Algorithm - A list of well-defined instructions for accomplishing some task. In software this is a set of machine instructions designed to perform one or more specific actions.
Anti-Virus - Specialized software designed to examine the contents of network traffic in order to identify components believed to be a virus. This software is searching for specific patterns, called signatures, of data that have been determined to be viruses in the past.
Application-level Packet Inspection - The third improvement to firewall security, which goes beyond both simple packet inspection and stateful packet inspection, is for the firewall to intercept and actively process all the packets as if they were destined for the firewall itself. This type of activity is one in which the firewall is acting as an executive-assistant, or a proxy, for the real application (which is why these filters are like proxy servers). The proxy has the authority to reject some requests directly, while passing others through. The proxy does not allow the outside client to know the actual identity of the real server, because it behaves as if the proxy is the real server. This is much like an executive assistant acting for and protecting a key corporate officer.
Denial of Service (DOS) - This is a malicious attempt to prevent a machine or local network of machines from communicating with the outside world by bombarding the machine or network entry point with meaningless network traffic.
Encryption - This is the process of transforming data/information (called plaintext) to make it unreadable to anyone except someone having the information allowing the transformation to be reversed, termed decryption. The purpose of encryption is to protect the original information so that if it is somehow captured or seen by an unauthorized individual, it would be extremely difficult to extract the plaintext information.
Filtering (email) - The process of removing or marking email though to be undesirable from the in-box automatically before it is presented to a user. This is usually done using a combination of rules and statistical matching processes. The rules remove email based on the sender, specific words in the title or content, or even the computer from which the email was sent. Statistical matching is less precise, but is used to develop a "score" for each email based on the format of the email together with the words used. Emails with a high score (a good match to patterns indicating spam or other undesirable email) can be removed or marked.
Firewall - A software "fence", usually running in a special hardware appliance, that is responsible for preventing unauthorized access to and from the network of computers it is protecting. The firewall provides this protection by preventing un-authorized network packets from entering or leaving the protected network. What constitutes "unauthorized" is determined by a set of rules maintained in the firewall. These rules are created and maintained by the manager(s) and installer(s) of the firewall.
Hardware Appliance - A specialized computer which typically has no display, keyboard, or mouse, and runs special-purpose software to provide specific services. Such a computer starts automatically when the power is applied and performs it service(s) without human intervention required.
Internet Protocol (IP) Address - The number assigned to a specific ethernet connector in a specific device. This number, at least within a viewable network (one in which all devices can see all other devices) must be unique. This number is visually represented as xxx.yyy.zzz.www (termed an octet because it is made up of eight hexadecimal digits) and is referred to as the "IP address" of that connector on that machine. If two or more machines that can directly "see" each other on the network have the same IP address, then neither will be able to communicate reliably with any other machine. An IP address is very much like a street address (including the house/building number) assigned by a post office for regular mail delivery.
Intrusion Detection Service (IDS) - In the most general form, an intrusion is an unwanted and/or unauthorized manipulation of a computer system or network component. This broad definition includes activities from both inside the machine or network, and those from outside. Intrusion detection is any means of recognizing and recording suspected or actual intrusions. An intrusion detection system generally is comprised of software sensors to detect a possible intrusion, a console or other method to alert a responsible individual to a suspected intrusion, and an engine that records all of the sensor and other information gathered about the intrusion.
Malware - This term was coined by combining the words malicious and software. As the name implies, malware is software which is designed to do harm of some type to a computer system without permission from, and sometimes without the knowledge of, the user or administrator of that computer. The term generally includes computer viruses, trojan horses, worms, spyware, and hidden adware.
Packet (network) - A packet is the smallest unit of data transferred on the Ethernet. Packets of some type are central to the technology of "packet-switched" networks, such as the Ethernet. A packet has a well-defined standardized structure which is used to allow Ethernet hardware and software to transmit, route, and receive communications. In the Ethernet protocol, a packet is always sent from an IP address and port number to an IP address and port number (although the destination in some cases can be "broadcast", meaning anyone on the addressed network can receive the packet).
Packet Filtering - Because every Ethernet packet must have an IP address and port number to which it is addressed (its destination) as well as where it originated (its source), the simplest form for firewall protection is to filter out packets based on the source and/or the destination. For example, if I did not want to receive any web-browser packets (because I was not running a web site), then I would tell the firewall to block any packets destined for port 80, regardless of their IP address. I could receive web-browser packets from only a certain machine by blocking all packets destined for port 80 unless the source IP address was 18.104.22.168. Packet filtering is the simplest firewall service requiring the least powerful processor, but is also the weakest type of firewall because it is the least flexible, and thus requires the greatest relaxation of constraints in order for useful work to be supported. It is also the least secure because it is the easiest type of firewall to "fool" into allowing a connection.
Phishing - Phishing is a scam where Internet fraudsters send spam or pop-up messages to lure personal and financial information from unsuspecting victims. (from onguardonline.gov) The idea behind Phishing is that from many contacts a few unsuspecting people will respond to an email or message that appears to be legitimate. For example, an email with a CitiBank return address asking you to log in and change your password due to a suspected break-in to their server, where the email includes a link to click on in order to get to the site. The scam is that the included link actually takes the reader to a false site which mimics the CitiBank site, but records all the information you enter. In some sophisticated attacks, the false site eventually connects to a real CitiBank site, so that the user is not aware of the theft of personal information.
Port - A port in the Ethernet protocol is a designator of a specific line of communication or service over a shared Ethernet pathway. If the IP address of an Ethernet connector is equivalent to its street address, then a port is equivalent to the individual named on the envelope (or sometimes a group, such as the sales departmen). To get to the correct place, an Ethernet packet must specify both the IP address and port for the destination.
Redundant Network Failover - Some firewall devices which are also routers (such as SnapGear and Sidewinder) have the ability to support two external (outside world) connections at the same time, such as a cable modem together with a DSL modem. These devices can be configured so that if one of the modems fails, the firewall/router automatically switches all of the traffic to the remaining good connection. Thus, the user may suffer a slower network connection, but not a total loss of connection. Because the duplicate paths can also be seen from by the external users, they also can still access the internal network, although it may be a slower access.
SOHO - Stands for Small Office/Home Office. These appliances often provide a managed firewall and VPN capabilities. Some provide limited anti-virus by subscription. The better devices offer Stateful Packet Inspection, but not Application Level Packet Inspection.
SPAM - Spam is unwanted and unrequested electronic transmissions, usually in the form of email, but it can include instant messages, voice-mail messages, and faxes. Such messages are often referred to as "junk". Spam messages are normally sent in bulk (millions of messages at a time) in the hope that a small percentage of the targets will actually open, read, and respond to the spam. The ease and low cost of sending such bulk messages has caused spam to become more than 90% of all email traffic.
Spyware - Software that, without either the knowledge or permission of the computer user (typically a single-user personal computer), gathers private information and transmits it to a remote computer/database. The key difference between spyware and trojan horse software is that spyware usually get installed as an un-announced consequence of installing other desired software (often software offered as "free" software, although most free software is legitimate and free from spyware). Another key difference is that Trojan horse software does not install itself to run continuously and restart whenever the computer is booted, whereas spyware tends to become a hidden "service" of the operating system software, and thus is restarted automatically if it is stopped.
Stateful Packet Inspection - The next more effective and secure filtering method beyond simple packet inspection is called stateful packet inspection. For this, not only the destination and source information, but some small portions of the contents of packets are examined. To illustrate what this means, consider that there is a computer outside of my network sending out packets that report the ocean temperature at Carlsbad beach. My firewall could easily block these packets just by adding a rule based on the destination port for these packets. However, if I were interested in obtaining that information, and I program designed to connect to the temperature computer and listen to those packets, then with stateful packet inspection the firewall would automatically allow those temperature packets because my program, from inside the firewall, had initiated the communication. Thus stateful packet inspection automatically adapts to the current activities performed (state of the computers inside the firewall) on a protected computer.
T1 & T3 - These are two telecommunications terms that are used to designate combinations of telephone lines with special modems that are used to provide digital network communications. A T1 line designates a set of 24 voice-grade lines that, in combination, can transmit and receive at a rate of 1.544 megabits per second. T3 is a group of 672 lines that can transmit/receive at a rate of 44.736 megabits per second. The advantage to these technologies is that they are not shared (so no users from other networks using the same wires can reduce your speed) and they offer the same speed both into (download) and from (upload) your network. However, because they require repeaters every few thousand feet (or closer for T3), they are expensive when compared to cable modem and DSL alternatives.
Tokens (software & hardware) - A token, when used in computer networking, is a hardware or software device which is used to authenticate a user attempting to make a connection, such as a VPN connection, or gain access to a computer system. These are most often used as one-time passwords or for digital signatures. Different vendors use different methods, many of which are patented, but the central concept is that the computer or network which is verifying your identify (called authenticating) is periodically generating a new number using the same algorithm (method) as the hardware or software token, and these are tied to some type of clock, so that each device knows what the other is doing. A hardware token is a small device that easily fits in the palm of your hand. A software token is a specialized piece of software that runs on your computer (e.g. your laptop computer) that does the same function, but does not require you to carry an extra device. Regardless of whether they are hardware or software, tokens are effective because they will not repeat the same password number string for many years, thus making it virtually impossible to guess a correct password within the limited time until the token changes the password to a new one.
Trojan Horse - In computer networking a Trojan Horse is a program that is malicious software operating under the guise of doing something else. A Trojan horse differs from a virus in that a Trojan horse does not insert its code into other computer files and appears harmless until executed. The term is a direct reference to the mythical Greek Trojan Horse. Trojan horse software appears to be a useful or interesting program (or at least harmless) to an unsuspecting user, but is harmful when executed. For example, a program that runs a short humorous video, but meanwhile is searching for private information on the computer and transmitting it over the network to a distant database for use in credit card fraud or identity theft.
TrustedSource - This is a database of "reputation scores" which is maintained by Secure Computing's Global Threat Correlation Engine. The database is a list of those computers/sites which have been determined by Secure Computing to be sources of spam email messages. See trustedsource.org for additional details.
URL (Uniform Resource Locator) - A method by which sites with registers names may be located without the user requiring any knowledge or information about the specific IP address of the site or its actual location.
URL Filtering - A software algorithm with an associated database that allows undesirable URL's to become invisible to a specific user or network of users. This may be done for many reasons, including protection of children from undesirable material, prevention of employees from using certain sites while at work, or protection from sites known to have viruses or other malware.
UTM - Unified Threat Management is a term applied to firewalls capable of doing both Stateful Packet Inspection and Application Level Packet Inspection, plus able to monitor and record network intrusion.
Virus - A computer virus is a small software program which is designed to accomplish two things: perform some action that interferes with proper operation of a computer, and to spread a copy of itself to another computer, usually over a network. Computer virus's can be relatively harmless (like put up a window with a joke) or highly destructive (like removing all your data files or making the computer reboot repeatedly). Virus's can be spread as attachments to email, hidden in downloads from the internet, or from running an automatically downloaded program when you click on an item on a web site.
VPN (Virtual Private Network) - A private communications connection done over a public communications network to allow confidential communication. VPN's are created by specialized software added to the networking software. The VPN software limits the specific connections which can be made (e.g. only certain computers or users with certain login and password information), and encrypts all of the network packets so that even if the packets are intercepted they cannot be easily understood.
Call Today For a Free Security and IT Assessment 760-931-8428.