Glossary

  Table of Contents

  Glossary

  Index

Glossary

Access filtering 

The preferred means of filtering IP packets at a system, router, gateway, or firewall on Tru64 UNIX operating systems. Access filtering is the means for implementing Ingress and Egress filtering. See also Ingress filtering and Egress filtering.


Administrative domain 

The set of systems or networks over which you have administrative control.


Apache Web Server 

A freely available UNIX-based Web server. It is currently the most commonly used server on Internet connected sites. HP's implementation of the Apache Web Server is called the Secure Web Server for Tru64 UNIX.


Berkley Internet Name Domain 

See BIND.


Berkley Software Distribution 

See BSD.


BIND 

Berkeley Internet Name Domain. An implementation of a Domain Name System (DNS) server developed and distributed for the University of California, Berkeley. Many Internet hosts run BIND.


BSD 

Berkeley Software Distribution. A UNIX software release of the Computer System Research Group of the University of California at Berkeley—the basis for some features of the Tru64 UNIX operating system.


certificate authority 

A third party organization that confirms the relationship between a party to the https transaction and that party's public key. Certification authorities may be widely known and trusted institutions for Internet-based transactions. Where https is used on a company's internal network, an internal department within the company may fulfill this role.


CGI 

Common Gateway Interface. A standard for running external programs on a World Wide Web HTTP server. External programs are called gateways, because they provide an interface between an external source of information and the server.


Common Gateway Interface 

See CGI.


denial of service 

See DoS.


digital certificate 

A token which underpins the principle of trust in SSL-encrypted transactions. The information within a certificate includes the issuer (the Certificate Authority that issued the certificate), the organization that owns the certificate, the public key, the validity period (usually one year) of the certificate, and the host name that the certificate was issued in respect of. It is digitally signed by the Certificate Authority so that none of the details can be changed without invalidating the signature. See also certificate authority, digital signature.


digital signature 

A use of public key cryptography to authenticate a message. Digital signatures use a private key to indicate that the signature was made by the owner of that key. See also public key cryptography, private key.


distinguished name 

Also called DN. A sequence of relative distinguished names (RDNs). See also relative distinguished name.


DN 

See distinguished name.


DNS 

Domain Name System. A general-purpose, distributed, replicated data query service chiefly used on the Internet to translate host names into Internet addresses. See also fully qualified domain name, BIND, MX record.


Domain Name System 

See DNS.


DoS 

Denial of Service. Interruptions to internet service caused by a DoS attack.


Distributed DoS attack 

An attack against a system that is characterized by the distributed nature of the attack, in which false requests for service are generated from a set of DoS agents or servers installed on multiple systems and networks, all working together to saturate the service provider with requests. These attacks are much harder to stop than other DoS attacks because the source of the attack is more difficult to determine. Trinoo, Tribe Flood Network (TFN), and Stacheldraht are the most common kinds of Distributed DoS attacks. See also DoS attack.


DoS attack 

An attack against a Web site, a network, a system, or other service provider intended to disrupt its ability to provide services to its users. Software that performs a DoS attack (DoS software ) overloads the service provider with requests for service until its capacity to respond to new service requests is exceeded. Legitimate requests for service cannot access to the service until the attack is stopped. See also Distributed DoS attack.


DoS software 

Denial of Service software used by attackers to control and initiate DoS attacks against other systems and networks, either within your administrative domain, outside it, or over the Internet. Also called Intrusion software.


Egress filtering 

Filtering software that prevents IP packets with randomly generated source addresses from exiting your system or network, when one of your systems has been compromised and when the system is being used to perpetrate an attack against other systems. See also Ingress filtering.


Firewall 

Hardware and software that lies between two networks, such as an internal network and an Internet service provider. The firewall protects your network by blocking unwanted users from gaining access and by disallowing messages to specific recipients outside the network.


File Transfer Protocol 

See FTP.


FQDN 

See fully qualified domain name.


FTP 

File Transfer Protocol. A client/server protocol that lets a user on one computer transfer files to and from another computer over a TCP/IP network.


fully qualified domain name 

The full name of a system, consisting of its local host name and its domain name. A fully qualified domain name is usually precise enough to determine an Internet address for any host on the Internet.


HTTP 

Hyper Text Transfer Protocol. The protocol that is used between a Web browser and a server to request a document and transfer its contents. The specification is maintained and developed by the World Wide Web Consortium. See also HTTPS


HTTPS 

Ordinary http exchanged over a Secure Sockets Layer (SSL) encrypted session. See also SSL.


IMAP 

Internet Message Access Protocol. A method of accessing e-mail or bulletin board messages kept on a (possibly shared) mail server. IMAP permits an e-mail client program to access remote messages as if they were local.


Ingress filtering 

Filtering software that removes IP packets with untrusted source addresses before they have a chance to enter and affect your system or network. See also Egress filtering.


Intrusion software 

See DoS software.


LDAP 

Lightweight Directory Access Protocol. An Internet standard protocol that runs over TCP/IP and can be used to provide a standalone directory service or to provide lightweight access to the X.500 directory.


LDAP entry 

A collection of attribute and value pairs stored on an LDAP server that describe something of interest; for example, a person, a company, or a printer. LDAP entries can be organized as a hierarchical tree of objects. The full set of attributes for an entry in the tree is defined through object-oriented inheritance of attributes from parent entries.


Lynx Web Browser 

A World Wide Web browser developed at the University of Kansas and used on cursor-addressable, character-cell terminals or terminal emulators on UNIX or OpenVMS systems.


Mail Exchange Record 

See MX record.


MIME 

Multipurpose Internet Mail Extensions. A standard for multipart, multimedia e-mail messages and World Wide Web hypertext documents on the Internet. MIME provides the ability to transfer nontextual data such as graphics, audio, and FAX.


Multipurpose Internet Mail Extensions 

See MIME.


MX record 

Mail Exchange Record. A Domain Name System (DNS) resource record type, indicating which host can handle electronic mail for a particular domain.


Network News Transfer Protocol 

See NNTP.


newsgroup 

A hierarchical subject category into which InterNetNews articles are organized.


NNTP 

Network News Transfer Protocol. A protocol for the distribution, inquiry, retrieval, and posting of Usenet news articles over the Internet. NNTP is an ASCII text protocol that lets you connect to the server using telnet if you do not have a news reader program.


POP 

Post Office Protocol. A protocol that allows single-user hosts to read electronic mail from a server.


port 

A logical channel in a communications system.


private key 

The part of the key in a public key system that is kept secret and is used only by its owner. This is the key used for decrypting messages and for making digital signatures. Compare with public key.


public key 

The part of the key in a public key system that is distributed widely and is not kept secure. This is the key used for encryption (as opposed to decryption) or for verifying signatures. Compare with private key.


public key cryptography 

Public key cryptography uses a key for encryption and a different key for decryption. Although the keys are related, it is not possible to calculate the decryption key from only the encryption key in any reasonable amount of computation time. In most practical systems, the public key system is used for encoding a session key which is used with a symmetric system to encode the actual data. RSA is an example of a public key algorithm.


RDN 

See relative distinguished name.


relative distinguished name 

One or more attribute/value pairs stored on an LDAP server that uniquely identify an entry from its sibling in an object tree.


Resolver library 

A BIND library that sends queries to one or more name servers and interprets the responses. See BIND.


secret key 

Part of a symmetric cipher in which the same key is used for encryption and decryption. A secure method by which the sender and recipient can agree on the key, SSL encryption uses a secret-key nested within a public key and authenticated through certificates. Secret-key encryption provides faster access than public-key encryption alone. See also public key cryptology.


Secure Socket Layer 

See SSL.


Sendmail Mail Transport Agent 

The BSD Mail Transport Agent supporting e-mail transport by means of TCP/IP using SMTP. See also BSD, SMTP.


session key 

A key used for one message or set of messages. In a typical system, a random session key is generated for use with a symmetric algorithm to encode the bulk of the data. Only the session key is communicated using public key encryption. See also public key cryptology.


SHTTP 

Secure Hypertext Transfer Protocol. Provides security at the document level rather than the connection level as provided by SSL. This protocol is not widely used.

See also HTTPS.


SMTP 

Simple Mail Transport Protocol. A protocol used to transfer electronic mail between computers, usually over the Internet. SMTP is a server-to-server protocol; other protocols are used to access messages.


SSL 

Secure Socket Layer. A protocol developed by Netscape for encrypted transmission over TCP/IP networks. SSL sets up a secure end-to-end link over which HTTP or any other application protocol can operate. The most common application of SSL is HTTPS for SSL-encrypted HTTP.


TCP/IP 

Transmission Control Protocol/Internet Protocol. Ethernet protocols incorporated into 4.2 BSD UNIX. While TCP and IP specify two protocols, the combined term is used to refer to the entire Department of Defense protocol suite, including telnet and FTP. See also FTP, LDAP, TELNET protocol.


TELNET Protocol 

The Internet standard protocol for remote logins. UNIX BSD includes the telnet program, which uses the protocol, and acts as a terminal emulator for remote login sessions.


Transmission Control Protocol/Internet Protocol 

See TCP/IP.


UUCP Mapping Project 

UNIX-to-UNIX Copy Program. A utility and protocol that allows a UNIX machine to copy files to another UNIX machine by means of serial lines. The mapping project is an effort to provide a world-wide registry of host names. The current map is posted in the comp.mail.maps newsgroup.


Verisign 

A dominant certificate authority on the internet, though many of its certificates are signed as RSA Data Security. Early versions of Microsoft and Netscape browsers had RSA Data Security configured as the only trusted certificate authority. This mandated that users who want to use certificates on the Internet had to obtain them from Verisign and use server software accredited by Verisign. Current versions of the Microsoft & Netscape browsers allow users to add new certificate authorities. As older versions of the browsers are replaced, new certificate authorities (such as Thawte) have emerged.


virtual host 

An alias name assigned to an FTP Server.


WAIS 

Wide Area Information Servers. A distributed information retrieval system. WAIS offers natural language input, indexed searching, and a relevance feedback mechanism that allows current search results to influence future search results.


Web server 

A server process, running at a Web site, that sends out Web pages in response to HTTP requests from remote browsers. See also Apache Web Server.