Security Glossary

Buffer Overflow: A condition that occurs when a user or process attempts to place
more data into a program’s storage buffer in memory and then overwrites the actual
program data with instructions that typically provide a shell owned by root on the
server. Accounted for more than 50 percent of all major security bugs leading to
security advisories published by CERT. Typically associated with set-user-ID root
binaries.
Cryptography: The mathematical science that deals with transforming data to render
its meaning unintelligible, prevent its undetected alteration, or prevent its unauthorized
use.
Denial of Service: Occurs when a resource is targeted by an intruder to prevent
legitimate users from using that resource. They are a threat to the availability of data
to all others trying to use that resource. Range from unplugging the network connection
to consuming all the available network bandwidth.

IP Spoofing: An attack in which one host masquerades as another. This can be
used to route data destined for one host to antoher, thereby allowing attackers to
intercept data not originally intended for them. It is typically a one-way attack.
Port Scanning: The process of determining which ports are active on a machine. By
probing as many hosts as possible, means to exploit the ones that respond can be
developed. It is typically the precursor to an attack.
Packet Filtering: A method of filtering network traffic as it passes between the
firewall’s interfaces at the network level. The network data is then analyzed according
to the information available in the data packet, and access is granted or denied based
on the firewall security policy. Usually requires an intimate knowledge of how network
protocols work.
Proxy Gateway: Also called Application Gateways, act on behalf of another
program. A host with a proxy server installed becomes both a server and a client, and
acts as a choke between the final destination and the client. Proxy servers are typically
small, carefully-written single-purpose programs that only permit specific services to
pass through it. Typically combined with packet filters.
Set User-ID (setuid) / Set Group-ID (setgid): Files that everyone can execute as
either it's owner or group privileges. Typically, you'll find root-owned setuid files, which
means that regardless of who executes them, they obtain root permission for the
period of time the program is running (or until that program intentionally relinquishes
these privileges). These are the types of files that are most often attacked by intruders,
because of the potential for obtaining root privileges. Commonly associated with
buffer overflows.
Trojan Horse: A program that masquerades itself as a benign program, when in fact
it is not. A program can be modified by a malicious programmer that purports to do
something useful, but in fact contains a malicious program containing hidden functions,
exploiting the privileges of the user executing it. A modified version of /bin/ps, for
example, may be used to hide the presence of other programs running on the system.
Vulnerability: A condition that has the potential for allowing security to be
compromised. Many different types of network and local vulnerabilities exist and are
widely known, and frequently occur on computers regardless of their level of network
connectivity, processing speed, or profile