A
Access controls - After initial identification and authentication,
access controls allow users to access files, applications and perform
certain tasks. Essentially 'access controls' control individual
access to computer capabilities. They allow the administrator of
a computer to customize and define the rights of individual users
of that computer, or computers, on a network. Using Access Controls,
the administrator can define who has access to run which applications,
view which files or perform certain tasks.
ACK (ACKnowledgment code) - Code that communicates that
a system is ready to receive data from a remote transmitting station,
or code that acknowledges the error-free transmission of data.
ActiveX - ActiveX is a set of technologies
developed by Microsoft that enables software components to interact
with one another in a networked environment, like the Internet,
regardless of the development language in which they were created.
Microsoft's office assistant "Clippy" uses ActiveX technology. Malicious
code can abuse existing ActiveX components like "Clippy" or be contained
in new ActiveX components downloaded to your machine. ActiveX also
allows you to view Word or Excel documents within your Internet
Explorer web browser. For more information, check out Microsoft's ActiveX Web
site.
Anti-virus software - A tool that examines a system and/or
network for viruses and removes any that are
found. Most anti-virus software includes an auto-update feature
that enables the program to download profiles of new viruses so
that it can check for the new viruses as soon as they are discovered.
Symantec's Norton Utilities
offers a live update feature that allows subscribers to receive
protection from the latest forms of malicious code.
Anti-virus software definitions - The latest virus protection
updates, developed by research teams shortly after a virus is discovered.
These updates are available for immediate download as soon as a
fix for the virus has been created.
Authentication - Authentication is simply identity verification
and is often required to gain access to computer systems or networks.
For example, authentication is achieved when a user provides their
username and password to log onto their ISP.
B
Back door - A loophole in the security of a computer system,
sometimes deliberately coded by programmers, but more often an unforeseen
technique to abuse the system. It is also known as a trap door.
BackOrifice (a.k.a. BackOrifice 2000)
- A new version of the BackOrifice Trojan.
When installed on a Microsoft Windows system, this Trojan horse
program allows other users to gain full access to the system through
a network connection. BackOrifice is used to transfer files, control
infected systems, and use infected systems to infect or launch attacks
on other systems.
C
Content filtering - The blocking, or "filtering," of undesirable
Internet content. Businesses can block content based on traffic
type. For example, Web access might be allowed, but file transfers
may not be allowed. Content can also be filtered by site through
the use of lists of URLs that are cataloged by content (these catalogs
are updated frequently). Parents can control and restrict their
children's access to inappropriate content via special browsers
and content filtering programs.
Cookie - A message supplied to a Web browser by a Web server
which may contain specific data about the end user. The browser
stores the message in a text file and sends the message back to
the server each time the browser requests a page from the server.
Typical data stored includes the user's surfing habits, preferences
or demographic data. This technology also is used to identify users
and customize Web pages. Cookies may also be used to track user
activity within a Web site.
D
Denial of Service attack (DoS) - Action(s)
which prevent any part of a system or network from functioning properly.
Denial of Service can result when a system, such as a Web server,
has been flooded with illegitimate requests, thus making it impossible
to respond to real requests or tasks. Yahoo! and e-Bay were both
victims of such attacks in February 2000.
DHCP (Dynamic Host Configuration Protocol) - Software that
automatically assigns IP addresses to client stations logging onto
a TCP/IP network. It eliminates traditional manual assignment of
permanent IP addresses. DHCP software typically runs in servers
and is also found in network devices such as ISDN routers and modem
routers that allow multiple users access to the Internet. Newer
DHCP servers update the DNS servers after making assignments.
Digital certificate (a.k.a. public-key certificate, digital
ID or digital passport) - An electronic "document" which uses
high-security encryption keys to verify identities for the purpose
of executing secure transactions online. When you shop online and
select the option to purchase a product, digital certificates are
exchanged between your system and the merchant, which allows them
to create a secure Internet connection with your computer. Online
merchants obtain digital certificates from Certification Authorities,
such as VeriSign, who confirm the legitimacy of the business, obtain
specific data about the business, and issue a certificate that is
unique to that merchant.
Digital signature - The functional equivalent of a paper
signature; a digital signature can make a document binding. Digital
signatures are typically verified in a manner similar to Digital
Certificates.
DNS (Domain Name System or Domain Name Server) - A domain
name look-up system which interprets the domain name of a computer
that is connected to the Internet into an IP address. DNS servers
or switching stations are located at numerous strategic places to
assist in the process of routing of e-mail and Internet connections.
Successful routing can require routing and switching through several
levels of DNS servers.
E
Ethernet (a.k.a. "Thick Ethernet" and "ThickNet") - The
most popular LAN access method, which is defined by the IEEE 802.3
standard. Ethernet is typically a shared media LAN. All systems
on the segment share the total bandwidth, which is either 10 Mbps
(Ethernet), 100 Mbps (Fast Ethernet) or 1000 Mbps (Gigabit Ethernet).
Ethernet uses a thick coax cable as long as 1,640 feet without repeaters.
With switched Ethernet, each sender and receiver pair have the full
use of bandwidth. Ethernet was invented by Robert Metcalfe and David
Boggs at Xerox PARC in 1973.
F
Firewall - A system or combination of systems that enforce
borders between two or more networks. A firewall regulates access
between networks according to a specific security policy. It is
almost like an invisible barrier that protects a network or computer.
The technology is very similar to its real world equivalent. For
example, the barrier between the passenger compartment and engine
compartment in a car is known as a firewall. It is designed to allow
communication such as the accelerator and brake pedals to travel
to the engine but keeps fumes, heat and noise out of the passenger
compartment.
FTP (File Transfer Protocol) - A protocol used to send
files back and forth over a TCP/IP network. It also can log onto
a network, list directories, copy files and convert between the
ASCII and EBCDIC character codes. FTP transfers can also begin from
within a Web browser by entering ftp:// in front of the URL. Unlike
e-mail programs in which files must be "attached," FTP handles binary
files directly and is not forced to bother with encoding and decoding
data.
H
Hacker - A person holds a great deal
of knowledge and expertise in the field of computing, and who is
capable of exercising this expertise with great finesse. This individual
explores the details of computers, including security holes, and
may exploit them. The hacker term has changed meaning over time.
It was previously used to describe a dedicated programmer or devoted
programming hobbyist.
HTTP (Hypertext Transfer Protocol) - The protocol for moving
hypertext files across the Internet. Requires a HTTP client program
on one end and an HTTP server program on the other end. HTTP is
the most crucial protocol used in the World Wide Web (WWW).
I
ICMP (Internet Control and Message Protocol)
- Used to communicate problems or availability information on the
Internet. The Ping program uses ICMP to determine if a remote computer
system is powered on and available on the Internet. ICMP is also
used to communicate when a system cannot be found.
IGMP (Internet Group Management Protocol) - The standard
for IP Multicasting on the Internet. It's used to establish host
memberships in particular multicast groups on a single network.
The particulars of the protocol allow a host to inform its local
router, using Host Membership Reports, that it wants to receive
messages addressed to a specific multicast group.
Intrusion detection - Techniques which try to detect intrusion
or unauthorized entry into a computer or network by observation
of actions, security logs or audit data. Intrusion detection is
the discovery of break-ins or attempted break-ins either manually
or via specific software systems that operate on logs or other information
available on the network.
IP (Internet Protocol) - The communications standard that
defines how the Internet works. IP defines how data is formatted
and what particular information it contains to allow information
to be exchanged on computer systems existing on a variety of different
networks utilizing different hardware. An example of the information
defined by the IP is in an IP datagram, which includes the addresses
of the two computers communicating and the data they wish to exchange.
This is not unlike an addressed envelope one would send using the
postal service.
IP datagram - A piece of a message transmitted over a packet-switching
network. In addition to the data being sent, a packet also contains
the destination address. In IP networks, datagrams are often called
packets.
IP fragment - A fragment of an IP packet or datagram. Packets
are sometimes broken into fragments to be transported.
J
JavaScript - A platform-independent computer language developed
by Netscape Communications in 1994 to enable Web authors to design
interactive Web sites. JavaScript does not require access to critical
or potentially 'sensitive' parts of your computer, system or network.
Examples of JavaScript on Web sites include stock tickers and interactive
quizzes. Unlike Java, JavaScript is text that is included within
a Web page. Java is downloaded separately and not in a readable
format.
L
LAN (Local Area Network) - A computer
network that covers a relatively small area. Most LANs are kept
to a single building or group of buildings. However, one LAN can
be connected to other LANs over any distance via telephone lines
and radio waves. A system of connected LANs is called a Wide
Area Network (WAN).
Logic bomb (a.k.a. fork bomb) - A computer program that
is triggered under certain conditions specific to the requirements
set forth by the programmers of the logic bomb. Trigger conditions
may be a date or time combination. When the Logic Bomb is triggered,
it then makes copies of itself, "exploding," until the entire system
is locked.
M
Macro virus - A type of computer virus that is encoded
as a macro and embedded in a document. Macro viruses are commonly
associated with Microsoft Office applications. Once the macro virus
infects one document, it can embed itself in all future documents
created within the applications. Macros may insert words or numbers
into documents or change the command functions of the application.
Mail bomb - An e-mail that is sent, often multiple times,
to an enormous number of recipients, urging them to respond to a
single system or person. The result can often overload and crash
a system.
Malicious code - Hardware, software or firmware that is
intentionally introduced to a system for an unauthorized or malicious
purpose. A Trojan horse is an example of malicious code.
Mobile code - Mobile code uses legitimate technologies
such as Java applets and ActiveX controls
as pathways for introducing malicious code, which may destroy programs
and compromise system integrity. Mobile code attacks can modify
data, steal passwords or files, redirect modem dial-ins or launch
a Denial of Service attack. Malicious mobile
code is usually executed without user knowledge or consent.
N
NetBus - Netbus is a remote Trojan program similar to BackOrifice. If this program is running on your computer
and you are connected to the Internet, anyone who has the Netbus
client program can invade your computer -- without your knowledge
or consent -- to collect data from your computer such as passwords,
e-mail and keystroke patterns. Once intruders have gained access
via NetBus, they can execute programs in your computer, copy files,
plant Trojan horses or viruses, control
your mouse and more.
NNTP (Network News Transfer Protocol) - An industry protocol
standard for the distribution, request, retrieval and posting of
news articles on newsgroup servers.
P
Packet sniffer - A device or program that monitors packets
traveling between computers on a network. A packet is a block of
data that transmits the identities of sending and receiving stations,
error-control information and data. Packet sniffing devices can
be used to compromise computer security by intercepting data (such
as confidential financial information or passwords) while it is
being transmitted between two machines.
Payload - Term typically used to describe the actions of
the malicious code or executable program carried by a Trojan horse
or worm.
Piggybacking - Gaining unauthorized access to a system
via another user's legitimate connection.
POP (Point of Presence) - The point where a line from a
long distance carrier connects to the line of the local telephone
company or to the user if the local company is not involved. For
online services and Internet providers, the POP is the local exchange
users dial into with their modem.
Port scanning - An attempt by hackers
to find the weaknesses of a computer or network by scanning or probing
system ports via requests for information. It can be used by IT
professionals as a genuine tool to discover and correct security
holes. But it can also be used maliciously to detect and exploit
weaknesses.
PPP (Point-to-Point Protocol) - A method of connecting
a computer to the Internet. PPP is relatively stable when compared
to older versions of similar technology.
PPPoE (Point to Point Protocol over Ethernet) - A proposal
specifying how a host personal computer (PC) interacts with a broadband
modem (i.e. xDSL, cable, wireless, etc.) to achieve access to the
growing number of high-speed data networks. Relying on two widely
accepted standards, Ethernet and point-to-point protocol (PPP),
the PPPoE implementation requires virtually no more knowledge on
the part of the end user other than that required for standard dial-up
Internet access. In addition, PPPoE requires no major changes in
the operational model for Internet Service Providers (ISPs) and
carriers.
R
Retro-virus - Waits until all possible backup media are
infected with the virus before it performs malicious tasks visible
to the user, so that it is not possible to restore the system to
an uninfected state. Sometimes known as an "anti-anti-virus virus,"
this is a virus designed to avoid detection by anti-virus software.
RFC (Request for Comments) - A series of notes about the
Internet, started in 1969. An RFC can be submitted by anyone. Eventually,
if it gains enough interest, it may evolve into an Internet standard.
Each RFC is assigned an RFC number.
S
SATAN (Security Administrator Tool for Analyzing Networks)
- A tool for probing and identifying the vulnerabilities of systems
on IP networks from a remote location. It can be used by network
administrators to identify system security weaknesses. It may also
be used by hackers to find system security weaknesses.
SMTP (Simple Mail Transfer Protocol) - A protocol for sending
e-mail messages between servers. Most e-mail systems use SMTP to
send messages from one server to another. In addition, SMTP is generally
used to send messages from a mail client to a mail server.
Smurfing - A Denial of Service attack
in which an automated program attacks a network by exploiting Internet
Protocol (IP) broadcast addressing. An attacker will spoof (impersonate)
the source address of an ICMP echo request (ping)
and send it to many systems on a network at once causing a flood
of echo replies. This causes clogging of the network and prevents
normal network communication.
Spam - The functional equivalent to unsolicited, electronic
junk mail. It is often used to advertise products or to broadcast
a political or social commentary. Spam floods a user's inbox with
irrelevant, unwanted messages.
Spoofing - Faking the sending address or otherwise masquerading
as an authorized user in an attempt to gain illegal entry into a
secure system.
Spyware - Spyware is any software or program that employs
a user's Internet connection in the background (the so-called "backchannel")
without their knowledge or explicit permission. Silent background
use of an Internet "backchannel" connection requires a complete
and truthful disclosure of backchannel usage, followed by the receipt
of explicit, informed consent for such use. If permission is not
obtained, the act is considered to be information theft.
SSL (Secure Sockets Layer) - Provides authentication and
confidentiality on top of existing applications like Web browsers.
Digital Certificates and Digital Signatures utilize this protocol
layer to enhance security during online transactions.
SYN - The mnemonic for ASCII character 22, representing
Synchronous idle, often used to control display monitors, printer
and other modem devices. Also, a syntactic specification language
for COPS.
SYN flood - When the SYN queue is flooded, it is not possible
to open a new connection.
T
TCP (Transmission Control Protocol) - TCP is one of the
main protocols in TCP/IP networks. TCP enables two hosts to establish
a connection and exchange streams of data. TCP guarantees delivery
of data and that packets will be delivered in the same order in
which they were sent.
Telnet - A terminal emulation program for TCP/IP networks.
The Telnet program runs on your computer and connects your computer
to a server on the network. At such time, you can enter commands
through the Telnet program and each direction given will be executed
as if you were entering them directly on the server console. This
enables you to control the server and communicate with other servers
on the network.
Trin00 - A Trojan program that
is run from a remote host and can be used to control a system or
cause it to attack another network. Classified as a Distributed
Denial of Service attack tool.
Trojan horse - A seemingly useful
and innocent program that contains hidden code that allows the unauthorized
modification, exploitation or destruction of data. Trojan horse
programs are generally distributed via the Internet. Games, freeware
and screen savers are common vehicles for Trojan horses.
U
UDP (User Datagram Protocol) - a transport layer communications
method, or protocol, used for applications that transmit short bursts
of data. This protocol offers a limited amount of service and is
therefore the mechanism for data communication for applications
that do not require verification of delivery at the destination.
Unix - A multi-user, multi-tasking operating system that
is mainly used as the master control program in workstations and
particularly servers.
V
Virus - A program that can "infect"
or "contaminate" other programs by modifying them to include a copy
of itself. Viral code is typically malicious and detrimental to
data or system integrity.
VPN (Virtual Private Network) - Refers to a network in
which some of the parts are connected using the public Internet,
but the data sent across the Internet is encrypted, so the entire
network is "virtually" private. A typical example would be a company
network where there are two offices in different cities. Using the
Internet, the two offices merge their networks into one network,
but encrypt traffic that uses the Internet link.
W
WAN (Wide Area Network) - A communications
network that covers a wide geographic area, such as a state or country.
It usually consists of several LANs.
Worm - Is an independent program that replicates itself,
crawling from machine to machine across network connections. It
often clogs networks as it spreads -- often via e-mail or system
exploits.
