Also referred to as 3DES, a mode of the DES encryption algorithm that encrypts data three times. Three 64-bit keys are used, instead of one, for an overall key length of 192 bits (the first encryption is encrypted with second key, and the resulting cipher text is again encrypted with a third key).
Short for access control list, a set of data that informs a computer's operating system which permissions, or access rights, that each user or group has to a specific system object, such as a directory or file. Each object has a unique security attribute that identifies which users have access to it, and the ACL is a list of each object and user access privileges such as read, write or execute.
Short for Advanced Encryption Standard, a symmetric 128-bit block data encryption technique developed by Belgian cryptographers Joan Daemen and Vincent Rijmen. The U.S government adopted the algorithm as its encryption technique in October 2000, replacing the DES encryption it used. AES works at multiple network layers simultaneously. The National Institute of Standards and Technology (NIST) of the U.S. Department of Commerce selected the algorithm, called Rijndael (pronounced Rhine Dahl or Rain Doll), out of a group of five algorithms under consideration, including one called MARS from a large research team at IBM.
Arp Poison Routing (a Cain's feature that enables sniffing on switched LANs and Man-in-the-Middle attacks)
Address Resolution Protocol. The address resolution protocol (arp) is a protocol used by the Internet Protocol (IP), specifically IPv4, to map IP network addresses to the hardware addresses used by a data link protocol. The protocol operates below the network layer as a part of the interface between the OSI network and OSI link layer. It is used when IPv4 is used over Ethernet.
American Standard Code for Information Interchange. This is the defacto world-wide standard for the code numbers used by computers to represent all the upper and lower-case Latin letters, numbers, punctuation, etc. There are 128 standard ASCII codes each of which can be represented by a 7 digit binary number: 0000000 through 1111111.
A symmetric encryption algorithm designed by Bruce Schneier in 1993 as an alternative to existing encryption algorithms, such as DES. Blowfish is a 64-bit block cipher (i.e., a cryptographic key and algorithm are applied to a block of data rather than single bits) that uses a key length that can vary between 32 and 448 bits. Blowfish is available for free use by any, and the technology is unpatented and free of license.
A client is a program or host that uses the services of another program. The client is used to contact and obtain data or request a service from the server.
The most common meaning of \"Cookie\" on the Internet refers to a piece of information sent by a Web Server to a Web Browser that the Browser software is expected to save and to send back to the Server whenever the browser makes additional requests from the Server. Cookies might contain information such as login or registration information, online \"shopping cart\" information, user preferences, etc.
The study of a cryptographic system for the purpose of finding weaknesses in the system and breaking the code used to encrypt the data without knowing the code's key.
Short for Data Encryption Standard, a popular symmetric-key encryption method developed in 1975 and standardized by ANSI in 1981 as ANSI X.3.92. DES uses a 56-bit key and uses the block cipher method, which breaks text into 64-bit blocks and then encrypts them.
Short for Dynamic Host Configuration Protocol, a protocol for assigning dynamic IP addresses to devices on a network. With dynamic addressing, a device can have a different IP address every time it connects to the network. In some systems, the device's IP address can even change while it is still connected. DHCP also supports a mix of static and dynamic IP addresses.
Stands for \"Dynamic Link Library.\" A DLL (.dll) file contains a library of functions and other information that can be accessed by a Windows program. When a program is launched, links to the necessary .dll files are created. If a static link is created, the .dll files will be in use as long as the program is active. If a dynamic link is created, the .dll files will only be used when needed. Dynamic links help programs use resources, such as memory and hard drive space, more efficiently. DLL files can also be used by more than one program. In fact, they can even be used by multiple programs at the same time. Some DLLs come with the Windows operating system while others are added when new programs are installed. You typically don't want to open a .dll file directly, since the program that uses it will automatically load it if needed. Though DLL filenames usally end in \".dll,\" they can also end in .exe, .drv, and .fon, just to make things more confusing.
Domain Name System. The Domain Name System is the system that translates Internet domain names into IP numbers. A \"DNS Server\" is a server that performs this kind of translation.
Enhanced Interior Gateway Routing Protocol. A network protocol that lets routers exchange information more efficiently than with earlier network protocols. EIGRP evolved from IGRP (Interior Gateway Routing Protocol) and routers using either EIGRP and IGRP can interoperate because the metric (criteria used for selecting a route) used with one protocol can be translated into the metrics of the other protocol. EIGRP can be used not only for Internet Protocol (IP) networks but also for AppleTalk and Novell NetWare networks.
This is the coding or scrambling of information so that it can only be decoded and read by someone who has the correct decoding key. Encryption is used in secure Web sites as well as other mediums of data transfer. If a third party were to intercept the information you sent via an encrypted connection, they would not be able to read it.
Ethernet is the most common type of connection computers use in a local area network (LAN). An Ethernet port looks much like a regular phone jack, but it is slightly wider. This port can be used to connect your computer to another computer, a local network, or an external DSL or cable modem. Two widely-used forms of Ethernet are 10BaseT and 100BaseT. In a 10BaseT Ethernet connection, data transfer speeds can reach 10 mbps (megabits per second) through a copper cable. In a 100BaseT Ethernet connection, transfer speeds can get up to 100 mbps. There is also a new technology called \"Gigabit\" Ethernet, where data transfer rates peak at 1000 mbps. Now that's fast.
A combination of hardware and software that separates a Network into two or more parts for security purposes.
File Transfer Protocol. A very common method of moving files between two Internet sites.
The technical meaning is a hardware or software set-up that translates between two dissimilar protocols, for example America Online has a gateway that translates between its internal, proprietary e-mail format and Internet e-mail format. Another, sloppier meaning of gateway is to describe any mechanism for providing access to another system, e.g. AOL might be called a gateway to the Internet.
Abbreviated GUI (pronounced GOO-ee). A program interface that takes advantage of the computer's graphics capabilities to make the program easier to use. Well-designed graphical user interfaces can free the user from learning complex command languages. On the other hand, many users find that they work more effectively with a command-driven interface, especially if they already know the command language.
H.323 is a standard that specifies the components, protocols and procedures that provide multimedia communication services?real-time audio, video, and data communications?over packet networks, including Internet protocol (IP)?based networks. H.323 is part of a family of ITU—T recommendations called H.32x that provides multimedia communication services over a variety of networks.
A host is any computer directly connected to a network that acts as a repository for services (such as e-mail, Usenet newsgroups, FTP, or World Wide Web) available for other computers on the network.
Hot Standby Router Protocol. A proprietary protocol from Cisco. HSRP is a routing protocol that provides backup to a router in the event of failure. Using HSRP, several routers are connected to the same segment of an Ethernet, FDDI or token-ring network and work together to present the appearance of a single virtual router on the LAN. The routers share the same IP and MAC addresses, therefore in the event of failure of one router, the hosts on the LAN are able to continue forwarding packets to a consistent IP and MAC address. The process of transferring the routing responsibilities from one device to another is transparent to the user.
HyperText Markup Language. The coding language used to create Hypertext documents for use on the World Wide Web. HTML looks a lot like old-fashioned typesetting code, where you surround a block of text with codes that indicate how it should appear.
HyperText Transfer Protocol. The protocol for moving hypertextfiles across the Internet. Requires a HTTP client program on one end, and an HTTP server program on the other end. HTTP is the most important protocol used in the World Wide Web (WWW).
Hypertext Transer Protocol Secure. Used for encrypted communication between browsers and servers. All transmission of HTTP data are made with the SSL protocol.
This is a hardware device that is used to network multiple computers together. It is a central connection for all the computers in a network, which is usually Ethernet-based. Information sent to the hub can flow to any other computer on the network. If you need to connect more than two computers together, a hub will allow you to do so. If you only need to network two computers together, a simple crossover Ethernet cable will do the trick.
Short for Internet Control Message Protocol, an extension to the Internet Protocol (IP) defined by RFC 792. ICMP supports packets containing error, control, and informational messages. The PING command, for example, uses ICMP to test an Internet connection.
Abbreviation of Institute of Electrical and Electronics Engineers, pronounced I-triple-E. Founded in 1884 as the AIEE, the IEEE was formed in 1963 when AIEE merged with IRE. IEEE is an organization composed of engineers, scientists, and students. The IEEE is best known for developing standards for the computer and electronics industry. In particular, the IEEE 802 standards for local-area networks are widely followed.
Internet Message Access Protocol. IMAP is gradually replacing POP as the main protocol used by email clients in communicating with email servers. Using IMAP an email client program can not only retrieve email but can also manipulate message stored on the server, without having to actually retrieve the messages. So messages can be deleted, have their status changed, multiple mail boxes can be managed, etc. IMAP is defined in RFC 2060
An authentication system developed at the Massachusetts Institute of Technology (MIT). Kerberos is designed to enable two parties to exchange private information across an otherwise open network. It works by assigning a unique key, called a ticket, to each user that logs on to the network. The ticket is then embedded in messages to identify the sender of the message.
Local Area Network. A computer network limited to the immediate area, usually the same building or floor of a building.
Short for Lightweight Directory Access Protocol, a set of protocols for accessing information directories. LDAP is based on the standards contained within the X.500 standard, but is significantly simpler. And unlike X.500, LDAP supports TCP/IP, which is necessary for any type of Internet access. Because it's a simpler version of X.500, LDAP is sometimes called X.500-lite.
Short for Media Access Control address, a hardware address that uniquely identifies each node of a network. In IEEE 802 networks, the Data Link Control (DLC) layer of the OSI Reference Model is divided into two sublayers: the Logical Link Control (LLC) layer and the Media Access Control (MAC) layer. The MAC layer interfaces directly with the network medium. Consequently, each different type of network medium requires a different MAC layer.
A message-digest algorithm developed by RSA Laboratories used for creating unforgeable digital signatures. MD2 produces an 128-bit (16 byte) message digest.
A message-digest algorithm developed by RSA Laboratories used for creating unforgeable digital signatures. MD4 produces an 128-bit (16 byte) message digest.
A message-digest algorithm developed by RSA Laboratories used for creating unforgeable digital signatures. MD5 produces an 128-bit (16 byte) message digest.
Short for Multipurpose Internet Mail Extensions, a specification for formatting non-ASCII messages so that they can be sent over the Internet. Many e-mail clients now support MIME, which enables them to send and receive graphics, audio, and video files via the Internet mail system. In addition, MIME supports messages in character sets other than ASCII.
Short for Microsoft Network, Microsoft's online service. Like competing services such as America Online, MSN offers e-mail, topic-related forums, and full access to the World Wide Web.
Short for Network Driver Interface Specification, a Windows device driver interface that enables a single network interface card (NIC) to support multiple network protocols. For example, with NDIS a single NIC can support both TCP/IP and IPX connections. NDIS can also be used by some ISDN adapters.
Pronounced net-booey, NetBEUI is short for NetBios Extended User Interface. It is an enhanced version of the NetBIOS protocol used by network operating systems such as LAN Manager, LAN Server, Windows for Workgroups, Windows 95 and Windows NT. Netbeui was originally designed by IBM for their Lan Manager server and later extended by Microsoft and Novell.
Network News Transport Protocol. The protocol used by clientand server software to carry USENET postings back and forth over a TCP/IP network. If you are using any of the more common software such as Netscape, Internet Explorer, etc. to participate in newsgroups then you are benefiting from an NNTP connection.
Short for Open DataBase Connectivity, a standard database access method developed by the SQL Access group in 1992. The goal of ODBC is to make it possible to access any data from any application, regardless of which database management system (DBMS) is handling the data. ODBC manages this by inserting a middle layer, called a database driver , between an application and the DBMS. The purpose of this layer is to translate the application's data queries into commands that the DBMS understands.
Short for Open Shortest Path First, an interior gateway routing protocol developed for IP networks based on the shortest path first or link-state algorithm.
This is a small amount of computer data sent over a network. Any time you receive data from the Internet, it comes to your computer in the form of many little packets. Each packet contains the address of its origin and destination, and information that connects it to the related packets being sent. The process of sending and receiving packets is known as \"packet-switching.\" Packets from many different locations can be sent on the same lines and be sorted and directed to different routes by various computers along the way.
Abbreviated as PGP, a technique developed by Philip Zimmerman for encrypting messages. PGP is one of the most common ways to protect messages on the Internet because it is effective, easy to use, and free. PGP is based on the public-key method, which uses two keys -- one is a public key that you disseminate to anyone from whom you want to receive a message. The other is a private key that you use to decrypt messages that you receive.
Short for Post Office Protocol, a protocol used to retrieve e-mail from a mail server. Most e-mail applications (sometimes called an e-mail client) use the POP protocol, although some can use the newer IMAP (Internet Message Access Protocol).There are two versions of POP. The first, called POP2, became a standard in the mid-80's and requires SMTP to send messages. The newer version, POP3, can be used with or without SMTP.
On the Internet \"protocol\" usually refers to a set of rules that define an exact format for communication between systems. For example the HTTP protocol defines the format for communication between web browsers and web servers, the IMAP protocol defines the format for communication between IMAP email servers and clients, and the SSL protocol defines a format for encrypted communications over the Internet.
A Proxy Server sits in between a Client and the \"real\" Server that a Client is trying to use. Client's are sometimes configured to use a Proxy Server, usually an HTTP server. The clients makes all of it's requests from the Proxy Server, which then makes requests from the \"real\" server and passes the result back to the Client. Sometimes the Proxy server will store the results and give a stored result instead of making a new one (to reduce use of a Network). Proxy servers are commonly established on Local Area Networks
Short for Remote Authentication Dial-In User Service, an authentication and accounting system used by many Internet Service Providers (ISPs). When you dial in to the ISP you must enter your username and password. This information is passed to a RADIUS server, which checks that the information is correct, and then authorizes access to the ISP system.
a variable key-size stream cipher with byte-oriented operations. The algorithm is based on the use of a random permutation.
a parameterized algorithm with a variable block size, a variable key size, and a variable number of rounds. Allowable choices for the block size are 32 bits (for experimentation and evaluation purposes only), 64 bits (for use a drop-in replacement for DES), and 128 bits. The number of rounds can range from 0 to 255, while the key can range from 0 bits to 2040 bits in size. RC5 has three routines: key expansion, encryption, and decryption.
a block cipher based on RC5. RC6 is a parameterized algorithm where the block size, the key size, and the number of rounds are variable. The upper limit on the key size is 2040 bits. RC6 adds two features to RC5: the inclusion of integer multiplication and the use of four 4-bit working registers instead of RC5's two 2-bit registers.
Abbreviated as RIP, an interior gateway protocol defined by RFC 1058 that specifies how routers exchange routing table information. With RIP, routers periodically exchange entire tables. Because this is inefficient, RIP is gradually being replaced by a newer protocol called Open Shortest Path First (OSPF).
A special-purpose computer (or software package) that handles the connection between 2 or more Packet-Switched networks. Routers spend all their time looking at the source and destination addresses of the packets passing through them and deciding which route to send them on.
An public-key encryption technology developed by RSA Data Security, Inc. The acronym stands for Rivest, Shamir, and Adelman, the inventors of the technique. The RSA algorithm is based on the fact that there is no efficient way to factor very large numbers. Deducing an RSA key, therefore, requires an extraordinary amount of computer processing power and time.
Short for Real-Time Transport Protocol, an Internet protocol for transmitting real-time data such as audio and video. RTP itself does not guarantee real-time delivery of data, but it does provide mechanisms for the sending and receiving applications to support streaming data. Typically, RTP runs on top of the UDP protocol, although the specification is general enough to support other transport protocols.RTP has received wide industry support. Netscape intends to base its LiveMedia technology on RTP, and Microsoft claims that its NetMeeting product support RTP.
A chunk of information (often stored as a text file) that is used by the SSL protocol to establish a secure connection.
Secure Hash Algorithm 1, a message-digest algorithm developed by NIST the National Institute of Standards and Technology and NSA the National Security Agency. SHA-1 produces an 160-bit (20 byte) message digest used for creating unforgeable digital signatures. The algorithm is slower than MD5, but the message digest is larger, which makes it more resistant to brute force attacks, which choose messages at random in an attempt to generate the same message digest.
Short for security identifier, a security feature of the Windows NT and 2000 operating systems. The SID is a unique name (alphanumeric character string) that is used to identify an object, such as a user or a group of users in a network of NT/2000 systems.
Short for Server Message Block, a message format used by DOS and Windows to share files, directories and devices. NetBIOS is based on the SMB format, and many network products use SMB. These SMB-based networks include Lan Manager, Windows for Workgroups, Windows NT, and Lan Server. There are also a number of products that use SMB to enable file sharing among different operating system platforms. A product called Samba, for example, enables UNIX and Windows machines to share directories and files.
Simple Mail Transfer Protocol. The main protocol used to send electronic mail from server to server on the Internet. SMTP is defined in RFC 821 and modified by many later RFC's.
Sometimes called a packet sniffer or protocol sniffer. A tool that captures the data flowing on the network.
Simple Network Management Protocol. A set of standards for communication with devices connected to a TCP/IP network. Examples of these devices include routers, hubs, and switches. SNMP is defined in RFC 1089.
Abbreviation of structured query language, and pronounced either see-kwell or as separate letters. SQL is a standardized query language for requesting information from a database. The original version called SEQUEL (structured English query language) was designed by an IBM research center in 1974 and 1975. SQL was first introduced as a commercial database system in 1979 by Oracle Corporation.
Developed by SSH Communications Security Ltd., Secure Shell is a program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. It provides strong authentication and secure communications over insecure channels. It is a replacement for rlogin, rsh, rcp, and rdist.
Secure Socket Layer. A protocol designed by Netscape Communications to enable encrypted, authenticated communications across the Internet.
Single Sign On
Abbreviation of Transmission Control Protocol, and pronounced as separate letters. TCP is one of the main protocols in TCP/IP networks. Whereas the IP protocol deals only with packets, TCP enables two hosts to establish a connection and exchange streams of data. TCP guarantees delivery of data and also guarantees that packets will be delivered in the same order in which they were sent.
The command and program used to login from one Internet site to another. The telnet command/program gets you to the login: prompt of another host.
Abbreviation of Trivial File Transfer Protocol, a simple form of the File Transfer Protocol (FTP). TFTP uses the User Datagram Protocol (UDP)and provides no security features. It is often used by servers to boot diskless workstations, X-terminals, and routers.
User Datagram Protocol. One of the protocols for data transfer that is part of the TCP/IP suite of protocols. UDP is a \"stateless\" protocol in that UDP makes no provision for acknowledgement of packets received.
An acronym for Uniform Resource Locator, a URL is the address for a resource or site (usually a directory or file) on the World Wide Web and the convention that web browsers use for locating files and other remote services.
Short for virtual LAN, a network of computers that behave as if they are connected to the same wire even though they may actually be physically located on different segments of a LAN. VLANs are configured through software rather than hardware, which makes them extremely flexible. One of the biggest advantages of VLANs is that when a computer is physically moved to another location, it can stay on the same VLAN without any hardware reconfiguration.
Short for Voice over Internet Protocol, a category of hardware and software that enables people to use the Internet as the transmission medium for telephone calls by sending voice data in packets using IP rather than by traditional circuit transmissions of the PSTN. One advantage of VoIP is that the telephone calls over the Internet do not incur a surcharge beyond what the user is paying for Internet access, much in the same way that the user doesn't pay for sending individual e-mails over the Internet.
Virtual Private Network. Usually refers to a network in which some of the parts are connected using the public Internet, but the data sent across the Internet is encrypted, so the entire network is \"virtually\" private.
Short for Virtual Router Redundancy Protocol, an election protocol that dynamically assigns responsibility for one or more virtual router(s) to the VRRP router(s) on a LAN, allowing several routers on a multiaccess link to utilize the same virtual IP address. A VRRP router is configured to run the VRRP protocol in conjunction with one or more other routers attached to a LAN. In a VRRP setup, one router is elected as the master router with the other routers acting as backups in case of the failure of the master router.
Wide Area Network. Any internet or network that covers an area larger than a single building or campus.
WAV - A sound file format introduced in Windows 3.1 with the .wav file extension. Files with the .wav extension are digital representations of sound and typically take up a good deal of space to store (typically 50 MB for a 5-minute song). If you use software to rip files from an audio CD the result is usually stored in .wav format. Standard Windows sounds are still in .wav format.
Short for Wired Equivalent Privacy, a security protocol for wireless local area networks (WLANs) defined in the 802.11b standard. WEP is designed to provide the same level of security as that of a wired LAN. LANs are inherently more secure than WLANs because LANs are somewhat protected by the physicalities of their structure, having some or all part of the network inside a building that can be protected from unauthorized access. WLANs, which are over radio waves, do not have the same physical structure and therefore are more vulnerable to tampering. WEP aims to provide security by encrypting data over radio waves so that it is protected as it is transmitted from one end point to another. However, it has been found that WEP is not as secure as once believed. WEP is used at the two lowest layers of the OSI model - the data link and physical layers; it therefore does not offer end-to-end security.