| P2P (Peer-2-Peer) | Protocol which allows sharing of files over internet by direct contact between
two or more computers (a server is not required). |
| Packet | The basic building block for communications on the Internet, a packet is a block of data sent over a network. It includes the identities of the sending and receiving stations, error-control information, and a message. |
| PalmOS.Family.Variant | PalmOS Virus (viruses designed for PalmOS) |
| Password | A security device consisting of a protected/private string of characters known only to the authorized user/s and the system. It is used to authenticate the authorised user of a computer or data file. |
| Password aging | Password aging is the process of forcing a user to change (or maintain) his or her password after, or for, a specified period of time. In Unix it is effected by the inclusion of password aging data after the user's password in the password field of the password file, separated from the password itself by a comma (,). |
| Password attacks | A password attack is an attempt to obtain or decrypt the legitimate user's password key into the system. Readily available password dictionaries, cracking programs, and password sniffers combine to make passwords very vulnerable.
It is still surprisingly easy to obtain users' passwords. Very often they can be guessed. Very often they can be found (written on a postit stuck underneath the keyboard, for example). And very often they are insufficiently protected by the operating system itself.
There is no defense against password attacks other than using a strong password policy that includes a minimum length, unrecognizable words, and frequent changes. |
| Password sniffing | The use of a sniffer to capture passwords as they pass across a network. The network could be a local area network, or the Internet itself. And the sniffer could be hardware (if the attacker has physical access to the network) or software (in which case all that is required is the ability to compromise a server). A favourite method for 'installing' a password sniffer onto a local area network would be through the use of a Trojan Horse.
Once a LAN has been compromised, it is very difficult to detect the sniffer. The LAN is likely to be Ethernet - in which case the attacker ensures that the compromised server is placed into 'promiscuous' mode (that is, able to receive all the packets on the network rather than those specifically addressed to it). When the sniffer sees a packet that fits certain criteria, it logs it to a file. The most common criteria for an interesting packet is one that contains words like “login” or “password”.
But the sniffer itself is passive. It doesn't change anything: it just listens and logs, allowing the attacker to analyse the logs later. Since it doesn't change anything, it is difficult to detect. But the log itself could grow very large - so the detection of such logs could demonstrate the existence of a sniffer.
During 1998 a password sniffing program was 'delivered' in a shareware package that many users downloaded from the Internet. The apparently useful program acted as a Trojan Horse that also installed the sniffer. The sniffer then, apparently, 'sniffed' many thousands of passwords and credit card numbers that it automatically and surreptitiously e-mailed back to the attacker.
There is no surefire defence against sniffers. Only constant vigilence - and encryption. You must ensure that your password never traverses a network unencrypted; and that it is frequently changed. |
| Patch | A patch is a band-aid produced by a software vendor to heal a wound or vulnerability in its software. |
| Payload | A malicios action performed by the virus, triggered by a specific event (date, time, etc) |
| Penetration | The successful violation of a protected system.
The Internet Society defines it as: Successful, repeatable, unauthorized access to a protected system resource. However, the fact that a vulnerability is closed, making that particular penetration no longer repeatable, does not to my mind make the earlier successful unauthorized access suddenly not a penetration. |
| Perl.Family.Variant | Perl Script Virus (viruses which infect Pearl scripts) |
| Personal Firewall | A personal firewall is a firewall designed for an individual PC - usually, but not necessarily, a home computer. Its purpose is to stop hackers gaining access to the computer from the Internet. A personal firewall should also be able to prevent installed Trojans or spyware from secretly 'mailing home'.
Home computers are increasingly attractive targets as
* users start to store more and more of their personal and financial information on their PC
* broadband always-on Internet access (DSL) becomes more widespread.
'Always-on' tends to use static IP addresses rather than the dynamic addresses used by dial-up access. It gives hackers more time to scan and penetrate home computers.
A personal firewall should be considered desirable for anybody accessing the Internet - and essential for anybody with always-on access.
There is also an argument for using personal firewalls in the enterprise. They provide additional desktop security within the perimeter. The requirement here is that although the firewall runs locally, it must be controlled centrally. Thus personal firewalls within the enterprise need to be integrated with a centralized policy enforcement system that can prevent the individual users from changing their firewall settings. |
| Pharming | In computer security, this is an attack where an attacker compromises domain name values and redirects many people to the wrong IP for a given domain. Often this is accomplished with DNS poisoning or by modifying the hosts files on peoples' computers. This is a special case of DNS poisoning, and is often the result of malware infections. |
| Phishing | In computing, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from PayPal, eBay, Youtube or online banks are commonly used to lure the unsuspecting. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a website. Phishing is an example of social engineering techniques used to fool users. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.
A phishing technique was described in detail in 1987, and the first recorded use of the term "phishing" was made in 1996. The term is a variant of fishing, probably influenced by phreaking, and alludes to baits used to "catch" financial information and passwords.
An example of a phishing e-mail, disguised as an official e-mail from a (fictional) bank. The sender is attempting to trick the recipient into revealing secure information by "confirming" it at the phisher's website. |
| Phreak | A phreak is a 'phone freak' - a hacker who concentrates his or her knowledge on telephone systems. The origins of phreaking possibly comes from university campuses from the '50s onwards, where the cost of using the telephone system was a major burden. A phreak was a person who found weaknesses in the telephone system in order to gain cheap or free telephone usage.
Lower phone costs and the inability to separate telephones from computers and the Internet mean that the term is now little used and is in decline. |
| Ping of Death | 'Ping of Death' is the name given to a Denial of Service exploit that was widely used in conjunction with the Ping utility. The exploit required the transmission of an illegal packet size; that is, a packet greater than 65536 bytes. This often led to a buffer overflow on the receiving system - with sometimes disastrous and often unpredictable results: system crashes, reboots, kernel dumps and so on.
This exploit was widely used because many different platforms were susceptible, and the attacker only needed to know the system's IP address. Ping was the most common medium, but in reality the problem could be exploited by anything that sends an IP datagram - probably the most fundamental building block of the Internet.
Most platforms now have effective patches and fixes, and the exploit is no longer as dangerous as it was. |
| Port number | A number assigned to a network service listening on a computer system.
Many networking protocols use port numbers (one for each direction in a conversation) as a means to support multiple independent communications streams between two or more systems. Within the TCP and UDP network protocols, for example, port numbers would allow two systems to have many different communications streams simultaneously by using a different port number for each.
Certain port numbers are registered and known as "well known ports" and it is these ports to which we connect to receive a standard service from a server. For example if we wish to connect to a web server we will normally address our request not only to the server's IP address but also to port number 80 which is the well known port for HTTP, the protocol used to deliver the web page. In most applications the user is unaware of port numbers and these are either fixed standard ports or are negotiated by the software. |
| Port scanner | A software utility, used by hackers as well as system testers and software engineers, to determine if a particular TCP service is running on a particular host system. In a typical configuration the port scanner will scan through all of the "well known ports" (port numbers up to 1024) in the TCP protocol, in order to elicit a response from the server. The scanner works on the principle that if the port is open on the server then some form of response will be forthcoming. The method is used to 'enumerate' or list the services running that may be targets for some form of exploitation.
Many firewalls and other security systems will watch for multiple rapid requests from a single host to connect to target ports and will report this suspicious behavior to the system administrator. For this reason a second generation of port scanners known as 'Stealth Scanners' was created. Stealth scanners will attempt to disguise the scan either by conducting it very slowly over a long period of time, or perhaps sending some request other than a connection request in order to confuse the target. |
| Port scanning | The act of sending queries to Internet servers (hosts) in order to obtain information about their services and their level of security (see port scanner). On Internet hosts, there are standard port numbers for each type of service. Port scanning is sometimes performed by hackers and crackers to find out if a network can be compromised.
Many of the so-called 'attacks' detected by personal firewalls are nothing more than automated port scans undertaken by script kiddies to try and locate a server vulnerable to a particular exploit. |
| PP97M.Family.Variant | PowePoint 97 Macro Virus (virus which infects PowerPoint 97 documents) |
| PPP (Point to Point Protocol) | A protocol that allows a computer to use the TCP/IP protocols and be directly connected to the Internet using a standard voice telephone line and a high-speed modem. |
| Protocol | A set of conventions that govern the interaction of processes, devices, and other components within a system. If components manufactured by different vendors use the same protocol, they should be able to communicate with each other. |
| Proxy | A computer process that relays a protocol between client and server systems by appearing to be the client to the server, and appearing to be the server to the client.
Proxies are often used within firewalls to prevent a direct connection from outside of the firewall to a protected system inside the firewall. |
Powered by