whether the packet should be forwarded at all, according
to some security policy. The policy is implemented by rules (packet filters)
loaded into the router.
A protocol to lookup user information on a given host. A Unix program that takes
an e-mail address as input and returns information about the user who owns that
e-mail address. On some systems, finger only reports whether the user is
currently logged on. Other systems return additional information, such as the
user's full name, address, and telephone number. Of course, the user must first
enter this information into the system. Many e-mail programs now have a finger
utility built into them.
Sending strange packets to a system in order to gauge how it responds to
determine the operating system.
A logical or physical discontinuity in a network to prevent unauthorized access
to data or resources.
An attack that attempts to cause a failure in (especially, in the security of) a
computer system or other data processing entity by providing more input than the
entity can process properly.
A forest is a set of Active Directory domains that replicate their databases
with each other.
A Fork Bomb works by using the fork() call to create a new process which is a
copy of the original. By doing this repeatedly, all available processes on the
machine can be taken up.
Form-Based Authentication uses forms on a webpage to ask a user to input
username and password information.
Forward lookup uses an Internet domain name to find an IP address
Forward Proxies are designed to be the server through which all requests are
The fragment offset field tells the sender where a particular fragment falls in
relation to other fragments in the original larger packet.
Fragment Overlap Attack
A TCP/IP Fragmentation Attack that is possible because IP allows packets to be
broken down into fragments for more efficient transport across various media.
The TCP packet (and its header) are carried in the IP packet. In this attack the
second fragment contains incorrect offset. When packet is reconstructed, the
port number will be overwritten.
The process of storing a data file in several "chunks" or fragments rather than
in a single contiguous sequence of bits in one place on the storage medium.
Data that is transmitted between network points as a unit complete with
addressing and necessary protocol control information. A frame is usually
transmitted serial bit by bit and contains a header field and a trailer field
that "frame" the data. (Some control frames contain no data.)
A type of duplex communications channel which carries data in both directions at
once. Refers to the transmission of data in two directions simultaneously.
Communications in which both sender and receiver can send at the same time.
Fully-Qualified Domain Name
A Fully-Qualified Domain Name is a server name with a hostname followed by the
full domain name.
The use of special regression testing tools to generate out-of-spec input for an
application in order to find security vulnerabilities. Also see "regression
Glossary of Security Terms - G
A network point that acts as an entrance to another network.
The gethostbyaddr DNS query is when the address of a machine is known and the
name is needed.
The gethostbyname DNS quest is when the name of a machine is known and the
address is needed.
GNU is a Unix-like operating system that comes with source code that can be
copied, modified, and redistributed. The GNU project was started in 1983 by
Richard Stallman and others, who formed the Free Software Foundation.
An Internet file sharing utility. Gnutella acts as a server for sharing files
while simultaneously acting as a client that searches for and downloads files
from other users.
Glossary of Security Terms - H
Hardening is the process of identifying and fixing vulnerabilities on a system.
An algorithm that computes a value based on a data object thereby mapping the
data object to a smaller data object.
(cryptographic) hash functions are used to generate a one way "check sum" for a
larger text, which is not trivially reversed. The result of this hash function
can be used to validate if a larger file has been altered, without having to
compare the larger files to each other. Frequently used hash functions are MD5
A header is the extra information in a packet that is needed for the protocol
stack to process the packet.
A form of active wiretapping in which the attacker seizes control of a
previously established communication association.
Programs that simulate one or more network services that you designate on your
computer's ports. An attacker assumes you're running vulnerable services that
can be used to break into the machine. A honey pot can be used to log access
attempts to those ports including the attacker's keystrokes. This could give you
advanced warning of a more concerted attack.
Automated system simulating a user browsing websites. The system is typically
configured to detect web sites which exploit vulnerabilities in the browser.
Also known as Honey Client.
A hop is each exchange with a gateway a packet takes on its way to the
Any computer that has full two-way access to other computers on the Internet. Or
a computer with a web server that serves the pages for one or more Web sites.
Host-based intrusion detection systems use information from the operating system
audit records to watch all operations occurring on the host that the intrusion
detection software has been installed upon. These operations are then compared
with a pre-defined security policy. This analysis of the audit trail imposes
potentially significant overhead requirements on the system because of the
increased amount of processing power which must be utilized by the intrusion
detection system. Depending on the size of the audit trail and the processing
ability of the system, the review of audit data could result in the loss of a
real-time analysis capability.
An HTTP Proxy is a server that acts as a middleman in the communication between
HTTP clients and servers.
When used in the first part of a URL (the part that precedes the colon and
specifies an access scheme or protocol), this term specifies the use of HTTP
enhanced by a security mechanism, which is usually SSL.
A hub is a network device that operates by repeating data that it receives on
one port to all the other ports. As a result, data transmitted by one host is
retransmitted to all other hosts on the hub.
A Hybrid Attack builds on the dictionary attack method by adding numerals and
symbols to dictionary words.
An application of cryptography that combines two or more encryption algorithms,
particularly a combination of symmetric and asymmetric encryption.
In hypertext or hypermedia, an information object (such as a word, a phrase, or
an image; usually highlighted by color or underscoring) that points (indicates
how to connect) to related information that is located elsewhere and can be
retrieved by activating the link.
Hypertext Markup Language (HTML)
The set of markup symbols or codes inserted in a file intended for display on a
World Wide Web browser page.
Hypertext Transfer Protocol (HTTP)
The protocol in the Internet Protocol (IP) family used to transport hypertext
documents across an internet.
Glossary of Security Terms - I
Identity is whom someone or what something is, for example, the name by which
something is known.
An incident as an adverse network event in an information system or network or
the threat of the occurrence of such an event.
Incident Handling is an action plan for dealing with intrusions, cyber-theft,
denial of service, fire, floods, and other security-related events. It is
comprised of a six step process: Preparation, Identification, Containment,
Eradication, Recovery, and Lessons Learned.
Incremental backups only backup the files that have been modified since the last
backup. If dump levels are used, incremental backups only backup files changed
since last backup of a lower dump level.
Inetd (or Internet Daemon) is an application that controls smaller internet
services like telnet, ftp, and POP.
Inference Attacks rely on the user to make logical connections between seemingly
unrelated pieces of information.
Information Warfare is the competition between offensive and defensive players
over information resources.
Ingress Filtering is filtering inbound traffic.
Input Validation Attacks
Input Validations Attacks are where an attacker intentionally sends unusual
input in the hopes of confusing an application.
Integrity is the need to ensure that information has not been changed
accidentally or deliberately, and that it is accurate and complete.
Integrity Star Property
In Integrity Star Property a user cannot read data of a lower integrity level
then their own.
A term to describe connecting multiple separate networks together.
Internet Control Message Protocol (ICMP)
An Internet Standard protocol that is used to report error conditions during IP
datagram processing and to exchange other information concerning the state of
the IP network.
Internet Engineering Task Force (IETF)
The body that defines standard Internet operating protocols such as TCP/IP. The
IETF is supervised by the Internet Society Internet Architecture Board (IAB).
IETF members are drawn from the Internet Society's individual and organization
Internet Message Access Protocol (IMAP)
A protocol that defines how a client should fetch mail from and return mail to a
mail server. IMAP is intended as a replacement for or extension to the Post
Office Protocol (POP). It is defined in RFC 1203 (v3) and RFC 2060 (v4).
Internet Protocol (IP)
The method or protocol by which data is sent from one computer to another on the
Internet Protocol Security (IPsec)
A developing standard for security at the network or packet processing layer of
A specification, approved by the IESG and published as an RFC, that is stable
and well-understood, is technically competent, has multiple, independent, and
interoperable implementations with substantial operational experience, enjoys
significant public support, and is recognizably useful in some or all parts of
An Interrupt is a signal that informs the OS that something has occurred.
A computer network, especially one based on Internet technology, that an
organization uses for its own internal, and usually private, purposes and that
is closed to outsiders.
A security management system for computers and networks. An IDS gathers and
analyzes information from various areas within a computer or a network to
identify possible security breaches, which include both intrusions (attacks from
outside the organization) and misuse (attacks from within the organization).
A computer's inter-network address that is assigned for use by the Internet
Protocol and other protocols. An IP version 4 address is written as a series of
four 8-bit numbers separated by periods.
A denial of service attack that sends a host more echo request ("ping") packets
than the protocol implementation can handle.
IP forwarding is an Operating System option that allows a host to act as a
router. A system that has more than 1 network interface card must have IP
forwarding turned on in order for the system to be able to act as a router.
The technique of supplying a false IP address.
International Organization for Standardization, a voluntary, non-treaty,
non-government organization, established in 1947, with voting members that are
designated standards bodies of participating nations and non-voting observer
An Issue-Specific Policy is intended to address specific needs within an
organization, such as a password policy.
International Telecommunications Union, Telecommunication Standardization Sector
(formerly "CCITT"), a United Nations treaty organization that is composed mainly
of postal, telephone, and telegraph authorities of the member countries and that
publishes standards called "Recommendations."
Glossary of Security Terms - J
Jitter or Noise is the modification of fields in a database while preserving the
aggregate characteristics of that make the database useful in the first place.
A Jump Bag is a container that has all the items necessary to respond to an
incident inside to help mitigate the effects of delayed reactions.
Glossary of Security Terms - K
A system developed at the Massachusetts Institute of Technology that depends on
passwords and symmetric cryptography (DES) to implement ticket-based, peer
entity authentication service and access control service distributed in a
client-server network environment.
The essential center of a computer operating system, the core that provides
basic services for all other parts of the operating system. A synonym is
nucleus. A kernel can be contrasted with a shell, the outermost part of an
operating system that interacts with user commands. Kernel and shell are terms
used more frequently in Unix and some other operating systems than in IBM
Glossary of Security Terms - L
Lattice Techniques use security designations to determine access to information.
Layer 2 Forwarding Protocol (L2F)
An Internet protocol (originally developed by Cisco Corporation) that uses
tunneling of PPP over IP to create a virtual extension of a dial-up link across
a network, initiated by the dial-up server and transparent to the dial-up user.
Layer 2 Tunneling Protocol (L2TP)
An extension of the Point-to-Point Tunneling Protocol used by an Internet
service provider to enable the operation of a virtual private network over the
Least Privilege is the principle of allowing users or applications the least
amount of permissions necessary to perform their intended function.
Software to detect unprotected shares.
Lightweight Directory Access Protocol (LDAP)
A software protocol for enabling anyone to locate organizations, individuals,
and other resources such as files and devices in a network, whether on the
public Internet or on a corporate Intranet.
With link state, routes maintain information about all routers and
router-to-router links within a geographic area, and creates a table of best
routes with that information.
List Based Access Control
List Based Access Control associates a list of users and their privileges with
Loadable Kernel Modules (LKM)
Loadable Kernel Modules allow for the adding of additional functionality
directly into the kernel while the system is running.
Log clipping is the selective removal of log entries from a system log to hide a
Logic bombs are programs or snippets of code that execute when a certain
predefined event occurs. Logic bombs may also be set to go off on a certain date
or when a specified set of circumstances occurs.
A logic gate is an elementary building block of a digital circuit. Most logic
gates have two inputs and one output. As digital circuits can only understand
binary, inputs and outputs can assume only one of two states, 0 or 1.
The loopback address (127.0.0.1) is a pseudo IP address that always refer back
to the local host and are never sent out onto a network.
Glossary of Security Terms - M
A physical address; a numeric value that uniquely identifies that network device
from every other device on the planet.
Software (e.g., Trojan horse) that appears to perform a useful or desirable
function, but actually gains unauthorized access to system resources or tricks a
user into executing other malicious logic.
A generic term for a number of different types of malicious code.
Mandatory Access Control (MAC)
Mandatory Access Control controls is where the system controls access to
resources based on classification levels assigned to both the objects and the
users. These controls cannot be changed by anyone.
A type of attack in which one system entity illegitimately poses as (assumes the
identity of) another entity.
A one way cryptographic hash function. Also see "hash functions" and "sha1"
Measures of Effectiveness (MOE)
Measures of Effectiveness is a probability model based on engineering concepts
that allows one to approximate the impact a give action will have on an
environment. In Information warfare it is the ability to attack or defend within
an Internet environment.
Monoculture is the case where a large number of users run the same software, and
are vulnerable to the same attacks.
A worm program written by Robert T. Morris, Jr. that flooded the ARPANET in
November, 1988, causing problems for thousands of hosts.
Broadcasting from one host to a given set of hosts.
You are "multi-homed" if your network is directly connected to two or more
To combine multiple signals from possibly disparate sources, in order to
transmit them over a single path.
Glossary of Security Terms - N
Network Address Translation. It is used to share one or a small number of
publicly routable IP addresses among a larger number of hosts. The hosts are
assigned private IP addresses, which are then "translated" into one of the
publicly routed IP addresses. Typically home or small business networks use NAT
to share a single DLS or Cable modem IP address. However, in some cases NAT is
used for servers as an additional layer of protection.
National Institute of Standards and Technology (NIST)
National Institute of Standards and Technology, a unit of the US Commerce
Department. Formerly known as the National Bureau of Standards, NIST promotes
and maintains measurement standards. It also has active programs for encouraging
and assisting industry and science to develop and use these standards.
Any "act of God" (e.g., fire, flood, earthquake, lightning, or wind) that
disables a system component.
32-bit number indicating the range of IP addresses residing on a single IP
network/subnet/supernet. This specification displays network masks as
hexadecimal numbers. For example, the network mask for a class C IP network is
displayed as 0xffffff00. Such a mask is often displayed elsewhere in the
literature as 255.255.255.0.
Network Address Translation
The translation of an Internet Protocol address used within one network to a
different IP address known within another network. One network is designated the
inside network and the other is the outside.
To compile an electronic inventory of the systems and the services on your
Network taps are hardware devices that hook directly onto the network cable and
send a copy of the traffic that passes through it to one or more other networked
A network-based IDS system monitors the traffic on its network segment as a data
source. This is generally accomplished by placing the network interface card in
promiscuous mode to capture all network traffic that crosses its network
segment. Network traffic on other segments, and traffic on other means of
communication (like phone lines) can't be monitored. Network-based IDS involves
looking at the packets on the network as they pass by some sensor. The sensor
can only see the packets that happen to be carried on the network segment it's
attached to. Packets are considered to be of interest if they match a
signature.Network-based intrusion detection passively monitors network activity
for indications of attacks. Network monitoring offers several advantages over
traditional host-based intrusion detection systems. Because many intrusions
occur over networks at some point, and because networks are increasingly
becoming the targets of attack, these techniques are an excellent method of
detecting many attacks which may be missed by host-based intrusion detection
A character that doesn't have a corresponding character letter to its
corresponding ASCII code. Examples would be the Linefeed, which is ASCII
character code 10 decimal, the Carriage Return, which is 13 decimal, or the bell
sound, which is decimal 7. On a PC, you can often add non-printable characters
by holding down the Alt key, and typing in the decimal value (i.e., Alt-007 gets
you a bell). There are other character encoding schemes, but ASCII is the most
Non-repudiation is the ability for a system to prove that a specific user and
only that specific user sent a message and that it hasn't been modified.
Known as Anonymous Logon, it is a way of letting an anonymous user retrieve
information such as user names and shares over the network or connect without
authentication. It is used by applications such as explorer.exe to enumerate
shares on remote servers.
Glossary of Security Terms - O
A sequence of eight bits. An octet is an eight-bit byte.
Irreversible transformation of plaintext to cipher text, such that the plaintext
cannot be recovered from the cipher text by other than exhaustive procedures
even if the cryptographic key is known.
A (mathematical) function, f, which is easy to compute the output based on a
given input. However given only the output value it is impossible (except for a
brute force attack) to figure out what the input value is.
Open Shortest Path First (OSPF)
Open Shortest Path First is a link state routing algorithm used in interior
gateway routing. Routers maintain a database of all routers in the autonomous
system with links between the routers, link costs, and link states (up and
OSI (Open Systems Interconnection) is a standard description or "reference
model" for how messages should be transmitted between any two points in a
telecommunication network. Its purpose is to guide product implementers so that
their products will consistently work with other products. The reference model
defines seven layers of functions that take place at each end of a
communication. Although OSI is not always strictly adhered to in terms of
keeping related functions together in a well-defined layer, many if not most
products involved in telecommunication make an attempt to describe themselves in
relation to the OSI model. It is also valuable as a single reference view of
communication that furnishes everyone a common ground for education and
The main idea in OSI is that the process of communication between two end points
in a telecommunication network can be divided into layers, with each layer
adding its own set of special, related functions. Each communicating user or
program is at a computer equipped with these seven layers of function. So, in a
given message between users, there will be a flow of data through each layer at
one end down through the layers in that computer and, at the other end, when the
message arrives, another flow of data up through the layers in the receiving
computer and ultimately to the end user or program. The actual programming and
hardware that furnishes these seven layers of function is usually a combination
of the computer operating system, applications (such as your Web browser),
TCP/IP or alternative transport and network protocols, and the software and
hardware that enable you to put a signal on one of the lines attached to your
computer. OSI divides telecommunication into seven layers. The layers are in two
groups. The upper four layers are used whenever a message passes from or to a
user. The lower three layers (up to the network layer) are used when any message
passes through the host computer or router. Messages intended for this computer
pass to the upper layers. Messages destined for some other host are not passed
up to the upper layers but are forwarded to another host. The seven layers are:
Layer 7: The application layer...This is the layer at which communication
partners are identified, quality of service is identified, user authentication
and privacy are considered, and any constraints on data syntax are identified.
(This layer is not the application itself, although some applications may
perform application layer functions.) Layer 6: The presentation layer...This is
a layer, usually part of an operating system, that converts incoming and
outgoing data from one presentation format to another (for example, from a text
stream into a popup window with the newly arrived text). Sometimes called the
syntax layer. Layer 5: The session layer...This layer sets up, coordinates, and
terminates conversations, exchanges, and dialogs between the applications at
each end. It deals with session and connection coordination. Layer 4: The
transport layer...This layer manages the end-to-end control (for example,
determining whether all packets have arrived) and error-checking. It ensures
complete data transfer. Layer 3: The network layer...This layer handles the
routing of the data (sending it in the right direction to the right destination
on outgoing transmissions and receiving incoming transmissions at the packet
level). The network layer does routing and forwarding. Layer 2: The data-link
layer...This layer provides synchronization for the physical level and does
bit-stuffing for strings of 1's in excess of 5. It furnishes transmission
protocol knowledge and management. Layer 1: The physical layer...This layer
conveys the bit stream through the network at the electrical and mechanical
level. It provides the hardware means of sending and receiving data on a
Hindrance of system operation by placing excess burden on the performance
capabilities of a system component.
Glossary of Security Terms - R
A race condition exploits the small window of time between a security control
being applied and when the service is used.
Radiation monitoring is the process of receiving images, data, or audio from an
unprotected source by listening to radiation signals.
Reconnaissance is the phase of an attack where an attackers finds new systems,
maps out networks, and probes for specific, exploitable vulnerabilities.
Reflexive ACLs (Cisco)
Reflexive ACLs for Cisco routers are a step towards making the router act like a
stateful firewall. The router will make filtering decisions based on whether
connections are a part of established traffic or not.
The Registry in Windows operating systems in the central set of settings and
information required to run the Windows computer.
The use of scripted tests which are used to test software for all possible input
is should expect. Typically developers will create a set of regression tests
that are executed before a new version of a software is released. Also see "fuzzing".
Request for Comment (RFC)
A series of notes about the Internet, started in 1969 (when the Internet was the
ARPANET). An Internet Document can be submitted to the IETF by anyone, but the
IETF decides if the document becomes an RFC. Eventually, if it gains enough
interest, it may evolve into an Internet standard.
Resource exhaustion attacks involve tying up finite resources on a system,
making them unavailable to others.
A response is information sent that is responding to some stimulus.
Reverse Address Resolution Protocol (RARP)
RARP (Reverse Address Resolution Protocol) is a protocol by which a physical
machine in a local area network can request to learn its IP address from a
gateway server's Address Resolution Protocol table or cache. A network
administrator creates a table in a local area network's gateway router that maps
the physical machine (or Media Access Control - MAC address) addresses to
corresponding Internet Protocol addresses. When a new machine is set up, its
RARP client program requests from the RARP server on the router to be sent its
IP address. Assuming that an entry has been set up in the router table, the RARP
server will return the IP address to the machine which can store it for future
Acquiring sensitive data by disassembling and analyzing the design of a system
Find out the hostname that corresponds to a particular IP address. Reverse
lookup uses an IP (Internet Protocol) address to find a domain name.
Reverse proxies take public HTTP requests and pass them to back-end webservers
to send the content to it, so the proxy can then send the content to the
Risk is the product of the level of threat with the level of vulnerability. It
establishes the likelihood of a successful attack.
A Risk Assessment is the process by which risks are identified and the impact of
those risks determined.
Avoiding risk even if this leads to the loss of opportunity. For example, using
a (more expensive) phone call vs. sending an e-mail in order to avoid risks
associated with e-mail may be considered "Risk Averse"
An algorithm for asymmetric cryptography, invented in 1977 by Ron Rivest, Adi
Shamir, and Leonard Adleman.
Role Based Access Control
Role based access control assigns users to roles based on their organizational
functions and determines authorization based on those roles.
Root is the name of the administrator account in Unix systems.
A collection of tools (programs) that a hacker uses to mask intrusion and obtain
administrator-level access to a computer or computer network.
Routers interconnect logical networks by forwarding information to other
networks based upon IP addresses.
Routing Information Protocol (RIP)
Routing Information Protocol is a distance vector protocol used for interior
gateway routing which uses hop count as the sole metric of a path's cost.
A routing loop is where two or more poorly configured routers repeatedly
exchange the same packet over and over.
RPC scans determine which RPC services are running on a machine.
Rule Set Based Access Control (RSBAC)
Rule Set Based Access Control targets actions based on rules for entities
operating on objects.
Glossary of Security Terms - S
A security mechanism that uses a cryptographic hash function to generate a
sequence of 64-bit, one-time passwords for remote user login. The client
generates a one-time password by applying the MD4 cryptographic hash function
multiple times to the user's secret key. For each successive authentication of
the user, the number of hash applications is reduced by one.
Safety is the need to ensure that the people involved with the company,
including employees, customers, and visitors, are protected from harm.
Searching through data residue in a system to gain unauthorized knowledge of
Secure Electronic Transactions (SET)
Secure Electronic Transactions is a protocol developed for credit card
transactions in which all parties (customers, merchant, and bank) are
authenticated using digital signatures, encryption protects the message and
provides integrity, and provides end-to-end security for credit card
Secure Shell (SSH)
A program to log into another computer over a network, to execute commands in a
remote machine, and to move files from one machine to another.
Secure Sockets Layer (SSL)
A protocol developed by Netscape for transmitting private documents via the
Internet. SSL works by using a public key to encrypt data that's transferred
over the SSL connection.
A set of rules and practices that specify or regulate how a system or
organization provides security services to protect sensitive and critical system
Segment is another name for TCP packets.
Sensitive information, as defined by the federal government, is any unclassified
information that, if compromised, could adversely affect the national interest
or conduct of federal initiatives.
Separation of Duties
Separation of duties is the principle of splitting privileges among multiple
individuals or systems.
A system entity that provides a service in response to requests from other
system entities called clients.
A session is a virtual connection between two hosts by which network traffic is
Take over a session that someone else has established.
In the context of symmetric encryption, a key that is temporary or is used for a
relatively short period of time. Usually, a session key is used for a defined
period of communication between two computers, such as for the duration of a
single connection or transaction set, or the key is used in an application that
protects relatively large amounts of data and, therefore, needs to be re-keyed
A one way cryptographic hash function. Also see "MD5"
Shadow Password Files
A system file in which encryption user password are stored so that they aren't
available to people who try to break into the system.
A share is a resource made public on a machine, such as a directory (file share)
or printer (printer share).
A Unix term for the interactive user interface with an operating system. The
shell is the layer of programming that understands and executes the commands a
user enters. In some systems, the shell is called a command interpreter. A shell
usually implies an interface with a command syntax (think of the DOS operating
system and its "C:>" prompts and user commands such as "dir" and "edit").
Gaining indirect knowledge of communicated data by monitoring and analyzing a
signal that is emitted by a system and that contains the data but is not
intended to communicate the data.
A Signature is a distinct pattern in network traffic that can be identified to a
specific tool or exploit.
Simple Integrity Property
In Simple Integrity Property a user cannot write data to a higher integrity
level than their own.
Simple Network Management Protocol (SNMP)
The protocol governing network management and the monitoring of network devices
and their functions. A set of protocols for managing complex networks.
Simple Security Property
In Simple Security Property a user cannot read data of a higher classification
than their own.
A smartcard is an electronic badge that includes a magnetic strip or chip that
can record and replay a set key.
The Smurf attack works by spoofing the target address and sending a ping to the
broadcast address for a remote network, which results in a large amount of ping
replies being sent to the target.
A sniffer is a tool that monitors network traffic as it received in a network
A synonym for "passive wiretapping."
A euphemism for non-technical or low-technology means - such as lies,
impersonation, tricks, bribes, blackmail, and threats - used to attack
The socket tells a host's IP stack where to plug in a data stream so that it
connects to the right application.
A way to uniquely specify a connection, i.e., source IP address, source port,
destination IP address, destination port.
A protocol that a proxy server can use to accept requests from client users in a
company's network so that it can forward them across the Internet. SOCKS uses
sockets to represent and keep track of individual connections. The client side
of SOCKS is built into certain Web browsers and the server side can be added to
a proxy server.
Computer programs (which are stored in and executed by computer hardware) and
associated data (which also is stored in the hardware) that may be dynamically
written or modified during execution.
The port that a host uses to connect to a server. It is usually a number greater
than or equal to 1024. It is randomly generated and is different each time a
connection is made.
Electronic junk mail or junk newsgroup postings.
Configures the switch to behave like a hub for a specific port.
Split horizon is a algorithm for avoiding problems caused by including routes in
updates sent to the gateway from which they were learned.
A cryptographic key that is divided into two or more separate data items that
individually convey no knowledge of the whole key that results from combining
Attempt by an unauthorized entity to gain access to a system by posing as an
SQL injection is a type of input validation attack specific to database-driven
applications where SQL code is inserted into application queries to manipulate
Stack mashing is the technique of using a buffer overflow to trick a computer
into executing arbitrary code.
Standard ACLs (Cisco)
Standard ACLs on Cisco routers make packet filtering decisions based on Source
IP address only.
In Star Property, a user cannot write data to a lower classification level
without logging in at that lower classification level.
A system that moves through a series of progressive conditions.
Also referred to as dynamic packet filtering. Stateful inspection is a firewall
architecture that works at the network layer. Unlike static packet filtering,
which examines a packet based on the information in its header, stateful
inspection examines not just the header information but also the contents of the
packet up through the application layer in order to determine more about the
packet than just information about its source and destination.
Static Host Tables
Static host tables are text files that contain hostname and address mapping.
Static routing means that routing table entries contain information that does
Stealthing is a term that refers to approaches used by malicious code to conceal
its presence on the infected system.
Steganalysis is the process of detecting and defeating the use of steganography.
Methods of hiding the existence of a message or other data. This is different
than cryptography, which hides the meaning of a message but does not hide the
message itself. An example of a steganographic method is "invisible" ink.
Stimulus is network traffic that initiates a connection or solicits a response.
Store-and-Forward is a method of switching where the entire packet is read by a
switch to determine if it is intact before forwarding it.
A straight-through cable is where the pins on one side of the connector are
wired to the same pins on the other end. It is used for interconnecting nodes on
A stream cipher works by encryption a message a single bit, byte, or computer
word at a time.
Strong Star Property
In Strong Star Property, a user cannot write data to higher or lower
classifications levels than their own.
A separately identifiable part of a larger network that typically represents a
certain limited number of host computers, the hosts in a building or geographic
area, or the hosts on an individual local area network.
A subnet mask (or number) is used to determine the number of bits used for the
subnet and host portions of the address. The mask is a 32-bit value that uses
one-bits for the network and subnet portions and zero-bits for the host portion.
A switch is a networking device that keeps track of MAC addresses attached to
each of its ports so that data is only transmitted on the ports that are the
intended recipient of the data.
A communications network, such as the public switched telephone network, in
which any user may be connected to any other user through the use of message,
circuit, or packet switching and control devices. Any network providing switched
Special files which point at another file.
A branch of cryptography involving algorithms that use the same key for two
different steps of the algorithm (such as encryption and decryption, or
signature creation and signature verification). Symmetric cryptography is
sometimes called "secret-key cryptography" (versus public-key cryptography)
because the entities that share the key.
A cryptographic key that is used in a symmetric cryptographic algorithm.
A denial of service attack that sends a host more TCP SYN packets (request to
synchronize sequence numbers, used when opening a connection) than the protocol
implementation can handle.
Synchronization is the signal made up of a distinctive pattern of bits that
network hardware looks for to signal that start of a frame.
Syslog is the system logging facility for Unix systems.
System Security Officer (SSO)
A person responsible for enforcement or administration of the security policy
that applies to the system.
A System-specific policy is a policy written for a specific system or device.
Glossary of Security Terms - T
A digital circuit using TDM (Time-Division Multiplexing).
To deliberately alter a system's logic, data, or control information to cause
the system to perform unauthorized functions or services.
TCP fingerprinting is the user of odd packet header combinations to determine a
remote operating system.
TCP Full Open Scan
TCP Full Open scans check each port by performing a full three-way handshake on
each port to determine if it was open.
TCP Half Open Scan
TCP Half Open scans work by performing the first half of a three-way handshake
to determine if a port is open.
A software package which can be used to restrict access to certain network
services based on the source of the connection; a simple tool to monitor and
control incoming network traffic.
A synonym for "Internet Protocol Suite;" in which the Transmission Control
Protocol and the Internet Protocol are important parts. TCP/IP is the basic
communication language or protocol of the Internet. It can also be used as a
communications protocol in a private network (either an Intranet or an
TCPDump is a freeware protocol analyzer for Unix that can monitor network
traffic on a wire.
A TCP-based, application-layer, Internet Standard protocol for remote login from
one host to another.
A potential for violation of security, which exists when there is a
circumstance, capability, action, or event that could breach security and cause
A threat assessment is the identification of types of threats that an
organization might be exposed to.
A threat model is used to describe a given threat and the harm it could to do a
system if it has a vulnerability.
The method a threat uses to get to the target.
Time to Live
A value in an Internet Protocol packet that tells a network router whether or
not the packet has been in the network too long and should be discarded.
Tiny Fragment Attack
With many IP implementations it is possible to impose an unusually small
fragment size on outgoing packets. If the fragment size is made small enough to
force some of a TCP packet's TCP header fields into the second fragment, filter
rules that specify patterns for those fields will not match. If the filtering
implementation does not enforce a minimum fragment size, a disallowed packet
might be passed because it didn't hit a match in the filter. STD 5, RFC 791
states: Every Internet module must be able to forward a datagram of 68 octets
without further fragmentation. This is because an Internet header may be up to
60 octets, and the minimum fragment is 8 octets.
A token ring network is a local area network in which all computers are
connected in a ring or star topology and a binary digit or token-passing scheme
is used in order to prevent the collision of data between two computers that
want to send messages at the same time.
Token-Based Access Control
Token based access control associates a list of objects and their privileges
with each user. (The opposite of list based.)
A token-based device is triggered by the time of day, so every minute the
password changes, requiring the user to have the token with them when they log
The geometric arrangement of a computer system. Common topologies include a bus,
star, and ring. The specific physical, i.e., real, or logical, i.e., virtual,
arrangement of the elements of a network. Note 1: Two networks have the same
topology if the connection configuration is the same, although the networks may
differ in physical interconnections, distances between nodes, transmission
rates, and/or signal types. Note 2: The common types of network topology are
Traceroute is a tool the maps the route a packet takes from the local machine to
a remote destination.
Transmission Control Protocol (TCP)
A set of rules (protocol) used along with the Internet Protocol to send data in
the form of message units between computers over the Internet. While IP takes
care of handling the actual delivery of the data, TCP takes care of keeping
track of the individual units of data (called packets) that a message is divided
into for efficient routing through the Internet. Whereas the IP protocol deals
only with packets, TCP enables two hosts to establish a connection and exchange
streams of data. TCP guarantees delivery of data and also guarantees that
packets will be delivered in the same order in which they were sent.
Transport Layer Security (TLS)
A protocol that ensures privacy between communicating applications and their
users on the Internet. When a server and client communicate, TLS ensures that no
third party may eavesdrop or tamper with any message. TLS is the successor to
the Secure Sockets Layer.
A block cipher, based on DES, that transforms each 64-bit plaintext block by
applying the Data Encryption Algorithm three successive times, using either two
or three different keys, for an effective key length of 112 or 168 bits.
S/MIME usage: data that has been signed with a digital signature, and then
encrypted, and then signed again.
A computer program that appears to have a useful function, but also has a hidden
and potentially malicious function that evades security mechanisms, sometimes by
exploiting legitimate authorizations of a system entity that invokes the
Trunking is connecting switched together so that they can share VLAN information
Trust determine which permissions and what actions other systems or users can
perform on remote machines.
Trusted ports are ports below number 1024 usually allowed to be opened by the
A communication channel created in a computer network by encapsulating a
communication protocol's data packets in (on top of) a second protocol that
normally would be carried above, or at the same layer as, the first one. Most
often, a tunnel is a logical point-to-point link - i.e., an OSI layer 2
connection - created by encapsulating the layer 2 protocol in a transport
protocol (such as TCP), in a network or inter-network layer protocol (such as
IP), or in another link layer protocol. Tunneling can move data between
computers that use a protocol not supported by the network connecting them.
Glossary of Security Terms - U
UDP scans perform scans to determine which UDP ports are open.
Broadcasting from host to host.
Uniform Resource Identifier (URI)
The generic term for all types of names and addresses that refer to objects on
the World Wide Web.
Uniform Resource Locator (URL)
The global address of documents and other resources on the World Wide Web. The
first part of the address indicates what protocol to use, and the second part
specifies the IP address or the domain name where the resource is located. For
example, http://www.pcwebopedia.com/index.html .
A popular multi-user, multitasking operating system developed at Bell Labs in
the early 1970s. Created by just a handful of programmers, Unix was designed to
be a small, flexible system used exclusively by programmers.
In Windows terminology, a "share" is a mechanism that allows a user to connect
to file systems and printers on other systems. An "unprotected share" is one
that allows anyone to connect to it.
A person, organization entity, or automated process that accesses a system,
whether authorized to do so or not.
User Contingency Plan
User contingency plan is the alternative methods of continuing business
operations if IT systems are unavailable.
User Datagram Protocol (UDP)
A communications protocol that, like TCP, runs on top of IP networks. Unlike
TCP/IP, UDP/IP provides very few error recovery services, offering instead a
direct way to send and receive datagrams over an IP network. It's used primarily
for broadcasting messages over a network. UDP uses the Internet Protocol to get
a datagram from one computer to another but does not divide a message into
packets (datagrams) and reassemble it at the other end. Specifically, UDP
doesn't provide sequencing of the packets that the data arrives in.
Glossary of Security Terms - V
Virtual Private Network (VPN)
A restricted-use, logical (i.e., artificial or simulated) computer network that
is constructed from the system resources of a relatively public, physical (i.e.,
real) network (such as the Internet), often by using encryption (located at
hosts or gateways), and often by tunneling links of the virtual network across
the real network. For example, if a corporation has LANs at several different
sites, each connected to the Internet by a firewall, the corporation could
create a VPN by (a) using encrypted tunnels to connect from firewall to firewall
across the Internet and (b) not allowing any other traffic through the
firewalls. A VPN is generally less expensive to build and operate than a
dedicated real network, because the virtual network shares the cost of system
resources with other users of the real network.
A hidden, self-replicating section of computer software, usually malicious
logic, that propagates by infecting - i.e., inserting a copy of itself into and
becoming part of - another program. A virus cannot run by itself; it requires
that its host program be run to make the virus active.
A physical discontinuity in a voice network that monitors, alerts and controls
inbound and outbound voice network activity based on user-defined call admission
control (CAC) policies, voice application layer security threats or unauthorized
service use violations.
Voice Intrusion Prevention System (IPS)
Voice IPS is a security management system for voice networks which monitors
voice traffic for multiple calling patterns or attack/abuse signatures to
proactively detect and prevent toll fraud, Denial of Service, telecom attacks,
service abuse, and other anomalous activity.
Glossary of Security Terms - W
War chalking is marking areas, usually on sidewalks with chalk, that receive
wireless signals that can be accessed.
A computer program that automatically dials a series of telephone numbers to
find lines connected to computer systems, and catalogs those numbers so that a
cracker can try to break into the systems.
War dialing is a simple means of trying to identify modems in a telephone
exchange that may be susceptible to compromise in an attempt to circumvent
War driving is the process of traveling around looking for wireless access point
signals that can be used to get network access.
Web of Trust
A web of trust is the trust that naturally evolves as a user starts to trust
other's signatures, and the signatures that they trust.
A software process that runs on a host computer connected to the Internet to
respond to HTTP requests for documents from client web browsers.
An IP for finding information about resources on networks.
A windowing system is a system for sharing a computer's graphical display
presentation resources among multiple applications at the same time. In a
computer that has a graphical user interface (GUI), you may want to use a number
of applications at the same time (this is called task). Using a separate window
for each application, you can interact with each application and go from one
application to another without having to reinitiate it. Having different
information or activities in multiple windows may also make it easier for you to
do your work. A windowing system uses a window manager to keep track of where
each window is located on the display screen and its size and status. A
windowing system doesn't just manage the windows but also other forms of
graphical user interface entities.
Windump is a freeware tool for Windows that is a protocol analyzer that can
monitor network traffic on a wire.
Wired Equivalent Privacy (WEP)
A security protocol for wireless local area networks defined in the standard
Wireless Application Protocol
A specification for a set of communication protocols to standardize the way that
wireless devices, such as cellular telephones and radio transceivers, can be
used for Internet access, including e-mail, the World Wide Web, newsgroups, and
Internet Relay Chat.
Monitoring and recording data that is flowing between two points in a
World Wide Web ("the Web", WWW, W3)
The global, hypermedia-based collection of information and services that is
available on Internet servers and is accessed by browsers using Hypertext
Transfer Protocol and other information retrieval mechanisms.
A computer program that can run independently, can propagate a complete working
version of itself onto other hosts on a network, and may consume computer
Glossary of Security Terms - Z
The "Day Zero" or "Zero Day" is the day a new vulnerability is made known. In
some cases, a "zero day" exploit is referred to an exploit for which no patch is
available yet. ("day one" - day at which the patch is made available).
A zero-day (or zero-hour or day zero) attack or threat is a computer threat that
tries to exploit computer application vulnerabilities that are unknown to others
or undisclosed to the software developer. Zero-day exploits (actual code that
can use a security hole to carry out an attack) are used or shared by attackers
before the software developer knows about the vulnerability.
A zombie computer (often shortened as zombie) is a computer connected to the
Internet that has been compromised by a hacker, a computer virus, or a trojan
horse. Generally, a compromised machine is only one of many in a botnet, and
will be used to perform malicious tasks of one sort or another under remote
direction. Most owners of zombie computers are unaware that their system is
being used in this way. Because the owner tends to be unaware, these computers
are metaphorically compared to zombies
Developed by Webmaster Abbas Shahid Baqir
Webmaster Feedback: firstname.lastname@example.org
Reserved Copyright, 2010-2020 Student Shelter In Computers