Network Security Glossary
A list of frequently used terms
This glossary contains a list of terms, abbreviations, and acronyms frequently used when discussing networks, security, firewalls, and WatchGuard products.
# | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | R | S | T | U | V | W | X | All
B
- backbone
- A term often used to describe the main network connections composing the Internet.
- backdoor
- A design fault, planned or accidental, that allows the apparent strength of the design to be easily avoided by those who know the trick.
- bandwidth
- The rate at which a network segment can transfer data.
- Bandwidth Meter
- A monitoring tool that provides a real-time graphical display of network activities across a Firebox. This comes as a part of the application called Firebox Monitors.
- bastion host
- A computer placed outside a firewall to provide public services (such as World Wide Web access and FTP) to other Internet sites, hardened to withstand whatever attacks the Internet can throw at it.
- Hardening is accomplished by making the box as single-purpose as possible, removing all unneeded services and potential security vulnerabilities. Bastion host is sometimes inaccurately generalized to refer to any host critical to the defense of a local network.
- bitmask
- A pattern of bits for an IP address that determines how much of the IP address identifies the host and how much identifies the network. For example, if a bitmask of 24 were applied to the address 10.12.132.208, 10.12.132 identifies the network and the remainder of the address (1-254) can be used to specify individual machines on the 10.12.132 network.
- To learn more, see IP address and subnet mask. You can find a full discussion of the topic in these LiveSecurity editorials from the Foundations series: "Understanding IP Addresses and Binary," "Understanding Subnetting (Part 1)," and "Understanding Subnetting (Part 2)."
- black hat
- A person of malicious intent who researches, develops, and uses techniques to defeat security measures and invade computer networks. See white hat.
- block cipher
- A procedure that translates plain text into coded text, operating on blocks of plain text of a fixed size (usually 64 bits). Every block is padded out to be the same size, making the encrypted message harder to guess.
- blocked port
- A security measure in which a specific port is disabled, stopping users outside the firewall from gaining access to the network through that port. The ports commonly blocked by network administrators are the ports most commonly used in attacks.
See also port.
- blocked site
- An IP address outside the firewall, explicitly blocked so it cannot connect with hosts behind the firewall. Sites can be blocked manually and permanently, or automatically and temporarily.
- Blue Screen of Death (BSoD)
- When a Windows NT-based system encounters a serious error, the entire operating system halts and displays a screen with information regarding the error. The name comes from the blue color of the error screen.
- boot up
- To start a computer. Inspired by the phrase, "pull oneself up by one's boot straps."
- BOVPN (Branch Office Virtual Private Network)
- A type of VPN that creates a securely encrypted tunnel over an unsecured public network, either between two networks that are protected by the WatchGuard Firebox System, or between a WatchGuard Firebox and an IPSec-compliant device. BOVPN allows a user to connect two or more locations over the Internet while protecting the resources on the Trusted and Optional networks.
- bridge
- A piece of hardware used to connect two local area networks, or segments of a LAN, so that devices on the network can communicate without requiring a router. Bridges can only connect networks running the same protocol.
- broadcast
- A network transmission sent to all nodes on a network.
- broadcast address
- A special type of networking address that denotes all machines on a given network segment.
- browser
- See Web browser.
- buffer overflow
- The result of a programming flaw. Some computer programs expect input from the user (for example, a Web page form might accept phone numbers from prospective customers). The program allows some virtual memory for accepting the expected input. If the programmer did not write his program to discard extra input (e.g., if instead of a phone number, someone submitted one thousand characters), the input can overflow the amount of memory allocated for it, and break into the portion of memory where code is executed. A skillful hacker can exploit this flaw to make someone's computer execute the hacker's code. Used interchangeably with the term, "buffer overrun." For more detail, see the LiveSecurity editorial, "Foundations: What Are Buffer Overflows?"
- bus topology
- A type of network design used by all Ethernet systems, in which all the devices are connected to a central cable.
|
