Skip to main content

Linux Security Dictionary of Terms

Sniffing is the process in which all the data packets passing in the network are monitored. Sniffers are usually used by network administrators to monitor and troubleshoot the network traffic.  A synonym for "passive wiretapping."

Spoofing is the process in which an intruder introduces fake traffic and pretends to be someone else (legal source or the legitimate entity). Spoofing is done by sending packets with incorrect source address over the network.

Scavenging is searching through data residue in a system to gain unauthorized knowledge of sensitive data.

Smishing is a combination of the terms "SMS" and "phishing." It is similar to phishing, but refers to fraudulent messages sent over SMS text messaging rather than email.

Vishing refers to phishing attacks that involve the use of voice calls, using either conventional phone systems or Voice over Internet Procotol (VoIP) systems.

SQL Injection is a type of input validation attack specific to database-driven applications where SQL code is inserted into application queries to manipulate the database.

Dnswalk is a DNS (Domain Name System) debugger.

SNMPwalk is an application that repeatedly sends out GetNextRequest to collect information about different OIDs. The application bundles together multiple SNMP commands and lets you collect information from multiple devices without having to type out individual commands for all OIDs.

Many people confuse between a shell and a terminal emulator.  The shell is a program that is responsible for the execution of an instruction and returning the output, while the terminal is responsible to send instructions to the shell

Algorithms act as an exact list of instructions that conduct specified actions step by step in either hardware- or software-based routines.

Hashing is the process of transforming any given key or a string of characters into another value.  Many organizations have been replacing the MD5 hash algorithm with the SHA-1 hash function.

A checksum is a value that represents the number of bits in a transmission message and is used by IT professionals to detect high-level errors.

Penetration testing (or pen testing) is a security exercise where a cyber-security expert attempts to find and exploit vulnerabilities in a computer system or application.

Access Control List (ACL) is a mechanism that implements access control for a system resource by listing the identities of the system entities that are permitted to access the resource.

IP Flood is a denial of service attack that sends a host more echo request ("ping") packets than the protocol implementation can handle.

Backdoor is a tool installed after a compromise to give an attacker easier access to the compromised system around any security mechanisms that are in place.

Block Cipher encrypts one block of data at a time.

Buffer Overflow occurs when a program or process tries to store more data in a buffer than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them.

Cipher is a cryptographic algorithm for encryption and decryption.

Demilitarized Zone (DMZ) or perimeter network is a network area (a subnetwork) that sits between an organization's internal network and an external network, usually the Internet. 

Intrusion Detection System (IDS) gathers and analyzes information from various areas within a computer or a network to identify possible security breaches, which include both intrusions and attacks from within the organization.

A man-in-the-middle attack is a type of cyber attack in which the attacker secretly intercepts and relays messages between two parties who believe they are communicating directly with each other. The attack is a type of eavesdropping in which the attacker intercepts and then controls the entire conversation.

Network Address Translation is the translation of an Internet Protocol address used within one network to a different IP address known within another network. One network is designated the inside network and the other is the outside.

Packet is a piece of a message transmitted over a packet-switching network. One of the key features of a packet is that it contains the destination address in addition to the data.

Password cracking is the process of attempting to guess passwords, given the password file information.

Penetration testing is used to test the external perimeter security of a network or facility.

Pharming is a more sophisticated form of MITM attack where user’s session is redirected to a masquerading website.

Phishing is the use of e-mails that appear to originate from a trusted source to trick a user into entering valid credentials at a fake website. 

Ping Sweep is an attack that sends ICMP echo requests ("pings") to a range of IP addresses, with the goal of finding hosts that can be probed for vulnerabilities.

A port scan is a series of messages sent by someone attempting to break into a computer to learn which computer network services, each associated with a "well-known" port number, the computer provides.

Private Addressing is three address ranges for use by private or non-Internet connected networks.  The reserved address blocks are: 10.0.0.0 to 10.255.255.255 (10/8 prefix) 172.16.0.0 to 172.31.255.255 (172.16/12 prefix) 192.168.0.0 to 192.168.255.255 (192.168/16 prefix).

Proxy Server is a server that acts as an intermediary between a workstation user and the Internet so that the enterprise can ensure security, administrative control, and caching service.

Rootkit is a collection of tools that a hacker uses to mask intrusion and obtain administrator-level access to a computer or computer network.

Separation of Duties is the principle of splitting privileges among multiple individuals or systems.

SYN Flood is a denial of service attack that sends a host more TCP SYN packets (request to synchronize sequence numbers, used when opening a connection) than the protocol implementation can handle.

TCPDump is a freeware protocol analyzer for Unix that can monitor network traffic on a wire.

Traceroute is a tool the maps the route a packet takes from the local machine to a remote destination.