Vocab Week 4

Question 1

Active Wiretapping

Answer 1

A wiretapping attack that attempts to alter data being
communicated or otherwise affect data flow. (See: wiretapping.
Compare: active attack, passive wiretapping.)

Question 2

Bump-in-the-wire

Answer 2

An implementation approach that places a network security
mechanism outside of the system that is to be protected. (Compare: bump-in-the-stack.)

Example: IPsec can be implemented outboard, in a physically
separate device, so that the system that receives the IPsec
protection does not need to be modified at all [R4301]. Military-
grade link encryption has mainly been implemented as bump-in-the-
wire devices.

Question 3

Bridge

Answer 3

A gateway for traffic flowing at OSIRM Layer 2 between two

networks (usually two LANs). (Compare: bridge CA, router.)

Question 4

Community String

Answer 4

A community name in the form of an octet string that serves as a cleartext password in SNMP version 1 (RFC 1157) and version 2
(RFC 1901). (See: password, Simple Network Management Protocol.)

Question 5

Computer Network

Answer 5

A collection of host computers together with the subnetwork or internetwork through which they can exchange data

Question 6

Domain Name

Answer 6

The style of identifier that is defined for subtrees in the
Internet DNS – i.e., a sequence of case-insensitive ASCII labels
separated by dots (e.g., “bbn.com”) – and also is used in other
types of Internet identifiers, such as host names (e.g., “rosslyn.bbn.com”), mailbox names (e.g., “rshirey@bbn.com”) and
URLs (e.g., “http://www.rosslyn.bbn.com/foo”). (See: domain.
Compare: DN.)

Question 7

Firewall

Answer 7

An internetwork gateway that restricts data communication
traffic to and from one of the connected networks (the one said to be “inside” the firewall) and thus protects that network’s system resources against threats from the other network (the one that is
said to be “outside” the firewall).

Question 8

Gateway

Answer 8

An intermediate system (interface, relay) that attaches to two (or more) computer networks that have similar functions but dissimilar implementations and that enables either one-way or two- way communication between the networks.

Question 9

Extranet

Answer 9

A computer network that an organization uses for application data traffic between the organization and its business partners.

Question 10

Ingress Filtering

Answer 10

A method [R2827] for countering attacks that use packets with false IP source addresses, by blocking such packets at the boundary between connected networks.

Question 11

Internet Key Exchange

Answer 11

An Internet, IPsec, key-establishment protocol [R4306] for putting in place authenticated keying material (a) for use with ISAKMP and (b) for other security
associations, such as in AH and ESP.

Question 12

Internet protocol Suite

Answer 12

The set of network communication protocols that are specified by the IETF, and approved as Internet Standards by the IESG,
within the oversight of the IAB. (See: OSIRM Security
Architecture. Compare: OSIRM.)

Usage: This set of protocols is popularly known as “TCP/IP”
because TCP and IP are its most basic and important components.

For clarity, this Glossary refers to IPS protocol layers by name
and capitalizes those names, and refers to OSIRM protocol layers by number.

Question 13

Internet Standard

Answer 13

A specification, approved by the IESG and published as an RFC, that is stable and well-understood, is technically competent, has multiple, independent, and interoperable implementations with substantial operational experience, enjoys significant public support, and is recognizably useful in some or all parts of the Internet.

Tutorial: The “Internet Standards Process” is an activity of the ISOC and is organized and managed by the IAB and the IESG. The
process is concerned with all protocols, procedures, and
conventions used in or by the Internet, whether or not they are part of the IPS. The “Internet Standards Track” has three levels of increasing maturity: Proposed Standard, Draft Standard, and
Standard.

Question 14

Internetwork

Answer 14

A system of interconnected networks; a network of networks. Usually shortened to “internet”. (See: internet, Internet.) Tutorial: An internet can be built using OSIRM Layer 3 gateways to implement connections between a set of similar subnetworks. With dissimilar subnetworks, i.e., subnetworks that differ in the Layer 3 protocol service they offer, an internet can be built by implementing a uniform internetwork protocol (e.g., IP) that operates at the top of Layer 3 and hides the underlying subnetworks’ heterogeneity from hosts that use communication services provided by the internet.

Question 15

Intranet

Answer 15

A computer network, especially one based on Internet technology, that an organization uses for its own internal (and usually private) purposes and that is closed to outsiders

Question 16

IP address

Answer 16

A computer’s internetwork address that is assigned for use by IP and other protocols. Tutorial: An IP version 4 address (RFC 791) has four 8-bit parts and is written as a series of four decimal numbers separated by periods. Example: The address of the host named “rosslyn.bbn.com” is 192.1.7.10.

Question 17

IP Security protocol

Answer 17

1a. (I) The name of the IETF working group that is specifying an architecture [R2401, R4301] and set of protocols to provide security services for IP traffic. (See: AH, ESP, IKE, SAD, SPD. Compare: IPSO.)
1b. (I) A collective name for the IP security architecture [R4301] and associated set of protocols (primarily AH, ESP, and IKE).

Usage: In IDOCs that use the abbreviation “IPsec”, the letters “IP” SHOULD be in uppercase, and the letters “sec” SHOULD NOT. Tutorial: The security services provided by IPsec include access control service, connectionless data integrity service, data origin authentication service, protection against replays (detection of the arrival of duplicate datagrams, within a constrained window), data confidentiality service, and limited traffic-flow confidentiality. IPsec specifies (a) security protocols (AH and ESP), (b) security associations (what they are, how they work, how they are managed, and associated processing)

Question 18

Intrusion detection system

Answer 18

1. (N) A process or subsystem, implemented in software or hardware, that automates the tasks of (a) monitoring events that
   occur in a computer network and (b) analyzing them for signs of security problems. [SP31] (See: intrusion detection.)
2. (N) A security alarm system to detect unauthorized entry.
   [DC6/9].

Tutorial: Active intrusion detection processes can be either host-
based or network-based:
- “Host-based”: Intrusion detection components – traffic sensors
and analyzers – run directly on the hosts that they are
intended to protect.
- “Network-based”: Sensors are placed on subnetwork components,
and analysis components run either on subnetwork components or
hosts.

Question 19

man in the middle attack

Answer 19

(I) A form of active wiretapping attack in which the attacker intercepts and selectively modifies communicated data to masquerade as one or more of the entities involved in a communication association. (See: hijack attack, piggyback attack.)

Tutorial: For example, suppose Alice and Bob try to establish a session key by using the Diffie-Hellman-Merkle algorithm without data origin authentication service. A “man in the middle” could (a) block direct communication between Alice and Bob and then (b) masquerade as Alice sending data to Bob, (c) masquerade as Bob sending data to Alice, (d) establish separate session keys with each of them, and (e) function as a clandestine proxy server between them to capture or modify sensitive information that Alice and Bob think they are sending only to each other.