DMCA notice (Digital Millennium Copyright Act) - a request to delete undesirable content immediately upon receipt of notification and without explanation and estimation of users’ rights violation. This notice is legally obligatory for all web-hosters and imposes entering actions in case of disobedience. There is no clearance policy separated legal content usage from prohibited actions that complicates judicial proceedings.
DMVPN (Dynamic Multipoint VPN) - it gives a possibility to build a dynamic channel between nodes. The technology was designed by Cisco Systems to develop a VPN operation. A client connects to a DMVPN server and receives requested information about desired goal. After that, it creates a virtual tunnel directly to the requested recourse. In such a manner, the system effectively offloads a server.
DNS (Domain Name System) - a system that translates Internet addresses in special terms. Servers convert web addresses from domain names (letters combination that is clear for human) into the numeric IP (computer-understandable code) making the requested resource accessible.
Dynamic VPN IP - this service specializes in IP address substitution from “native” to one random from requested location. Dynamic address management makes accessible the Internet surfing all over the globe. The client stays hidden over the Internet as long as he uses a VPN.
Encryption - a process converting a plain text into a cipher using a specific key. This procedure is applicable for avoiding risk of accessing and reading materials by strangers. There are two particular encryption forms. The most relevant is a symmetric algorithm that tends to keep an encryption key private. But conversants need to exchange this key before they can decode it. An asymmetric algorithm means clear channel transmission of a key that is accessible to observation. This type is used to justify a digital signature and to cypher a message. It’s also known as public-key cryptography.
End-to-end (e2e) encryption - a communication system where necessary keys to encode and decode sent messages are held singularly by the communication participants. In other words, e-mails and all file attachments that can pass through multiple foreign servers may be of the unreadable form. And only the receiver is able to decrypt and read this message. The fully-featured E2EE may be reached by using special programs like PGP. It generates encryption-decryption key pairs and utilizes them for e2e connection.
Geo-blocking - a censorship type that is established by the rule of Internet user lockout depending on the geographical position. From there, distinct websites, their library contents and services may be unavailable for foreign visitors. The location is determined by analyzing visitors’ IP addresses. At the moment, geoblocking spreads into the Internet multimedia content. This is due to observing and protecting copyright and licensing rights. Moreover, it blocks malevolent traffic, prevents from scam and statute-prohibited online gambling.
Files sharing - a distributing process of digital media, including software applications, text and multimedia documents. It is accompanied by separation and management of accessing that means data availability only to closed user group or specified gadgets, and grant connection privileges consisting in read-only or read and changes rights. Nowadays, the most attractive sharing way includes P2P file sharing assigned read-only access to selected popular info for general public targeted at file exchange.
Firewall - a filter that protects digital devices against unauthorized invasion and provides security while using the Internet. The facilities of firewall are diverse: WiFi protection, access of definite programs to the Internet, protection against hacker invasions, blocking of undesired programs. Firewall detects the networks, your device connect to, and provides appropriate level of security.
Firefox - a free web browser powered with a large number of effective possibilities. Among its primary advantages can be distinguished software augmentability, availability of powerful security tools, fast and comfortable performance assurance. Firefox supports thousands of plug-ins for the purposes of downloading media files from different websites, password manager, communication protecting and others.
Five Eyes (FVEY) - an international agreement concluded by the USA, the United Kingdom, Canada, Australia and New Zealand which is aimed at a War of Terror and includes a secret program on data retrieval and World Wide Web monitoring. Info disclosed by Snowden has reported that Five Eyes had been snooping on one another’s civilians and distributing the compiled info between other members.
Flash cookies (or Local Shared Objects (LSO)) - they are represented by data types stored on user’s computer. According to default preferences, net sources request for storing local files on a user device. As a standard cookie, LSO can be used by Web banks, advertisers and traders for accounting and managing purposes. These text files are rejected by other external websites (for example, LSOs from “https://www.website.com/” can’t be recognized by “www.website.org”). Flash cookies are not attached to a concrete web browser that makes services operation more comfortable allowing to keep more configurations and other useful info.
Gag order - a legal form restricting info transmission to the third parties without permission of high-level managing authority. Usually this term is used by employers or other institutions tending to defend secret info and valuable insight from competitors. Info disclosure includes public distribution, data using for personal purposes, publication of comments and analytical materials based on proprietary info.
GCHQ (Government Communications Headquarters) - the UK intelligence agency which is competent for managing electronic reconnaissance and providing protection of government and armed forces data. The center holds responsibility for info acquisition and filtering in African and European countries. GCHQ was accused of data harvesting from intercept phone calls and traffic using specially designed programs Tempora (provides access to optical fiber cables transmitted phone conversations and internet traffic and keeps data for 30 days) and PRISM (grants access to millions electronic messages and chats stored in archives of major internet companies).
Geo-spoofing - a method of hiding real geographical position from the internet society by way of switching active IP address in order to visit net resources anonymously and maintain correspondence from web based email accounts without discovering actual geolocation. This technique is also valid for unblocking geo restrained web content.
Hamachi - this software is a user-friendly instrument that connects two computers via the Internet and creates a proper VPN secured with standard cryptoalgorithms. This said, an individual line builds between two devices, and client communication will be hidden from prying eyes. It’s available to use Hamachi in local networks to provide extra security. Hamachi has clean interface and allows to organize private secure networks just in several steps.
Handshake - a negotiation process provoked by net nodes in order to install cryptographically secure data channel where participants coordinate utilized enciphering methods and keys. Under the Handshake procedure there is a possibility to identify customer and server personalities which discuss communication parameters as a functional protocol version, data enciphering method and verify certification protocols if needed.
Hashing - a method of transforming an incoming multiple data of random length to an output fixed string with a finite number of characters. In cryptanalysis hashing function is an unreplaceable and widespread instrument that suits for multiple purposes. It is used for passwords storage and media files protection. In addition, it allows to detect malicious programs that are created manually or automatically by hardware program.
History stealing - an unexpected impact on user software allowing a website to discover which URLs have been visited. The most prevalent way of providing this is by inserting invisible links into visited web page utilizing Javascript which masked undesirable info. History stealing can’t be resolved without dropping useful capabilities, even despite the fact that malignant websites can see which bank is used by a visitor and design its perfect copy for phishing purposes.
HTTPS (HyperText Transfer Protocol Secure) - HTTP protocol extension with encryption function assistance. It is not an individual protocol. It’s just an HTTP that functions through encrypted transport mechanism of SSL and TLS. HTTPS protects against attacks based on network communication monitoring. It’s possible with the use of enciphering tools and with server credibility. This protocol is widely distributed in the computer technology world and operates on all popular browsers.

I2P (Invisible Internet Project) - an anonymous overlay networks which is designed to secure data exchange from external monitoring and control (as a provider spying) and preferred by users cared for personal privacy protection. I2P is targeted to safeguard net interchanging making hacker attacks maximum problematic and impossible. Anonymity level is achieved with net growth and system development due to scientific output analysis.
ICS (Internet Connection Sharing) - a technology that makes possible the connection to one net using several computers that are situated in one local network. DHCP and NAT technologies serve for this purpose. Primarily, it was designed by Microsoft for Windows 98 Second Edition.
Identification - a system that provides insight into the Internet user actions collecting public records information. Nowadays, a vast number of web users share with individual information voluntarily in social media networks. They present real names, photos and private interests, show telephone numbers and location area. User identification becomes possible to monitor utilizing a static IP address, served cookies and TCP protocol answers.
Identifier - a unique subject’s feature allowing to mark it out from other gadgets. The procedure of identification fixes a correspond ID number and then determines it. It may be a sequence of special symbols (e.g. underscore), digits and upper and lower case Latin letters.
IKEv2 (Internet Key Exchange) - a standard IPsec protocol that is designed to protect transportation of identified data for security association (SA). It’s characterized by an adding protection instrument “control-plane” against DoS attacks.
Information security - a complex of measures that are focused on maintaining information in confidential, accessible and integral way. Particularly, it’s a network security against various cyber-attacks. It prevents unacceptable risk of data leak, unauthorized and inadvertent impact to an information system sources. Usually, all management principles are introduced in an organizational security policy. It’s a complex of rules, procedures and best measures applying to a cybersecurity sphere that are served in this institution.
Internet Censorship - monitoring or suppressing of information publication or access to it in the Internet. Even if the state legislation prohibits a content distribution to all internal resources, this info may be available at web-servers in other countries. For this reason, censorship was introduced with the object of national borders identification on the network. The state or political regime concentrate on network communications control. Special agencies disable or close web resources, perform traffic analysis and penalize publication authors, source owner and other perpetrators.
Internet traffic - a data movement across the Internet over the definitive period. The content is measured by packages, bits, bytes and their rates (KB, MB, GB etc.). It is divided into outgoing (when information passes to external network) and incoming (when information comes from extranet), internal (data flows within intended network) and external (data passes beyond specified net) types.
Internet VPN - this type of private network is used by providers for granting access to the Internet. Usually, it is appreciated when a number of users connect to one physical channel.
Intranet VPN - an internal private network that links corporate headquarters or offices. It’s closely allied to reduced copy of the World Wide Web. Intranet grants possibilities to exchange materials within a concrete organization. It may be employee lists, telephone numbers of companions and clients.
IP (Internet Protocol) - a routed third level protocol that combines separate computer networks into the World Wide Web. It is responsible to deliver data between various network nodes. As for example, when you receive a telegram, address and message are written one after another. To understand this message, the receiver need to follow specific rules. As before, IP defines addresses and other operation information. But it cannot guarantee a reliable and trusted data distribution. The sent package may be transferred in unfixed order, duplicated or even damaged upon arrival.
IP leak - an anonymity threat consisting in espousing real IP number location from behind active VPN connection. Usually, WebRTC conversation protocol relied on JavaScript is responsible for IP leakage. In order to prevent such undesirable circumstance, it’s possible to use specially created software as NoScript or directly block the protocol.
IP guard - the facility meant for user activity monitoring, network control as well as sensitive and corporate data protection. Don’t mix up it with IP source guard (the function of IP address protection against substitution).
IP spoofing - type of hacking attack consisting in strange IP address use with the aim to cheat the security system.
IPv4 (Internet Protocol version 4) - uses 32-bit addresses limiting location space by 967 296 probable unique numbers. The traditional recording form represents by the signature that is consists of four decimal numerals from 0 to 255 separated by periods. The subnetwork mask length is specified after the slash. The problem of IPv4 address exhaustion has become crucial since 1980. By the 2015s almost all local providers declared total volume consumption of blank IPv4 addresses.
IPv6 (Internet Protocol version 6) - a new IP version intended to resolve the IPv4 exhaustion issue on account of address extension with 128 bit. Nowadays, IPv6 is not accepted by the majority of net providers. But with time the dual stack counting will be realized with IPv6 traffic gradual increase. This variant is possible because vast numbers of deprecated devices do not accept IPv6 and require special transformations that is fraught with increased money outlay.
IPX (Internetwork Packet Exchange) - an OSI network layer protocol in the suit of IPX/SPX protocols. The original purpose is a datagram transferring. It doesn’t impose connective setup for passing. Operating with this protocol, servers link with NetWare operating system and end station. Network IPX address involves net number (that is fixed by administrator), and nod number (that is align with MAC-address). MAC-addresses utilization on the network layer steps up protocol activity and simplifies computer network configuration. Unfortunately, data through-put is limited up to 6 bytes. IPX doesn’t able to deliver data large volumes.
ISP (Internet Service Provider) - an institution which renders access the net services (including broadband, dial-up and wireless connections) and other net related benefits such as disk space assignation for storing and sites maintenance (or hosting), email boxes and virtual mail servers supporting, customer equipment placing on provider’s ground (or collocation), private and virtual servers hosting, data redundancy etc.
Kerckhoffs’s principle - a crypto system regulation, positing that cryptoalgorithm must be open and uncovered, and only key of algorithm is kept carefully under wraps. In other words, an opponent knows about the crypto system being in use except for applicable keys. This principle is focused on independence of algorithms and protocols. Their discoverability shall not affect their safety.
Key schedule - a substantial element of periodic barring ciphers where the information coding process is accomplished in cycles. Generally, these cycles are similar, except for a number of criterions and an identifiable component of the encryption key (a subkey). The key schedule main task is to manipulate with keys to form and manage subkeys. A strong key schedule guarantees more complex and sustained cipher.
Kill switch - a technology which inherents in certain VPN services that automatically closes web connection whenever created enciphering tunnel breaks for any occasion. This mechanism informs user about connection splitting and at the same time prevents transmitted data from leaking out from the VPN channel. Usually the software observes the net session and blocks all traffic or disconnects net communication if VPN failure is detected.
L2f (Layer 2 Forwarding Protocol) - a technique that constructs VPN tunnels via the Internet. L2f doesn’t impose to encrypt and safeguard info flow, it bases upon encapsulate protocol. As a PPTP, it was created by Cisco Systems company for the function of traffic tunneling of remote access gadgets and enterprise network. L2f is independent of IP and utilizes PPP for remote user certification.
L2TP (Layer 2 Tunneling Protocol) - a VPN protocol that is responsible for tunneling. Supporting IPsec protocol, they encrypt and protect traffic transmission. All modern operating systems and devices, integrated with a VPN, distribute L2TP/IPSec. As a PPTP, L2TP is user-friendly, but requests router extra settings. Unfortunately, this protocol works slower and doesn’t provide higher security level.
Logs - registration files which contain event records in chronological sequence controlling external events and software journaling. Server log files record users or program specific activities on a server. For example, web-server journals info about visitor’s geo-location, time spent on a website, browsing and downloading history, operated web browser and real IP address. Analyzing log files, it’s possible to summarize users’ activity, learn regularities of user groups behavior and estimate efficiency of advertising campaign.
Metadata - a piece of info relating to additional info about web content or object and discloses info concerning criterions and qualities characterize entities allowed to automatically search and control data in large info streams. Concerning the subject matter, metadata describes a source (such as name and filesize) or its content. Such info can be subdivided into three layers: a sublayer as a raw data, central layer which describes given raw info and upper layer allowing to infer drawing on the previous layer.
Mobile VPN - in contrast with VPN, the mobile version provides extra settings and operation schemes. Communications links, that are used on mobile devices, are changed very often. It makes a traditional VPN operation difficult – a server sees connections from different IP addresses, but is unable to keep a dedicated channel. As a result, smartphone apps loose active connection at times and do not work. For that reason, VPN servers use additional authorization systems, e.g. IPsec or SSL. The first one allows data exchange for mobile devices that often change network settings but are served by one operator. The second protocol is designed for more flexible authorization process in web interface. Read more Best VPN for mobile
Multi Logins - a function that offers a possibility signing into various accounts on the same website using one browser profile. So it’s quick and handy to log in with two or more profiles for one service and move between them with no trouble. In addition to it, many multi login apps exhibit modern protective technologies that allow to secure users personal information.
Multi-factor authentication (MFA) - a multistage process of a computer access control. A user can get necessary information by successful passing through several authentication mechanisms. To proof the identity, it’s necessary to present secret information (password, PIN number) or to pass biometric verification. Two-factor authentication is a type of MFA. It represents a technology that recognizes users through the use of two different components combination. Google authorization is a good example of TFA. Except for login-password authentication, user needs to enter a validation code. It may be send by SMS or received with a call.
Multi-protocol label switching (MPLS) - a scale and independent mechanism of data transfer. In the network, based on MPLS, all data packages are labeled with marks. The further package transfer depends on assigned mark value and doesn’t probe it contents. It is possible to create a virtual end-to-end channel regardless of transfer environment and using any communication protocol.
N2n - a VPN technology implementation with open back code. It builds encrypted point-to-point tunnels between computers. The program links gadgets beside NAT Firewall and do not require settings configurations. For this purpose, it controls distributed architecture with one or two supernodes and keeps information concerning network participants and channel routing.
NAT Firewall (Network Address Translation) - a service that controls interconnection between the LAN (Local Area Network that covers a small territory or set of buildings: home, office, university) and the Internet and prevents unwelcome traffic leak. With NAT network a computer obtains a local IP number that is unavailable to all internauts and web services. NAT makes ports unavailable for direct incoming connection utilizing the mechanism that blocks unwelcome traffic and promotes safety. If a client decides to apply a VPN, it’s required to wedge the NAT firewall between cyberspace and a VPN server. It will promote all internet traffic filtration and avoidance of suspicious and malicious files transmission.
NeoRouter VPNs - construction application. It is frequently used as a remote access instrument, P2P connections or forms part of encrypted virtual private networks. NeoRouter simulates personal computer, server and other devices connections over commutator. It’s promoted as a completely and self supporting solution.
Network manager - a program that improves recognition and preferences of automatic connection tools. The service is useful in wireless and wired channels. In the former case it connects to specified networks, switches to the most stable net. But it gives precedence to wired net. On top of that, the program supports some VPNs types. This maintainability is performed by plugins system.
‘Network-to-network’ connection - it allows accessing any computers that are in the local environment to any virtual machine. It is a great option for hybrid configurations. For this type of connection VPN device supporting IPSec is needed. To create ‘network-to-network’ connection you should have this VPN equipment and IPv4 public IP address. ‘Point-to-network’ connection permits you to access from any computer locating anywhere. For this type of connection VPN-client is used. This variant is very useful in case if there is no access to VPN hardware or IPv4 address, which are necessary for ‘network-to-network’ connection.
NSA (United States National Security Agency) - a communications and electronic reconnaissance unit forming part of the US Department of Defense and is responsible for electronic communication networks controlling, traffic recognition, info receiving from foreign communication nets utilizing electronic and radio interception and its deciphering. The NSA mission is protecting secret info against overseas enemies, data processing in order to maintain military campaigns.
Off-site user - it has a possibility relating with a PC via the Internet by dint of another device. In order to apply the option, it needs an activate gadget and a running remote access function. The process performs with any device linked with network with/without special installations. The option gives a possibility to work on a computer remotely, provides info accessing and transferring.
Open Source Software - a program with browseable, explorable and modifiable initial code which allows to debug an open source program, utilize a method creating new programs and removing appeared mistakes through sourcecode adoption, reviewing of algorithms, data structure, technologies, practices and interfaces. Designers focus on open sources effectiveness as program engineering, modernization and maintenance.
OpenVPN - a VPN protocol that is considered to be secure. The software builds a tunnel within an unclassified network (e.g. the Internet) and serves for saving encrypted traffic of information on the OpenVPN network. Its libraries involve broad spectrum of cipher algorithms that grant total safety and security. OpenVPN has flexible frameworks and can bypass strong firewalls. In order to overcome this restriction, it is possible to customize a random port. But configuration steps are difficult and demand third party software.
Overlay Network - a logical network that is based on the other net. It offers powerful capabilities beyond the primary design. A common overlay example is VPN, that works on the Internet basis and is just add-on to traditional network protocols. The primary advantage lies in the fact that overlays allow to discover and operate with large-scale multi-site services that are kept from basic network protocols violation. The general overlays disadvantage is data transporting extra costs because of packet processing additional level or imperfect routing.
Password - a sequence of symbols established by the user. Only he knows the secret code and keeps it close. It permits to authenticate the user and confirms the real identity on entry. Typically, passwords are used for restraining an unauthorized access.
P2P (peer-to-peer network) - an overlay computing net based on participators equality where all net nodes fulfil similar functions or can automatically modify function packages depending on existing environment conditions. The net does not include dedicated servers involving that every peer functions as a client and a server at the same time. Such organization preserves net performance capabilities at any quantity and available nodes combination.
Phishing - a computer fraud centered on social engineering principals. A phisher creates an entire replica of selected resource (e.g. a bank website). He creates bank-identical messages using real logotypes, names of its presidents, and, with the help of spam-technologies, he sends them to victims. Most commonly, it requests to confirm or alter registration details because of software retrofit in the Internet banking system. In all cases the reason is the same –leading users to click on the link and enter confidential information in a false bank website.
Password manager - a software oriented to control and protect customer’s passwords and PIN codes which operates with onsite data bases or files contained passwords’ encrypted data. As an extra function, password managers complete user and password fields automatically and usually implemented as browser extension. The technology can be used as a preservation measures against phishing attacks being irresponsive to visual websites imitations and keeping personal data hidden from hacker.
Perfect Forward Secrecy (PFS) - it means that session key generated with long-lived key usage will not be imperiled if one or more long-term keys will be discredited in future. In order to keep PFS, a key implemented for transported data enciphering should not be used for other supplementary codes receiving. It is also subjected to the keying material utilized for data enciphering key importation. Net protocols, such as IPsec, SSH, TLS are equipped with PFS option.
Ping - a utility program that is driven by TCP/IP protocols and controls integrity and capacity of network connections. It transmits ICMP (one of the OSI network layer protocols) requests to the particularized node and fixes incoming replies. The Round Trip Time (RTT) enables to define round-trip delays over the tour, and the frequency of packet losses. In other words, it defines a congestion level at data communication pass and intermediary devices.
Point-to-point encryption (P2PE) - it ciphers data directly within a receiving point and guards it as long as data flow passes over network. The information becomes defenseless or decrypted only when it’s required by specific purposes. All the rest time data is kept only in protected conditions. Attackers are able to steal client’s info from different position within the organization, because data is transferred to multiple channels (websites, e-mail systems etc). The information is spread fast and extensively over the company causing cost escalation and noncompliance with security standards.
Port forwarding - this technology redirects transmission requests among web addresses. The mechanism maintains the Internet functionality addressing to the intranet within the NAT router. It is performed with traffic redirection from external ports address to the selected machine in the local area networking. It’s necessary if a client works with P2P networks, or organizes a server on the local computer with the net application. Sometimes it can be required for multiplayer gaming process.
PPPoE (Point-to-Point Protocol over Ethernet) - a tunneling protocol over the Ethernet technology network. To start with, a user organizes an ordinary local net connection and builds a data bearer above it, binding his computer with provider’s server. It gives a possibility to install an authorization process during the linkage. Thuswise, a provider automatically transmits settings and inserts the machine into local network. When PPPoE connection is enabled, a user enters login and password. Finally, the computer establishes connection and gives access to the Internet. As a big edge, this connection may be encrypted.
PPTP (Point-to-Point Tunneling Protocol) - a standard VPN protocol established by Microsoft for implementing VPN using the dial-up networking. It’s built practically in all operation systems. PPTP is marked by quick operation and ease of installation. But it doesn’t encrypt output data and described by high vulnerability.
Pretty Good Privacy (PGP) - computer program or function library which perform enciphering operations and digital mail and files signature. PGP has various implementations compatible with different programs (GnuPG, FileCrypt) through the usage of OpenPGP standard. PGP enciphering is accomplished with hashing, data compaction, symmetric and public-keys ciphering, provided that each stage is performed with one supported algorithm.
Profile - a collection of data and provided opportunities to customize an electronic environment. User profiles can be designed on popular operating systems, computer programs, multiple websites (e.g. online social networking). Usually, profiles come under three types. During the first user system registration, the client forms a local profile that is saved at local hard drive. Other two types are stored in a shared folder and open to any device in the network. The main distinctness between them is that mandatory profile information, rather than in roaming, can be changed only by a system administrator.
Protocol Types - a set of rules enabled to connect and exchange data over two or more computers via the network. Various protocols describe distinct features of a connection type. Put together, they form a suite of protocols. OSI is the most popular classification system of network protocols. According to it, protocols are composed of 7 levels.
1) Physical layer is designed to stream transmission directly. It transmits and receives power and optical signals to wires or airwaves, and transforms them to data bits. In other words, these protocols complete an interface between network medias and devices. Examples: ADSL, ISDN, Wi-Fi, GSM.
2) Tunneling layer liaises with networks at physical layer. It packs information in frames, controls it integrity, removes potential mistakes and sends data to Network layer. Examples: L2TP, PPTP, Ethernet, DSL, PPP, PPPoE.
3) Network layer is designed for data transmission routing. It is accountable for logical addresses and names translation on physicals, for shortest routes calculation, for switching action and routing. In addition, it monitors problems and network congestions. Examples: IPv4, IPv6, IPsec, AppleTalk, IPX.
4) Transport layer is suitable for data delivery without any problems, losses and duplications in original consistency. It divides data frames into fragments, the size of which depends on utilizable protocol. Examples: TCP, UDP, SCTP.
5) Session layer maintains communication session that allows long-term interconnection between applications. This layer operates session establishment and termination, information exchange, tasks synchronization, authorization of data transport and session supporting in a period of inactivity. Examples: NCP, SOCKS, RPC, PAP, PPTP.
6) Presentation layer deals with protocols conversion and coding/decoding information. It translates applications requests for network transportation. Examples: JPEG.
7) Application layer provides interaction of network and user. It allows user applications entry to network services, such as file accessing or e-mailing. This layer is responsible for service information transmission; it supplies information about problems and creates requests to the presentation layer.
Examples: HTTP, DNS, BitTorrent, TELNET, SMTP.
Proxy - this program system grants to users generate an indirect request to others networking services. Connecting to the proxy server, a client seeks access to any web recourse. Proxy develops and modifies this request. As a result, user keeps invisibility and protects the computer from certain network attacks.
Public key - a basic component of asymmetric cryptography. Any user could exploit these keys via network, as contrasted to privates that are kept confidential. In view of the above, any encrypted materials with a public key decodes by equivalent private key. Supposing, Brad enciphers his intimate letter with Piet’ public key and sends it to him. Brad knows his companion will read it but nobody else will. Whereas, Piet has a proper private key and is able to decrypt this coded material. So he’ll convert the message into its primary original mode.
Remote Access VPN - a software or hardware-software complex allowing to securely connect users to corporative network resources over different open nets (over the Internet mostly). It’s required for guarantee of confidence and data integrity that are transferred through nonsecure and untrusted channels. Usually, cryptographic data protection hardware usage governed by the law. Therefore, certified cryptographic gateways of remote access are used by state organizations, public authorities in case of personal data preservation.
Root certificate - a self-signed certificate terminating a chain of trust which can’t be verified by electronic means. All certificates contain database set consisting of open-source key and all related info: owner identity, email address, key’s created date, its destination and assigned protocol. It’s a basic instrument utilized by different applications aiming to cryptographically secure any info.
Router - a special-purpose network computer with two or more network interfaces. It transmits data packages between various network sections. The machine is able to connect mixed-vendor networks of different architectures. Information about network topology and certain rules, assigned by an administrator, helps to decide upon whether to send packages or not. Usually, a router utilizes a header receiver’s address and defines a route by which information will be transmitted. If there is no described route in a routing table, the package is rejected.
RSA encryption - cipher method applying RSA algorithm where a digital encrypting key does not coincide with deciphering code. One of the keys is accessible to all recipients, another is kept on owner files and stays unknown to anybody else. Using one key, an operation can be produced one way only, so if an e-mail is coded with one key, it may be decoded using another passkey.
RSA Security - a US-based computer and network organization which designs the public key infrastructure as enciphering standards operating with virtually all net secure transmissions are accompanied. Along with that, RSA corporation develops hardware and software tokens, SecurID, envision info security platform. The company leads an active social life running scientific annual conferences devoted to IT security.
SaaS (Software-as-a-Service): is the model of accessing software tools over an internet connect, instead of downloading and hosting a program locally on a computer. Before SaaS, businesses and consumers would buy a physical version of the software that required installation. Most SaaS tools require no installation or downloads. The SaaS model is overwhelmingly the most popular model today, with most software companies selling an online SaaS platform. One of the biggest benefits of SaaS is it takes away the of deploying software updates.
Safe Harbor Framework - a system adapted from on a bilateral arrangement confirmed by the USA and EU organization that fixes ways and determines that US foundations could collect and manage the sensitive info of EU citizens. The framework also known as EU-US Privacy Shield is targeted at Europeans basic rights defense where their private info is transported to the US and guarantees legal foundation for business dealing.
Secret key - is practiced to encrypt and decrypt letters. It must be hidden and maintained in confidence by all principals. If the key comes to the hands of a cracker, then it allows to tackle and decrypt information. Thereof all participants involved in conversation must be rational and vigilant to prevent such attacks.
Shared IP addresses - a net node number in a computer network assigned to all accounts on a dedicated server instead of appointing a unique IP number for every domain. Shared addresses provide such benefits as low cost (especially it concerns VPN providers which can offer customers reasonable prices for provided services) and supporting complete online anonymity. This type of IP location number is the perfect choice for online streaming, unblocking geo-restricted content and downloading torrents.
Server - a special purpose machinery serving for complying with utility software. A web server accepts a client’s HTTP requests from web browsers and outputs HTTP responses, usually attended by HTML pages, pictures, files, media flows and other materials. VPN server prevents unauthorized access through external network and organizes secure connection between computers shielded with a proper VPN service. What is more, VPN server maintains connection with mobile users.
Simultaneous connections - a possibility using a single VPN service at multiple equipments. This can be any routers, computers or mobile devices composition. As a result, all gadgets will be represented in the network as a single connection. The choice of unit types and their number depend on user preferences and VPN service capabilities.
SmartDNS - a service that reroutes user’s request to provide an access to the region-restricted contents and blocked websites. Utilizing a SmartDNS, user hides its IP address and reportedly changes its location. As a result, restricted digital media content becomes available.
SMTP (Simple Mail Transfer Protocol) - a widely accepted network protocol dealing with e-mail transportation in TCP/IP nets. The main aim is to deliver email messages safely and efficiently. The protocol transmits outgoing mail by the instrumentality of TCP 25 port. Basic SMTP operation is Mail Procedure. Among other operations are Mail Forwarding, analysis of mailbox names and input of Email groups lists. Firsts of all it opens a transmit channel, and closes it as a finale procedure. Nowadays, all Mail Transfer Agents work with SMTP aiming to deliver and accept mail messages. As to client mail apps, they accept POP, IMAP for received letters, and other licensing systems for connect with mail box.
Software audit - a form of OS examination where one or more neutral auditors non-participating in computer program development manage an independent observation of a OS product or process to determine compliance with qualifications, norms and other principles. Its main function is providing a self-sufficient opinion of software compatibility with relevant rules, standards, instructions, plans and operations.
Source Available - a limited Open Source operating system allowing to examine backdoors code without restrictions, but does not support its modifying or distributing. A regiment of Open Source community recognizes this contradictory to this source ethos, but it has no real difference according to a security stand-point.
Split tunneling - a conception that refers to grant an admission to public networks via VPN over the same physical linkage. Datagrams are natively forwarded to local network interface, and only private networking data passes over a tunnel. It relieves a user from necessity of multiple login processes. But split tunneling defies a principle of least privilege. And if a client is motivated to surf the Internet to the full extent, it will be subject of cyberattacks.
SSH Tunneling - transmitting TCP packet from one channel point to another. Any data package is transferring through created SSH tunnel. Depending on a receiver IP number, transferring files may be rendered (if it’s intended precisely for it) or routed further (if it’s addressed to another network node). The basic SSH tunneling feature is that it’s able to turn TCP traffic only. In addition, SSH tunnel requires additional traffic entry instructions.
SSH2 - more advance adaptation of the SSH (Secure Shell) program. It implements coded channel to exchange data over a network. In other words, it gives a possibility to change files or running programs over the secure link.
SSL/TLS (Secure Socket Layer/Transport Layer Security) - cryptographic protocols maintain conversation safety over a computer net. SSL is an earlier system, TLS was designed later basing on SSL 3.0 certification. Nevertheless, these two protocols have a valid task involves supporting of protected info transmission between two devices over the networking and can be utilized simultaneously by the same server. Secure info transporting is assured with data certification and ciphering process and is applicable by various websites, electronic mail, message exchange etc.
SSL/TLS certificates - an essential element of TLS set of rules allowing to conduct verification operation. Certificates’ keys are used under general secret generation. Theoretically, anonymous TLS net can be formed without the use of certification, but in practice applying factory methods of session keys are based on server-side certificates usage.
SSTP (Secure Socket Tunneling Protocol) - a Microsoft work built on SSL (Secure Sockets Layer Protocol providing secure connection between a client and a server) and available in Microsoft OS (Windows 7, Widows 8, Vista SP1) and Linux. This VPN protocol routes the traffic using HTTPS (this protocol sustains encryption process) and passing across the 443rd port. The encryption process is possible through SSL, and the authentication becomes available with PPP (Point-to-Point Protocol establishes communication between two nodes) and SSL protocols.
Static VPN IP - static IP is the address netizen gets while using the Internet. It is usually unchangeable. When a person uses static VPN address, it means that it may be changed only in case he/she does it manually.
Strong cryptography - a cryptoalgorithm possibility to counter cryptanalysis. It requires from an attacker inapproachable computing resources and intercepted messages control, or wasting valuable time. Nevertheless, the protected information will grow stale by the time. Cryptographic systems differ from completely unbreakable and secure types.
STUN server - server that allows NAT clients to establish a connection with VoIP providers, placed outside of local area network. STUN server allows users to find general access address of NAT type. This data is used to setup the UDP connection between a client and a VoIP provider. STUN protocol is defined by RFC 3489 standard.
Supercookies- a class of browser text files that are organized to be constantly stored on a user’s device. Super cookies are typically problematic to catch and remove because they cannot be removed in the same form as regular pieces of data. Their function is to store any user’s identifying info concerning browsing history, verification details and ads-targeting info.
TCP (Transmission Control Protocol) - the data transmission protocol forming the transportation control. Usually it’s built in OS kernel. TCP regulates length of message, data rate and administers network traffic. The mechanism affords a data feed with preliminary connection setup. In case of data loss, it makes repeated request and removes duplicates of one data batch. In addition, it performs transmitted data validity and sender notification of transmission result.
TCP/IPv6 - a protocol that supports all Microsoft operating systems starting with Windows 7. Many Internet Providers render access to the Internet to their customers through TCP/IPv6 protocol in 2017. It is quite easy to setup network card to work with the protocol.
Targeted ads - a ubiquitous phenomenon for internet surfers which differs fundamentally from any other ads by its commitment to a target customer or exactly to a person looking for advertise product. Targeted media ads utilize second-order proxies for focusing, for example monitoring online or portable users’ experiences. The system distributes ads precisely to the concert party relied on statistical or behavioral features in a digital form.
The Golden Shield Project - the Chinese government strategy to censure and block potentially dangerous and undesirable incoming data from foreign countries. This controversial project came into force in November 2003 and proceeds to these days. It also involves the Great Firewall of China program realization. This is a largest and more ingenious security system that controls anyone accessing the Internet in China. The special internet police monitor traffic, scan web pages’ content, block DNS and URL keywords. Instead of popular foreign services, such as Google, Facebook or YouTube, new alternatives were created (Baidu, Sina Weibo, Youku Tudou).
Threat model - a documented check list of private info security threats which includes conditions and factors creating danger of nonlegitimate and inadvertent access to individual records that can be responsible for info destruction, modification or dissemination. Threat model is required to determinate safety system specification in order to design a comparable data protection system affording safety of personal details.
Tor hidden services - net names from .onion universe connection to which is accomplished over any Tor network client. Communication is installed through rendezvous points or computers unrestricted by NAT in the perspective of server anonymizing. The proper computer commanded secret server can be located within NAT, brandmauers etc. but it’s accessible through Tor network.
Tor (The Onion Router) - a system of proxy-servers that establishes a secure linkage protected against sniffing. Tor users manage to conduct their web activity anonymously using the TCP protocol. The Tor technology preserves from traffic analysis mechanism. Nowadays, it’s one of the capable enciphering software that exists and the easiest to use. Client needs just to load the Tor browser and start working. It routes sending information to nodes that are responsible for traffic encryption.
Trojan Horse - software a fraudulent computer program that is leaking under the veil of legal software. It may be various applications which compile and transfer information to the hacker, damage or rework it, disrupt operational integrity. To escape from Trojan infection, users should observe some simple rules. For example, never download files or programs from suspected sources, keep antiviruses up-to-date and scan new data before opening. Overall, antivirus and antispyware software can reveal and collect Trojans as any other malware.
Two factor authentication - a user verification method which is performed by utilizing authentication data request of two different types that provides double-layered and more efficient user account protection from unauthorized penetration. In practice this process has the following sequence: the first boundary is login and password; the second request needs special code coming with SMS or electronic mail. More rarely the second protection layer demands special USB key or biometric personal data. Two factor authentication is not a cure-all solution for account hacking, but it’s a reliable barrier compounded foreign personal info accessing.
UDP (User Datagram Protocol) (User Datagram Protocol) - one of the TCP/IP core element that allows exchanging datagrams (or simply messages) between hosts on an IP-net. It’s a simple mechanism with a limited number of protocols. Information is transmitted from an originator to a destination without certifying the receiver conditions. UDP doesn’t provide error checking. As a result, data could get forfeited along the transmission and participants will be none the wiser.
URL (Uniform Resource Locator)– an indicator of site position on the net, location code of which includes attached domain name and path to any webpage including file signature of this source. This address is fixed to all sources and can provide access to server’s files to all global computing system surfers.
USA Freedom Act - a legislative act on activity of national special services adopted by the USA former president Barack Obama which prohibits to compile and save American citizens’ info about phone conversations containing numbers, call time and duration, e-mail messages and net addresses except for homeland security threat. The Act protects confidentiality and at the same time preserves civil security power.
USA Patriot Act - a federal statute which empowers administration and police establishment to supervise American residents and particularly extends interception and surveillance FBI authorities. International community notices that US security services track net and phone users’ activity, control info render by service providers. American administration contradicts this statement and affirm that security and private info cannot be compartmentalized.
VLAN (Virtual Local Area Network) - a logical system of connections that stands on second level OSI model. It reorganizes end stations and combines them, even if they situate in several physical networks. It improves devices attachment and navigation, and simplifies connection between them. The topology is built apart from geographical location of data transfer components. VLAN divides a broadcast domain into two or more, reducing an impact of attached devices. Equally important is that it guards chain against nonlegitimate access.
VPN (Virtual Private Network) - a technology designed for secure data transmit through the encrypted tunnel. As a result, the connection between the client’ computer and the Internet becomes anonymous and safe. On the one hand, VPNs offer special security and network management benefits. A VPN changes an established IP address that gives a possibility to evade firewalls and entry to barred websites. This is the best way to watch geoblocking content from American Netflix, Hulu, Amazon, HBO Now or British BBC iPlayer, or bypass Grate Firewall of China. On the other, some of them can violate general privacy policy and make clients’ content vulnerable and available.
VPN client - a software downloaded from official VPN provider website and installed on personal device which attaches it to a VPN service. If a software is designed for mobile platforms, it’s usually named “VPN apps”. Practically all VPN clients are performed with PPTP, L2TP/IPSec and OpenVPN protocols guarantee secure and anonymous net connection. In addition, many providers also present various extra features such as kill switch or warrant canary options.
VPN connection - speed a speed identification of encrypted tunnel construction and data ciphering process. When a client works with VPN servers, it always has a side effect on his internet traffic speed. First of all, and most obviously, the cause is that the user connects through the distant server. In other words, the nearby server will provide better speed results. Choice of ISP and internet plan, or usage of an older model PC or mobile device also plays part in the speed of VPN connection.
VPN security gateway - a network device connected to multiple nets. It encodes and authenticates various hosts behind it. All traffic, intended to internal corporate networks, passes over security filter. It can be implemented as a singular software solution, hardware device or router modified by VPN extra functions.
VPN software - a set of programs, procedures, rules and corresponding documents of the information processing system. VPN software permits to affiliate personal networks with the expected handy stuff. It secures a private network, grants an access to local restrained content in any part of the world. The most popular and reliable are Cisco VPN, LogMeIn Hamachi, Open VPN, Windows Build-In VPN etc.
VPN-service - an application that provides protection functions and many specific advantages. Each service is usually based on networking services that are provided by special OS processes. VPNs are crucial for people who want to pass over government censors and established net restrictions. This service is also handy for public Wi-Fi hotspots usage. VPN guards Web traffic from hackers and malicious people intervention. Some services grant peer-to-peer file sharing and usage of a BitTorrent client. The VPN market is active and rich in services. It’s important to choose a VPN focusing on provider’s prestige, performance capabilities, type of encryption used, servers’ locations, ease of installation and extra features.
VPN tunnel - a bridge that links two or more physical networks with a VPN server and transmits data packages from one point to another. Within the tunnel all information about a client’s online activity is encrypted. That is an internet provider that comes away from visited web sources or downloaded files.
Warrant canary – an info transmission method which is performed through silence or negation. In such a way internet companies bypass the ban established by the “USA Patriotic Act” and can inform their customers in case of government private monitoring. So, if a company obtains a warrant, its notifying report won’t contain info concerning tracking realization at a given time.
Web accelerator - a program worked out by Google in the year of 2005. It allows compressing traffic. Besides, this program loads the web pages, a user is likely to open. It was integrated in Firefox, and Internet Explorer browsers. The system allows saving traffic and web pages loading time owing to user requests cashing, transmitted data compressing and web pages loading in advance.
WebRTC - an open source project meant for streaming data transference by means of P2P technology between browsers and other applications that support them. This technology is widely used on servers as well. The source code is based on the Global IP Solution product.
WiFi hotspot - an area where people may gain access to information networks with the assistance of unattached device completed with Radio Access Unit (RAU) by the Wi-Fi protocol. Offices rooms, underground stations, hotels and libraries may serve to location’s purposes. That way many shops are equipped with free hotspots to draw visitor’s attention.
Zombie cookies - an HTTP text files that come back to life inevitably after being removed. Zombie files are renewed by a Quantcast operating procedure creating flash files to detect users on the global net. They are served for recreating browser cookie files which become immortal zombie files. Their main function is collecting users’ identifying info for web-marketing functioning. Usually, websites utilize Quantcast technology in order to measure site traffic and conclude personal profiles of their visitors.