Birthday attack

An attack against message digest 5 (MD5), a hash function. The attack is based on probabilities of two messages that hash to the same value (collision) and then exploit it to attack. The attacker is looking for “birthday” pairs—that is, two messages with the same hash values. This attack is not feasible given today’s computer technology.

Bit error ratio

It is the number of erroneous bits divided by the total number of bits transmitted, received, or processed over some stipulated period in a telecommunications system.

Bit string

An ordered sequence of 0’s and 1’s. The leftmost bit is the most significant bit of the string. The rightmost bit is the least significant bit of the string.

Black bag cryptanalysis

A euphemism for the acquisition of cryptographic secrets via burglary, or the covert installation of keystroke logging or Trojan horse software on target computers or ancillary devices. Surveillance technicians can install bug concealed equipment to monitor the electromagnetic emissions of computer displays or keyboards from a distance of 20 or more meters and thereby decode what has been typed. It is not a mathematical or technical cryptanalytic attack, and the law enforcement authorities can use a sneak-and-peek search warrant on a keystroke logger (Wikipedia).

Black box testing

A test methodology that assumes no knowledge of the internal structure and implementation detail of the assessment object. It examines the software from the user’s viewpoint and determines if the data are processed according to the specifications, and it does not consider implementation details. It verifies that software functions are performed correctly. It focuses on the external behavior of a system and uses the system’s functional specifications to generate test cases. It ensures that the system does what it is supposed to do and does not do what it is not supposed to do. It is also known as generalized testing or functional testing, and should be combined with white box testing for maximum benefit because neither one by itself does a thorough testing job. Black box testing is functional analysis of a system. Basic testing is also known as black box testing.

BLACK concept (encryption)

It is a designation applied to encrypted data/information and the information systems, the associated areas, circuits, components, and equipment processing of that data and information. It is a separation of electrical and electronic circuits, components, equipment, and systems that handle unencrypted information (RED) in electrical form from those that handle encrypted information (BLACK) in the same form.

Black core

A communications network architecture in which user data traversing a core Internet Protocol (IP) network is end-to-end encrypted at the IP layer.

Blackholing

Blackholing occurs when traffic is sent to routers that drop some or all of the packets. Synonymous with blackhole.

Blacklisting

It is the process of the system invalidating a user ID based on the user’s inappropriate actions. A blacklisted user ID cannot be used to log on to the system, even with the correct authenticator. Blacklisting also applies to (1) blocks placed against IP addresses to prevent inappropriate or unauthorized use of Internet resources, (2) blocks placed on domain names known to attempt brute force attacks, (3) a list of e-mail senders who have previously sent spam to a user, and (4) a list of discrete entities, such as hosts or applications, that have been previously determined to be associated with malicious activity. Placing blacklisting and lifting blacklisting are both security-relevant events. Web content filtering software uses blacklisting to prevent access to undesirable websites. Synonymous with blacklists.

Blended attack

(1) An instance of malware that uses multiple infection or transmission methods. (2) Malicious code that uses multiple methods to spread.

Blinding

Generating network traffic that is likely to trigger many alerts in a short period of time, to conceal alerts triggered by a “real” attack performed simultaneously.

Block

Sequence of binary bits that comprise the input, output, state, and round key. The length of a sequence is the number of bits it contains. Blocks are also interpreted as arrays of bytes. A block size is the number of bits in an input (or output) block of the block cipher.

Block cipher algorithm

(1) A symmetric key cryptographic algorithm that transforms a block of information at a time using a cryptographic key. (2) A family of functions and their inverse functions that is parameterized by a cryptographic key; the functions map bit strings of a fixed length to bit strings of the same length. The length of the input block is the same as the length of the output block. A bit string is an ordered sequence of 0’s and 1’s and a bit is a binary digit of 0 or 1.

Block mirroring

A method to provide backup, redundancy, and failover processes to ensure high-availability systems. Block mirroring is performed on an alternative site preferably separate from the primary site. Whenever a write is made to a block on a primary storage device at the primary site, the same write is made to an alternative storage device at the alternative site, either within the same storage system, or between separate storage systems, at different locations.

Blue team

A group of people responsible for defending an enterprise’s use of information systems by maintaining its security posture against a group of mock attackers (i.e., the red team). The blue team must defend against real or simulated attacks.

Bluetooth

A wireless protocol developed as a cable replacement to allow two equipped devices to communicate with each other (e.g., a fax machine to a mobile telephone) within a short distance such as 30 feet. The Bluetooth system connects desktop computers to peripherals (e.g., printers and fax machines) without wires.

Body of evidence

The set of data that documents the information system's adherence to the security controls applied. When needed, this may be used in a court of law as external evidence.

Bogon addresses

Bogon (bogus) addresses refer to an IP address that is reserved but not yet allocated by the Internet registry. Attackers use these addresses to attack so bogon address filters must be updated constantly.

Boot-sector virus

A virus that plants itself in a system’s boot sector and infects the master boot record (MBR) of a hard drive or the boot sector of a removable media. This boot sector is read as part of the system startup, and thus they are loaded into memory when the computer first boots up. When in memory, a boot-sector virus can infect any hard disk or floppy accessed by the user. With the advent of more modern operating systems and a great reduction in users sharing floppies, there has been a major reduction in this type of virus. These viruses are now relatively uncommon.

Border Gateway Protocol (BGP)

An Internet routing protocol used to pass routing information between different administrative domains.

Border Gateway Protocol (BGP) flapping

A situation in which BGP sessions are repeatedly dropped and restarted, normally as a result of line or router problems.

Border Gateway Protocol (BGP) peer

A router running the BGP protocol that has an established BGP session active.

Border Gateway Protocol (BGP) session

A Transmission Control Protocol (TCP) session in which both ends are operating BGP and have successfully processed an OPEN message from the other end.