|Access filtering|| |
The preferred means of filtering IP packets at
a system, router, gateway, or firewall on Tru64 UNIX operating systems.
Access filtering is the means for implementing Ingress and Egress
filtering. See also Ingress
filtering and Egress filtering.
The set of systems or networks over which you have
A freely available UNIX-based Web server. It is
currently the most commonly used server on Internet connected sites.
HP's implementation of the Apache Web Server is called the Secure Web Server for Tru64 UNIX.
Internet Name Domain|| |
Software Distribution|| |
Berkeley Internet Name Domain. An implementation
of a Domain Name System (DNS) server developed and distributed for
the University of California, Berkeley. Many Internet hosts run BIND.
Berkeley Software Distribution. A UNIX software
release of the Computer System Research Group of the University of
California at Berkeley—the basis for some features of the Tru64 UNIX operating
A third party organization that confirms the relationship
between a party to the https transaction and that party's public key. Certification
authorities may be widely known and trusted institutions for Internet-based
transactions. Where https is used on a company's internal network,
an internal department within the company may fulfill this role.
Common Gateway Interface. A standard for running
external programs on a World Wide Web HTTP server. External programs
are called gateways, because they provide an interface between an
external source of information and the server.
Gateway Interface|| |
of service|| |
A token which underpins the principle of trust
in SSL-encrypted transactions. The information within a certificate
includes the issuer (the Certificate Authority that issued the certificate),
the organization that owns the certificate, the public key, the validity period
(usually one year) of the certificate, and the host name that the
certificate was issued in respect of. It is digitally signed by the
Certificate Authority so that none of the details can be changed without
invalidating the signature. See also certificate authority, digital signature.
|digital signature|| |
A use of public key cryptography to authenticate
a message. Digital signatures use a private key to indicate that the
signature was made by the owner of that key. See also public key cryptography, private
|distinguished name|| |
Also called DN. A sequence of relative distinguished
names (RDNs). See also relative distinguished name.
|Distributed DoS attack|| |
An attack against a system that is characterized
by the distributed nature of the attack, in which false requests for
service are generated from a set of DoS agents or servers installed
on multiple systems and networks, all working together to saturate
the service provider with requests. These attacks are much harder
to stop than other DoS attacks because the source of the attack is
more difficult to determine. Trinoo, Tribe Flood Network (TFN), and
Stacheldraht are the most common kinds of Distributed DoS attacks.
See also DoS attack.
See distinguished name.
Domain Name System. A general-purpose, distributed,
replicated data query service chiefly used on the Internet to translate
host names into Internet addresses. See also fully qualified domain name, BIND, MX record.
|Domain Name System|| |
Denial of Service. Interruptions to internet service
caused by a DoS attack.
|DoS attack|| |
An attack against a Web site, a network, a system,
or other service provider intended to disrupt its ability to provide
services to its users. Software that performs a DoS attack (DoS software
) overloads the service provider with requests for service until its
capacity to respond to new service requests is exceeded. Legitimate
requests for service cannot access to the service until the attack
is stopped. See also Distributed DoS attack.
Denial of Service software used by attackers to
control and initiate DoS attacks against other systems and networks,
either within your administrative domain, outside it, or over the
Internet. Also called Intrusion software.
|Egress filtering|| |
Filtering software that prevents IP packets with
randomly generated source addresses from exiting your system or network,
when one of your systems has been compromised and when the system
is being used to perpetrate an attack against other systems. See
also Ingress filtering.
Transfer Protocol|| |
Hardware and software that lies between two networks,
such as an internal network and an Internet service provider. The
firewall protects your network by blocking unwanted users from gaining
access and by disallowing messages to specific recipients outside
qualified domain name.
File Transfer Protocol. A client/server protocol
that lets a user on one computer transfer files to and from another
computer over a TCP/IP network.
domain name|| |
The full name of a system, consisting of its local
host name and its domain name. A fully qualified domain name is usually
precise enough to determine an Internet address for any host on the
Hyper Text Transfer Protocol. The protocol that
is used between a Web browser and a server to request a document and
transfer its contents. The specification is maintained and developed
by the World Wide Web Consortium. See also HTTPS
Ordinary http exchanged over a Secure Sockets Layer
(SSL) encrypted session. See also SSL.
Internet Message Access Protocol. A method of accessing
e-mail or bulletin board messages kept on a (possibly shared) mail
server. IMAP permits an e-mail client program to access remote messages
as if they were local.
Filtering software that removes IP packets with
untrusted source addresses before they have a chance to enter and
affect your system or network. See also Egress filtering.
|Intrusion software|| |
See DoS software.
Lightweight Directory Access Protocol. An Internet
standard protocol that runs over TCP/IP and can be used to provide
a standalone directory service or to provide lightweight access to
the X.500 directory.
|LDAP entry|| |
A collection of attribute and value pairs stored
on an LDAP server that describe something of interest; for example,
a person, a company, or a printer. LDAP entries can be organized as
a hierarchical tree of objects. The full set of attributes for an
entry in the tree is defined through object-oriented inheritance of
attributes from parent entries.
|Lynx Web Browser|| |
A World Wide Web browser developed at the University
of Kansas and used on cursor-addressable, character-cell terminals
or terminal emulators on UNIX or OpenVMS systems.
Exchange Record|| |
See MX record.
Multipurpose Internet Mail Extensions. A standard
for multipart, multimedia e-mail messages and World Wide Web hypertext
documents on the Internet. MIME provides the ability to transfer nontextual
data such as graphics, audio, and FAX.
Internet Mail Extensions|| |
|MX record|| |
Mail Exchange Record. A Domain Name System (DNS)
resource record type, indicating which host can handle electronic
mail for a particular domain.
News Transfer Protocol|| |
A hierarchical subject category into which InterNetNews
articles are organized.
Network News Transfer Protocol. A protocol for
the distribution, inquiry, retrieval, and posting of Usenet news articles
over the Internet. NNTP is an ASCII text protocol that lets you connect
to the server using telnet if you do not have a news reader program.
Post Office Protocol. A protocol that allows single-user
hosts to read electronic mail from a server.
A logical channel in a communications system.
The part of the key in a public key system that
is kept secret and is used only by its owner. This is the key used
for decrypting messages and for making digital signatures. Compare with public key.
The part of the key in a public key system that
is distributed widely and is not kept secure. This is the key used
for encryption (as opposed to decryption) or for verifying signatures.
Compare with private
key cryptography|| |
Public key cryptography uses a key for encryption
and a different key for decryption. Although the keys are related,
it is not possible to calculate the decryption key from only the encryption
key in any reasonable amount of computation time. In most practical
systems, the public key system is used for encoding a session key which is used with a symmetric system to encode the actual data.
RSA is an example of a public key algorithm.
See relative distinguished name.
|relative distinguished name|| |
One or more attribute/value pairs stored on an
LDAP server that uniquely identify an entry from its sibling in an
A BIND library that sends queries to one or more
name servers and interprets the responses. See BIND.
Part of a symmetric cipher in which the same key
is used for encryption and decryption. A secure method by which the
sender and recipient can agree on the key, SSL encryption uses a secret-key
nested within a public
key and authenticated through certificates. Secret-key
encryption provides faster access than public-key encryption alone.
See also public
Socket Layer|| |
Mail Transport Agent|| |
The BSD Mail Transport Agent supporting e-mail
transport by means of TCP/IP using SMTP. See also BSD, SMTP.
A key used for one message or set of messages.
In a typical system, a random session key is generated for use with
a symmetric algorithm to encode the bulk of the data. Only the session
key is communicated using public key encryption. See also public key cryptology.
Secure Hypertext Transfer Protocol. Provides security
at the document level rather than the connection level as provided
by SSL. This protocol is not widely used.
See also HTTPS.
Simple Mail Transport Protocol. A protocol used
to transfer electronic mail between computers, usually over the Internet.
SMTP is a server-to-server protocol; other protocols are used to access
Secure Socket Layer. A protocol developed by Netscape
for encrypted transmission over TCP/IP networks. SSL sets up a secure
end-to-end link over which HTTP or any other application protocol can operate.
The most common application of SSL is HTTPS for SSL-encrypted HTTP.
Transmission Control Protocol/Internet Protocol.
Ethernet protocols incorporated into 4.2 BSD UNIX. While TCP and IP
specify two protocols, the combined term is used to refer to the entire
Department of Defense protocol suite, including telnet and FTP. See
also FTP, LDAP, TELNET protocol.
|TELNET Protocol|| |
The Internet standard protocol for remote logins.
UNIX BSD includes the telnet program, which uses the protocol, and
acts as a terminal emulator for remote login sessions.
Control Protocol/Internet Protocol|| |
UNIX-to-UNIX Copy Program. A utility and protocol
that allows a UNIX machine to copy files to another UNIX machine by
means of serial lines. The mapping project is an effort to provide
a world-wide registry of host names. The current map is posted in
the comp.mail.maps newsgroup.
A dominant certificate authority on the internet, though
many of its certificates are signed as RSA Data Security. Early versions
of Microsoft and Netscape browsers had RSA Data Security configured
as the only trusted certificate authority. This mandated that users
who want to use certificates on the Internet had to obtain them from
Verisign and use server software accredited by Verisign. Current
versions of the Microsoft and Netscape browsers allow users to add
new certificate authorities. As older versions of the browsers are
replaced, new certificate authorities (such as Thawte) have emerged.
An alias name assigned to an FTP Server.
Wide Area Information Servers. A distributed information
retrieval system. WAIS offers natural language input, indexed searching,
and a relevance feedback mechanism that allows current search results
to influence future search results.
|Web server|| |
A server process, running at a Web site, that sends
out Web pages in response to HTTP requests from remote browsers. See
also Apache Web Server.