| Captcha | A security technique that ensures that a human has made the transaction online rather than a computer. It is also known as "Automated Turing Tests" and was originally developed at Carnegie Mellon University. Random words or letters are displayed in a distorted fashion so that they can be deciphered by people, but not by software. This usually involves the use of graphic images of characters and numbers. Users are asked to type in what they see on screen to verify human involvement.
The purpose is to prevent bots (software agents) from performing automatic illegitimate transactions. These could include overloading online opinion polls, performing dictionary attacks to find names and passwords and grabbing thousands of free e-mail accounts for sending spam. Captchas can be used to prevent such transactions as they ensure that a real person rather than a bot made the transaction. |
| Checksum | A checksum is a value that is used to check the integrity of data.
Checksums are generated by a function that is dependent upon the the data in question. For security purposes, checksums are generated by one-way hash functions. Once a checksum has been generated, it is either stored with or transmitted with the data in question. The integrity of the data can be checked by generating a new checksum. If the two checksums are identical, then the file has not changed. If the two checksums are different, then the data (or file) in question has been altered.
Checksums are used for three primary purposes within security:
* to confirm that archived data has not been altered since it was archived
* to confirm that a verified virus-free file has not changed and therefore is still virus-free
* to confirm that a transmitted message has not been altered in transit. |
| Cipher | (noun)
A cryptographic algorithm for encrypting and decrypting data.
(verb)
The act of encrypting data with a cryptographic algorithm. |
| Ciphertext | Ciphertext is data that has been scrambled by encryption so that can only become meaningful again by the application of proper decryption; that is, it needs to be deciphered. |
| Ciphertext-only attack | An attack against (that is, an attempt to decrypt) ciphertext when only the ciphertext itself is available (ie, there is no known plaintext associated with the ciphertext). This will almost inevitable require guessing some plaintext that might or will be associated.
The cryptanalyst may also know the cryptographic algorithm being used, and possibly the plaintext language. However, such an attack is rarely successful against a good cryptographic system. |
| Circuit level gateway/firewall | A circuit level gateway is sometimes described as a second generation firewall. It is a fast unrestricted passage through the firewall based on predefined rules maintained in the TCP/IP kernel.
It is basically used for TCP connections. It examines each connection setup to ensure that it follows a legitimate handshake for the transport layer protocol being used. Typically, it would store the following information:
* a unique session identifier (used for tracking purposes)
* the state of the connection; ie, handshake, established, or closing
* sequencing information
* source IP address
* destination IP address
* physical network interface through which the packet arrives
* physical network interface through which the packet leaves
The firewall then checks to see whether the sending computer has permission to send to the destination, and whether the receiving computer has permission to receive from the sender. If the connection is allowed, all associated packets are routed through the firewall with no further security checks.
Advantages
* generally faster than application layer firewalls because they perform fewer evaluations.
* can help protect an entire network by prohibiting connections between specific Internet sources and internal computers.
* can perform NAT to shield internal IP addresses from external users.
Disadvantages
* cannot restrict access to protocol subsets other than TCP
* cannot perform strict security checks on a higher-level protocol
* limited audit abilities, but can typically tie a network data packet to an application layer protocol by building limited forms of session state
* do not offer value-added features, such as HTTP object caching, URL filtering, and authentication because they do not understand the protocols being used
* difficult to test "allow" and "deny" rules. |
| Constructor.Family.Variant | Virus Constructors (virus generating kits) |
| Crack | Crack is a freely available program written by Alec Muffett and designed to find standard Unix eight-character DES encrypted passwords by standard guessing techniques. It is written to be flexible, configurable and fast, and to be able to make use of several networked hosts via the Berkeley rsh program (or similar), where possible. System administrators can use this to ensure that their users are not operating with weak passwords.
Since Crack can be networked, the processing load can be spread across as many computers as are available. |
| Cracker | A cracker is generally considered to be a hacker who has turned to the dark side; that is, a hacker who breaks into other systems with the specific purpose of causing damage or stealing data. Thus a cracker is a computer enthusiast with deep knowledge of systems who uses that knowledge for personal and selfish gain.
The term seems to have been coined in the mid-'80s by hackers who wished to distinguish themselves from those engaged in theft and vandalism. It is therefore a derogatory term. However, we should not imagine that there is an absolutely clear line between hackers and crackers: there are many hackers who once were crackers (perhaps they just grew up); just like there are many security consultants who once were hackers (who perhaps got married, had a family - or mortgage - and found 'responsibility').
Strictly speaking, threats to information security come from crackers, not hackers. Sadly, however, little distinction is now made between the two terms in general usage. |
| Crack.Program.Version | Program crack/patch (programs that register illegally commercial kits) |
Powered by