Security - Glossary of Terms

A
y y y y

y y

Access Control List (ACL) - List that contains a set of entries that define permission settings to explicitly control access (allow/reject) to resources. Alert - A formatted message describing a circumstance relevant to network security. Antivirus - Type of program that protects a computer against a virus. Audit Trail - In computer security systems, a chronological record of system resource usage. This includes user login, file access, other various activities, and whether any actual or attempted security violations occurred, legitimate and unauthorized. Authentication - A method for confirming a users identify. Authorization - Definition of what resources and type of access are permitted. Top

B
y

y y

Back Door - Secret (undocumented), hard-coded access codes or procedures for accessing information. Some back doors exist in commercially provided software packages; e.g., consistent (canonical) passwords for third-party software accounts and is designed to hide itself inside a target host and allows the user that installed it to access the system without using normal authorization. Alternatively, back doors can be inserted into an existing program or system to provide unauthorized access later. Backup - The action of copying (or mirroring) important data to a second location or onto removable media for later retrieval if file/data is lost or destroyed. Bandwidth - Speed at which information can be transferred. Border Security - The technique of securing a network by controlling access to all entry and exit points of the network. Top

C
y y

Compromise - An intrusion into a computer system where unauthorized disclosure, modification or destruction of information may have occurred. Cracker(ing) - A malicious, criminal hacker who uses tools to decode or guess passwords to break into a computer system. Top

Denial-of-Service Attack (DoS) - An attack in which a mail server, Web Server or even telephone system is purposely overloaded with phony requests so that it cannot respond properly to valid ones.. Distributed Denial-of-Service Attack (DDoS) - A denial-of-service attack in which the attackers load their malignant code onto many other machines (often through Trojan horses) to attack a single site/system. The defending company needs to block hundreds or even thousands of IP addresses. Disaster Recovery - Written plan describing the steps company would take to restore computer operations in the event of a disaster containing four components: the emergency plan, the backup plan, the recovery plan, and the test plan. DNS - Domain Name Service translates domain names IP address to unique name that identifies a site (e.g., web site or ftp site) on the Internet or other TCP/IP network. DNS Spoofing - Assuming the DNS name of another system by either corrupting the name service cache of a victim system, or by compromising a domain name server for a valid domain.

Top E
y

Encryption - Process of encoding data to prevent unauthorized access, especially during transmission. Top

F
y

Firewall - A method of guarding a private network by analyzing the data leaving and entering. Firewalls can also provide network address translation, so the IP addresses of computers inside the firewall stay hidden from view. Packetfiltering firewalls use rules based on a packets source, destination, port or other basic information to determine whether or not to allow it into the network. More advanced stateful packet filtering firewalls have access to more information from which to make their decisions. Proxy firewalls, which look at content and can involve authentication and encryption, can be more flexible and secure but also tend to be far slower. Although firewalls are difficult to configure correctly, security experts generally agree that they are a critical component of network security. Top

G Top H

y y

Hacker - Slang term for a computer enthusiast or unauthorized user who attempts to or gains access to an information system. Host - A computer or workstation connected to the network. Top

I
y y

Intrusion - Any set of actions that attempt to compromise the integrity, confidentiality or availability of a resource. Intrusion Detection - Pertaining to techniques which attempt to detect intrusion into a computer or network by observation of actions, security logs, or audit data. Detection of break-ins or attempts either manually or via software expert systems that operate on logs or other information available on the network. IP - Internet protocol, one of the two main protocols in the TCP/IP (transmission control protocol/Internet protocol) suite of communications protocols, is a simple, connectionless protocol for delivering packet-based data across the Internet and other TCP/IP networks. A packet-based protocol for delivering data across networks. IP Address - Computer addressing analogous to the addresses of buildings used by the postal system. Top

J Top K
y y

Key - A symbol or sequence of symbols (or electrical or mechanical correlates of symbols) applied to text in order to encrypt or decrypt. Keylogger - Specialized software, or a specially designed device, that records every key struck, such as username/password, by a user and every character of the response that the operating system returns to the user. Top

L
y

LAN (Local Area Network) - Local Area Network - A computer communications system limited to no more than a few miles and using highspeed connections. Log files - Files that show the status of the system and are accessed via Event Viewer, which lists the severity and a brief description of the logged event.

Top M

Malicious Code - Viruses like Trojan horses, worms, and scripts used by crackers/hackers to gain privileges, capture passwords, and to modify audit logs to hide unauthorized activity or code intentionally included in a program to allow an unauthorized person/purpose. Malware - Malicious software, including Trojan Horses, viruses, worms, bombs, or exploits. Top

N
y

y y

Network - A computer network, also referred to as just a network, consists of two or more computers, and typically other devices as well (such as printers, external hard drives, modems and routers), that are linked together so that they can communicate with each other and thereby exchange commands and share data, hardware and other resources. Network Mapping - A probe that uses SNMP or broadcast ICMP "ping" packets to determine the architecture of the network. Network Security - Protection of networks and their services from unauthorized modification, destruction, or disclosure, and provision of assurance that the network performs its critical functions correctly and there are no harmful sideeffects. Network security includes providing for data integrity. Non-Repudiation - Method by which the sender of data is provided with proof of delivery and the recipient is assured of the sender's identity, so that neither can later deny having processed the data. Top

O Top P
y

y y

y y y y

Packet - Limited-length unit of data formed by the network, transport, presentation, or application layer (layers 3-7 of the OSI Model) in a networked computer system. Data is transported over the network, and larger amounts of data are broken into shorter units and placed into packets. Packet Sniffer - A device or program that monitors the data traveling on a network. Phishing - Is a technique used to gain personal information for purposes of identity theft, using fraudulent e-mail messages that appear to come legitimate source such as a bank. Physical Security - The measures used to provide physical protection of resources against threats (e.g. locked doors). Plaintext - Unencrypted readable data. Probe - Unauthorized access attempts. Protocol - Agreed-upon methods of communications used by computers. A specification that describes the rules and procedures that products should follow to perform activities on a network, such as transmitting data. If they use the

same protocols, products from different vendors should be able to communicate on the same network. Top Q Top R
y

Router - An interconnection device that is similar to a bridge but serves packets or frames containing certain protocols. Routers link LANs at the network layer. Top

S
y y y

Security Policies - The set of laws, rules, and practices that regulate how an organization manages, protects, and distributes sensitive information. Security Requirements - Types and levels of protection necessary for equipment, data, information, applications, and facilities. Sniffer - A program to capture data across a computer network. Used by hackers to capture user id names and passwords. Software tool that audits and identifies network traffic packets. Is also used legitimately by network operations and maintenance personnel to troubleshoot network problems. Spam (or Spamming) - An inappropriate attempt to use a mailing list, or USENET or other networked communications facility as if it was a broadcast medium by sending the same message to a large number of people who didn't ask for it. Spoofing (IP address spoofing) - The creation of IP packets with counterfeit (spoofed) IP source addresses. An attacker can use special programs to construct IP packets that to originate from valid addresses inside the corporate intranet. After gaining access to the network with a valid IP address, the attacker can modify, reroute, or delete data and can also conduct other types of attacks. Impersonating, masquerading, and mimicking are forms of spoofing. SSL (Secure Sockets Layer) - A session layer protocol that provides authentication and confidentiality to applications. Top

y y y

TCP/IP - Transmission Control Protocol/Internetwork Protocol. The suite of protocols the Internet is based on. Telnet - Protocol that allows connections across the Internet and to log onto another computer as if connected directly. Topology - The map or plan of the network. The physical topology describes how the wires or cables are laid out, and the logical or electrical topology describes how the information flows.

Traceroute - An operation of sending trace packets for determining information; traces the route of UDP packets for the local host to a remote host. Normally traceroute displays the time and location of the route taken to reach its destination computer. Trojan Horse - A malicious program that disguises itself as a beneficial or entertaining program but that actually damages a computer or installs code that can counteract security measures (perhaps by collecting passwords) or perform other tasks (such as launching a distributed denial of service attack). Unlike a computer virus, a Trojan horse does not replicate itself. Intruders use Trojan horse programs to hide their activity, capture username and password data, and create backdoors for future access to a compromised system. A "Time Bomb" is a Trojan horse set to trigger at a particular time. Top

U
y

Unauthorized Access - The use of a computer without permission. Top

V
y

Virus - A computer program that is designed to replicate itself by copying itself into the other programs stored in a computer. When this application is run, it can infect other files on a system's disk. It may be benign or have a negative effect, such as causing a program to operate incorrectly or corrupting a computer's memory. VPN (Virtual Private Network) - A secure connection with network servers via an encrypted tunnel. VPNs can also be used for secure communication across a LAN or WAN. Top

W
y

WAN - Wide Area Network. A physical or logical network that provides capabilities for a number of independent devices to communicate with each other over a common transmission-interconnected topology in geographic areas larger than those served Web Site Defacement - The malicious defacement of a Web site. Worm - Resides in memory, eat up system resources, and slows down a computer. It spreads without human intervention automatically over the network to other vulnerable computers on a network. Top

XYZ

Zero Day Attack - An exploit that takes advantage of a newly discovered hole in a program or operating system possibly before the software developer has made a fix or work around is available. Occasionally this occurs prior to the software vendor being aware the vulnerability exists-before AntiVirus or AntiSpyware have had time to develop a signature to detect and prevent system compromise/infection.