Security Glossary

• Buffer Overflow: A condition that occurs when a user or process attempts to place more data into a program’s storage buffer in memory and then overwrites the actual program data with instructions that typically provide a shell owned by root on the server. Accounted for more than 50 percent of all major security bugs leading to security advisories published by CERT. Typically associated with set-user-ID root binaries.

• Cryptography: The mathematical science that deals with transforming data to render its meaning unintelligible, prevent its undetected alteration, or prevent its unauthorized use.

• Denial of Service: Occurs when a resource is targeted by an intruder to prevent legitimate users from using that resource. They are a threat to the availability of data to all others trying to use that resource. Range from unplugging the network connection to consuming all the available network bandwidth.

• IP Spoofing: An attack in which one host masquerades as another. This can be used to route data destined for one host to antoher, thereby allowing attackers to intercept data not originally intended for them. It is typically a one-way attack.

• Port Scanning: The process of determining which ports are active on a machine. By probing as many hosts as possible, means to exploit the ones that respond can be developed. It is typically the precursor to an attack.

• Packet Filtering: A method of filtering network traffic as it passes between the firewall’s interfaces at the network level. The network data is then analyzed according to the information available in the data packet, and access is granted or denied based on the firewall security policy. Usually requires an intimate knowledge of how network protocols work.

• Proxy Gateway: Also called Application Gateways, act on behalf of another program. A host with a proxy server installed becomes both a server and a client, and acts as a choke between the final destination and the client. Proxy servers are typically small, carefully-written single-purpose programs that only permit specific services to pass through it. Typically combined with packet filters.

• Set User-ID (setuid) / Set Group-ID (setgid): Files that everyone can execute as either it's owner or group privileges. Typically, you'll find root-owned setuid files, which means that regardless of who executes them, they obtain root permission for the period of time the program is running (or until that program intentionally relinquishes these privileges). These are the types of files that are most often attacked by intruders, because of the potential for obtaining root privileges. Commonly associated with buffer overflows.

• Trojan Horse: A program that masquerades itself as a benign program, when in fact it is not. A program can be modified by a malicious programmer that purports to do something useful, but in fact contains a malicious program containing hidden functions, exploiting the privileges of the user executing it. A modified version of /bin/ps, for example, may be used to hide the presence of other programs running on the system.

• Vulnerability: A condition that has the potential for allowing security to be compromised. Many different types of network and local vulnerabilities exist and are widely known, and frequently occur on computers regardless of their level of network connectivity, processing speed, or profile.