home

= = =**RESOURCES**=

Wikipedia enciclopedia Chris Davis Webopedia Personal Notes wiki space; http://csdmis6391.wikispaces.com

Welcome TO information security two factor - atm card w/pin code multi-factor - tokens, dongles, biometrics || = = = = =**Shields Up**=
 * data || raw facts and figures ||
 * PC || Personal Computer, generally running a version of Windows ||
 * CISO || Chief Information Security Officer ||
 * SS# || Sosial Security number ||
 * CC# || Credit Card number ||
 * privledges || access a user has to Read, Write, or Delete files on a system ||
 * SOP || Standard Operating Procedure ||
 * Systems Analysis || Solving a problem for a business with IT ||
 * IT || Information Technology ||
 * CIA || Confidentiality, Integrity, Availability ||
 * access control || physical limitations to access (doors, locks) ||
 * IBAC || Identity Based Access Control ||
 * RBAC || Role Based Access Control (group privileges) ||
 * Authentication examples || single factor - username & password
 * personal identifiers || things you're keep confidential ||
 * Integrity || info is correct (entered correctly, processed correctly, stored correctly, not modified without authorization. ||
 * Availability || Redundant systems, failsafe, can get info when and where it's needed ||
 * DOLLS || Diversity, Obscurity, Limiting, Layering, Simplicity ||
 * Diversity || Different password types, different authentication methods ||
 * Obscurity || Hide information: operating system, applications, internal addresses (NAT, PAT) ||
 * Limiting || Access (physical), RBAC/IBAC, privileges (root, read, write, modify, delete, places) ||
 * Layering || Multiple Obstacles ||
 * Simplicity || Usability, biometrics, management tools ||
 * Red Zone || Public Facing ||
 * Yellow Zone || Low Risk Business Tasks ||
 * Green Zone || High Risk Business Tasks ||
 * SMS || Short Message Service ||
 * **Shields Up** is an online [|port] scanning service created by [|Steve Gibson] of [|Gibson Research Corporation] and hosted at [|grc.com]. The purpose of this utility is to alert the users of any ports that have been opened through their [|firewalls] or through their [|NAT routers]. The utility can scan the most common [|file sharing] ports, as well as all [|service ports] (1-1056), and user defined ports, in sets of 64.

=Data= In [|computer science], **data** is anything in a form suitable for use with a [|computer].[|[][|1][|]] Data is often distinguished from [|programs]. A program is a set of [|instructions] that detail a task for the computer to perform. In this sense, data is thus everything that is not program [|code].[|[][|2][|]] In an alternate usage, [|binary files] (which are not [|human-readable]) are sometimes called "data" as distinguished from human-readable "[|text]".[|[][|3][|]] The total amount of digital data in 2007 was estimated to be 281 billion [|gigabytes] (= 281 [|exabytes]). = = =**The central processing unit (CPU)**= ====is the portion of a [|computer] system that carries out the instructions of a [|computer program], and is the primary element carrying out the computer's functions. The central processing unit carries out each [|instruction] of the program in sequence, to perform the basic arithmetical, logical, and input/output operations of the system. This term has been in use in the computer industry at least since the early 1960s. [|[][|1][|]] The form, design and implementation of CPUs have changed dramatically since the earliest examples, but their fundamental operation remains much the same.====



=BIOS=

In [|IBM PC Compatible] computers, the **basic input/output system (BIOS)**, also known as the **System BIOS**, is a [|de facto standard] defining a [|firmware] interface.[|[][|1][|]] Phoenix AwardBIOS CMOS ([|non-volatile memory]) Setup utility on a standard PC The BIOS of a PC software is built into the PC, and is the first code run by a [|PC] when powered on ('boot firmware'). The primary function of the BIOS is to load and start an [|operating system]. When the PC starts up, the first job for the BIOS is to initialize and identify system devices such as the [|video display card], keyboard and mouse, [|hard disk], CD/DVD drive and other hardware. The BIOS then locates software held on a peripheral device (designated as a 'boot device'), such as a hard disk or a CD, and loads and executes that software, giving it control of the PC.[|[][|2][|]] This process is known as //booting//, or booting up, which is short for [|bootstrapping].

=HTTP=

he **Hypertext Transfer Protocol** (**HTTP**) is a [|networking protocol] for distributed, collaborative, hypermedia information systems.[|[][|1][|]] HTTP is the foundation of data communication for the [|World Wide Web]. The standards development of HTTP has been coordinated by the [|Internet Engineering Task Force] (IETF) and the [|World Wide Web Consortium], culminating in the publication of a series of [|Requests for Comments] (RFCs), most notably [|RFC 2616] (June 1999), which defines HTTP/1.1, the version of HTTP in common use.

=SaaS=

SaaS was initially widely deployed for sales force automation and [|Customer Relationship Management] (CRM). Now it has become commonplace for many business tasks, including computerized billing, [|invoicing], [|human resource management], financials, [|content management], collaboration, document management, and service desk management
 * Software as a service** (**SaaS**, typically pronounced [sæs]), sometimes referred to as "software on demand," is software that is [|deployed] over the internet and/or is deployed to run behind a firewall on a local area network or personal computer. With SaaS, a [|provider] licenses an application to customers either as a [|service] on demand, through a subscription, in a "pay-as-you-go" model, or (increasingly) at no charge.
 * Advantages**
 * Pay per use
 * Instant scalability
 * Security
 * Reliability
 * APIs

=NIC=

A **network interface card** (**NIC**) is a hardware device that handles an [|interface] to a computer network and allows a network-capable device to access that network. The NIC has a [|ROM] chip that contains a unique number, the [|media access control (MAC) Address] burned into it. The MAC address identifies the device uniquely on the LAN. The NIC exists on the '[|Data Link Layer]' (Layer 2) of the [|OSI mode]

Purpose
A **network interface card**, **network adapter**, **network interface controller** (**NIC**), or **LAN adapter** is a [|computer hardware] component designed to allow computers to communicate over a [|computer network]. It is both an [|OSI layer] 1 ([|physical layer]) and layer 2 ([|data link layer]) device, as it provides physical access to a networking medium and provides a low-level addressing system through the use of [|MAC addresses]. It allows users to connect to each other either by using cables or wirelessly.



=USB= = = =**Flash memory**= is a [|non-volatile] [|computer storage] chip that can be electrically erased and reprogrammed. It should not be confused with flash drives or pen drives which are USB storage device based on flash memory. It is primarily used in [|memory cards], [|USB flash drives], MP3 players like Ipods of Apple, T.Sonic of Transcend and [|solid-state drives] for general storage and transfer of data between computers and other digital products. It is a specific type of [|EEPROM] (electrically erasable programmable read-only memory) that is erased and programmed in large blocks; in early flash the entire chip had to be erased at once. Flash memory costs far less than byte-programmable EEPROM and therefore has become the dominant technology wherever a significant amount of non-volatile, [|solid state] storage is needed. Example applications include [|PDAs] (personal digital assistants), laptop computers, [|digital audio players], [|digital cameras] and [|mobile phones]. It has also gained popularity in console video game hardware, where it is often used instead of EEPROMs or battery-powered [|static RAM] (SRAM) for game save data.
 * Universal Serial Bus** (**USB**) is a specification[|[][|1][|]] to establish communication between devices and a host controller (usually personal computers), developed and invented by [|Ajay Bhatt] while working for Intel.[|[][|2][|]][|[][|3][|]] USB has effectively replaced a variety of interfaces such as [|serial] and [|parallel ports]. USB can connect [|computer peripherals] such as [|mice], [|keyboards], [|digital cameras], [|printers], personal [|media players], [|flash drives], Network Adapters, and [|external hard drives]. For many of those devices, USB has become the standard connection method. USB was designed for [|personal computers], but it has become commonplace on other devices such as [|smartphones], [|PDAs] and [|video game consoles], and as a [|power cord]. As of 2008 [|[update]], there are about 2 billion USB devices sold per year, and approximately 6 billion total sold to date

=The **byte**= (pronounced [|/ˈbaɪt/] ), coined from //"bite"//, but respelled to avoid accidental mutation to //"bit"//, is a [|unit of digital information] in [|computing] and [|telecommunications]. It is an ordered collection of [|bits], in which each bit denotes the [|binary] value of 1 or 0. Historically, a byte was the number of bits (typically 5, 6, 7, 8, 9, 12, or 16) used to encode a single [|character] of text in a computer[|[][|1][|]][|[][|2][|]] and it is for this reason the basic [|addressable] element in many [|computer architectures]. The size of a byte is typically hardware dependent, but the modern [|//de facto// standard] is eight bits, as this is a convenient [|power of two]. Many types of applications use variables representable in eight or fewer bits, and processor designers optimize for this common usage. The byte size and byte addressing are often used in place of longer integers for size or speed optimizations in [|microcontrollers] and [|CPUs]. [|Floating point processors] and signal processing applications tend to operate on larger values and some [|digital signal processors] have 16 to 40 bits as the smallest unit of addressable storage. On such processors a byte may be defined to contain this number of bits.

= = =The **kilobyte**= is a multiple of the unit [|byte] for [|digital information]. The [|prefix] //[|kilo]// means 1000 in the [|International System of Units] (SI), therefore 1 kilobyte is 1000 bytes. The recommended unit symbol for the kilobyte is **kB** or **kbyte**.
 * ~ [|v] • [|d] • [|e]

Multiples of [|bytes] || (Symbol) ||~ Value ||^  ||~ Name (Symbol) ||~ Value || The kilobyte is often considered to be 1024 (210) bytes in some fields of [|computer science] and [|information technology].[|[][|1][|]][|[][|2][|]][|[][|3][|]] This use has been discouraged by the major standards organizations and a new prefix system was defined by the [|International Electrotechnical Commission], which defines the [|kibibyte] for this binary multiple and affirms the //kilobyte// as 1000 bytes. However, the new standard has not entered common usage, and has been actively resisted by some in the fields of computer science and information technology because of aesthetic objections to the new prefixes
 * ~ [|SI decimal prefixes] ||~ [|Binaryusage] ||||~ [|IEC] [|binary prefixes] ||
 * ~ Name
 * < **kilobyte** (kB) || 103 || 210 ||< [|kibibyte] (KiB) || 210 ||
 * < [|megabyte] (MB) || 106 || 220 ||< [|mebibyte] (MiB) || 220 ||
 * < [|gigabyte] (GB) || 109 || 230 ||< [|gibibyte] (GiB) || 230 ||
 * < [|terabyte] (TB) || 1012 || 240 ||< [|tebibyte] (TiB) || 240 ||
 * < [|petabyte] (PB) || 1015 || 250 ||< [|pebibyte] (PiB) || 250 ||
 * < [|exabyte] (EB) || 1018 || 260 ||< [|exbibyte] (EiB) || 260 ||
 * < [|zettabyte] (ZB) || 1021 || 270 ||< [|zebibyte] (ZiB) || 270 ||
 * < [|yottabyte] (YB) || 1024 || 280 ||< [|yobibyte] (YiB) || 280 ||
 * See also: [|Multiples of bits] **·** [|Orders of magnitude of data] ||

= = =A **hard disk drive**= (//hard disk//,[|[][|3][|]] //hard drive//,[|[][|4][|]] HDD) is a [|non-volatile storage] device for digital data. It features one or more rotating [|rigid platters] on a motor-driven [|spindle] within a metal case. Data is encoded magnetically by read/write heads that float on a cushion of air above the platters. Hard disk manufacturers quote disk capacity in [|SI]-standard powers of 1000, wherein a is 1000 gigabytes and a gigabyte is 1000 megabytes. With [|file systems] that report capacity in powers of 1024, available space appears somewhat [|less] than advertised capacity.

The first HDD was invented by [|IBM] in 1956. They have fallen in cost and physical size over the years while dramatically increasing capacity. Hard disk drives have been the dominant device for [|secondary storage] of data in [|general purpose computers] since the early 1960s.[|[][|5][|]] They have maintained this position because advances in their areal recording density have kept pace with the requirements for secondary storage.[|[][|5][|]] Form factors have also evolved over time from large standalone boxes to today's [|desktop] systems mainly with standardized 3.5-inch form factor drives, and [|mobile] systems mainly using 2.5-inch drives. Today's HDDs operate on high-speed serial interfaces, i.e., [|Serial ATA] (SATA) or [|Serial attached SCSI] (SAS).



=**CD-ROM**= (pronounced [|/ˌsiːˌdiːˈrɒm/], an [|acronym] of "compact disc [|read-only memory]") is a pre-pressed [|compact disc] that contains [|data] accessible to, but not writable by, a computer for data storage and music playback, the 1985 developed by [|Sony] and [|Philips] adapted the format to hold any form of [|binary data].[|[][|2][|]] CD-ROMs are popularly used to distribute computer [|software], including games and multimedia applications, though any data can be stored (up to the capacity limit of a disc). Some CDs hold both computer data and audio with the latter capable of being played on a [|CD player], while data (such as software or digital video) is only usable on a computer (such as [|ISO 9660] format PC CD-ROMs). These are called [|enhanced CDs].

= = = = =A **computer worm**= is a self-replicating [|malware] [|computer program]. It uses a [|computer network] to send copies of itself to other nodes (computers on the network) and it may do so without any user intervention. This is due to security shortcomings on the target computer. Unlike a [|virus], it does not need to attach itself to an existing program. Worms almost always cause at least some harm to the network, if only by consuming [|bandwidth], whereas viruses almost always corrupt or modify files on a targeted computer. = = =ADMINISTRATOR ACCOUNT=

On many computer [|operating systems], the **superuser**, or **root**, is a special [|user account] used for [|system administration]. Separation of administrative privileges from normal user privileges makes an operating system more resistant to [|viruses] and other [|malware]. Additionally, in organizations, administrative privileges are often reserved for authorized individuals in order to control abuse, misuse, or other undesired activities by end-users.

In [|Windows NT] and later systems derived from it ([|Windows 2000], [|Windows XP], [|Windows Server 2003] and [|Windows Vista]/[|7]), there may or may not be a //superuser//. By default, there is a //superuser// named **Administrator**, although it is not an exact analogue of the [|Unix] **root** superuser account. **Administrator** does not have all the privileges of **root** because some superuser privileges are assigned to the **Local System** account in [|Windows NT]. In [|Windows Vista] or later, you can use [|User Account Control] to run a process with elevated privileges (for example, by right-clicking (Windows 2000 users must hold the SHIFT key while right-clicking) on the program and selecting //Run as administrator//). In earlier version of Windows, the command //runas// fulfills this task (see [|Microsoft's documentation for runas] for more details). In The Windows vista and later OSes the superuser account is disabled by default and the UAC acts similar to the UNIX like SUDO command, however the The Superuser Account is enabled and logged in all tasks are ran as root.

=**User Account Control** (**UAC**)= is a technology and security infrastructure introduced with [|Microsoft]'s [|Windows Vista] and [|Windows Server 2008] [|operating systems], with a more refined[|[][|1][|]] version also present in [|Windows 7] and [|Windows Server 2008 R2]. It aims to improve the security of [|Microsoft Windows] by limiting [|application software] to standard user privileges until an [|administrator] authorizes an increase or elevation. In this way, only applications trusted by the user may receive administrative privileges, and [|malware] should be kept from compromising the operating system. In other words, a user account may have administrator privileges assigned to it, but applications that the user runs do not inherit those privileges unless they are approved beforehand or the user explicitly authorizes it. To reduce the possibility of lower-privilege applications communicating with higher-privilege ones, another new technology, [|User Interface Privilege Isolation] is used in conjunction with User Account Control to isolate these processes from each other.[|[][|2][|]] One prominent use of this is [|Internet Explorer 7]'s "Protected Mode".

=A **cryptographic hash function**= is a [|deterministic procedure] that takes an arbitrary block of [|data] and returns a fixed-size [|bit] string, the (**cryptographic**) **hash value**, such that an accidental or intentional change to the data will change the hash value. The data to be encoded is often called the "message", and the hash value is sometimes called the **message digest** or simply **digest**. The ideal cryptographic hash function has four main or significant properties: Cryptographic hash functions have many [|information security] applications, notably in [|digital signatures], [|message authentication codes] (MACs), and other forms of [|authentication]. They can also be used as ordinary [|hash functions], to index data in [|hash tables], for [|fingerprinting], to detect duplicate data or uniquely identify files, and as [|checksums] to detect accidental data corruption. Indeed, in information security contexts, cryptographic hash values are sometimes called (**digital**) **fingerprints**, **checksums**, or just **hash values**, even though all these terms stand for functions with rather different properties and purposes.
 * it is easy to compute the hash value for any given message,
 * it is [|infeasible] to find a message that has a given hash,
 * it is [|infeasible] to modify a message without changing its hash,
 * it is [|infeasible] to find two different messages with the same hash.

Most cryptographic hash functions are designed to take a [|string] of any length as input and produce a fixed-length hash value. A cryptographic hash function must be able to withstand all known [|types of cryptanalytic attack]. As a minimum, it must have the following properties: =A **computer virus**= is a [|computer program] that can copy itself[|[][|1][|]] and infect a computer. The term "virus" is also commonly but erroneously used to refer to other types of [|malware], including but not limited to [|adware] and [|spyware] programs that do not have the reproductive ability. A true virus can spread from one computer to another (in some form of executable [|code]) when its host is taken to the target computer; for instance because a user sent it over a network or the Internet, or carried it on a removable medium such as a [|floppy disk], [|CD], [|DVD], or [|USB drive].[|[][|2][|]] Viruses can increase their chances of spreading to other computers by infecting files on a [|network file system] or a file system that is accessed by another computer.
 * //Preimage resistance//Given a hash [[image:http://upload.wikimedia.org/math/7/c/4/7c4073ca34bcc95361750a3f1fddc7a8.png caption="h,"]] it should be hard to find any message [[image:http://upload.wikimedia.org/math/7/9/d/79dd9720ffa5bbe026e23afc9ab4df3c.png caption="m,"]] such that [[image:http://upload.wikimedia.org/math/7/4/3/7439ce2dac706751afe703f4c5ed2dcc.png caption="h=hash(m),"]]. This concept is related to that of [|one-way function]. Functions that lack this property are vulnerable to [|preimage attacks].
 * //Second preimage resistance//Given an input [[image:http://upload.wikimedia.org/math/4/2/a/42a6801b6f8351da21c095761aa4c9fa.png caption="m_1,"]] it should be hard to find another input [[image:http://upload.wikimedia.org/math/9/8/e/98e4fcac0b2b86010ac519d55699a399.png caption="m_2,"]] — where [[image:http://upload.wikimedia.org/math/6/3/8/6385948fba52d59b4c76f9185e9805fe.png caption="m_1 ne m_2,"]] — such that [[image:http://upload.wikimedia.org/math/f/f/9/ff9d68d483433f9a13c49bd78036854d.png caption="hash(m_1) = hash(m_2),"]]. This property is sometimes referred to as //weak collision resistance//, and functions that lack this property are vulnerable to [|second preimage attacks].
 * //Collision resistance//It should be hard to find two different messages [[image:http://upload.wikimedia.org/math/4/2/a/42a6801b6f8351da21c095761aa4c9fa.png caption="m_1,"]] and [[image:http://upload.wikimedia.org/math/9/8/e/98e4fcac0b2b86010ac519d55699a399.png caption="m_2,"]] such that [[image:http://upload.wikimedia.org/math/f/f/9/ff9d68d483433f9a13c49bd78036854d.png caption="hash(m_1) = hash(m_2),"]]. Such a pair is called a cryptographic [|hash collision], a property which is sometimes referred to as //strong collision resistance//. It requires a hash value at least twice as long as that required for preimage-resistance, otherwise collisions may be found by a [|birthday attack].

=**Malware**= (also: //scumware//), short for //malicious software//, is [|software] designed to secretly access a computer system without the owner's [|informed consent]. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.[|[][|1][|]] The term "[|computer virus]" is sometimes used as a catch-all phrase to include all types of malware, including true viruses. Software is considered to be malware based on the perceived intent of the creator rather than any particular features. Malware includes [|computer viruses], [|worms], [|trojan horses], [|spyware], dishonest [|adware], scareware, [|crimeware], most [|rootkits], and other malicious and unwanted software. In [|law], malware is sometimes known as a computer contaminant, for instance in the legal codes of several [|U. S.] states, including [|California] and [|West Virginia].[|[][|2][|]][|[][|3][|]] Malware is not the same as defective software, that is a software that has a legitimate purpose but contains harmful [|bugs]. Preliminary results from [|Symantec] published in 2008 suggested that "the release rate of malicious code and other unwanted programs may be exceeding that of legitimate software applications."[|[][|4][|]] According to [|F-Secure], "As much malware [was] produced in 2007 as in the previous 20 years altogether."[|[][|5][|]] Malware's most common pathway from criminals to users is through the [|Internet]: primarily by e-mail and the [|World Wide Web]

=A **router**= is an electronic device that interconnects two or more [|computer networks], and selectively interchanges [|packets of data] between them. Each data packet contains address information that a router can use to determine if the source and destination are on the same network, or if the data packet must be transferred from one network to another. When multiple routers are used in a large collection of interconnected networks, the routers exchange information about target system addresses, so that each router can build up a table showing the preferred paths between any two systems on the interconnected networks. A router is a [|networking] device whose software and hardware are customized to the tasks of [|routing] and [|forwarding] information. A router has two or more network interfaces, which may be to different physical types of network (such as copper cables, fiber, or wireless) or different network standards. Each network interface is a specialized device that converts electric signals from one form to another. Routers connect two or more logical [|subnets], each having a different [|network address]. The subnets in the router do not necessarily map one-to-one to the physical interfaces of the router.[|[][|1][|]] The term "[|layer 3 switching]" is often used interchangeably the term "[|routing]". The term [|switching] is generally used to refer to data forwarding between two network devices with the same network address. This is also called layer 2 switching or LAN switching.



=A **backdoor**= in a [|computer] system (or [|cryptosystem] or [|algorithm]) is a method of bypassing normal [|authentication], securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. The backdoor may take the form of an installed program (e.g., [|Back Orifice]), or could be a modification to an existing program or hardware device. A backdoor in a login system might take the form of a [|hard coded] user and password combination which gives access to the system. A famous example of this sort of backdoor was as a plot device in the [|1983] film //[|WarGames]//, in which the architect of the "[|WOPR]" computer system had inserted a hardcoded password (his dead son's name) which gave the user access to the system, and to undocumented parts of the system (in particular, a video game–like simulation mode and direct interaction with the [|artificial intelligence]). An attempt to plant a backdoor in the [|Linux kernel], exposed in November [|2003], showed how subtle such a code change can be.[|[][|3][|]] In this case, a two-line change appeared to be a typographical error, but actually gave the caller to the function [|root access] to the system.[|[][|4][|]] Although the number of backdoors in systems using [|proprietary software] (software whose [|source code] is not publicly available) is not widely credited, they are nevertheless frequently exposed. Programmers have even succeeded in secretly installing large amounts of benign code as [|Easter eggs] in programs, although such cases may involve official forbearance, if not actual permission.

Many [|computer worms], such as [|Sobig] and [|Mydoom], install a backdoor on the affected computer (generally a [|PC] on [|broadband] running insecure versions of [|Microsoft Windows] and [|Microsoft Outlook]). Such backdoors appear to be installed so that [|spammers] can send junk [|e-mail] from the infected machines. Others, such as the [|Sony/BMG rootkit] distributed silently on millions of music CDs through late 2005, are intended as [|DRM] measures — and, in that case, as data gathering [|agents], since both surreptitious programs they installed routinely contacted central servers. =A **zombie computer**= (often shortened as **zombie**) is a [|computer] connected to the [|Internet] that has been [|compromised] by a [|hacker], [|computer virus] or [|trojan horse]. Generally, a compromised machine is only one of many in a [|botnet], and will be used to perform malicious tasks of one sort or another under remote direction. Most owners of zombie computers are unaware that their system is being used in this way. Because the owner tends to be unaware, these computers are metaphorically compared to [|zombies]. Zombies have been used extensively to send [|e-mail spam]; as of 2005, an estimated 50–80% of all spam worldwide was sent by zombie computers.[|[][|1][|]] This allows [|spammers] to avoid detection and presumably reduces their bandwidth costs, since the owners of zombies pay for their own bandwidth. This spam also greatly furthers the spread of Trojan horses; as Trojans, they are not self-replicating. They rely on the movement of e-mails or spam to grow, whereas worms can spread by other means.[|[][|2][|]] For similar reasons zombies are also used to commit [|click fraud] against sites displaying [|pay per click] advertising. Others can host [|phishing] or [|money mule] recruiting websites. Zombies can be used to conduct [|distributed denial-of-service] attacks, a term which refers to the orchestrated flooding of target websites by armies of zombie computers. The large number of Internet users making simultaneous requests of a website's server are intended to result in crashing and the prevention of legitimate users from accessing the site.[|[][|3][|]] A variant of this type of flooding is known as distributed [|degradation-of-service]. Committed by "pulsing" zombies, distributed degradation-of-service is the moderated and periodical flooding of websites, done with the intent of slowing down rather than crashing a victim site. The effectiveness of this tactic springs from the fact that intense flooding can be quickly detected and remedied, but pulsing zombie attacks and the resulting slow-down in website access can go unnoticed for months and even years

(1) Spammer's web site (2) Spammer (3) Spamware (4) Infected computers (5) Virus or trojan (6) Mail servers (7) Users (8) Web traffic =PHISHING= In the field of [|computer security], **phishing** is the [|criminally] [|fraudulent] process of attempting to acquire sensitive information such as usernames, [|passwords] and credit card details by masquerading as a trustworthy entity in an [|electronic communication]. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by [|e-mail] or [|instant messaging],[|[][|1][|]] and it often directs users to enter details at a fake website whose [|look and feel] are almost identical to the legitimate one. Phishing is an example of [|social engineering] techniques used to fool users,[|[][|2][|]] and exploits the poor usability of current web security technologies.[|[][|3][|]] Attempts to deal with the growing number of reported phishing incidents include [|legislation], user training, public awareness, and technical security measures. =A **Botnet**= is a collection of [|software agents], or ro[|bots], that run autonomously and automatically. The term is most commonly associated with [|malicious software], but it can also refer to a network of computers using [|distributed computing] software The main drivers for botnets are for recognition and financial gain. The larger the botnet, the more ‘kudos’ the herder can claim to have among the underground community. The bot herder will also ‘rent’ the services of the botnet out to third parties, usually for sending out spam messages, or for performing a denial of service attack against a remote target. Due to the large numbers of compromised machines within the botnet huge volumes of traffic (either email or denial of service) can be generated. However, in recent times the volumes of spam originating from a single compromised host have dropped in order to thwart anti-spam detection algorithms – a larger number of compromised hosts send a smaller amount of messages in order to evade detection by [|anti-spam techniques]. Botnets have become a significant part of the [|Internet], albeit increasingly hidden. Due to most conventional IRC networks taking measures and blocking access to previously-hosted botnets, controllers must now find their own servers. Often, a botnet will include a variety of connections and network types. Sometimes a controller will hide an IRC server installation on an educational or corporate site where high-speed connections can support a large number of other bots. Exploitation of this method of using a bot to host other bots has proliferated only recently as most [|script kiddies] do not have the knowledge to take advantage of it. =**Social engineering**= is the act of [|manipulating] people into performing actions or divulging confidential information, rather than by breaking in or using technical cracking techniques; essentially a fancier, more technical way of lying.[|[][|1][|]] While similar to a [|confidence trick] or simple [|fraud], the term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victim. "Social engineering" as an act of psychological manipulation was popularized by hacker-turned-consultant [|Kevin Mitnick]. The term had previously been associated with the social sciences, but its usage has caught on among computer professionals.

=A **logic bomb**= is a piece of [|code] intentionally inserted into a [|software] system that will set off a malicious function when specified conditions are met. For example, a programmer may hide a piece of code that starts deleting [|files] (such as a [|salary] [|database trigger]), should they ever be terminated from the company. Software that is inherently malicious, such as [|viruses] and [|worms], often contain logic bombs that execute a certain [|payload] at a pre-defined time or when some other condition is met. This technique can be used by a virus or worm to gain momentum and spread before being noticed. Many viruses attack their host systems on specific dates, such as [|Friday the 13th] or [|April Fool's Day]. Trojans that activate on certain dates are often called "**time bombs**". To be considered a logic bomb, the payload should be unwanted and unknown to the user of the software. As an example, trial programs with code that disables certain functionality after a set time are not normally regarded as logic bombs

=**Time bomb**= refers to a computer [|program] that has been written so that it will stop functioning after a predetermined date or time is reached. The term "time bomb" does not refer to a program that stops functioning a specific number of days after it is installed; instead, the term "[|trialware]" applies. Time bombs are commonly used in [|beta] (pre-release) software when the manufacturer of the software does not want the beta version being used after the final release date. One example of time bomb software would be Microsoft's [|Windows Vista Beta 2], which was programmed to expire on May 31, 2007.[|[][|1][|]] The time limits on time bomb software are not usually as heavily enforced as they are on [|trial software], since time bomb software does not usually implement [|secure clock] functions.

=An **operating system** (**OS**)= is [|software], consisting of programs and data, that runs on computers and manages the computer hardware and provides common services for efficient execution of various [|application software]. For hardware functions such as input and output and [|memory allocation], the operating system acts as an intermediary between application programs and the computer hardware,[|[][|1][|]][|[][|2][|]] although the application code is usually executed directly by the hardware, but will frequently call the OS or be interrupted by it. Operating systems are found on almost any device that contains a computer—from [|cellular phones] and [|video game consoles] to [|supercomputers] and [|web servers]. Examples of popular modern operating systems for personal computers are [|Microsoft Windows], [|Mac OS X], and [|Linux].

=DS= A **directory service** is the software system that stores, organizes and provides access to information in a [|directory]. In software engineering, a directory is a map of the differences between names and values. It allows the lookup of values given a name, similar to a dictionary. As a word in a dictionary may have multiple definitions, in a directory, a name may be associated with multiple, different pieces of information. Likewise, as a word may have different parts of speech and different definitions, a name in a directory may have many different types of data. Directories may be very narrow in scope, supporting only a small set of [|node] types and data types, or they may be very broad, supporting an arbitrary or extensible set of types. In a telephone directory, the nodes are names and the data items are telephone numbers. In the [|DNS] the nodes are domain names and the data items are IP addresses (and alias, mail server names, etc.). In a directory used by a network operating system, the nodes represent resources that are managed by the OS, including users, computers, printers and other shared resources. Many different directory services have been used since the advent of the Internet but this article focuses mainly on those that have descended from the [|X.500] directory service.

=The **Domain Name System** (**DNS**)= is a hierarchical naming system built on a [|distributed database] for computers, services, or any resource connected to the [|Internet] or a [|private network]. It associates various information with [|domain names] assigned to each of the participating entities. Most importantly, it translates domain names meaningful to [|humans] into the numerical identifiers associated with networking equipment for the purpose of locating and addressing these devices worldwide. An often-used analogy to explain the Domain Name System is that it serves as the //[|phone book]// for the Internet by translating human-friendly computer [|hostnames] into [|IP addresses]. For example, the domain name //[|www.example.com]// translates to the addresses //192.0.32.10// ([|IPv4]) and //2620:0:2d0:200::10// ([|IPv6]). The Domain Name System makes it possible to assign [|domain names] to groups of Internet resources and users in a meaningful way, independent of each entity's physical location. Because of this, [|World Wide Web] (WWW) [|hyperlinks] and Internet contact information can remain consistent and constant even if the current Internet routing arrangements change or the participant uses a mobile device. Internet domain names are easier to remember than IP addresses such as (IPv4) or  (IPv6). Users take advantage of this when they recite meaningful [|Uniform Resource Locators] (URLs) and [|e-mail addresses] without having to know how the computer actually locates them. The Domain Name System distributes the responsibility of assigning domain names and mapping those names to IP addresses by designating [|authoritative name servers] for each domain. Authoritative name servers are assigned to be responsible for their particular domains, and in turn can assign other authoritative name servers for their sub-domains. This mechanism has made the DNS distributed and fault tolerant and has helped avoid the need for a single central register to be continually consulted and updated. In general, the Domain Name System also stores other types of information, such as the list of [|mail servers] that accept [|email] for a given Internet domain. By providing a worldwide, distributed [|keyword]-based redirection service, the Domain Name System is an essential component of the functionality of the [|Internet]. Other identifiers such as [|RFID tags], [|UPC codes], International characters in email addresses and host names, and a variety of other identifiers could all potentially utilize DNS.[|[][|1][|]] The Domain Name System also defines the technical underpinnings of the functionality of this database service. For this purpose it defines the DNS protocol, a detailed specification of the data structures and communication exchanges used in DNS, as part of the [|Internet Protocol Suite].

=**Computer software**, or just **software**= , is the collection of [|computer programs] and related [|data] that provide the instructions telling a [|computer] what to do. We can also say software refers to one or more computer programs and data held in the storage of the computer for some purposes. Program [|software] performs the [|function] of the [|program] it implements, either by directly providing [|instructions] to the computer hardware or by serving as input to another piece of software.The [|term] was coined to contrast to the old term [|hardware] (meaning physical devices). In contrast to hardware, software is intangible, meaning it "cannot be touched".[|[][|1][|]] Software is also sometimes used in a more narrow sense, meaning [|application software] only. Sometimes the term includes data that has not traditionally been associated with computers, such as film, tapes, and records.[|[][|2][|]]

=URL= In [|computing], a **Uniform Resource Locator** (**URL**) is a [|Uniform Resource Identifier] (URI) that specifies where an identified resource is available and the mechanism for retrieving it. In popular usage and in many technical documents and verbal discussions it is often incorrectly used as a [|synonym] for URI.[|[][|1][|]] The best-known example of a URL is the "address" of a web page on the [|World Wide Web], e.g. [|http://www.example.com] =IP= An **Internet Protocol address** (**IP address**) is a numerical label that is assigned to any device participating in a [|computer network] that uses the [|Internet Protocol] for communication between its nodes.[|[][|1][|]] An IP address serves two principal functions; host or network interface [|identification] and location [|addressing]. Its role has been characterized as follows: //"A [|name] indicates what we seek. An address indicates where it is. A route indicates how to get there."//[|[][|2][|]] The designers of TCP/IP defined an IP address as a [|32-bit] number[|[][|1][|]] and this system, known as [|Internet Protocol Version 4] (IPv4), is still in use today. However, due to the enormous growth of the [|Internet] and the predicted depletion of available addresses, a new addressing system ([|IPv6]), using 128 bits for the address, was developed in 1995[|[][|3][|]], standardized by [|RFC 2460] in 1998,[|[][|4][|]] and is in world-wide production deployment. Although IP addresses are stored as [|binary numbers], they are usually displayed in [|human-readable] notations, such as 208.77.188.166 (for [|IPv4]), and 2001:db8:0:1234:0:567:1:1 (for [|IPv6]). The Internet Protocol is used to [|route] data [|packets] between networks; IP addresses specify the locations of the source and destination nodes in the [|topology] of the routing system. For this purpose, some of the bits in an IP address are used to designate a [|subnetwork]. The number of these bits is indicated in [|CIDR notation], appended to the IP address; e.g., //208.77.188.166/24//. As the development of [|private networks] raised the threat of [|IPv4 address exhaustion], [|RFC 1918] set aside a group of private address spaces that may be used by anyone on private networks. Such networks require [|network address translator] gateways to connect to the global Internet. The [|Internet Assigned Numbers Authority] (IANA) manages the IP address space allocations globally and cooperates with five [|regional Internet registries] (RIRs) to allocate IP address blocks to [|local Internet registries] ([|Internet service providers]) and other entities.

=**Netstat**= (**net**work **stat**istics) is a [|command-line] [|tool] that displays [|network connections] (both incoming and outgoing), routing tables, and a number of network interface statistics. It is available on [|Unix], [|Unix-like], and [|Windows NT]-based [|operating systems]. It is used for finding problems in the network and to determine the amount of traffic on the network as a performance measurement. =**Electronic commerce**= , commonly known as **e-commerce** or **eCommerce**, or **e-business** consists of the buying and selling of [|products] or [|services] over electronic systems such as the Internet and other [|computer networks]. The amount of trade conducted electronically has grown extraordinarily with widespread Internet usage. The use of commerce is conducted in this way, spurring and drawing on innovations in [|electronic funds transfer], [|supply chain management], [|Internet marketing], [|online transaction processing], [|electronic data interchange] (EDI), [|inventory management] systems, and automated data collection systems. Modern electronic commerce typically uses the [|World Wide Web] at least at some point in the transaction's lifecycle, although it can encompass a wider range of technologies such as [|e-mail] as well. A large percentage of electronic commerce is conducted entirely electronically for [|virtual] items such as access to premium content on a website, but most electronic commerce involves the transportation of physical items in some way. Online retailers are sometimes known as [|e-tailers] and online retail is sometimes known as **e-tail**. Almost all big retailers have electronic commerce presence on the [|World Wide Web]. Electronic commerce that is conducted between businesses is referred to as [|business-to-business] or B2B. B2B can be open to all interested parties (e.g. [|commodity exchange]) or limited to specific, pre-qualified participants ([|private electronic market]). Electronic commerce that is conducted between businesses and consumers, on the other hand, is referred to as [|business-to-consumer] or [|B2C]. This is the type of electronic commerce conducted by companies such as [|Amazon.com]. [|Online shopping] is a form of electronic commerce where the buyer is directly online to the seller's computer usually via the internet. There is no intermediary service. The sale and purchase transaction is completed electronically and interactively in real-time such as Amazon.com for new books. If an intermediary is present, then the sale and purchase transaction is called electronic commerce such as [|eBay.com]. Electronic commerce is generally considered to be the sales aspect of [|e-business]. It also consists of the exchange of data to facilitate the financing and payment aspects of the business transactions. =**Encryption**= is the process of transforming [|information] (referred to as [|plaintext]) using an [|algorithm] (called [|cipher]) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a [|key]. The result of the process is **encrypted** information (in cryptography, referred to as [|ciphertext]). In many contexts, the word **encryption** also implicitly refers to the reverse process, **decryption** (e.g. “[|software for encryption]” can typically also perform decryption), to make the encrypted information readable again (i.e. to make it unencrypted). Encryption has long been used by militaries and governments to facilitate secret communication. Encryption is now commonly used in protecting information within many kinds of civilian systems. For example, the [|Computer Security Institute] reported that in 2007, 71% of companies surveyed utilized encryption for some of their data in transit, and 53% utilized encryption for some of their data in storage.[|[][|1][|]] Encryption can be used to protect data "at rest", such as files on [|computers] and storage devices (e.g. [|USB flash drives]). In recent years there have been numerous reports of confidential data such as customers' personal records being exposed through loss or theft of laptops or backup drives. Encrypting such files at rest helps protect them should physical security measures fail. [|Digital rights management] systems which prevent unauthorized use or reproduction of copyrighted material and protect software against [|reverse engineering] (see also [|copy protection]) are another somewhat different example of using encryption on data at rest. Encryption is also used to protect data in transit, for example data being transferred via [|networks] (e.g. the [|Internet], [|e-commerce]), [|mobile telephones], [|wireless microphones], [|wireless intercom] systems, [|Bluetooth] devices and bank [|automatic teller machines]. There have been numerous reports of data in transit being intercepted in recent years.[|[][|2][|]] Encrypting data in transit also helps to secure it as it is often difficult to physically secure all access to networks. Encryption, by itself, can protect the confidentiality of messages, but other techniques are still needed to protect the integrity and authenticity of a message; for example, verification of a [|message authentication code] (MAC) or a [|digital signature]. Standards and [|cryptographic software] and hardware to perform encryption are widely available, but successfully using encryption to ensure security may be a challenging problem. A single slip-up in system design or execution can allow successful attacks. Sometimes an adversary can obtain unencrypted information without directly undoing the encryption. See, e.g., [|traffic analysis], [|TEMPEST], or [|Trojan horse].

=A **zero-day**= (or **zero-hour** or **day zero**) **attack** or **threat** is a computer threat that tries to exploit [|computer application] vulnerabilities that are unknown to others or undisclosed to the software developer. Zero-day [|exploits] (actual software that uses a security hole to carry out an attack) are used or shared by attackers before the developer of the target software knows about the vulnerability. The term derives from the age of the exploit. When a developer becomes aware of a security hole, there is a race to close it before attackers discover it or the vulnerability becomes public. A "zero day" attack occurs on or before the first or "[|zeroth]" day of developer awareness, meaning the developer has not had any opportunity to distribute a security fix to users of the software.

=A **digital signature** or **digital signature scheme**= is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit. Digital signatures are commonly used for software distribution, financial transactions, and in other cases where it is important to detect forgery and tampering. Digital signatures are often used to implement [|electronic signatures], a broader term that refers to any electronic data that carries the intent of a signature,[|[][|1][|]] but not all electronic signatures use digital signatures.[|[][|2][|]][|[][|3][|]][|[][|4][|]] In some countries, including the United States, India, and members of the [|European Union], electronic signatures have legal significance. However, laws concerning electronic signatures do not always make clear whether they are digital cryptographic signatures in the sense used here, leaving the legal definition, and so their importance, somewhat confused. Digital signatures employ a type of [|asymmetric cryptography]. For messages sent through an insecure channel, a properly implemented digital signature gives the receiver reason to believe the message was sent by the claimed sender. Digital signatures are equivalent to traditional handwritten signatures in many respects; properly implemented digital signatures are more difficult to forge than the handwritten type. Digital signature schemes in the sense used here are cryptographically based, and must be implemented properly to be effective. Digital signatures can also provide [|non-repudiation], meaning that the signer cannot successfully claim they did not sign a message, while also claiming their private key remains secret; further, some non-repudiation schemes offer a time stamp for the digital signature, so that even if the private key is exposed, the signature is valid nonetheless. Digitally signed messages may be anything representable as a [|bitstring]: examples include [|electronic mail], [|contracts], or a message sent via some other [|cryptographic protocol].

=A **gateway**= is a link between two [|computer programs] or systems such as [|Internet Forums]. A gateway acts as a portal between two programs allowing them to share information by communicating between [|protocols] on a computer or between dissimilar computers. Some examples of common gateways:
 * [|E-mail] <-> [|News server]
 * [|News server] <-> [|Internet forum]
 * [|RSS aggregators] <-> [|News server]
 * [|XMPP] <-> [|ICQ]

= = =**Chain of custody**= (CoC) refers to the chronological documentation or [|paper trail], showing the seizure, custody, control, transfer, analysis, and disposition of [|evidence], physical or electronic. Because evidence can be used in court to convict persons of crimes, it must be handled in a scrupulously careful manner to avoid later allegations of tampering or misconduct which can compromise the case of the prosecution toward [|acquittal] or to overturning a guilty verdict upon [|appeal]. The idea behind recording the //chain of custody// is to establish that the alleged evidence is in fact related to the alleged crime, rather than having, for example, been //planted// [|fraudulently] to make someone appear guilty. Establishing chain of custody is especially important when the evidence consists of [|fungible goods]. In practice, this most often applies to illegal drugs which have been seized by law enforcement personnel. In such cases, the defendant at times disclaims any knowledge of [|possession] of the [|controlled substance] in question. Accordingly, the //chain of custody// documentation and [|testimony] is presented by the prosecution to establish that the substance in evidence was in fact in the possession of the defendant. An identifiable person must always have the physical custody of a piece of evidence. In practice, this means that a [|police] officer or detective will take charge of a piece of evidence, document its collection, and hand it over to an evidence clerk for storage in a secure place. These transactions, and every succeeding transaction between the collection of the evidence and its appearance in court, should be completely documented chronologically in order to withstand legal challenges to the authenticity of the evidence. Documentation should include the conditions under which the evidence is gathered, the identity of all evidence handlers, duration of evidence custody, security conditions while handling or storing the evidence, and the manner in which evidence is transferred to subsequent custodians each time such a transfer occurs (along with the signatures of persons involved at each step).

=**Fuzz testing** or **fuzzing**= is a [|software testing] technique that provides invalid, unexpected, or [|random data] to the inputs of a [|program]. If the program fails (for example, by [|crashing] or failing built-in code [|assertions]), the defects can be noted. The term Fuzz originated from Prof. Barton Miller's student assignment at the University of Wisconsin in the Fall of 1988, titled "Operating System Utility Program Reliability - The Fuzz Generator".[|[][|1][|]] In quality assurance and testing, the same approach (using unexpected data or syntax) has been called [|robustness testing], [|syntax testing] or [|negative testing]. Even [|white-noise testing] can be thought of as fuzzing. [|File formats] and [|network protocols] are the most common targets of fuzz testing, but any type of program input can be fuzzed. Interesting inputs include [|environment variables], keyboard and mouse [|events], and sequences of [|API] calls. Even items not normally considered "input" can be fuzzed, such as the contents of [|databases], [|shared memory], or the precise interleaving of [|threads]. For the purpose of security, input that crosses a [|trust boundary] is often the most interesting[|[][|2][|]]. For example, it is more important to fuzz code that handles the upload of a file by any user than it is to fuzz the code that parses a configuration file that is accessible only to a privileged user.

Fuzz testing is often used in large software development projects that employ [|black-box testing]. These projects usually have a budget to develop test tools, and fuzz testing is one of the techniques which offers a high benefit to cost ratio. However, fuzz testing is not a substitute for exhaustive testing or [|formal methods]: it can only provide a random sample of the system's behavior, and in many cases passing a fuzz test may only demonstrate that a piece of software can handle exceptions without crashing, rather than behaving correctly. Thus, fuzz testing can only be regarded as an assurance of overall quality rather than a bug-finding tool. As a gross measurement of reliability, fuzzing can suggest which parts of a program should get special attention, in the form of a [|code audit], application of [|static analysis], or partial [|rewrites].

=**Reverse engineering**= is the [|process] of discovering the technological principles of a device, object or system through analysis of its structure, [|function] and operation. It often involves taking something (e.g., a [|mechanical device], [|electronic component], or [|software] program) apart and analyzing its workings in detail to be used in maintenance, or to try to make a new device or program that does the same thing without using or simply duplicating (without understanding) any part of the original. Reverse engineering has its origins in the analysis of hardware for commercial or military advantage.[|[][|1][|]] The purpose is to deduce design decisions from end products with little or no additional knowledge about the procedures involved in the original production. The same techniques are subsequently being researched for application to legacy software systems, not for industrial or defence ends, but rather to replace incorrect, incomplete, or otherwise unavailable documentation

Reasons for reverse engineering:
 * [|Interoperability].
 * Lost documentation: Reverse engineering often is done because the documentation of a particular device has been lost (or was never written), and the person who built it is no longer available. [|Integrated circuits] often seem to have been designed on obsolete, proprietary systems, which means that the only way to incorporate the functionality into new technology is to reverse-engineer the existing chip and then re-design it.
 * Product analysis. To examine how a product works, what components it consists of, estimate costs, and identify potential [|patent infringement].
 * Digital update/correction. To update the digital version (e.g. [|CAD] model) of an object to match an "as-built" condition.
 * Security auditing.
 * Acquiring sensitive data by disassembling and analysing the design of a system component [|[][|3][|]]
 * Military or commercial [|espionage]. Learning about an enemy's or competitor's latest research by stealing or capturing a prototype and dismantling it.
 * Removal of [|copy protection], circumvention of access restrictions.
 * Creation of unlicensed/unapproved duplicates.
 * Academic/learning purposes.
 * Curiosity
 * Competitive technical intelligence (understand what your competitor is actually doing versus what they say they are doing)
 * Learning: learn from others' mistakes. Do not make the same mistakes that others have already made and subsequently corrected

=**Transport Layer Security** (**TLS**) and its predecessor, **Secure Sockets Layer** (**SSL**)= , are [|cryptographic protocols] that provide [|security] for communications over networks such as the [|Internet]. TLS and SSL encrypt the segments of network connections at the [|Application Layer] to ensure secure end-to-end transit at the [|Transport Layer]. TLS is also the name of a working group of the [|Internet Engineering Task Force],[|[][|1][|]] but in this article TLS refers to the protocol, not the working group. Several versions of the protocols are in widespread use in applications like [|web browsing], [|electronic mail], [|Internet faxing], [|instant messaging] and [|voice-over-IP (VoIP)]. TLS is an [|IETF] [|standards track] protocol, last updated in [|RFC 5246], that was based on the earlier SSL specifications developed by [|Netscape] Corporation.

The TLS protocol allows client/server applications to communicate across a network in a way designed to prevent [|eavesdropping] and [|tampering]. TLS provides endpoint [|authentication] and [|communications confidentiality] over the [|Internet] using [|cryptography]. TLS provides [|RSA] security with 1024 and 2048 bit strengths. In typical end-user/browser usage, TLS authentication is //unilateral//: only the server is //authenticated// (the client knows the server's identity), but not //vice versa// (the client remains unauthenticated or anonymous). TLS also supports the more secure //bilateral// connection mode (typically used in enterprise applications), in which both ends of the "conversation" can be assured with whom they are communicating (provided they diligently scrutinize the identity information in the other party's [|certificate]). This is known as [|mutual authentication], or 2SSL. Mutual authentication requires that the TLS client-side also hold a certificate (which is not usually the case in the end-user/browser scenario). Unless, that is, [|TLS-PSK], the [|Secure Remote Password] (SRP) protocol, or some other protocol is used that can provide strong mutual authentication in the absence of certificates. Typically, the key information and certificates necessary for TLS are handled in the form of [|X.509] certificates, which define required fields and data formats. SSL operates in modular fashion. It is extensible by design, with support for forward and backward compatibility and negotiation between [|peers].

=Authorization certificate=

In [|computer security], an **attribute certificate** (AC) is a [|digital] document containing attributes associated to the holder by the issuer. When the associated attributes are mainly used for authorization purpose, AC is called **authorization certificate**. AC is standardized in [|X.509]. [|RFC 3281] further specifies the usage of AC for authorization purpose in the Internet. AC is the complement of [|public key certificate] (PKC). While PKC is issued by a [|CA] and is used as a proof of identity of its holder like a [|passport], AC is issued by [|AA] and is used to characterize or entitle its holder like a [|visa]. Because identity information seldom changes and has a long validity time while attribute information frequently changes or has a short validity time, separate certificates with different security rigours, validity times and issuers are necessary.

Comparison of attribute and public key certificates
AC is similar to PKC except that AC contains no [|public key] because an AC verifier is under the control of the AC issuer, and therefore, trusts the issuer directly by having the public key of the issuer preinstalled. This means that once the AC issuer's [|private key] is compromised, the issuer has to generate a new [|key pair] and replaces the old public key in all verifiers under its control with the new one. In addition to the absence of a public key, AC does not refer to the holder directly using identity information like in PKC but indirectly using the PKC. This means that the verification of an AC requires the presence of the PKC that is referred as the AC holder in the AC. Similar to PKC, AC can be chained to delegate attributions. For example, an authorization certificate issued for Alice authorizes her to use a particular service. Alice can delegate this privilege to her assistant Bob by issuing an AC for Bob's PKC. When Bob wants to use the service, he presents his PKC and a chain of ACs starting from his own AC issued by Alice and then Alice's AC issued by the issuer that the service trusts. In this way, the service can verify that Alice has delegated her privilege to Bob and that Alice has been authorized to use the service by the issuer that controls the service. [|RFC 3281], however, does not recommend the use of AC chains because the complexity in administering and processing the chain is not worth the effort and there is little use of AC in the Internet.

Usage
To use a service or a resource that the issuer of an AC controls, a user presents both the PKC and the AC to a part of the service or resource that functions as an AC verifier. The verifier will first check the identity of the user using the PKC, for example, by asking the user to decrypt a message encrypted by the user's public key in the PKC. If the authentication is successful, the verifier will use the preinstalled public key of the AC issuer to check the validity of the presented AC. If the AC is valid, the verifier will check whether or not the PKC specified in the AC matches the presented PKC. If it matches, the verifier will check the validity period of the AC. If the AC is still valid, the verifier can perform additional checks before offering the user a particular level of service or resource usage in accordance to the attributes contained in the AC. For example, a software developer that already has a [|PKC] wants to deploy its software in a computing device employing [|DRM] like [|iPad] where software can only be run in the device after the software has been approved by the device manufacturer. The software developer signs the software with the [|private key] of the PKC and sends the signed software to the device manufacturer for approval. After authenticating the developer using the PKC and reviewing the software, the manufacturer may decide to issue an AC granting the software the basic capability to install itself and be executed as well as an additional capability to use the Wi-Fi device following the [|principle of least privilege]. In this example, the AC does not refer to the PKC of the developer as the holder but to the software, for example, by storing the developer's signature of the software in the holder field of the AC. When the software is put into the computing device, the device will verify the integrity of the software using the developer's PKC before checking the validity of the AC and granting the software access to the device functionalities.

=RBAC= In computer systems security, **role-based access control** (**RBAC**)[|[][|1][|]][|[][|2][|]] is an approach to restricting system access to authorized users. It is a newer alternative approach to [|mandatory access control] (MAC) and [|discretionary access control] (DAC). RBAC is sometimes referred to as role-based security. Within an organization, [|roles] are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Members of staff (or other system users) are assigned particular roles, and through those role assignments acquire the permissions to perform particular system functions. Since users are not assigned permissions directly, but only acquire them through their role (or roles), management of individual user rights becomes a matter of simply assigning appropriate roles to the user; this simplifies common operations, such as adding a user, or changing a user's department. Three primary rules are defined for RBAC: 1. Role assignment: A subject can execute a transaction only if the subject has selected or been assigned a role. 2. Role authorization: A subject's active role must be authorized for the subject. With rule 1 above, this rule ensures that users can take on only roles for which they are authorized. 3. Transaction authorization: A subject can execute a transaction only if the transaction is authorized for the subject's active role. With rules 1 and 2, this rule ensures that users can execute only transactions for which they are authorized. Additional constraints may be applied as well, and roles can be combined in a hierarchy where higher-level roles subsume permissions owned by sub-roles.

=**Microsoft Baseline Security Analyzer** **MBSA**= is a software tool released by [|Microsoft] to determine [|security] state by assessing missing security updates and less-secure security settings within Microsoft Windows, Windows components such as [|Internet Explorer], [|IIS] [|web server], and products [|Microsoft SQL Server], and [|Microsoft Office] macro settings. Security updates are determined by the current version of MBSA using the [|Windows Update Agent] present on Windows computers since Windows 2000 Service Pack 3. The less-secure settings, often called Vulnerability Assessment (VA) checks, are assessed based on a hard-coded set of registry and file checks. An example of a VA might be that permissions for one of the directories in the wwwroot folder of IIS could be set at too low a level, allowing unwanted modification of files from outsiders.

=**Wireshark**= is a [|free and open-source] [|packet analyzer]. It is used for [|network] troubleshooting, analysis, software and [|communications protocol] development, and education. Originally named **Ethereal**, in May 2006 the project was renamed Wireshark due to trademark issues. Wireshark is [|cross-platform], using the [|GTK+] [|widget toolkit] to implement its user interface, and using [|pcap] to capture packets; it runs on various [|Unix-like] [|operating systems] including [|Linux], [|Mac OS X], [|BSD], and [|Solaris], and on [|Microsoft Windows]. There is also a terminal-based (non-GUI) version called TShark. Wireshark, and the other programs distributed with it such as TShark, are [|free software], released under the terms of the [|GNU General Public License]. There is also a malicious rogue anti-spyware program called Wireshark Antivirus that reports false information. This is in no way related to the [|packet analyzer] program, Wireshark, and the two should not be confused.

=POLYMORPHISM= In [|computer science], **polymorphism** is a [|programming language] feature that allows values of different [|data types] to be handled using a uniform interface. The concept of parametric polymorphism applies to both data types and [|functions]. A function that can evaluate to or be applied to values of different types is known as a //polymorphic function.// A data type that can appear to be of a generalized type (e.g., a [|list] with elements of arbitrary type) is designated //polymorphic data type// like the generalized type from which such specializations are made. There are two fundamentally different kinds of polymorphism, originally informally described by [|Christopher Strachey] in 1967. If the function denotes different and potentially heterogeneous implementations depending on a limited range of individually specified types and combinations, it is called **ad-hoc polymorphism**. Ad-hoc polymorphism is supported in many languages using [|function] and [|method overloading]. If all code is written without mention of any specific type and thus can be used transparently with any number of new types, it is called **parametric polymorphism**. [|John C. Reynolds] (and later [|Jean-Yves Girard]) formally developed this notion of polymorphism as an extension to the lambda calculus (called the [|polymorphic lambda calculus], or [|System F]). Parametric polymorphism is widely supported in [|statically typed] [|functional programming languages]. In the object-oriented programming community, programming using parametric polymorphism is often called //[|generic programming]//.

=A **firewall**= is a part of a computer system or network that is designed to block unauthorized access while permitting authorized communications. It is a device or set of devices that is configured to permit or deny network transmissions based upon a set of rules and other criteria. Firewalls can be implemented in either hardware or software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially [|intranets]. All messages entering or leaving the intranet pass through the firewall, which inspects each message and blocks those that do not meet the specified security criteria.

=**Spyware**= is a type of [|malware] that can be installed on [|computers] and collects little bits of information at a time about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically, spyware is secretly installed on the user's [|personal computer]. Sometimes, however, spywares such as [|keyloggers] are installed by the owner of a shared, corporate, or [|public computer] on purpose in order to secretly monitor other users. While the term //spyware// suggests that software that secretly monitors the user's computing, the functions of spyware extend well beyond simple monitoring. Spyware programs can collect various types of [|personal information], such as Internet surfing habits and sites that have been visited, but can also interfere with user control of the computer in other ways, such as installing additional software and redirecting [|Web browser] activity. Spyware is known to change computer settings, resulting in slow connection speeds, different home pages, and/or loss of [|Internet] or functionality of other programs. In an attempt to increase the understanding of spyware, a more formal classification of its included software types is captured under the term [|privacy-invasive software].

Anti-spyware programs can combat spyware in two ways: =TCP= The **Internet Protocol Suite** is the set of [|communications protocols] used for the [|Internet] and other similar networks. It is commonly also known as **TCP/IP**, named from two of the most important protocols in it: the [|Transmission Control Protocol] (TCP) and the [|Internet Protocol] (IP), which were the first two networking protocols defined in this standard. Modern IP networking represents a synthesis of several developments that began to evolve in the 1960s and 1970s, namely the [|Internet] and [|local area networks], which emerged during the 1980s, together with the advent of the [|World Wide Web] in the early 1990s. The Internet Protocol Suite, like many protocol suites, is constructed as a set of layers. Each layer solves a set of problems involving the transmission of data. In particular, the layers define the operational scope of the protocols within. Often a component of a layer provides a well-defined service to the [|upper layer protocols] and may be using services from the lower layers. Upper layers are logically closer to the user and deal with more abstract data, relying on [|lower layer protocols] to translate data into forms that can eventually be physically transmitted. The [|TCP/IP model] consists of four layers ([|RFC 1122]).[|[][|1][|]][|[][|2][|]] From lowest to highest, these are the [|Link Layer], the [|Internet Layer], the [|Transport Layer], and the [|Application Layer].
 * 1) They can provide real time protection against the installation of spyware software on the computer. This type of spyware protection works the same way as that of anti-virus protection in that the anti-spyware software scans all incoming network data for spyware software and blocks any threats it comes across.
 * 2) Anti-spyware software programs can be used solely for detection and removal of spyware software that has already been installed onto the computer. This type of spyware protection is normally much easier to use and more popular. With this spyware protection software the user can schedule weekly, daily, or monthly scans of the computer to detect and remove any spyware software that have been installed on the computer. This type of anti-spyware software scans the contents of the windows registry, operating system files, and installed programs on the computer and will provide a list of any threats found, allowing the user to choose what to delete and what to keep.

=PACKET= In [|information technology], a **packet** is a formatted unit of [|data] carried by a [|packet mode] [|computer network]. Computer communications links that do not support packets, such as traditional [|point-to-point telecommunications links], simply transmit data as a series of [|bytes], [|characters], or [|bits] alone. When data is formatted into packets, the [|bitrate] of the communication medium can be better shared among users than if the network were [|circuit switched]. By using [|packet switched] networking it is also harder to guarantee a lowest possible bitrate. A packet consists of two kinds of data: control information and user data (also known as //payload//). The control information provides data the network needs to deliver the user data, for example: source and destination addresses, error detection codes like checksums, and sequencing information. Typically, control information is found in packet headers and trailers, with user data in between. Different [|communications protocols] use different conventions for distinguishing between the elements and for formatting the data. In [|Binary Synchronous Transmission], the packet is formatted in 8-bit bytes, and special characters are used to delimit the different elements. Other protocols, like [|Ethernet], establish the start of the header and data elements by their location relative to the start of the packet. Some protocols format the information at a bit level instead of a byte level. A good analogy is to consider a packet to be like a letter: the header is like the envelope, and the data area is whatever the person puts inside the envelope. A difference, however, is that some networks can break a larger packet into smaller packets when necessary (note that these smaller data elements are still formatted as packets). =CIA= The **Parkerian hexad** is a set of six elements of information security proposed by [|Donn B. Parker] in 2002. The term was coined by [|M. E. Kabay]. The Parkerian hexad adds three additional attributes to the three classic security attributes of the [|CIA triad] (confidentiality, integrity, availability).
 * Confidentiality
 * Possession or Control
 * Integrity
 * Authenticity
 * Availability
 * Utility

Confidentiality
[|Confidentiality] is the term used to prevent the disclosure of information to unauthorized individuals or systems. For example, a [|credit card] [|transaction] on the Internet requires the [|credit card number] to be transmitted from the buyer to the merchant and from the merchant to a [|transaction processing] network. The system attempts to enforce confidentiality by encrypting the card number during transmission, by limiting the places where it might appear (in databases, log files, backups, printed receipts, and so on), and by restricting access to the places where it is stored. If an unauthorized party obtains the card number in any way, a breach of confidentiality has occurred. Breaches of confidentiality take many forms. Permitting someone to look over your shoulder at your computer screen while you have confidential data displayed on it could be a breach of confidentiality. If a [|laptop computer] containing sensitive information about a company's employees is stolen or sold, it could result in a breach of confidentiality. Giving out confidential information over the telephone is a breach of confidentiality if the caller is not authorized to have the information. Confidentiality is necessary (but not sufficient) for maintaining the [|privacy] of the people whose personal information a system holds. [//[|citation needed]//]

Integrity
In information security, integrity means that data cannot be modified without authorization. This is not the same thing as [|referential integrity] in [|databases]. Integrity is violated when an employee accidentally or with malicious intent deletes important data files, when a [|computer virus] [|infects] a computer, when an employee is able to modify his own salary in a payroll database, when an unauthorized user vandalizes a web site, when someone is able to cast a very large number of votes in an online poll, and so on. There are many ways in which integrity could be violated without malicious intent. In the simplest case, a user on a system could mis-type someone's address. On a larger scale, if an automated process is not written and tested correctly, bulk updates to a database could alter data in an incorrect way, leaving the integrity of the data compromised. Information security professionals are tasked with finding ways to implement controls that prevent errors of integrity.

Availability
For any information system to serve its purpose, the information must be [|available] when it is needed. This means that the computing systems used to store and process the information, the security controls used to protect it, and the communication channels used to access it must be functioning correctly. [|High availability] systems aim to remain available at all times, preventing service disruptions due to power outages, hardware failures, and system upgrades. Ensuring availability also involves preventing [|denial-of-service attacks].

Authenticity
In computing, [|e-Business] and information security it is necessary to ensure that the data, transactions, communications or documents (electronic or physical) are genuine. It is also important for authenticity to validate that both parties involved are who they claim they are.

Non-repudiation
In law, [|non-repudiation] implies one's intention to fulfill their obligations to a contract. It also implies that one party of a transaction cannot deny having received a transaction nor can the other party deny having sent a transaction. [|Electronic commerce] uses technology such as [|digital signatures] and encryption to establish authenticity and non-repudiation.

=IDS= An **Intrusion Detection System (IDS)** is a device or [|software application] that monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station.[|[][|1][|]] Intrusion prevention is the process of performing intrusion detection and attempting to stop detected possible incidents.[|[][|1][|]] Intrusion detection and prevention systems (IDPS) are primarily focused on identifying possible incidents, logging information about them, attempting to stop them, and reporting them to security administrators.[|[][|1][|]] In addition, organizations use IDPSs for other purposes, such as identifying problems with security policies, documenting existing threats, and deterring individuals from violating security policies.[|[][|1][|]] IDPSs have become a necessary addition to the security infrastructure of nearly every organization.[|[][|1][|]] IDPSs typically record information related to observed events, notify security administrators of important observed events, and produce reports.[|[][|1][|]] Many IDPSs can also respond to a detected threat by attempting to prevent it from succeeding.[|[][|1][|]] They use several response techniques, which involve the IDPS stopping the attack itself, changing the security environment (e.g., reconfiguring a firewall), or changing the attack’s content

=**Computer forensics**= (sometimes //computer forensic science//[|[][|1][|]]) is a branch of [|digital forensic science] pertaining to legal evidence found in computers and digital storage media. The goal of computer forensics is to explain the current state of a //digital artifact//; such as a computer system, storage medium (e.g. [|hard disk] or [|CD-ROM]), an electronic document (e.g. an email message or JPEG image).[|[][|2][|]] The scope of a forensic analysis can vary from simple information retrieval to reconstructing a series of events.

Volatile data
When seizing evidence, if the machine is still active, any information stored solely in [|RAM] that is not recovered before powering down may be lost.[|[][|5][|]] RAM can be analyzed for prior content after power loss, because the electrical charge stored in the memory cells takes time to dissipate. The length of time for which data recovery is possible is increased by low temperatures and higher cell voltages. Holding unpowered RAM below −60 °C will help preserve the residual data by an order of magnitude, thus improving the chances of successful recovery. However, it can be impractical to do this during a field examination.[|[][|7][|]]

[[|edit]] Techniques
Cross-drive analysisA forensic technique that correlates information found on multiple [|hard drives]. The technique, which is still being researched, can be used for identifying social networks and for performing [|anomaly detection].[|[][|8][|]][|[][|9][|]]Live analysisThe examination of computers from within the operating system using custom forensics or existing sysadmin tools to extract evidence. The practice is useful when dealing with [|Encrypting File Systems], for example, where the encryption keys may be collected and, in some instances, the logical hard drive volume may be imaged (known as a live acquisition) before the computer is shut down.[|[][|10][|]]Deleted filesA common technique used in computer forensics is the [|recovery of deleted files]. Most modern forensic software have their own tools for recovering or carving out deleted data.[|[][|11][|]]

[[|edit]] Analysis tools
A number of open source and commercial tools exist for computer forensics investigation: Typical forensic analysis includes a manual review of material on the media, reviewing the Windows registry for suspect information, discovering and cracking passwords, keyword searches for topics related to the crime, and extracting e-mail and pictures for review. [//[|citation needed]//]
 * [|EnCase]
 * [|FTK]
 * [|PTK Forensics]
 * [|The Sleuth Kit]
 * [|The Coroner's Toolkit]
 * [|COFEE]
 * [|Selective file dumper]

[[|edit]] Certifications
There are several computer forensics certifications available. Many state laws in the United States require computer forensic expert witnesses to have a professional certification or a private investigator's license. [//[|citation needed]//]

[[|edit]] Common certifications
=**proxy server**= is a [|server] (a computer system or an application program) that acts as an intermediary for requests from [|clients] seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource, available from a different server. The proxy server evaluates the request according to its filtering rules. For example, it may filter traffic by [|IP address] or [|protocol]. If the request is validated by the filter, the proxy provides the resource by connecting to the relevant server and requesting the service on behalf of the client. A proxy server may optionally alter the client's request or the server's response, and sometimes it may serve the request without contacting the specified server. In this case, it '[|caches]' responses from the remote server, and returns subsequent requests for the same content directly. A proxy server has a large variety of potential purposes, including: A proxy server that passes requests and replies unmodified is usually called a [|gateway] or sometimes //tunneling proxy//. A proxy server can be placed in the user's local computer or at various points between the user and the destination servers on the Internet. A [|reverse proxy] is (usually) an Internet-facing proxy used as a front-end to control and protect access to a server on a private network, commonly also performing tasks such as load-balancing, authentication, decryption or caching.
 * The GIAC Certified Forensic Analyst (GCFA) certification from the [|Global Information Assurance Certification] organization.[|[][|12][|]] There are currently over 2100 GCFA certified individuals.[|[][|13][|]]
 * The Certified Computer Examiner (CCE) certification governed by the [|International Society of Forensic Computer Examiners]. Presently there are over 1000 active CCEs representing 28 different countries
 * To keep machines behind it anonymous (mainly for [|security]).[|[][|1][|]]
 * To speed up access to resources (using caching). Web proxies are commonly used to [|cache] web pages from a web server.[|[][|2][|]]
 * To apply access policy to network services or content, e.g. to block undesired sites.
 * To log / audit usage, i.e. to provide company employee Internet usage reporting.
 * To bypass security/ parental controls.
 * To scan transmitted content for malware before delivery.
 * To scan outbound content, e.g., for data leak protection.
 * To circumvent regional restrictions.



=TELNET= Telnet was developed in 1969 beginning with [|RFC 15], extended in [|RFC 854], and standardized as [|Internet Engineering Task Force] (IETF) Internet Standard [|STD 8], one of the first Internet standards. Historically, Telnet provided access to a [|command-line interface] (usually, of an [|operating system]) on a remote host. Most network equipment and [|operating systems] with a [|TCP/IP stack] support a Telnet service for remote configuration (including systems based on [|Windows NT]). Because of security issues with Telnet, its use for this purpose has waned in favor of [|SSH]. The term //telnet// may also refer to the software that implements the client part of the protocol. Telnet client applications are available for virtually all [|computer platforms]. //Telnet// is also used as a [|verb]. //To telnet// means to establish a connection with the Telnet protocol, either with command line client or with a programmatic interface. For example, a common directive might be: "//To change your password, telnet to the server, login and run the [|passwd] command.//" Most often, a user will be //telnetting// to a [|Unix-like] server system or a network device (such as a router) and obtain a login prompt to a command line text interface or a character-based full-screen manager.
 * Telnet** is a [|network protocol] used on the [|Internet] or [|local area networks] to provide a bidirectional interactive text-oriented communications facility via a virtual [|terminal] connection. User data is interspersed in-band with Telnet control information in an 8-bit [|byte oriented] data connection over the [|Transmission Control Protocol] (TCP).

=**Biometrics**= comprises methods for uniquely recognizing humans based upon one or more [|intrinsic] physical or behavioral [|traits]. In [|computer science], in particular, biometrics is used as a form of [|identity access management] and [|access control]. It is also used to identify individuals in groups that are under [|surveillance]. Biometric characteristics can be divided in two main classes [//[|citation needed]//] : Strictly speaking, //voice// is also a physiological trait because every person has a different [|vocal tract], but voice recognition is mainly based on the study of the way a person speaks, commonly classified as behavioral =**Port Address Translation (PAT)**= is a feature of a [|network] device that translates [|TCP] or [|UDP] communications made between hosts on a private network and hosts on a public network. It allows a single public [|IP address] to be used by many hosts on a private network, which is usually a Local Area Network or [|LAN]. A PAT device transparently modifies IP [|packets] as they pass through it. The modifications make all the packets which it sends to the public network from the multiple hosts on the private network appear to originate from a single [|host], (the PAT device) on the public network.
 * **Physiological** are related to the shape of the body. Examples include, but are not limited to [|fingerprint], [|face recognition], [|DNA], [|Palm print], hand geometry, [|iris recognition], which has largely replaced [|retina], and odour/scent.
 * **Behavioral** are related to the behavior of a person. Examples include, but are not limited to [|typing rhythm], [|gait], and [|voice]. Some researchers[|[][|1][|]] have coined the term **behaviometrics** for this class of biometrics.

Relationship between NAT and PAT
PAT is a subset of NAT, and is closely related to the concept of [|Network Address Translation]. PAT is also known as NAT Overload. In PAT there is generally only one publicly exposed IP address and multiple private hosts connecting through the exposed address. Incoming packets from the public network are routed to their destinations on the private network by reference to a table held within the PAT device which keeps track of public and private port pairs. In PAT, both the sender's private [|IP] and port number are modified; the PAT device chooses the port numbers which will be seen by hosts on the public network. In this way, PAT operates at layer 3 (network) and 4 (transport) of the [|OSI model], whereas basic NAT only operates at layer 3.

An Analogy of PAT
A PAT device is similar to the receptionist at an office that has one public telephone number. Outbound phone calls made from the office all appear to come from the same telephone number. However, incoming calls have to be transferred to the correct private extension by an operator asking the caller who they'd like to speak with; private extensions cannot be dialed directly from outside.

Examples of PAT
A host at IP address 192.168.0.2 on the private network may ask for a connection to a remote host on the public network. The initial packet is given the address 192.168.0.2:15345. The PAT device (which we assume has a public IP of 1.2.3.4) may arbitrarily translate this source address:port pair to 1.2.3.4:16529, making an entry in its internal table that port 16529 being used for a connection by 192.168.0.2 on the private network. When a packet is received from the public network by the PAT device for address 1.2.3.4:16529 the packet is forwarded to 192.168.0.2:15345.

[[|edit]] Advantages of PAT
In addition to the advantages provided by NAT:
 * PAT allows many internal hosts to share a single external IP address.
 * Users who do not require support for inbound connections [|do not consume public IP addresses].

[[|edit]] Disadvantages of PAT

 * Scalability - An implementation that only tracks ports can be quickly depleted by internal applications that use multiple simultaneous connections (such as an [|HTTP] request for a web page with many embedded objects). This problem can be mitigated by tracking the destination IP address in addition to the port (thus sharing a single local port with many remote hosts), at the expense of implementation complexity and CPU/memory resources of the translation device.
 * Firewall complexity - Because the internal addresses are all disguised behind one publicly-accessible address, it is impossible for external hosts to initiate a connection to a particular internal host without special configuration on the firewall to forward connections to a particular port. Applications such as [|VOIP], [|videoconferencing], and other peer-to-peer applications must use [|NAT traversal] techniques to function.

=HONEY POT= In computer terminology, a **honeypot** is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a [|computer], data, or a network site that appears to be part of a [|network], but is actually isolated, (un)protected, and monitored, and which seems to contain information or a resource of value to attackers. A honeypot is valuable as a surveillance and early-warning tool. While it is often a computer, a honeypot can take other forms, such as files or data records, or even unused [|IP address] space. A honeypot that masquerades as an [|open proxy] to monitor and record those using the system is a sugarcane. Honeypots should have no production value, and hence should not see any legitimate traffic or activity. Whatever they capture is therefore malicious or unauthorized. One practical application of this is a honeypot that thwarts [|spam] by masquerading as a type of system abused by spammers. These honeypots categorize trapped material 100% accurately: it is all illicit. Honeypots can carry risks to a network, and must be handled with care. If they are not properly walled off, an attacker can use them to break into a system. =DMZ ZONES GREEN YELLOW RED= In [|computer security], a **DMZ**, or **demilitarized zone** is a physical or logical [|subnetwork] that contains and exposes an organization's external services to a larger untrusted network, usually the Internet. The term is normally referred to as a **DMZ** by information technology professionals. It is sometimes referred to as a **perimeter network**. The purpose of a DMZ is to add an additional layer of security to an organization's [|local area network] (LAN); an external attacker only has access to equipment in the DMZ, rather than any other part of the network.

Dual firewalls
A more secure approach is to use two firewalls to create a DMZ. The first firewall (also called the "front-end" firewall) must be configured to allow traffic destined to the DMZ only. The second firewall (also called "back-end" firewall) allows only traffic from the DMZ to the internal network. The first firewall handles a much larger amount of traffic than the second firewall. Some recommend that the two firewalls be provided by two different vendors. If an attacker manages to break through the first firewall, it will take more time to break through the second one if it is made by a different vendor. (This architecture is, of course, more costly.) The practice of using different firewalls from different vendors is sometimes described as either "[|defense in depth]" or (from an opposing viewpoint) "[|security through obscurity]". = = =A **rainbow table**= is a [|lookup table] offering a [|time-memory tradeoff] used in recovering the [|plaintext] [|password] from a password hash generated by a [|hash function], often a [|cryptographic hash function]. A common application is to make attacks against hashed passwords feasible. A [|salt] is often employed with hashed passwords to make this attack more difficult, often infeasible. Rainbow tables are a refinement of an earlier, simpler algorithm by [|Martin Hellman][|[][|1][|]] that used the inversion of hashes by looking up precomputed hash chains.

Rainbow tables
Rainbow tables effectively solve the problem of collisions with ordinary hash chains by replacing the single reduction function R with a sequence of related reduction functions R1 through R//k//. This way, in order for two chains to collide and merge, they must hit the same value //on the same iteration//. Consequently, the final values in each chain will be identical. A final postprocessing pass can sort the chains in the table and remove any "duplicate" chains that have the same final value as other chains. New chains are then generated to fill out the table. These chains are not //collision-free// (they may overlap briefly) but they will not merge, drastically reducing the overall number of collisions. This changes how lookup is done: because the hash value of interest may be found at any location in the chain, it's necessary to generate //k// different chains. The first chain assumes the hash value is in the last hash position and just applies R//k//; the next chain assumes the hash value is in the second-to-last hash position and applies R//k//−1, then H, then R//k//; and so on until the last chain, which applies all the reduction functions, alternating with H. This creates a new way of producing a false alarm: if we "guess" the position of the hash value wrong, we may needlessly evaluate a chain. Although rainbow tables have to follow more chains, they make up for this by having fewer tables: simple hash chain tables cannot grow beyond a certain size without rapidly becoming inefficient due to merging chains; to deal with this, they maintain multiple tables, and each lookup must search through each table. Rainbow tables can achieve similar performance with tables that are //k// times larger, allowing them to perform a factor of //k// fewer lookups.

Example
We have a hash (//re3xes//) and we want to find one password that produces that hash.
 * 1) Starting from the hash ("re3xes"), one computes the last reduction used in the table and checks whether the password appears in the last column of the table (step 1).
 * 2) If the test fails (//rambo// doesn't appear in the table), one computes a chain with the two last reductions (these two reductions are represented at step 2) Note: If this new test fails again, one continues with 3 reductions, 4 reductions, etc. until the password is found. If no chain contains the password, then the attack has failed.
 * 3) If this test is positive (step 3, //linux23// appears at the end of the chain and in the table), the password is retrieved at the beginning of the chain that produces //linux23//. Here we find //passwd// at the beginning of the corresponding chain stored in the table.
 * 4) At this point (step 4), one generates a chain and compares at each iteration the hash with the target hash. The test is valid and we find the hash //re3xes// in the chain. The current password (//culture//) is the one that produced the whole chain: the attack is successful

=**virtual private network** (**VPN**)= is a [|computer network] that uses a public telecommunication infrastructure such as the [|Internet] to provide remote offices or individual users with secure access to their organization's network. It aims to avoid an expensive system of owned or leased lines that can be used by only one organization. It [|encapsulates] [|data transfers] between two or more [|networked devices] which are not on the same [|private network] so as to keep the transferred data private from other devices on one or more intervening [|local] or [|wide area networks]. There are many different classifications, implementations, and uses for VPNs. =**Dynamic-link library**= (also written without the hyphen), or **DLL**, is [|Microsoft]'s implementation of the [|shared library] concept in the [|Microsoft Windows] and [|OS/2] [|operating systems]. These libraries usually have the [|file extension], (for libraries containing [|ActiveX] controls), or  (for legacy [|system drivers]). The file formats for DLLs are the same as for Windows [|EXE] files — that is, [|Portable Executable] (PE) for [|32-bit] and [|64-bit] Windows, and [|New Executable] (NE) for [|16-bit] Windows. As with EXEs, DLLs can contain [|code], [|data], and [|resources], in any combination. In the broader sense of the term, any data [|file] with the same [|file format] can be called a //resource DLL//. Examples of such DLLs include //[|icon] libraries//, sometimes having the extension, and [|font] files, having the extensions and

=**Public Key Infrastructure** (**PKI**)= is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates.[|[][|1][|]] In [|cryptography], a **PKI** is an arrangement that binds [|public keys] with respective user identities by means of a [|certificate authority] (**CA**). The user identity must be unique within each CA domain. The binding is established through the registration and issuance process, which, depending on the level of assurance the binding has, may be carried out by software at a CA, or under human supervision. The PKI role that assures this binding is called the Registration Authority (**RA**). For each user, the user identity, the public key, their binding, validity conditions and other attributes are made unforgetable in [|public key certificates] issued by the CA. The term [|trusted third party] (**TTP**) may also be used for [|certificate authority] (**CA**). The term PKI is sometimes erroneously used to denote [|public key algorithms], which do not require the use of a CA.

= = =The **Data Encryption Standard** (**DES**= ) is a [|block cipher] (a form of [|shared secret] [|encryption]) that was selected by the [|National Bureau of Standards] as an official [|Federal Information Processing Standard] (FIPS) for the [|United States] in 1976 and which has subsequently enjoyed widespread use internationally. It is based on a [|symmetric-key algorithm] that uses a 56-bit key. The [|algorithm] was initially controversial with [|classified] design elements, a relatively short [|key length], and suspicions about a [|National Security Agency] (NSA) [|backdoor]. DES consequently came under intense academic scrutiny which motivated the modern understanding of [|block ciphers] and their [|cryptanalysis]. DES is now considered to be insecure for many applications. This is chiefly due to the 56-bit key size being too small; in January, 1999, [|distributed.net] and the [|Electronic Frontier Foundation] collaborated to publicly break a DES key in 22 hours and 15 minutes (see [|chronology]). There are also some analytical results which demonstrate theoretical weaknesses in the cipher, although they are infeasible to mount in practice. The algorithm is believed to be practically secure in the form of [|Triple DES], although there are theoretical attacks. In recent years, the cipher has been superseded by the [|Advanced Encryption Standard] (AES). Furthermore, DES has been withdrawn as a standard by the [|National Institute of Standards and Technology] (formerly the National Bureau of Standards).

=Pretty Good Privacy (PGP)= is a [|data encryption] and decryption [|computer program] that provides [|cryptographic] [|privacy] and [|authentication] for data communication. PGP is often used for signing, encrypting and decrypting e-mails to increase the security of e-mail communications. It was created by [|Philip Zimmermann] in 1991. PGP and similar products follow the [|OpenPGP] standard ([|RFC 4880]) for encrypting and decrypting data.

How PGP encryption works
PGP [|encryption] uses a serial combination of [|hashing], [|data compression], [|symmetric-key cryptography], and, finally, [|public-key cryptography]; each step uses one of several supported [|algorithms]. Each public key is bound to a user name and/or an [|e-mail] address. The first version of this system was generally known as a [|web of trust] to contrast with the [|X.509] system which uses a hierarchical approach based on [|certificate authority] and which was added to PGP implementations later. Current versions of PGP encryption include both options through an automated key management server.

=**ciphertext**= is the result of the process (known as [|encryption]) of transforming [|information] (referred to as [|plaintext]) using an algorithm (called [|cipher]) to make it unreadable [|[][|1][|]] to anyone except those possessing special knowledge, usually referred to as a [|key]. This result is also known as **encrypted** information. The process to read ciphertext is known as [|decryption].

Key storage
However distributed, symmetric keys must be stored securely to maintain communications security. There are various techniques in use to assist with this. Likely the most common is that an encryption application manages keys for the user and depends on an access password to control use of the key. It is rare to use keys in 'raw' form, that is as a string of bits, most probably because such strings often generate mistakes when handled by humans.

=CIPHER= n [|cryptography], a **cipher** (or **cypher**) is an [|algorithm] for performing [|encryption] or [|decryption] — a series of well-defined steps that can be followed as a procedure. An alternative, less common term is **encipherment**. In non-technical usage, a “cipher” is the same thing as a “[|code]”; however, the concepts are distinct in cryptography. In [|classical cryptography], ciphers were distinguished from codes. Codes operated by substituting according to a large [|codebook] which linked a random string of characters or numbers to a word or phrase. For example, “UQJHSE” could be the code for “Proceed to the following coordinates”. When using a cipher the original information is known as [|plaintext], and the encrypted form as **[|ciphertext]**. The ciphertext message contains all the information of the plaintext message, but is not in a format readable by a human or computer without the proper mechanism to decrypt it; it should resemble random gibberish to those not intended to read it. The operation of a cipher usually depends on a piece of auxiliary information, called a [|key] or, in traditional [|NSA] parlance, a **cryptovariable.** The encrypting procedure is varied depending on the key, which changes the detailed operation of the algorithm. A key must be selected before using a cipher to encrypt a message. Without knowledge of the key, it should be difficult, if not nearly impossible, to decrypt the resulting ciphertext into readable plaintext. =SNIFFER= A **packet analyzer** (also known as a **network analyzer**, **protocol analyzer** or **sniffer**, or for particular types of [|networks], an **Ethernet sniffer** or **wireless sniffer**) is a [|computer program] or a piece of [|computer hardware] that can [|intercept] and log traffic passing over a digital [|network] or part of a network.[|[][|1][|]] As [|data streams] flow across the network, the sniffer captures each [|packet] and, if needed, [|decodes] and analyzes its content according to the appropriate [|RFC] or other specifications.

Capabilities
On wired [|broadcast] [|LANs], depending on the network structure ([|hub] or [|switch]), one can capture traffic on all or just parts of the network from a single machine within the network; however, there are some methods to avoid traffic narrowing by switches to gain access to traffic from other systems on the network (e.g. [|ARP spoofing]). For [|network monitoring] purposes it may also be desirable to monitor all data packets in a LAN by using a network switch with a so-called //monitoring port//, whose purpose is to mirror all packets passing through all ports of the switch when systems (computers) are connected to a switch port. On [|wireless LANs], one can capture traffic on a particular channel. On wired broadcast and wireless LANs, to capture traffic other than [|unicast] traffic sent to the machine running the sniffer software, [|multicast] traffic sent to a multicast group to which that machine is listening, and [|broadcast] traffic, the [|network adapter] being used to capture the traffic must be put into [|promiscuous mode]; some sniffers support this, others don't. On wireless LANs, even if the adapter is in promiscuous mode, packets not for the [|service set] for which the adapter is configured will usually be ignored. To see those packets, the adapter must be in [|monitor mode]. The captured information is decoded from raw digital form into a [|human-readable] format that permits users of the protocol analyzer to easily review the exchanged information. Protocol analyzers vary in their abilities to display data in multiple views, automatically detect errors, determine the root causes of errors, generate timing diagrams, etc. Some protocol analyzers can also generate traffic and thus act as the reference device; these can act as protocol testers. Such testers generate protocol-correct traffic for functional testing, and may also have the ability to deliberately introduce errors to test for the DUT's ability to deal with error conditions.

The versatility of packet sniffers means they can be used to:
 * Analyze network problems
 * Detect [|network intrusion] attempts
 * Detect network misuse by internal and external users
 * Documenting regulatory compliance through logging all perimeter and endpoint traffic
 * Gain information for effecting a network intrusion
 * Isolate exploited systems
 * Monitor WAN bandwidth utilization
 * Monitor network usage (including internal and external users and systems)
 * Monitor data-in-motion
 * Monitor WAN and endpoint security status
 * Gather and report network statistics
 * Filter suspect content from network traffic
 * Serve as primary data source for day-to-day network monitoring and management
 * Spy on other network users and collect sensitive information such as passwords (depending on any content [|encryption] methods which may be in use)
 * [|Reverse engineer] [|proprietary protocols] used over the network
 * Debug client/server communications
 * Debug network protocol implementations
 * Verify adds, moves and changes
 * Verify internal control system effectiveness (firewalls, access control, Web filter, Spam filter, proxy)

=**TrueCrypt**= is a [|software application] used for [|on-the-fly encryption] (OTFE). It is distributed without cost and the source code is available. It can create a virtual encrypted disk within a file or encrypt a [|partition] or (under [|MS Windows] except [|Windows 2000]) the entire [|storage device] ([|pre-boot authentication]). =**Symmetric-key algorithms**= are a class of [|algorithms] for [|cryptography] that use trivially related, often identical, [|cryptographic keys] for both decryption and encryption etc. The encryption key is trivially related to the decryption key, in that they may be identical or there is a simple transformation to go between the two keys. The keys, in practice, represent a [|shared secret] between two or more parties that can be used to maintain a private information link. Other terms for symmetric-key encryption are **secret-key**, **single-key**, **shared-key**, **one-key**, and **private-key** encryption. Use of the last and first terms can create ambiguity with similar terminology used in [|public-key cryptography].

Types of symmetric-key algorithms
Symmetric-key algorithms can be divided into [|stream ciphers] and [|block ciphers]. Stream ciphers encrypt the bytes of the message one at a time, and block ciphers take a number of bytes and encrypt them as a single unit. Blocks of 64 bits have been commonly used; the [|Advanced Encryption Standard] algorithm approved by [|NIST] in December 2001 uses 128-bit blocks.now we are using 256 bit block .. Some examples of popular and well-respected symmetric algorithms include [|Twofish], [|Serpent], [|AES] ([|Rijndael]), [|Blowfish], [|CAST5], [|RC4], [|TDES], and [|IDEA]

=**Hardware**= is a general term for the [|physical] [|artifacts] of a [|technology]. It may also mean the physical [|components] of a [|computer system], in the form of [|computer hardware]. Hardware historically meant the metal parts and fittings that were used to make wooden products stronger, more functional, longer lasting and easier to fabricate or assemble. [//[|citation needed]//] Modern [|hardware stores] typically sell equipment such as [|keys], [|locks], [|hinges], [|latches], [|corners], [|handles], [|wire], chains, [|plumbing] supplies, [|tools], [|utensils], [|cutlery] and [|machine] parts, especially when they are made of [|metal] hardwired dr-hughes-wiki spaces
 * (1)** Electronic circuitry that is designed to perform a specific task. See hard coded.
 * (2)** Devices that are closely or tightly coupled. For example, a hardwired terminal is directly connected to a computer without going through a switched network.
 * (3)** Refers to fixed placement; for example, text and graphics that never change their location on a page. A "hardwired banner" is a banner ad that is not dynamically rotated with different page views.