| single point of failure, 364 | router, 374 | | resilience, 364 | packet, 374 | | fault tolerance, 364 | network interface card, 374 | | server, 365 | MAC address, 375 | | client, 365 | frame, 375 | | node, 367 | session header, 376 | | host, 367 | logical connection, 376 | | link, 367 | sequencing, 376 | | workstation, 367 | TCP, 378 | | network boundary, 368 | IP, 378 | | network control, 368 | UDP, 378 | | network ownership, 368 | application layer, 378 | | topology, 368 | transport layer, 378 | | digital, 369 | Internet layer, 378 | | analog, 369 | physical layer, 378 | | modem, 369 | port, 379 | | twisted pair, 369 | SMTP, 379 | | unshielded twisted pair, 369 | HTTP, 379 | | bandwidth, 369 | FTP, 379 | | coaxial cable, 369 | SNMP, 379 | | Ethernet, 369 | IP address, 379 | | repeater, 370 | domain, 380 | | amplifier , 370 | top-level domain, 380 | | optical fiber, 370 | local area network, 381 | | wireless LAN, 370 | LAN, 381 | | 802.11, 370 | wide area network, 382 | | microwave, 370 | Internet Society, 382 | | infrared, 370 | heterogeneous network, 383 | | satellite, 371 | network topology, 383 | | geosynchronous orbit , 371 | common bus architecture, 383 | | transponder , 371 | star or hub architecture, 383 | | transceiver, 371 | ring topology, 384 | | footprint, 371 | distributed system, 385 | | protocol, 372 | applications programming interface (API), 385 | | ISO reference model, 373 | | OSI model, 373 | GSSAPI, 385 | | application layer, 373 | CAPI, 386 | | presentation layer, 373 | reliability, 386 | | session layer, 373 | expandability, 386 | | transport layer, 373 | anonymity, 387 | | network layer, 373 | motivation for attack, 390 | | data link layer, 373 | challenge, 390 | | physical layer, 373 | fame, 392 | | peer, 373 | money, 392 | | espionage, 392 | chargen, 415 | | ideology, 393 | ping of death, 415 | | port scan, 393 | smurf , 416 | | social engineering, 394 | syn flood, 416 | | reconnaissance, 395 | syn, 416 | | fingerprinting, 395 | ack, 416 | | eavesdrop, 397 | DNS attack, 417 | | passive wiretap, 398 | distributed denial of service, 418 | | active wiretap, 398 | zombie, 419 | | packet sniffer, 398 | tribal flood network, 420 | | inductance, 398 | trin00, 420 | | impedance, 399 | tfn2k, 420 | | multiplexed signals, 399 | active code, 420 | | interception, 401 | mobile code, 420 | | theft of service, 401 | cookie, 420 | | RFC (request for comments), 403 | script, 421 | | impersonation, 404 | escape-character attack, 421 | | authentication, 404 | active server page, 422 | | guess, 404 | JavaScript, 422 | | nonexistent authentication, 406 | sandbox, 422 | | well-known authentication, 406 | Java virtual machine, 422 | | trusted authentication, 407 | hostile applet, 423 | | spoof, 407 | ActiveX, 423 | | masquerade, 407 | script kiddie , 424 | | session hijacking, 408 | building block attack, 425 | | man-in-the-middle attack, 408 | network segmentation, 428 | | mobile computing, 409 | redundancy, 430 | | misdelivery, 410 | failover mode, 430 | | message exposure, 410 | single point of failure, 430 | | traffic flow analysis, 410 | link encryption, 431 | | message falsification, 411 | end-to-end encryption, 432 | | message replay, 411 | virtual private network, 434 | | message fabrication, 411 | PKI (public key infrastructure), 436 | | noise, 411 | certificate, 436 | | web site defacement, 412 | certificate authority, 437 | | buffer overflow, 412 | SSH, 439 | | dot-dot attack, 412 | SSL, 439 | | address resolution, 413 | IPSec, 440 | | application code attack, 413 | authentication header, 440 | | server-side include, 414 | encapsulated security payload, 440 | | denial-of-service attack, 414 | security association, 440 | | transmission failure, 414 | ISAKMP, 442 | | connection flooding, 415 | ISAKMP key exchange, 442 | | ICMP, 415 | signed code, 442 | | ping, 415 | content integrity, 443 | | echo, 415 | error correcting code, 443 | | parity, 443 | guard, 463 | | even parity, 444 | personal firewall, 464 | | odd parity, 444 | layered protection, 467 | | hash code, 444 | defense in depth, 467 | | cryptographic checksum, 444 | intrusion detection system, 468 | | message digest, 444 | network-based IDS, 469 | | strong authentication, 444 | host-based IDS, 469 | | one-time password, 445 | signature-based IDS, 469 | | password token, 445 | anomaly detection, 470 | | challenge “response system, 445 | heuristic intrusion detection, 470 | | Digital Distributed Authentication, 446 | misuse detection, 470 | | stealth mode, 470 | | Kerberos, 447 | scanner, 471 | | ticket-granting server, 447 | IDS alarm, 472 | | ticket, 447 | false positive, 472 | | router ACL, 451 | false negative, 473 | | honeypot, 452 | secure e-mail, 473 | | traffic flow security, 453 | message confidentiality, 475 | | firewall, 457 | message integrity check, 477 | | reference monitor, 458 | sender authenticity, 477 | | packet filtering gateway, 459 | sender nonrepudiation, 477 | | screening router, 459 | key management, 478 | | stateful inspection, 461 | PGP, 478 | | application proxy, 461 | key ring, 478 | | bastion host, 461 | S/MIME, 479 | |