> Glossary > Full Story
Level Gateway A firewall system in which service is provided
by processes that maintain complete TCP connection state and
sequencing. Application level firewalls
often re-address traffic so that outgoing traffic appears
to have originated from the firewall, rather than the internal
Bastion Host A system that has been hardened to resist attack
at some critical point of entry, and which is installed on
a network in such a way that it is expected to come under
attack. Bastion hosts are often components of firewalls, or
may be 'outside' Web servers or public access systems. Generally,
a bastion host is running some form of general purpose operating
system (e.g. Unix, VMS, WNT, etc) rather than a ROM-based
or firmware operating system.
Biometrics Access Control Any means of controlling access
through human measurements, such as fingerprinting and voiceprinting.
Data Driven Attack A form of attack in which the attack is
encoded in innocuous-seeming data, which is executed by a
user or other software to implement an attack. In the case
of firewalls, a data driven attack is a concern since it may
get through the fir-firewall in data form and launch an attack
against a system behind the firewall.
Hybrid Gateways An unusual configuration with routers that
maintain the complete state of the TCP/IP connections or examine
the traffic to try to detect and prevent attack (may involve
a bastion host). If very complicated it is difficult to attach,
maintain and audit.
Intrusion Detection Detection of break-ins or break-in
attempts either manually via software expert systems
that operate on logs or other information available on the
IP Sniffing Stealing network addresses by reading the packets.
Harmful data is then sent stamped with internal trusted
IP Spoofing An attack whereby an active, established, session
is intercepted and co-opted by the attacker.
IP Splicing attacks may occur after an authentication has
been made, permitting the attacker to assume the role
of an already authorized user. Primary protections against
IP Splicing rely on encryption at the session or network
Network-Level Firewall A firewall in which traffic is examined
at the network protocol packet level.
Network Worm A program or command file that uses a computer
network as a means for adversely affecting a system's integrity,
reliability or availability. A network worm may attack from
one system to another by establishing a network connection.
It is usually a self-contained program that does not need
to attach itself to a host file to infiltrate network after
Public Key In encryption a two-key system in which the key
used to lock data is made public, so everyone can "lock."
private key is used to unlock or decrypt.
Screening Router A router configured to permit or
deny traffic using filtering techniques; based on a set
of permission rules installed by the administrator.
A component of many firewalls usually used to block traffic
between the network and specific hosts on an IP
Tunneling Router A router or system capable of routing traffic
by encrypting it and encapsulating it for transmission across
an untrusted network, for eventual de-encapsulation and decryption.
Two-Factor Authentication Two-factor authentication is based
on something a user knows (factor one) plus something the
user has (factor two). In order to access a network, the user
must have both "factors". In order to be authenticated
during the challenge/response process, users must have this
specific (private) information.