Cross-site scripting: An attack performed through web browsers, taking advantage of poorly written web applications. Cross-site scripting attacks can take many forms. One common form is for an attacker to trick a user into clicking on a specially crafted, malicious hyperlink. The link appears to lead to an innocent site, but the site is actually the attacker’s and includes embedded scripts. What the script does is up to the attacker; commonly, it collects data the victim might enter, such as a credit card number or password. The malicious link itself might also collect the victim’s cookie data.
CVE-compatible: Common Vulnerabilities and Exposures (CVE) is a list of standardized names for vulnerabilities and other information security exposures, whose aim is to standardize the names for all publicly known vulnerabilities and security exposures. “CVE-compatible” means that a tool, web site, database, or service uses CVE names in a way that allows it to cross-link with other repositories that use CVE names.
DES (Data Encryption Standard): A commonly used encryption algorithm that encrypts data using a key of 56 bits, which is considered fairly weak given the speed and power of modern computers.
Dictionary attack: An attempt to guess a password by systematically trying every word in a dictionary as the password. This attack is usually automated, using a dictionary of the hacker’s choosing, which might include both ordinary words and jargon, names, and slang.
DMZ (Demilitarized Zone): A partially protected zone on a network, not exposed to the full fury of the internet, but not fully behind the firewall. This technique is typically used on parts of the network that must remain open to the public (such as a web server) but must also access trusted resources (such as a database). The point is to allow the inside firewall component, guarding the trusted resources, to make certain assumptions about the impossibility of outsiders forging DMZ addresses.
DNS spoofing: An attack technique where a hacker intercepts your system’s requests to a DNS server in order to issue false responses as though they came from the real DNS server. Using this technique, an attacker can convince your system that an existing web page does not exist, or respond to requests that should lead to a legitimate web site, with the IP address of a malicious web site.
Domain name hijacking: An attack technique where the attacker takes over a domain by first blocking access to the victim domain’s DNS server, then putting up a malicious server in its place.
Failover: A configuration that allows a secondary machine to take over in the event of a stoppage in the first machine, thus allowing normal use to return or continue.
Fail-shut mode: A condition in which a firewall blocks all incoming and outgoing network traffic in the event of a firewall failure. This is the opposite of fail-open mode, in which a firewall crash opens all traffic in both directions.
IP spoofing: The act of inserting a false (but ordinary-seeming) sender IP address into the “From” field of an internet transmission’s header in order to hide the actual origin of the transmission. There are few, if any, legitimate reasons to perform IP spoofing; the technique is usually one aspect of an attack.
Packet filtering: Controlling access to a network by analyzing the headers of incoming and outgoing packets, and letting them pass or halting them based on rules created by a network administrator. A packet filter allows or denies packets depending on where they are going, from whom they are sent, or what port they use. Packet filtering is one technique, among many, for implementing security firewalls.