Home > Glossary > Full Story

Terminologies Simplified

Application Level Gateway A firewall system in which service is provided by processes that maintain complete TCP connection state and sequencing. Application level firewalls often re-address traffic so that outgoing traffic appears to have originated from the firewall, rather than the internal host.

Bastion Host A system that has been hardened to resist attack at some critical point of entry, and which is installed on a network in such a way that it is expected to come under attack. Bastion hosts are often components of firewalls, or may be 'outside' Web servers or public access systems. Generally, a bastion host is running some form of general purpose operating system (e.g. Unix, VMS, WNT, etc) rather than a ROM-based or firmware operating system.

Biometrics Access Control Any means of controlling access through human measurements, such as fingerprinting and voiceprinting.

Data Driven Attack A form of attack in which the attack is encoded in innocuous-seeming data, which is executed by a user or other software to implement an attack. In the case of firewalls, a data driven attack is a concern since it may get through the fir-firewall in data form and launch an attack against a system behind the firewall.

Hybrid Gateways An unusual configuration with routers that maintain the complete state of the TCP/IP connections or examine the traffic to try to detect and prevent attack (may involve a bastion host). If very complicated it is difficult to attach, maintain and audit.

Intrusion Detection Detection of break-ins or break-in attempts either manually via software expert systems that operate on logs or other information available on the network.

IP Sniffing Stealing network addresses by reading the packets. Harmful data is then sent stamped with internal trusted addresses.

IP Spoofing An attack whereby an active, established, session is intercepted and co-opted by the attacker.

IP Splicing attacks may occur after an authentication has been made, permitting the attacker to assume the role of an already authorized user. Primary protections against IP Splicing rely on encryption at the session or network layer.

Network-Level Firewall A firewall in which traffic is examined at the network protocol packet level.

Network Worm A program or command file that uses a computer network as a means for adversely affecting a system's integrity, reliability or availability. A network worm may attack from one system to another by establishing a network connection. It is usually a self-contained program that does not need to attach itself to a host file to infiltrate network after network.

Public Key In encryption a two-key system in which the key used to lock data is made public, so everyone can "lock." A second private key is used to unlock or decrypt.

Screening Router A router configured to permit or deny traffic using filtering techniques; based on a set of permission rules installed by the administrator.

A component of many firewalls usually used to block traffic between the network and specific hosts on an IP port level.

Tunneling Router A router or system capable of routing traffic by encrypting it and encapsulating it for transmission across an untrusted network, for eventual de-encapsulation and decryption.

Two-Factor Authentication Two-factor authentication is based on something a user knows (factor one) plus something the user has (factor two). In order to access a network, the user must have both "factors". In order to be authenticated during the challenge/response process, users must have this specific (private) information.