This Oracle network topology and administration training course is designed for the working Oracle professional and the amount of previous experiencewith Oracle is incidental. Previous experience with relational database management and SQL is helpful, but this online course is self-contained and has no formal prerequisites.
Access control list (ACL)
A list of individual users and groups of users associated with an object, and the rights that the user or group has when accessing that object.
See also ARP.
Address Resolution Protocol (ARP)
A network protocol that is used to convert IP addresses to physical network addresses by sending an ARP broadcast to request the address.
A computable set of steps to achieve a desired result.
Application gateways function at all four layers of the TCP/IP suite. They are typically implemented through software installed on a specialized server. Application gateways are sometimes known as proxy servers.
A type of encryption that uses one key to encrypt a message and another to decrypt the message. (Also, public-key encryption)
Asymmetric key algorithm
An algorithm used for asymmetric encryption.
Reading and interpreting log files to identify hacker activity.
The process of identifying an individual, usually based on a username and password.
The process of giving individuals access to system objects based on their identity.
An intentional hole in a firewall or security apparatus that allows access around security measures.
Strongly secured devices that have a direct network connection to a public network such as the Internet. It can operate as anyof the three types of firewalls.
A list of commands executed by a computer’s operating system.
An attempt by a hacker to defeat authentication by obtaining a legitimate user's password.
A popular bug-based attack that works by sending more data than the target system is intended to receive at one time.
A computer program or hardware error that causes recurring malfunctions.
An attachment to an electronic message used for security purposes. A digital certificate is commonly used to verify that a user sending a message is who he or she claims to be, and to provide the receiver with the means to encode a reply.
A trusted third-party organization or company that issues digital certificates used to create digital signatures and public-private key pairs. The role of the CA in this process is to guarantee that the individual granted the unique certificate is, in fact, who he
or she claims to be.
A simple means of checking the integrity of transmitted message using a numerical value based on the number of set bits in the message. A formula is applied to the message to produce the numerical value that is checked at the time of receipt by calculating the value again.
An intersection between a company's private and a public network used to monitor, filter, and verify all inbound and outbound traffic.
Text which has been encrypted by some encryption system.
Circuit-level gateways are similar to packet filters. The main advantage of circuit-level gateways is their ability to provide network address translation.
Classless Inter-Domain Routing (CIDR)
Allocates blocks of Internet addresses assigned to an Internet Service Provider (ISP) by Internic.
A network architecture in which each computer or process on the network is either a client, a PC or a workstation for users, or a server, computers dedicated to managing files, devices, or network traffic.
Common Gateway Interface (CGI)
A protocol that allows a Web server to pass control to a software application, based on a user request. It also allows that program to receive and organize that information, then return it to the user in a consistent format. A CGI script resides on a Web server, enabling the CGI process.
Compressed Serial Line Internet Protocol (CSLIP)
Compresses the IP and TCP headers, thus reducing the size of the packet and improving bandwidth.
Computer Emergency Response Team (CERT)
An organization devoted to dealing with computer-related security issues. Based at the Carnegie Mellon University, CERT is a part of the Internet Society which establishes the protocols that govern the Internet. (http://www.cert.org)
Computer Security Division (www.itl.nist.gov)
One of eight divisions within NIST's Information Technology Laboratory. The mission of the Division is to enable organizations and individuals to use information technology with the assurance and trust that the confidentiality, integrity, reliability and availability of information resources are protected.
The science of recovering plaintext messages without knowledge of the key.
The science of encrypting and decrypting plain-text messages
A process that performs a specified operation at a predefined time or in response to certain events. Daemon is a UNIX term. In
other operating systems such as Windows, daemons are referred to as services.
The degree of confidentiality required for data transmitted, correlating to the security measures required to maintain
confidentiality. Data confidentiality is provided by encryption.
Data encryption standard (des)
A symmetric key algorithm that is fast and simple to implement.
The assurance that information has not been modified in transit to the destination.
An IP packet.
Demilitarized zone (DMZ)
Networks that are between a company's internal network and the external network. A DMZ is used as an additional buffer to further separate the public network from your internal private network.
An attempt by attackers to prevent legitimate users of a service from using that service by flooding a network, or by disrupting connections or services.
A file comprised of common passwords used by a hacker in an attempt to gain entrance to a network.
A program specifically written to break into a password-protected system. A dictionary program has a relatively large list of common password names that the program repeatedly uses to gain access.
A type of security that uses two layers of encryption to protect a message. First, the message itself is encoded using symmetric encryption, and then the key to decode the message is encrypted using public-key encryption.This technique overcomes one of the problems of public-key encryption, which is that it is slower than symmetric encryption.
A digital code that can be attached to an electronically transmitted message that uniquely identifies the sender. Like a written signature, the purpose of a digital signature is to guarantee that the individual sending the message really is who he or she claims to be. Digital signatures are especially important for electronic commerce and are a key component of most authentication schemes.
Encryption software that works like a physical wallet during electronic commerce transactions. A wallet can hold a user's
payment information, a digital certificate to identify the user, and shipping information to speed transactions.
Distributed Transaction Management
A feature of an Oracle database that enables it to manage an update, insert, or delete to multiple databases from a single
A name that identifies one or more IP addresses. Domain names are used in URLs to identify particular Web pages. For example,
in the URL http://www.distributednetworks.com/index.html, the domain name is distributednetworks.com.
Domain Name System (DNS) lookup
The system that allows a server, administrator or user to enter a host name to find out the corresponding Internet address. A
reverse lookup is a procedure (usually automated) that occurs when a user requests the operation of a resource such as an e-mail server. It is anauthentication technique.
Dual-homed bastion host
Identical in function to a bastion host but must have two network interfaces. Application gateways are typically installed on a
dual-homed bastion host.
A false default account that generally triggers an alarm when accessed.
Intentionally misleading files to misinform an information seeker.
Conducting business on-line.
Electronic data interchange (edi)
The inter-organizational exchange of documents in standardized electronic form directly between participating computers.
The process of disguising a message to make it unreadable by humans. The resulting data is called ciphertext.
A log of user actions or system occurrences.
Execution control list (ECL)
A list of the resources and actions which a program can access/perform while it is executing.
A business-to-business Web site that allows secure access between a company's intranet and designated, authenticated users
from remote locations.
File Transfer Protocol (FTP)
An approved method that allows the delivery of files across the Internet. An FTP server stores directories of files using a
hierarchical structure. Normally, a user is a client and a company acts as the server.
A security system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both
hardware and software, or a combination of both.
A string of information that identifies a specific user as packets pass through the firewall. A token is usually encrypted.
fragmentation independence is the ability to partition data within a table (or, more accurately, within a relation) transparently.
An attempt by a hacker to access a network by using a valid user name and password.
A system that provides relay services between two devices. Gateways can range from an Internet application such as a common
gateway interface (CGI) to a firewall gateway that process traffic between two hosts. The term is very generic and will be used for a firewall component that routes or processes data between two separate networks.
Graphical user interface (GUI)
A program interface that takes advantage of the computer's graphics capabilities to make the program easier to use.
A user who breaks into sites for malicious purposes.
A numeric function which mixes the ordering of input values to hopefully get an even distribution. (Also, hash function)
To generate a number from a string of text. The hash number is smaller than the text string.
An element in an electronic document that links to another place in the same document or to an entirely different document.
Typically, you click on the hyperlink to follow the link.
Hypertext Markup Language (HTML)
The authoring language used to create documents on the World Wide Web.
Hypertext Transfer Protocol (HTTP)
A TCP/IP application that uses a browser to access and retrieve Web pages from the server.
Short for Internet Engineering Task Force, the main standards organization for the Internet. The IETF is a large open
international community of network designers, operators, vendors, and researchers concerned with the evolution of the Internet architecture and the smooth operation of the Internet.
An advertisement's appearance on an accessed Web page. For example, if you see two ads on a Web page, that's two
impressions. Advertisers use impressions to measure the number of views their ads receive, and publishers often sell ad space according toimpressions.
Products such as written materials, musical compositions, trademarks and other things that are protected by copyright,
trademark, or patent law.
Internal bastion host
Firewalls that reside inside the internal network and are normally used as application gateways that receive all incoming
traffic from external hosts.
Internet Assigned Numbers Authority (IANA)
Oversees and coordinates the assignment of every unique protocol identifier used on the Internet.
Internet Control Message Protocol (ICMP)
A protocol used to communicate errors or other conditions at the IP layer
Internet Service Provider (ISP)
An Internet Service Provider, a company that provides access to the Internet.
Internet Services Application Programming Interface (ISAPI)
A method developed by Microsoft to write programs that communicate with Web servers through OLE.
Business conducted between two different companies.
Any network that provides similar services within an organization to those provided by the Internet outside it but which is not
necessarily connected to the Internet. The commonest example is the use by a company of one or more World-Wide Web servers on an internal TCP/IP network for distribution of information within the company.
Intrusion detection is a relatively new technology used with firewalls. It allows firewalls to perform specified actions when suspicious activity occurs.
An Internet protocol or IP address is a number that is used to uniquely identify computers connected to the Internet.
Individual pieces of information traveling from one host to another.
A hacker imitating an Internet Protocol (IP) device that has an IP address allowing the hacker to gain access to the system.
A separate system that deliberately provides inaccurate information allowing an administrator time to detect and catch the hacker.
A method of opening an encryption. A key can be as simple as a string of text characters, or a series of hexadecimal digits.
A 1964 law that was an important early step toward U.S. trademark legislation.
Scripts executed to customize a user’s environment after the user logs on with a valid user ID and password.
MD5 is one in the series (including MD2 and MD4) of message digest algorithms developed by Ron Rivest. It involves appending a
length field to a message and padding it to a multiple of 512-bit blocks. Each of these 512-bit blocks is fed through a four-round process to result in a 128-bit message digest.
A specific virus embedded in a Microsoft Word document, infecting the user's system when the document is opened.
The representation of text in the form of a single string of digits, created using a formula called a one-way hash function.
Encrypting a message digest with a private key creates a digital signature, which is an electronic means of authentication.
To send data to a specific list of recipients.
Insert definition here
Network address translation (NAT)
Network Address Translation (NAT) hides internal IP addresses from the external network. When a firewall is configured to
provide NAT, all internal addresses are translated to public IP addresses when connecting to an external source.
Network News Transfer Protocol (NNTP)
A TCP/IP application that is one-to-many communication: a message is posted to a single location, and any number of users can
contact the NNTP server to retrieve it.
The type of network (ethernet or token ring), the IP address range, the subnet mask, and the naming scheme. The most common
network topologies are the star, bus, ring and hybrid.
The ability to demonstrate that an information exchange or financial transaction took place.
A file, program, service/daemon, or resource that is maintained and controlled by an operating system.
A type of encryption where information is encrypted once and cannot be decrypted. One-way encryption is typically used for
creating message digests.
A group of servers and computers, such as the Internet, which allows free access.
Open Systems Interconnect (OSI)
A model for for network communications standardized by ISO, containing seven primary layers; the physical, data link, network,
transport, session, presentation and applications.
In general usage, a packet is a unit of information transmitted as a whole from one device to another on a network. In
packet-switching networks, a packet is defined more specifically as a transmission unit of fixed maximum size that consists of binary digits
representing data, a header containing an identification number, source, and destination addresses, and sometimes error-control data.
A type of firewall devices that process network traffic on a packet-by-packet basis. Packet filter devices allow or block
packets, and are typically implemented through standard routers.
A device or program that is used to monitor traffic on a network, can be installed anywhere in a networked system, and is virtually undetectable. Sniffers are used for legitimate network management functions or for stealing information off a network.
The activity of learning where a packet of information has come from. Since any information sent across the Internet has likely passed between at least five or six computers, it is often necessary to learn the route by which that information came.
A type of authentication that requires the use of a password to verify an entity’s authenticity.
An attempt by a hacker to access a network using possible passwords. A dictionary file is often used to crack passwords.
Finding a way to intercept the transmission of a password during the authentication process. A sniffer is a program used to intercept passwords.
A patent for an invention is the grant of a property right to the inventor, issued by the Patent and Trademark Office. The term
of a new patent is 20 years from the date on which the application for the patent was filed in the United States or, in special cases, from the date an earlier related application was filed, subject to the payment of maintenance fees. US patent grants are effective only within the US, US territories, and US possessions.
The system (usually software) that interfaces between the merchant and the merchant’s bank to perform credit card authorizations.
A cross-platform programming language that enables users to write custom CGI programs, as well as system management programs.
A type of authentication that uses what you have such as a physical key or card, to verify a person’s authenticity.
Physical line trace
The attempt to determine the port or telephone line a hacker has used.
A message before encryption or after decryption, i.e. in its usual form which anyone can read, as opposed to its encrypted form, ciphertext.
Point-to-Point Protocol (PPP)
A protocol for connecting to the Internet. PPP provides error checking and compression of the IP and TCP headers.
Proxy servers communicate with external servers on behalf of the internal clients. When the terms application gateway or circuit-level gateway are used, they refer to the specific services provided by each form of firewall.
A cryptographic system that uses two keys, a public key known to everyone and a private or secret key known only to the recipient of the message.
A means of reaching an audience by automatically delivering information, such as news headlines or product updates, directly to a user's computer in a customized format at designated times.
Remote access device
Devices that have access a network from a remote site.
Request for Comment (RFC)
The written definitions of the protocols and policies of the Internet.
Reverse Address Resolution Protocol (RARP)
A network protocol that causes a host to broadcasts its physical address. The RARP server then replies with the host’s IP address.
Reverse proxy service
A company's registered Web or email server located outside a network's firewall system is used to prevent public users
from contacting the Web server directly. When public users access the reverse proxy Web server, it contacts the Web server that resides behind thefirewall.
A standard for public-key cryptosystems named after its inventors, Ron Rivest, Avi Shamir, and Rick Adleman, who developed it
in 1978 while working at MIT. Its security is based on factoring very large prime numbers. The size of the key used in RSA is completely variable,but for normal use, a key size of 512 bits is common. In applications where key compromise would have serious consequences or where the security must remain valid for many years into the future, 1024-bit and 2048-bit keys are used.
Containing built-in constraints to protect a program from malicious activity or from accessing important resources.
Screened host firewall
A firewall that uses a bastion host to support both circuit- and application-level gateways and creates a demilitarized zone
(DMZ) that functions as an isolated network between the Internet and the internal network.
Screened subnet firewall
A type of firewall that uses a bastion host to support both circuit- and application-level gateways and creates a demilitarized
zone(DMZ) that functions as an isolated network between the Internet and the internal network.
Examines inbound and outbound packets based upon filter rules. Screening router is another term for a packet filter.
Secure electronic transactions (set)
A standard enabling secure credit card transactions on the Internet.
Secure hash algorithm (SHA).
This function was developed by the National Institute of Standards and Technology (NIST) and is based heavily on Ron
Rivest's MD series of algorithms. The message is first padded with MD5, then fed through four rounds, which are more complex than the ones used
in MD5. The resulting message digest is 160 bits long.
Secure HTTP (SHTTP)
A form of encryption that takes place at the hypertext markup language level. This allows a Web browser to transfer sensitive information across the Internet.
Secure Multipurpose Internet Mail Extension (S/MIME)
A specification for secure electronic mail. S/MIME was designed to add security to e-mail messages in MIME format. The security services offered are authentication (using digital signatures) and privacy (using encryption).
Secure Sockets Layer (SSL)
A technology embedded in Web servers and browsers that encrypts traffic.
The systems and software that provide the different security services (access control, authentication, data integrity, data confidentiality, and nonrepudiation).
A basic method for providing data security. Security services include authentication, access control, data integrity, data
confidentiality, and nonrepudiation.
All components used by a company to provide a security strategy, including hardware, software, employee training, and a
Serial Line Internet Protocol (SLIP)
A data link layer protocol, a simple form of connecting to the Internet.
The shared-server architecture increases the scalability of applications and the number of clients that can be simultaneously connected to the database.
Simple Mail Transfer Protocol (SMTP)
The Internet standard protocol to transfer electronic mail messages from one computer to another. It specifies how two mail
systems interact, as well as the format of control messages they exchange to transfer mail.
Simple Network Management Protocol (SNMP)
A TCP/IP application that allows administrators to check the status and sometimes modify the configuration of SNMP nodes.
Single-homed bastion host
A bastion host that has only one network interface and is normally used for application-level gateway firewalls.
Single-purpose bastion host
A separate bastion host dedicated to a single application.
A type of denial-of-service attack in which a series of pings are sent to a remote host to inundate the system of the attacked host.
Storage snapshots have offered development and QA capabilities for database and non-database environments, providing the ability to quickly create point-in-time storage-efficient virtual copies of the data. Snapshots do not require an initial copy, as they are not stored as physical copies of blocks, but rather as pointers to the blocks that existed when the snapshot was created. Because of this tight physical relationship, the snapshot is maintained on the same storage array as the original data. Snapshots are generally implemented either as copy-on-write or redirect-on-write-based methods.
If the required blocks are no longer available, Oracle delivers a "snapshot too old" error.
The use of tricks and disinformation to gain access to passwords and other sensitive information.
A form of identity theft in which a hacker attempts to defeat authentication. Specific examples include IP spoofing, ARP
spoofing, router spoofing, and DNS spoofing.
Stateful inspection, a term introduced by CheckPoint Corporation, allows a firewall to analyze packets and view them in
context. (Also called stateful multi-layer inspection)
A type of encryption where the same key is used to encrypt and decrypt the message.
The action of a hacker who enters a computer network and begins mapping the contents of the system.
A high-speed (1.5 Mbps) connection to the Internet using dial-up leased lines. In some localities, T1 lines can be leased for
$3,000.00 per month or less.
A TCP/IP application that is used for remote terminal access and can be used to administer a UNIX machine.
tnsnames.oraThe tnsnames.ora file, is located primarily on the clients, this file contains network service names mapped to connect descriptors. This file is used for the local naming method.
Transmission Control Protocol/Internet Protocol (TCP/IP)
A suite of protocols that turns information into blocks of information called packets. These are then sent across networks such
as the Internet.
An account in a network used to alert a security administrator of a potential hacker when penetration of the network begins.
Trojan (trojan horse)
A file or program that purports to operate in a legitimate way, but which also has an alternative, secret operation, such as
emailing sensitive company information to a hacker. A trojan horse is a specific program that destroys information on a hard drive.
UDP (User Datagram Protocol)
A connectionless protocol at the transport layer of the TCP/IP protocol stack, often used for broadcast-type protocols such as
audio or video traffic.
Value added network (VAN)
A network that provides special communication over leased lines, usually offering enhanced services. A Value Added Network
usually offers some service or information that is not readily available on public networks.
Virtual Private Network (VPN)
An extended local area network (LAN) that enables an organization to conduct secure, real-time communication.
Self-replicating software used to infect a computer.
A central computer system that hosts a Web site and enables remote clients to access the pages of the site.
The part of a virtual enterprise that allows a client/end-user to interact with the server-side elements, usually in the form
of buying and selling.
A program that exploits the Windows TCP/IP stack causing Windows machines running an older version of the TCP/IP protocol stack
to either crash or lock up.