Tools to help you resolve and network problems

P

packet: A unit of information formatted according to specific protocols that allow precise transmittal of data from one node in a network to another. Also called a datagram or a data packet, it contains two parts: a header and a payload. The header is like an envelope; the payload is the contents. In Internet Protocol, any message that is larger than 1,500 bytes gets fragmented into packets for transmission.
packet filtering: Controlling access to a network by analyzing the headers of incoming and outgoing packets, and letting them pass or halting them based on rules created by a network administrator. A packet filter allows or denies packets depending on where they are going, from whom they are sent, or what port they use. Packet filtering is one technique, among many, for implementing security firewalls.
PAP (Password Authentication Protocol): An identity verification method used to send a user name and password over a network to a computer that compares the user name and password to a table listing authorized users.
See also CHAP.
parameter: In programming, some value passed to a function. The function either uses the parameter in its task, or performs an operation on the parameter. A parameter can be a value such as a number, a name, or even a file. For instance, a function that alphabetizes might not know what text file to alphabetize unless a file name is passed to the function as a parameter. The function might not know whether to print the alphabetized list, display it on a screen, or save it as a new file unless one of those options is also expressed as a parameter. A parameter can also be referred to as an argument.
passive mode FTP: See active mode FTP.
passphrase: An easy-to-remember phrase which offers better security than a single-word password, because it is longer and thus harder to guess or calculate.
password: A secret sequence of characters or a word that a user submits to a system for purposes of authentication, validation, or verification.
password caching: The temporary storage of a user's username and password by some application.
peer-to-peer: Sometimes abbreviated as P2P, this is a method of distributing files over a network where all computers are treated as equals (in contrast to a client/server architecture). Using P2P client software, a client can receive files from another client. Some P2P file distribution systems require a centralized database of available files (such as Napster), while other distribution systems like Gnutella are decentralized.
perfect forward secrecy: A cryptosystem in which, if one encryption key is compromised, only the data encrypted by that specific key is compromised. Some cryptosystems allow keys to be derived from previous keys, so that if the first key is compromised, an attacker might have enough information to figure out other keys and/or decrypt data encrypted using those keys. RFC 2409 describes PFS in detail.
PGP (Pretty Good Privacy): An application and protocol (RFC 1991) for secure e-mail and file encryption. PGP uses a variety of algorithms (like RSA, DSA, MD5, SHA-1) to provide encryption, authentication, message integrity, and key management.
PGP/MIME: An IETF standard (detailed in RFCs 2015 and 3156) that provides privacy and authentication using the Multipurpose Internet Mail Extensions (MIME) security content types described in RFC 1847, currently deployed in PGP 5.0 and later versions.
Phase 1, Phase 2: Stages in establishing a site-to-site Virtual Private Network (VPN) tunnel. Designated computers negotiate security parameters to protect the managing of the tunnel itself using IKE (Internet Key Exchange); the result of this negotiation is called the Phase 1, or ISAKMP, security association (SA). The Phase 1 SA is then used to securely negotiate security parameters to protect IP packets; the result of that negotiation is called the Phase 2, or IPSec, SA. The Phase 2 SA is then used to securely tunnel ESP or AH-protected IP packets between these two computers.
ping: A utility to determine whether a specific IP address is accessible. It works by sending a packet to the specified address and waiting for a reply; hence, it was named after the sound echo sonar makes when trying to locate an object.
PKCS (Public Key Crypto Standards): A set of standards published by RSA Security, developed in cooperation with an informal consortium (Apple, DEC, Lotus, Microsoft, MIT, and Sun), that includes algorithm-specific and algorithm-independent implementation standards for reliable, secure public key cryptography.
PKI (Public Key Infrastructure): A system of digital certificates, Certificate Authorities, and other registration authorities that verify the validity of each party involved in an Internet transaction. The intent is to establish a trusted relationship between the parties. PKI's various mechanisms can provide a foundation for message confidentiality, message integrity, non-repudiation (which means the author of a message cannot later claim he did not write it), and authentication. PKI is necessary and foundational for certificate-based Virtual Private Networks (VPN).
plain text: Characters in a human readable form prior to encryption or after decryption. Also called clear text.
plug and play: An ease-of-use ideal in the personal computer market that assures the user that a hardware device (for example, a mouse, a modem, or a scanner) can be installed without resorting to manual hardware configuration of either the device or the PC into which the device is being installed.
port: 1. A physical hole in a computing device where you plug something in (such as, "this PC communicates with the printer via the serial port").; 2. When used in relation to IP services, a made-up, or logical, endpoint for a connection, conceived so that the computer can handle multiple applications over one network connection. Your system figures out how to treat data coming at it partially by looking at what port the data is destined for (for example, HTTP, or Web traffic, by convention uses port 80; SMTP, or e-mail traffic, uses port 25).
port address translation: See NAT.
port forwarding: See NAT.
port space probe: An intrusion technique whereby a hacker attempts to connect to sequential port numbers. These probes are usually attempts to find security holes which the attacker might exploit. When a listening computer responds to a message sent to a given port, the attacker then knows there really is a computer there, listening on that port.
PPP (Point-to-Point Protocol): A method of connecting a computer to the Internet, often used with dial-up modems.
PPPoE (Point-to-Point Protocol over Ethernet): A method of transmitting PPP traffic over Ethernet to the Internet through a common broadband medium. Commonly used in Europe. The users have the appearance of "dialing" the Internet, but their computers are in fact always connected.
PPTP (Point-to-Point Tunneling Protocol): A VPN tunneling protocol with encryption. It uses one TCP port (for negotiation and authentication of a VPN connection) and one IP protocol (for data transfer) to connect the two nodes in a VPN. Though favored by Microsoft, many experts feel PPTP offers weaker confidentiality of data than a competing standard, IPSec.
Pretty Good Privacy: See PGP.
primary key(IPSec): An IPSec key responsible for creating a security association. Values can be set in time or data size.
private key: The "secret" component of an asymmetric key pair, often referred to as the decryption key. In a key pair (composed of a public key and a private key), it is essential that you keep the private key to yourself.
See also asymmetric key, key pair, and public key.
private network address: A private network address is an IP address range that is used only within the confines of a single organization. Private addresses are used for traffic from one location to another within a clearly defined network and at no time are meant to extend beyond the perimeter, or firewall, of the organization. They are not routable on the Internet, and require some sort of address translation (see NAT) to reach the Internet. Private network address ranges are defined by the IANA and RFC 1918 as being 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16.
privilege elevation: See elevation of privilege.
probe: A type of hacking attempt characterized by repetitious, sequential access attempts. For example, a hacker might try to probe a series of ports in search of one that is open, or one might probe a range of IP addresses in search of a responsive computer.
procedure: See function.
protocol: A set of formal rules describing how to transmit data, especially across a network. The protocol determines issues such as: the type of error checking to be used, data compression method, if any; how the sending device will indicate that it has finished sending a message, and how the receiving device will indicate that it has received a message. Low-level protocols define the electrical and physical standards to be observed, bit- and byte-ordering, and the transmission and error detection and correction of the bit stream. High-level protocols deal with the data formatting, including the syntax of messages, character sets, and sequencing of messages.
proxy server: A server that sits between a client application (such as a browser) and a "real" server. The proxy server intercepts client requests and forwards them to the other server. Its purpose is two-fold: for outgoing traffic, it allows private, non-routable machines to reach a machine which can reach the Internet for them. Secondly, as it receives responses to the client machine requests (for example, Web pages) it can cache them locally so that further client requests can be answered locally and immediately.
pseudo-random number: A number that results from applying randomizing algorithms to input derived from the computing environment, such as mouse coordinates or the time of day.
See also random number.
Public Key Crypto Standards: See PKCS.
public key: The publicly available component of an asymmetric key pair, often referred to as the encryption key. In a key pair (composed of a public key and a private key), you can make your public key well-known, as messages encrypted with it can only be decrypted by your private key.
See also asymmetric key, key pair, and private key.
public key cryptography: Cryptography in which a public and private key pair is used, encrypting the data at the sender's end and decrypting it at the receiver's end. Since the data is encrypted while it travels the public Internet, no additional security is needed -- it can safely use public networks without loss of confidentiality.
See also asymmetric key and key pair.
Public Key Infrastructure: See PKI.