ACL (access control list): A method of keeping in check the internet traffic that attempts to flow through a given hub, router, firewall, or similar device. Access control is often accomplished by creating a list specifying the IP addresses and/or ports from which permitted traffic can come. The device stops any traffic coming from IP addresses or ports not on the ACL.

Address space probe: An intrusion technique in which a hacker sequentially scans IP addresses, generally as the information-gathering prelude to an attack. These probes are usually attempts to map IP address space as the hacker looks for security holes that might be exploited to compromise system security.

Agent: A computer program that reports information to another computer or allows another computer access to the local system. Agents can be used for good or evil. Many security programs have agent components that report security information back to a central reporting platform. However, agents can also be remotely controlled programs hackers use to access machines.

AH (authentication header): An IPsec header used to verify that the contents of a packet have not been modified while the packet was in transit.

Alias: A shortcut that enables a user to identify a group of hosts, networks, or users under one name. Aliases are used to speed user authentication and service configuration. For example, in configuring a firewall, a user can set up the alias “Law School” to include the IP addresses of every network user in a university’s law school.

Auto-partitioning: A feature on some network devices that isolates a node within the workgroup when the node becomes disabled, so as not to affect the entire network or group.

Backdoor: A design fault, planned or accidental, that allows the apparent strength of the design to be easily avoided by those who know the trick.

Block cipher: A procedure that translates plain text into coded text, operating on blocks of plain text of a fixed size (usually 64 bits). Every block is padded out to be the same size, making the encrypted message harder to guess.

Blocked port: A security measure in which a specific port is disabled, stopping users outside the firewall from gaining access to the network through that port. The ports commonly blocked by network administrators are the ports most commonly used in attacks.

Botnet: A collection of computers that are infected with small bits of code (bots) that allow a remote computer to control some or all of the functions of the infected machines. The botmaster who controls the infected computers has the ability to manipulate them individually, or collectively as bot armies that act in concert. Botnets are typically used for disreputable purposes, such as Denial of Service attacks, click fraud, and spam.

Certificate: An electronic document attached to someone’s public key by a trusted third party, which attests that the public key belongs to a legitimate owner and has not been compromised. Certificates are intended to help you verify that a file or message actually comes from the entity it claims to come from.

Certificate authority (CA): A trusted third party (TTP) who verifies the identity of a person or entity, then issues digital certificates vouching that various attributes have a valid association with that entity.

CHAP (Challenge Handshake Authentication Protocol): A type of authentication where the person logging in uses secret information and some special mathematical operations to come up with a number value. The server he or she is logging into knows the same secret value and performs the same mathematical operations. If the results match, the person is authorized to access the server. One of the numbers in the mathematical operation is changed after every login, to protect against an intruder secretly copying a valid authentication session and replaying it later to log in.