1 Terminology and abbreviations

1.1 Terminology

Throughout this unit I shall use the terms ‘vulnerability’, ‘threat’ and ‘attack’. It is worthwhile clarifying these terms before proceeding:

• A vulnerability is a component that leaves a system open to exploitation (e.g. a network cable or a protocol weakness).
• A threat indicates the potential for a violation of security.
• The term attack is applied to an attempted violation.

When you have finished studying this unit you should be able to explain the meaning of all the terms listed below:

active attack

application layer encryption

application level gateway

asymmetric key system

attack

authentication

availability

bastion host

block cipher

brute force attack

Caesar cipher

certification authority

ciphertext

circuit level gateway

collision-free

confidentiality

cryptanalysis

cryptography

cryptosystem

decryption

demilitarised zone

denial-of-service attacks

digital signature

encryption

end-to-end encryption

filtering rules

firewall

freshness

hash value

integrity

key

keyspace

keystream

link layer encryption

masquerade attack

message authentication code

message digest

message modification

message replay

network layer encryption

nonce

one-time pad

one-way hash function

passive attack

password

password cracker

plaintext

private key

protocol analyser

proxy server

public key

public key infrastructure

public key system

registration authority

screened sub-net

sequence number

session key

shared key system

sniffer

stream cipher

symmetric key system

threat

time stamp

traffic analysis

Trojan

virus

vulnerability

worm

These terms will be highlighted in bold throughout the unit.