ServicesReport IncidentsBest PracticesResources
Site search:
Report your Incident Report your Incident
Contact us Contact us
Latest news:

Resources/Glossary of terms


Access control
Are the mechanisms for limiting access to certain information based on a user's identity and membership in predefined groups. Access control can be mandatory, discretionary, or role-based.

Plug-in software for Windows programmes executed by web browsers.

Adware is a type of advertising display software whose primary purpose is to deliver advertising content in a manner or context that may be unexpected and unwanted
by users.

Notification that an attack has been shown in your system.

An application is a software that can be installed in a computer and can combine a combination of executable files.

A method used to verify the identify of a user/programme/computer in a network
or on the web.

return to top

Keeping a copy of data and applications on a separate media either in a different location or just a different memory storage medium.

A local backbone refers to the main network lines that connect several local area networks (LANs) together. The result is a wide area network (WAN) linked by a backbone connection.

They are programmes that give access to an attacker from a remote location.
They are a type of Trojans.

The speed with which we can measure the amount of data that can be sent through
the Internet. The more bandwidth we have, the faster data travels.

Information/advertisement that is displayed at the top of a web page.

A list of e-mail addresses that usually cause spam.

Bluetooth is a personal area network technology for short-range transmission of digital voice and data between laptops, mobile phones, and other portable handheld devices. Mobile viruses could be spread through Bluetooth transfers between computers
and mobile devices, and between mobile devices.

Border Gateway Protocol (BGP)
The core routing protocol of the Internet. Maintains a table of IP networks which designate network reachability among autonomous systems.

A collection of zombie PCs (short for a robot network). They can consist of tens or even hundreds of thousands of zombie computers. A single PC in a botnet can automatically send thousands of spam messages per day. The most common spam messages come from zombie computers.

A brute-force attack involves exhausting a number of possibilities to retreive passwords and encrypted messages. These are all programmes that are set to use combinations
of characters, symbols and numbers to reveal the secret.

Buffer overflow
A buffer overflow occurs when a program tries to store more data in abuffer than it can hold. This extra information can overflow into adjacent buffers corrupting or overwriting valid information held in them.

A programming error that can bring vulnerabilities.

return to top

A cache stores recently-used information in a place where it can be accessed extremely fast. For example, a Web browser like Internet Explorer uses a cache to store the pages, images, and URLs of recently visted Web sites on your hard drive. So when you visit
a page you have recently been to, the pages and images do nott have to be downloaded to your computer all over again.

A certificate in websites is used to authenticate to the user that the site is genuine.

CGI (Common Gateway Interface) attacks
is a standard that allows a web server to call an external program so that it can generate dynamic content. An attack happens through port scanning used to find CGI programs that have known vulnerabilities in them. Once a vulnerable CGI program
is found it can be used to break into a server.

Cloud Computing
Cloud computing is a general term for anything that involves delivering hosted services over the Internet. The name cloud computing was inspired by the cloud symbol that's often used to represent the Internet in flow charts and diagrams.

A system of communication in which arbitrary groups of letters, numbers, or symbols represent units of plain text of varying length.

A cookie is a line of text saved in a text file and is given to a web browser by a web server. It is used to identify users and customisw web pages for them.

A person who obtains or attempts to obtain unauthorized access to computer resources for specific, premeditated crimes. (See also Hacker) .

Cracking Utilities
Programs planted in systems by attackers for a variety of purposes such as elevating privileges, obtaining passwords, and disguising the attacker's presence.

A checksum that is generated using a checksum cryptographic means. It is used to detect accidental or deliberate modification of data.

Is a criminal activity committed with the help of computers an the Internet. It includes computer fraud, distributing viruses, DoS attacks etc.

return to top

This is a data structure used to store organized information. A database is typically made up of many linked tables of rows and columns. For example, a company might use
a database to store information about their products, their employees, and financial information. Databases are now also used in nearly all e-commerce sites to store product inventory and customer information.

Defacement of a website involves unauthorised change of key pages like the home page.

Desktop firewall
Is a program that filters incoming and outgoing packages between your computer
and the internet. Based on rules, it blocks or allows traffic.

Dynamic Host Configuration Protocol is a protocol used to assign IP addresses
to networked computers. It is useful for setting up large networks since they do not need to be assigned manually.

Any application whose primary function is to dial a premium rate phone number.

Dictionary attack
A method/software used to break password protected systems in which the attacker
runs all possible combinations of letters in a dictionary.

Digital Signature
It is used with email applications to verify that a specific email message has really been sent from the same person who supposedly sent it. The actual digital signature
is comprised of a mathematical algorithm that is used to combine information
on the message and the signature key.

Disruption/Denial of service (DOS)
Occurs when an intruder uses malicious code to disrupt computer services, including erasing a critical program,'mail spamming' i.e., flooding a user account with electronic mail, or altering system functionality by installing a Trojan horse program.

Domain Name
Is a name that identifies a web site (ex.www.forth.gr/grcert)

Domain Name Service (DNS)
It is a computer programme that runs on a web server and translates domain names
into IP addresses.

return to top

Ellevation of privilege
The process by which a user obtains a higher level of privilege than the one he has been authorized. A malicious user may use elevation of privilege as a means to compromise, destroy or access unauthorized information.

Using encryption renders information unintelligible in a manner that allows the information to be decrypted into its original form - the process of transforming plaintext into cipher text.

Espionage is stealing information to subvert the interests of AITS, the University of Illinois, the Federal government, or gaining access to a competitor's data to subvert contract procurement regulations.

Any observable occurrence in a computer system or network, e.g., the system boot sequence, port scan, a system crash, or packet flooding within a network.
Events sometimes provide an indication that an incident is occurring, although
not necessarily.

A file that will take advantage of design flaws (vulnerabilities) in software in order to take control of a system. The exploit may be used to perform a number of different actions such as downloading worms and Trojans, accessing confidential data or crashing
the software (Denial of Service) depending on the nature and severity of the vulnerability.

Used to control access to or from a protected network. Enforces a network access policy by forcing connections to pass through this system, where they can be examined
and evaluated. The system can be a router, a personal computer, a host, or a collection
of hosts, set up specifically to shield a site or subnet from protocols and services
that can be abused from hosts outside the subnets.

(see Patch)

FTP (File Transfer Protocol)
A protocol used to transfer files between systems.

return to top

A gateway is either hardware or software that acts as a bridge between two networks
so that data can be transferred between a number of computers. Often, your connection to a Web site will involve many smaller connections to other servers along the way.
In these cases, a number of gateways are used.

A person who obtains or attempts to obtain unauthorized access to a computer
for reasons of thrill or challenge. (See also Cracker)

A hoax occurs when false stories, fictitious incidents or vulnerabilities are spread
(e.g., virus warnings that do not exist).

A computer system on the internet set up to attract and trap spammers and hackers.

Identity Theft
When personal information is stolen and used illegally. The fraudster uses the victim's details to impersonate him in illegal transactions.

An incident is defined as any adverse event whereby some aspect of computer security could be threatened: loss of data confidentiality, disruption of data or system integrity,
or disruption or denial of availability. Examples include penetration of a computer system, exploitation of technical vulnerabilities, or introduction of computer viruses or other forms of malicious software.

An infection in a computer occures when malicious code has been entered into
its systems by means of a virus.

Infection length
It is the size in bytes, of the viral code that is inserted into a program by the virus.
If this is a worm or Trojan Horse, the length represents the size of the file.

(1) A sub-goal of computer security which pertains to ensuring that data continues
to be a proper representation of information, and that information processing resources continue to perform correct processing operations.

(2) A sub-goal of computer security which pertains to ensuring that information retains
its original level of accuracy.

Data integrity is that attribute of data relating to the preservation of:
(a) its meaning and completeness,
(b) the consistency of its representation(s), and
(c) correspondence to what it represents.

Internal threat
A threat (security threat) that originates within an organization or company.

Internet Message Access Protocol (IMAP)
It is a method of accessing e-mail messages on a server without having to download them to your local hard drive. The advantage of using an IMAP mail server is that users can check their mail from multiple computers and always see the same messages.
This is because the messages stay on the server until the user chooses to download them to his or her local drive.

Internet Relay Chat (IRC)
IRC is a multi-user chat system, where people meet on "channels" (chat rooms) to talk
in groups, or privately. This system also allows for the distribution of executable content.

A private Internet that runs inside a Local Area Network.

Unauthorized access to a system or network.

IPS (Intrusion Prevention System)
A system that monitors hosts connected in a network to find and quicly respond
to potential threats and alert the user(s) to take action.

return to top

Joint Photograhic Experts Group - a common image format. Art and photographic pictures are usually encoded as JPEG files.

A system developed at the Massachusetts Institute of Technology that depends on passwords and symmetric cryptography to implement ticket-based, peer entity authentication service and access control service distributed in a client-server network environment.

keystroke Logger/Keylogger
A program that records users keystrokes with the intention of capturing sensitive information such as credit card details.

Local Area Network (LAN)
Is a network among computers in a local area (like inside a building), connected via cables.

A record of actions and events that take place on a computer. Logging creates a record
of actions and events that take place on a computer.

Logic bomb
Is a program that allows a virus to stay dormant in a system and only attack when
the conditions it is set for, are met.

A macro is a combination of keystrokes that are recorded, stored and assigned
to a shortcut key to be used. When that key code is typed, the specified instructions
are run. They are used to simplify operations but they can have malicious uses too.

Macro virus
Is a program written in the internal macro language of an application and used to replicate and spread.

Malicious code attacks
Include attacks by programs such as viruses, Trojan horses, worms, and scripts used
by crackers/hackers to gain privileges, capture passwords, and/or modify audit logs
to exclude unauthorized activity.

Malware is a general term for a range of malicious software including viruses, worms, Trojan horses and spyware.

Message Authentication Code (MAC)
An algorithm that allows a receiver to ensure that a block of data has retained its integrity from the time it was sent until the time it was received.

Misuse occurs when someone uses a computing system for other than official
or authorized purposes.

Stands for "Moving Picture Experts Group." The MPEG organization, develops standards for digital audio and video compression. The term MPEG also refers to a type of multimedia file, which is denoted by the file extension ".mpg" or ".mpeg." These files
are compressed movies that can contain both audio and video. Though they are compressed, MPEG files maintain most of the original quality of the uncompressed movie.

return to top

A group of computers and associated devices connected by communications facilities (both hardware and software) to share information and peripheral devices, such as printers and modems.

Network Address Translator (NAT)
Is a technique of transceiving network traffic through a router.
Most systems using NAT do so in order to enable multiple hosts on a private network
to access the Internet using a single public IP address. NAT can introduce complications
in communication between hosts and may have a performance impact.

OS (Operating Systems) fingerprinting
OS fingerprinting determines the operating system that a host computer is running based on specific characteristics. An outsider can discover general information by searching
for those spesific characteristics that can give detailed information on even what version of OS a host is running.

A hard disk can be divided into several partitions that function as a separate unit and have their own volume name such as D:, E:, F: etc). Partitioning makes the hard drive work faster as the computer can search smaller sections for a specific file rather than the whole drive.

Password cracker
Is a software designed to help a user or administrator to either recover a forgotten password or to use to uncover weak passwords. It is also used from attackers to get a list of weak passwords to access systems.

Is a small piece of software used to repair a bug or vulnerability in computing.

This is the malicious activity that the virus performs. Not all viruses have payloads, but there are some that perform destructive actions.

Payload trigger
The condition that causes the virus to activate or drop its destructive payload. Some viruses trigger their payloads on a certain date. Others may trigger their payload based on the execution of certain programs or on the availability of an Internet connection.

Peripheral Component Interconnect (PCI)
It is a hardware bus designed by Intel and used in both PCs and Macs. Most add-on cards such as SCSI, Firewire, and USB controllers, use a PCI connection. Some graphics cards use PCI, but most new graphics cards connect to the AGP slot. PCI slots are found
in the back of your computer and are about 3.5" long and about 0.5" high.

Phising attacks usually involve sending emails asking for financial and personal information that need immediate attention. Malicious websites from where attackers
can retract information.

Ping is a protocol used across a network to see if a particular computer is 'alive' or not. Computers that recognize the ping, report back their status. Computers that are down
will not report anything back.

Plug in
An application added on web browsers in order to handle a special type of data like sound or movie files.

Post Office Protocol (POP3)
Post Office Protocol version 3 (POP3) is an application layer Internet standard protocol used to retrieve email from a remote server to a local client over a TCP/IP connection. Nearly all individual Internet service provider email accounts are accessed via POP3.

Is a location from where data travels in and out of a computing device. In computers there are internal ports where users can connect disk drives, USBs, Keyboards and other peripherals. In TCP/IP and UDP networks, a port is the endpoint to a logical connection.

Port scanning
Is a hacking technique to check TCP/IP ports and find which services are available for exploitation and to also find out which operating system is run by a particular computer.

Pretty Good Privacy PGP
Public key encryption used for encrypting and decrypting email messages.

A software agent, often a firewall mechanism, which performs a function or operation on behalf of another application or system while hiding the details involved.

return to top

Suspected files containing a virus, are sent to a quarantine by the anti-virus system
so that the files cannot be opened or executed.

Radio Frequency Identification RFID
This technology uses devices attached to objects that transmit data to an RFID receiver.
It is an alternative to bar coding used in shops. Advantages include data capacity, read/write capability, and no line-of-sight requirements.

A rootkit is a set of software tools designed to be invisible and placed on a computer
by a third party. It is used to conceal running processes, files or system data.
Rootkits do not infect machines by themselves like viruses or worms, but rather,
seek to provide an undetectable environment for malicious code to execute.
Attackers will typically leverage vulnerabilities in the target machine, or use social engineering techniques, to manually install rootkits. Or, in some cases, rootkits can
be installed automatically upon execution of a virus or worm or simply even by browsing to a malicious website.

Is a type of hardware (rarely software) that directs the transfer of data to different computers within a network.

When a program is running, or executing, it is said to be in runtime. A "runtime error"
is an error that happens while the program is executing. A memory leak, where the program sucks up excessive amounts of system memory is also a runtime error.

Safe Mode
Sometimes, Windows may not fully load after an unexpected crash and the only way to get the computer to boot is to use Safe Mode. Safe Mode is a way for the Windows operating system to run with the minimum system files necessary. It uses a generic VGA display driver instead of the vendor-specific driver, which means you will likely be working with only 16 colors in a resolution of 640x480. Safe Mode also turns off all third-party drivers for other peripherals such as mice, keyboards, printers, and scanners. In basic Safe Mode, networking files and settings are not loaded, meaning you won't be able to connect to the Internet or other computers on a network.

A fraudulent business scheme or swindle.

A type of program that consists of a set of instructions for an application. A script usually consists of instructions that are expressed using the application's rules and syntax, combined with simple control structures.

Search engine
Is a computer progamme used to search pages online for information. It indexes
its results according to the search words put by the users. Some common search engines include Google and Yahoo!.

Secure Sockets Layer (SSL)
SSL protocol is used for transmitting private documents via the Internet using
a cryptographic system with two keys. One key is used to encrypt data (public key)
and another one to decrypt data (private key). The SSL standard is used by a wide variety of online providers such as online bank accounts and provides protection from the interception of sensitive data by third parties, as well as the misrepresentation of access control and credit card processing services.

Serial Advanced Technology Attachment SATA
A computer bus designed to transfer data to and from a hard drive using serial signaling technology. Because SATA cables are thinner than its ribbon type counterpart, they can be connected to more devices while maintaining its signal integrity.

Service Pack
A service pack is a software package that includes software or operating system updates. They are usually called patches and are reliesed to cover security holes.

In communications, the time during which two computers maintain a connection and are usually engaged in transferring information.

SMB (Server Message Block) probe
An SMB probe checks a system to find out which shared files are available. When used internally, it probes intentional alerts. When used externally, sometimes in the form
of a worm, it can determine file system weaknesses.

Software distributed on the basis of an honor system. Most shareware is delivered free
of charge, but the author usually requests that you pay a small fee if you like the program and use it regularly. By sending the small fee, you become registered with the producer so that you can receive service assistance and updates. You can copy shareware and pass it along to friends and colleagues, but they too are expected to pay a fee if they use
the product.

Skype is a peer-to-peer voice over Internet protocol (VoIP). This Internet telephony network was developed as a free desktop software application that gives users the ability to make free Internet phone calls to other Skype users or you can use the application
to place and receive phone calls to and from traditional phone lines for a reduced fee.

A device or program that captures packets transmitted over a network.

Social engineering
"Conning" unsuspecting people into sharing information about computing systems
(e.g., passwords) that should not be shared for the sake of security.

Electronic unwanted junk email messages.

In networking, the term is used to describe a variety of ways in which hardware and software can be fooled. Email spoofing, for example, involves trickery that makes a message appear as if it came from a legitimate business email address.

Spyware is a term used to describe a broad set of applications that send information
from a computer to a third party without the user's permission or knowledge.

Stealth port scans
A port scan helps find which ports are available by sending a message to each port,
one at a time and depending on the type of response we can understand whether the port is used. Usually they are done very quickly but by scanning very slowly,
it cannot be detected, becoming a stealth technique.

A switch is used to network multiple computers together. Switches made for the consumer market are typically small, flat boxes with 4 to 8 Ethernet ports. These ports can connect to computers, cable or DSL modems, and other switches. High-end switches can have more than 50 ports and often are rack mounted.

return to top

Tramsmission Control Protocol/Internet Protocol is a four-layer protocol for connecting computers into the Internet.

Threat Capabilities
intentions, and attack methods of adversaries to exploit any circumstance or event
with the potential to cause harm to information or an information system.

Trojan horse
Computer program containing an apparent or actual useful function that contains additional (hidden) functions that allows unauthorized collection, falsification
or destruction of data.

Unauthorized access
Unauthorized access encompasses a range of incidents from improperly logging
into a user's account (e.g., when a hacker logs in to a legitimate user's account)
to obtaining unauthorized access to files and directories possibly by obtaining "super-user" privileges. Unauthorized access also includes access to network data gained by planting an unauthorized "sniffer" program (or some such device) to capture all packets traversing the network at a particular point.

Uninterruptible Power Supplies (UPS)
Is a device that maintains a continuous power supply to the connected equipment
when electricity is not available. Also called battery back up.

Utility programs, commonly referred to as just "utilities," are software programs that add functionality to your computer or help your computer perform better. These include antivirus, backup, disk repair, file management, security, and networking programs. Utilities can also be applications such as screensavers, font and icon tools, and desktop enhancements.

A computer program that copies itself. Often viruses will disrupt computer systems
or damage the data contained upon them. A virus requires a host program and will
not infect a computer until it has been run. Some viruses spread across networks
by making copies of themselves or may forward themselves via email.
The term 'virus' is often used generically to refer to both viruses and worms.

Virus Hoax
A warning about a non-existent virus. Usually urge users to forward them to everyone they know.

Virus Self replicating
malicious program segment that attaches itself to an application program or other executable system component and leaves no external signs of its presence.

Voice Over IP
A telephone service that uses the internet as a global telephone network.

Virtual Private Network is a network that is connected to the internet and uses encryption to cover all the data that is sent through the network so that the network is private.

A weakness in an information system, cryptographic system, or components (e.g., system security procedures, hardware design, internal controls) that could be exploited to violate system security policy.

Vulnerability analysis
Part of a risk analysis. It takes under consideration anything that could be taken advantage to cause a security threat in an organisation. It identifies potential threats
to and vulnerabilities of intormation systems and the associated risk so as to protect
the Confidentiality, Integrity and Availability of an organisation.

The webmaster is the person in charge of maintaining a Web site. The jobs of a webmaster include writing HTML for Web pages, organizing the Web site's structure, responding to e-mails about the Web site, and keeping the site up-to-date.

An independent program that replicates from machine to machine across network connections often clogging networks and computer systems as it spreads.

A wiki is a Web site that allows users to add and update content on the site using their own Web browser. This is made possible by Wiki software that runs on the Web server. Wikis end up being created mainly by a collaborative effort of the site visitors. A great example of a large wiki is the Wikipedia, a free encyclopedia in many languages that anyone can edit.

A zero day threat is a new threat released in the wild before threat detection signatures are available to protect against it. Fast moving threats such as internet worms can cause huge amounts of damage at zero day.

return to top

FORTH Logo