Labels - The different components of an Internet host's name. See Domain.

LAN (Local Area Network) - A computer communications system limited to no more than a few miles and using high-speed connections (2 to 100 megabits per second.) A short-haul data communications system that connects ADP devices in a building or group of buildings with a few square kilometers, including workstations, front-end processors, controllers, switches, and gateways.

Leakage - Unauthorized, covert removal or the obtaining of copies of data from a computer system. See Covert Channel.

Leapfrog Attack - Use of userid and password information obtained illicitly from one host to compromise another host. The act of TELNETing through one or more hosts in order to confuse a trace (a standard cracker procedure.)

Leased Line - A dedicated phone line used for network communications. See Dedicated Line.

Letterbomb - A piece of email containing live data intended to do malicious things to the recipient's machine or terminal. Under UNIX, a letterbomb can also try to get part of its contents interpreted as a shell command to the mailer. The results of this could range from silly to tragic.

Limited Access - Synonymous with Access Control

Link - A word or picture you select on a Web page, usually by clicking your mouse on it, leading to a new page. In Unix, a name in a directory, representing a file.

Linux - The free Unix workalike created by Linus Torvalds and friends starting about 1990. This may be the most remarkable hacker project in history -- an entire clone of Unix for 386, 486 and Pentium micros, distributed for free with sources over the net.

ln - A Unix command to create pseudonyms (links) for files, allowing them to be accessed by different names.

Log - A recording (journal) of all environmental changes relative to the database. It may include copies of all transactions, before/after images of updated records, time and date stamps, user and terminal ID, security breaches, and so on.

Log File - A file that keeps track of system activity. If a system is attacked, the log files may contain evidence leading to the intruder or may help in restoring system operation.

Logic Bomb - A resident computer program which, when executed, checks for particular conditions or particular states of the system which, when satisfied, triggers the perpetration of an unauthorized act.

Logical Port - See Port. A port that is dynamically assigned and mapped to a physical port by the computer system.

login - The process of identifying oneself to, and having one's identity authenticated by, a computer system. A Unix command to log into a system.

Loop - Usually this is the description of a process of computer programming steps or instructions which are designed to repeat until a condition is met. If the condition is nonexistent, processing the steps will be done ad-infinitum, this is then called an infinite loop.

Loopback - A data communications procedure for checking send and receive functionality on a machine. See Feedback Loop.

lp, lpr - A Unix command to send files to the printer.

ls - A Unix command to list out directory contents; with a multitude of options and variations.

Lurking - Observing but not particpating in; often used when referring to a Internet Service Provider's group.

Luser/L-user - Slang for "losing user"; a naive or untrained computer user.

M

mail - A Unix command to read mail, or send mail to other users.

Mail Bridge - Used loosely to refer to any mail gateway. Technically, a mail bridge screens mail passing between two networks to ensure that it meets administrative constraints. In particular, mail bridges between the ARPANET and MILNET did not permit arbitrary mail flow.

Mail Storm - What often happens when a machine with an Internet connection and active users re-connects after extended downtime --- a flood of incoming mail that brings the machine to its knees.

Mailbomb - The mail sent to surge others to send, masssive amounts of email to a single system or person with the intent to crash the recipient's system. Mailbombing is widely regarded as a serious offense.

Mailing List - A service that sends mail to everyone on a list whenever mail is sent to the service, allowing a group of people to exchange mail on a particular topic.

Mail Reflector - Software that automatically distributes all submitted messages to the members of a mailing list.

mailx - A Unix command used to send and receive mail to other users. Some sysadmins configure systems with a variety of mail services, such as elm, mailtool, dtmail, etc. see sendmail

Maintenance Hook (exit) - Special instructions in software to allow easy maintenance and additional feature development. Hooks frequently allow entry into the code at unusual points or without the usual checks, so they are a serious security risk if they are not removed prior to live implementation. Maintenance hooks are special types of trap doors.

majordomo - A set of programs written in Perl that automate operation multiple mailing lists. Majordomo automatically handles routine requests to subscribe or unsubscribe; it also has "closed lists" that route all subscription requests to a "list owner" for approval. This is a Unix-based mailing service.

MAJORDOMO List Server - The majordomo software running on a Unix-based computer, managed by a System Administrator that performs daily monitoring and maintenance of email messages. Majordomo is designed to help System Administrators and end-users perform many email tasks automatically; such as subscribing/unsubscribing email addresses to mailing lists for the dissemination of information on specific topics.

Malicious Code - Hardware, software, or firmware that is intentionally included in a system for an unauthorized purpose; e.g. a Trojan horse.

Malicious Logic - Hardware, software, or firmware that is intentionally included in a system for an unauthorized purpose; e.g. a Trojan horse. It is intentionally included in an IS for an unauthorized purpose.

man - A Unix command (short for manual), to get help information.

Masquerading - Posing as an authorized user, usually in an attempt to gain access to a system. Synonymous with spoofing, mimicking, and impersonation.

Microcomputer - In general, as a class of computers, the microcomputer is the smallest and least expensive. It uses microprocessors as its CPU, and are used in the home as personal computers; they are widely used in business and schools.

MILNET - MILitary NETwork. The DOD's network. Originally part of the ARPANET, MILNET was partitioned in 1984 to make it possible for military installations to have reliable network service while the ARPANET continued to be used for research. MILNET uses exactly the same hardware and protocol technology as ARPANET. Under normal circumstances, MILNET is part of the connected Internet.

MIME - Multipurpose Internet Mail Extensions, an extension to Internet mail that allows for the inclusion of non-textual data, such as video and audio, in e-mail.

Mimicking - Synonymous with spoofing, masquerading, and impersonation.

Minicomputer - A computer that is usually more powerful than a microcomputer and usually less powerful than a mainframe computer. Minicomputers are most often found in businesses and schools, and rarely at home. Each year, as computers become more powerful, the exact definitions of micros, minis, and mainframe computers continue to change.

MISSI (Multilevel Information Systems Security Initiative) Component - Any platform that is FORTEZZA or CC equipped.

Mockingbird - A computer program or process which mimics the legitimate behavior of a normal system feature (or other apparently useful function) but performs malicious activities once invoked by the user.

Mode - This refers to the permissions and the type of a file. See chmod, and Permission Flags.

Modem - An acronym for MOdulator-DEModulator. A device that modulates and demodulates signals. Modems are primarily used for converting digital signals into quasi-analog signals for transmission over analog communication channels and for reconverting them back into digital signals. Many additional functions may be added to a modem to provide for customer service and control features. Modems may be internal or external to the hardware of a computer. Typical rates: 300, 1200, 2400, 9600, 19200, and higher.

more - A Unix command to display the contents of a text file on the screen, one screen at a time. see cat

MUD (Multiple User Dimension) - A computer program that provides a virtual reality. One can telnet to a MUD server, take on a role, and explore and interact with other users who are playing their roles.

Multi-Level - Concept of processing information with different classifications and categories that simultaneously permits access by users with different security clearances, but prevents users from obtaining access to information for which they lack authorization.

Multi-homed Host - A host using TCP/IP that has connections to two or more physical networks. Multi-homed hosts can function as gateways if their routing tables are assigned correct values for routes.

Multilevel Security - Concept of processing information with different classifications and categories that simultaneously permits access by users with different security clearances, but prevents users from obtaining access to information for which they lack authorization.

Multimedia - Involving more than one form of communication, such as combining text, video, and sound.

Multitasking - A mode of operation that provides for concurrent performance or interleaved execution of two or more tasks.

Multiuser Operation - A system with the capability to have multiple users accessing and processing simultaneously such as is found with UNIX.

mv - A Unix command to move a file from one location to another; can be used to rename a file as well.

N

NAK - Negative Acknowledgement. A response from the recipient of data to the sender of that data to indicate that the transmission was successful(e.g. that the data was corrupted by transmission errors.) Usually, a NAK triggers retransmission of the lost data. See ACK.

NAK Attack - A penetration technique which capitalizes on a potential weakness in an operating system that does not handle asynchronous interrupts properly and thus, leaves the system in an unprotected state during such interrupts.

Name Resolution - The process of mapping a name into a corresponding address. The domain name system provides a mechanism for naming computers in which programs use remote name servers to resolve machine names into IP addresses for those machines.

Nastygram - A protocol packet or item of email (like letterbomb) that takes advantage of misfeatures or secuirty holes on the target system.

Need to Know - The principle stating that a user should have access only to the data he or she needs to perform a particular function.

Network - A continuing connection between two or more computers that facilitates sharing files and resources.

Network Access Points (NAP) - These are connections between ISPs which can cause bottlenecks in throughput.

Network Address - As used by hackers, means an address on the network that is almost always an Internet address.

Network Information Center (NIC) - A service that provides administrative information about a network.

Network Level Firewall - A firewall in which traffic is examined at the network protocol packet level.

Newsgroup - See BBS

NFS (Network File System) - One of many distributed-file system protocols that allow a computer on a network to use the files and peripherals of another networked computer as if they were local. This protocol was developed by Sun Microsystems and adopted by other vendors.

NIC - Network Information Center. A group at SRI International, Menlo Park, CA, responsible for providing users with information about TCP/IP and the connected Internet. The machine named NIC.DDN.MIL serves as the on-line repository for RFCs and other documents related to TCP/IP.

NIS (Network Information System) - This is the current name for what was once known as yp (Yellow Pages.) The purpose for NIS is to allow many machines on a network to share configuration information, including password data. NIS is not designed to promote system security.

NIST (National Institute of Standards and Technology). Formerly, the National Bureau of Standards. NIST is one standards organization within the US that establishes standards for network protocols.

nispasswd - Unix command to change the password information stored in Network Information Service Plus Version 3 (NIS+.)

NOC (Network Operations Center) - The organization at BBN that monitors and controls several networks that form part of the connected Internet, including the MILNET, and at least one X.25 based network.

node - A connection or switching point on the network.

NSFNET - Network funded by the National Science Foundation, now the backbone of the Internet.

nslookup - A service for querying and checking names of an IP address.

Nuke - To intentionally delete the entire contents of a given directory or storage volume.

Nybble - Half a byte, equivalent to one hexadecimal digit.

O

Off-The-Shelf (OTS) - A term designating password, sometimes associated with smart cards. Because it's used only once, a one-time password is far more secure than a conventional one.

OLS (On-line Survey) - Remote computer survey of known technical vulnerabilities through security tools.

One-Time Passwords - Passwords that are changed after each use and are useful when the password is not adequately protected from compromise during login. A private character string that is used only once to authenticate an identity. After each use, a new character string is generated.

Online/On-line - Connected to a network or a host computer system.

OSI (Open Systems Interconnection) - A reference to protocols, specifically ISO standards, for the interconnection of cooperative computer systems. When the term is used generically, TCP/IP is a type of OSI protocol; when referring to ISO standards, TCP/IP is not an OSI protocol.

Operating System - Software that controls the execution of computer programs and that usually provides scheduling, debugging, input/output control, accounting, compilation, storage assignment, data management, and related services. Operating systems control the allocation of resources to a user and their programs and play a central role in ensuring the secure operation of a computer system.

Operational ASIM site - ASIM has been installed, is capturing and analyzing data, and is sending the data to the AFCERT.

Operations Security (OPSEC) - A type of security that prevents and detects security breaches. With operations security, an organization can deny to potential adversaries information about capabilities and intentions by identifying, controlling, and protecting evidence of the planning and execution of sensitive activities and operations.

Orange Book - The U.S. Government's standards document "Trusted Computer System Evaluation Criteria, DOD standard 5200.28-STD, December, 1985" which characterizes secure computing architectures and defines levels A1 (most secure) through D (least.) Stock Unixes are roughly C1, and can be upgraded to about C2 without excessive pain.