This section contains terms from both hackers and security professionals. To truly understand computer security, you must be familiar with both worlds. General networking terms are also included in this Glossary.
admin: Short for system administrator.
adware: Software that is used to display advertisements.
AES: Advanced Encryption Standard; a symmetric cipher that uses 128-, 192-, or 256-bit keys.
APT: Advanced persistent threat; an attack that takes place over a long period of time using multiple, advanced techniques.
audit: A check of a system’s security. This check usually includes a review of documents, procedures, and system configurations.
authentication: The process of proving that someone is who he claims to be.
backdoor: A hole in a security system that is deliberately left by the creator of the system.
bid shielding: Hiding an item from other bidders by putting a fake but very high bid on it to discourage other bidders.
bid siphoning: Attempting to lure bidders from a legitimate site to a site that may be used for malicious purposes, such as phishing.
black hat hacker: Someone who uses hacking skills for malicious and illegal purposes.
BlowFish: A well-known symmetric key encryption algorithm that uses a variable-length key and was invented by Bruce Schneier.
blue team: The defensive team in a penetration testing exercise.
braindump: The act of telling someone everything one knows.
breach: To successfully break into a system; to breach the security.
brute force: To try to crack a password by simply trying every possible combination.
bug: A flaw in a system.
Caesar cipher: One of the oldest encryption algorithms. It uses a basic mono-alphabetic cipher.
CHAP: Challenge Handshake Authentication Protocol; a commonly used authentication protocol.
CIA triangle: A common security acronym for confidentiality, integrity, and accessibility.
cipher: Synonym for cryptographic algorithm.
cipher text: Encrypted text.
code: The source code for a program; or the act of programming, as in “to code an algorithm.”
codegrinder: An unflattering reference to one who works in an uncreative corporate programming environment.
cookie: A small bit of data, often in plain text, that is stored by web browsers.
cracker: One who breaks into a system in order to do something malicious, illegal, or harmful. Synonymous with black hat hacker.
cracking: Breaking into a system or code.
crash: A sudden and unintended failure, as in “My computer crashed.”
cryptography: The study of encryption and decryption.
cyber fraud: Using the Internet to defraud someone.
cyber stalking: Using the Internet to harass someone.
DDoS: Distributed denial of service; a type of denial of service attack launched from multiple source locations.
demigod: A hacker with years of experience who has a national or international reputation.
DES: Data Encryption Standard; a block cipher that was developed in the 1970s. It uses a 56-bit key on 64-bit blocks. It is no longer considered secure enough.
Diffie-Hellman: An asymmetric protocol used for key exchange.
DoS: Denial of service; a type of attack that prevents legitimate users from accessing a resource. This is usually done by overloading the target system with more workload than it can handle.
elliptic curve: A class of algorithms that provide asymmetric encryption.
Encrypting File System: Also known as EFS, Microsoft’s file system that allows users to encrypt individual files. It was introduced in Windows 2000.
encryption: The act of encrypting a message. Encryption usually involves altering a message so that it cannot be read without the key and the decryption algorithm.
espionage: Illicitly gathering information, usually from a government or corporate source.
ethical hacker: One who hacks into systems to accomplish some goal that he feels is ethically valid. Often called a penetration tester.
firewall: A device or software that provides a barrier between your machine or network and the rest of the world.
gray hat hacker: A hacker who usually obeys the law but in some instances will cross the line into black hat hacking.
hacker: One who tries to learn about a system by examining it in detail by reverse engineering.
hash: An algorithm that takes variable length input and produces fixed-length output and is not reversible.
honey pot: A system or server designed to be very appealing to hackers, when in fact it is a trap to catch them.
hub: A device for connecting computers.
IKE: Internet Key Exchange; a method for managing the exchange of encryption keys.
information warfare: Attempts to influence political or military outcomes via information manipulation.
intrusion detection system (IDS): A system for detecting attempted intrusions.
IP: Internet Protocol; one of the primary protocols used in networking.
IPsec: Internet Protocol Security; a method used to secure VPNs.
IP spoofing: Making packets seem to come from a different IP address than they really originated from.
key logger: Software that logs keystrokes on a computer.
MAC address: The physical address of a network card. It is a 6-byte hexadecimal number. The first 3 bytes define the vendor.
malware: Any software that has a malicious purpose, such as a virus or a Trojan horse.
MD5: Message Digest 5; a cryptographic hashing algorithm.
MS-CHAP: A Microsoft extension to CHAP.
multi-alphabet substitutions: Encryption methods that use more than one substitution alphabet.
NIC: Network interface card.
packet filter firewall: A firewall that scans incoming packets and either allows them to pass or rejects them. It only examines the header, not the data, and does not consider the context of the data communication.
penetration testing: Assessing the security of a system by attempting to break into the system. Penetration testing is the activity of most penetration testers.
phreaker: Someone who hacks into phone systems.
port scan: Sequentially pinging ports to see which ones are active.
PPP: Point-to-Point Protocol; a somewhat old connection protocol.
PPTP: Point-to-Point Tunneling Protocol; an extension to PPP for VPNs.
proxy server: A device that hides internal IP addresses and presents a single IP address to the outside world.
red team: A penetration testing team that is emulating a specific type of attacker.
router: A device that connects two networks.
RSA: A public key encryption method developed in 1977 by three mathematicians: Ron Rivest, Adi Shamir, and Leonard Adleman. The name RSA is derived from the first letter of each mathematician’s last name.
RST cookie: A simple method for alleviating the danger of certain types of DoS attacks.
script kiddy (or kiddie): A slang term for an unskilled person who purports to be a skilled hacker.
SHA: Secure Hashing Algorithm; a cryptographic hash that has several versions: SHA1, SHA2 (with variations), and SHA3.
smurf: A specific type of distributed denial of service attack.
sneaker: Someone who is attempting to compromise a system in order to assess its vulnerability. This is an old term; most people use the term penetration tester today.
sniffer: A program that captures data as it travels across a network. Also called a packet sniffer.
snort: A widely used open source intrusion detection system.
social engineering: The use of persuasion on human users in order to gain information required to access a system.
SPAP: Shiva Password Authentication Protocol; a proprietary version of PAP that basically adds encryption to PAP.
spoofing: Pretending to be something else, as when a packet might spoof another return IP address (as in the smurf attack) or when a website is spoofing a well known e-commerce site.
spyware: Software that monitors computer use.
stack tweaking: A complex method for protecting a system against DoS attacks. This method involves reconfiguring the operating system to handle connections differently.
stateful packet inspection: A type of firewall that not only examines packets but knows the context within which the packet was sent.
symmetric key system: An encryption method where the same key is used to encrypt and decrypt the message.
SYN cookie: A method for ameliorating the dangers of SYN floods.
SYN flood: Sending a stream of SYN packets (requests for connection) and then never responding, thus leaving the connection half open.
tribal flood network: A tool used to execute DDoS attacks.
Trin00: A tool used to execute DDoS attacks.
Trojan horse: Software that appears to have a valid and benign purpose but really has another, nefarious purpose.
virus: Software that is self-replicating and spreads like a biological virus.
war-dialing: Dialing phones waiting for a computer to pick up. War-dialing is usually done via some automated system.
war-driving: Driving and scanning for wireless networks that can be compromised.
white hat hacker: A hacker who does not break the law; often synonymous with ethical hacker.
worm: A virus that can spread without human intervention.