Resources/Glossary
of terms
A B
C D E F
G H I J
K L M N
O P Q R
S T U V
W X Y Z
Access control
Are the mechanisms for limiting access to certain
information based on a user's identity and membership in predefined
groups. Access control can be mandatory, discretionary, or
role-based.
ActiveX
Plug-in software for Windows programmes executed
by web browsers.
Adware
Adware is a type of advertising display software whose primary
purpose is to deliver advertising content in a manner or context
that may be unexpected and unwanted
by users.
Alert
Notification that an attack has been shown in your
system.
Application
An application is a software that can be installed
in a computer and can combine a combination of executable
files.
Authentication
A method used to verify the identify of a user/programme/computer
in a network
or on the web.
return
to top
Back-up
Keeping a copy of data and applications on a separate
media either in a different location or just a different memory
storage medium.
Backbone
A local backbone refers to the main network lines
that connect several local area networks (LANs) together.
The result is a wide area network (WAN) linked by a backbone
connection.
Backdoor
They are programmes that give access to an attacker
from a remote location.
They are a type of Trojans.
Bandwidth
The speed with which we can measure the amount of
data that can be sent through
the Internet. The more bandwidth we have, the faster data
travels.
Banner
Information/advertisement that is displayed at the
top of a web page.
Blacklist
A list of e-mail addresses that usually cause spam.
Bluetooth
Bluetooth is a personal area network technology for
short-range transmission of digital voice and data between
laptops, mobile phones, and other portable handheld devices.
Mobile viruses could be spread through Bluetooth transfers
between computers
and mobile devices, and between mobile devices.
Border Gateway Protocol (BGP)
The core routing protocol of the Internet. Maintains
a table of IP networks which designate network reachability
among autonomous systems.
Botnet
A collection of zombie PCs (short for a robot network). They
can consist of tens or even hundreds of thousands of zombie
computers. A single PC in a botnet can automatically send
thousands of spam messages per day. The most common spam messages
come from zombie computers.
Brute-force
A brute-force attack involves exhausting a number
of possibilities to retreive passwords and encrypted messages.
These are all programmes that are set to use combinations
of characters, symbols and numbers to reveal the secret.
Buffer overflow
A buffer overflow occurs when a program tries to store more
data in abuffer than it can hold. This extra information can
overflow into adjacent buffers corrupting or overwriting valid
information held in them.
Bug
A programming error that can bring vulnerabilities.
return
to top
Cache
A cache stores recently-used information in a place
where it can be accessed extremely fast. For example, a Web
browser like Internet Explorer uses a cache to store the pages,
images, and URLs of recently visted Web sites on your hard
drive. So when you visit
a page you have recently been to, the pages and images do
nott have to be downloaded to your computer all over again.
Certificate
A certificate in websites is used to authenticate
to the user that the site is genuine.
CGI (Common Gateway Interface) attacks
CGI is a standard that allows a web server to call
an external program so that it can generate dynamic content.
An attack happens through port scanning used to find CGI programs
that have known vulnerabilities in them. Once a vulnerable
CGI program
is found it can be used to break into a server.
Cloud Computing
Cloud computing is a general term for anything that involves
delivering hosted services over the Internet. The name cloud
computing was inspired by the cloud symbol that's often used
to represent the Internet in flow charts and diagrams.
Code
A system of communication in which arbitrary groups
of letters, numbers, or symbols represent units of plain text
of varying length.
Cookies
A cookie is a line of text saved in a text file and
is given to a web browser by a web server. It is used to identify
users and customisw web pages for them.
Cracker
A person who obtains or attempts to obtain unauthorized
access to computer resources for specific, premeditated crimes.
(See also Hacker) .
Cracking Utilities
Programs planted in systems by attackers for a variety
of purposes such as elevating privileges, obtaining passwords,
and disguising the attacker's presence.
Cryptographic
A checksum that is generated using a checksum cryptographic
means. It is used to detect accidental or deliberate modification
of data.
Cybercrime
Is a criminal activity committed with the help of computers
an the Internet. It includes computer fraud, distributing
viruses, DoS attacks etc.
return
to top
Database
This is a data structure used to store organized information.
A database is typically made up of many linked tables of rows
and columns. For example, a company might use
a database to store information about their products, their
employees, and financial information. Databases are now also
used in nearly all e-commerce sites to store product inventory
and customer information.
Defacement
Defacement of a website involves unauthorised change of key
pages like the home page.
Desktop firewall
Is a program that filters incoming and outgoing packages between
your computer
and the internet. Based on rules, it blocks or allows traffic.
DHCP
Dynamic Host Configuration Protocol is a protocol used to
assign IP addresses
to networked computers. It is useful for setting up large
networks since they do not need to be assigned manually.
Dialer
Any application whose primary function is to dial
a premium rate phone number.
Dictionary attack
A method/software used to break password protected
systems in which the attacker
runs all possible combinations of letters in a dictionary.
Digital Signature
It is used with email applications to verify that
a specific email message has really been sent from the same
person who supposedly sent it. The actual digital signature
is comprised of a mathematical algorithm that is used to combine
information
on the message and the signature key.
Disruption/Denial of service (DOS)
Occurs when an intruder uses malicious code to disrupt computer
services, including erasing a critical program,'mail spamming'
i.e., flooding a user account with electronic mail, or altering
system functionality by installing a Trojan horse program.
Domain Name
Is a name that identifies a web site (ex.www.forth.gr/grcert)
Domain Name Service (DNS)
It is a computer programme that runs on a web server
and translates domain names
into IP addresses.
return
to top
Ellevation of privilege
The process by which a user obtains a higher level
of privilege than the one he has been authorized. A malicious
user may use elevation of privilege as a means to compromise,
destroy or access unauthorized information.
Encryption
Using encryption renders information unintelligible in a manner
that allows the information to be decrypted into its original
form - the process of transforming plaintext into cipher text.
Espionage
Espionage is stealing information to subvert the
interests of AITS, the University of Illinois, the Federal
government, or gaining access to a competitor's data to subvert
contract procurement regulations.
Event
Any observable occurrence in a computer system or
network, e.g., the system boot sequence, port scan, a system
crash, or packet flooding within a network.
Events sometimes provide an indication that an incident is
occurring, although
not necessarily.
Exploit
A file that will take advantage of design flaws (vulnerabilities)
in software in order to take control of a system. The exploit
may be used to perform a number of different actions such
as downloading worms and Trojans, accessing confidential data
or crashing
the software (Denial of Service) depending on the nature and
severity of the vulnerability.
Firewall
Used to control access to or from a protected network.
Enforces a network access policy by forcing connections to
pass through this system, where they can be examined
and evaluated. The system can be a router, a personal computer,
a host, or a collection
of hosts, set up specifically to shield a site or subnet from
protocols and services
that can be abused from hosts outside the subnets.
Fix
(see Patch)
FTP (File Transfer Protocol)
A protocol used to transfer files between systems.
return
to top
Gateway
A gateway is either hardware or software that acts
as a bridge between two networks
so that data can be transferred between a number of computers.
Often, your connection to a Web site will involve many smaller
connections to other servers along the way.
In these cases, a number of gateways are used.
Hacker
A person who obtains or attempts to obtain unauthorized
access to a computer
for reasons of thrill or challenge. (See also Cracker)
Hoax
A hoax occurs when false stories, fictitious incidents
or vulnerabilities are spread
(e.g., virus warnings that do not exist).
Honeypot
A computer system on the internet set up to attract and trap
spammers and hackers.
Identity Theft
When personal information is stolen and used illegally. The
fraudster uses the victim's details to impersonate him in
illegal transactions.
Incident
An incident is defined as any adverse event whereby
some aspect of computer security could be threatened: loss
of data confidentiality, disruption of data or system integrity,
or disruption or denial of availability. Examples include
penetration of a computer system, exploitation of technical
vulnerabilities, or introduction of computer viruses or other
forms of malicious software.
Infection
An infection in a computer occures when malicious code has
been entered into
its systems by means of a virus.
Infection length
It is the size in bytes, of the viral code that is inserted
into a program by the virus.
If this is a worm or Trojan Horse, the length represents the
size of the file.
Integrity
(1) A sub-goal of computer security which pertains
to ensuring that data continues
to be a proper representation of information, and that information
processing resources continue to perform correct processing
operations.
(2) A sub-goal of computer security which pertains to ensuring
that information retains
its original level of accuracy.
Data integrity is that attribute of data relating to the
preservation of:
(a) its meaning and completeness,
(b) the consistency of its representation(s), and
(c) correspondence to what it represents.
Internal threat
A threat (security threat) that originates within an organization
or company.
Internet Message Access Protocol (IMAP)
It is a method of accessing e-mail messages on a
server without having to download them to your local hard
drive. The advantage of using an IMAP mail server is that
users can check their mail from multiple computers and always
see the same messages.
This is because the messages stay on the server until the
user chooses to download them to his or her local drive.
Internet Relay Chat (IRC)
IRC is a multi-user chat system, where people meet on "channels"
(chat rooms) to talk
in groups, or privately. This system also allows for the distribution
of executable content.
Intranet
A private Internet that runs inside a Local Area
Network.
Intrusion
Unauthorized access to a system or network.
IPS (Intrusion Prevention System)
A system that monitors hosts connected in a network to find
and quicly respond
to potential threats and alert the user(s) to take action.
return
to top
JPEG
Joint Photograhic Experts Group - a common image
format. Art and photographic pictures are usually encoded
as JPEG files.
Kerberos
A system developed at the Massachusetts Institute
of Technology that depends on passwords and symmetric cryptography
to implement ticket-based, peer entity authentication service
and access control service distributed in a client-server
network environment.
keystroke Logger/Keylogger
A program that records users keystrokes with the
intention of capturing sensitive information such as credit
card details.
Local Area Network (LAN)
Is a network among computers in a local area (like
inside a building), connected via cables.
Log
A record of actions and events that take place on a computer.
Logging creates a record
of actions and events that take place on a computer.
Logic bomb
Is a program that allows a virus to stay dormant
in a system and only attack when
the conditions it is set for, are met.
Macro
A macro is a combination of keystrokes that are recorded,
stored and assigned
to a shortcut key to be used. When that key code is typed,
the specified instructions
are run. They are used to simplify operations but they can
have malicious uses too.
Macro virus
Is a program written in the internal macro language
of an application and used to replicate and spread.
Malicious code attacks
Include attacks by programs such as viruses, Trojan
horses, worms, and scripts used
by crackers/hackers to gain privileges, capture passwords,
and/or modify audit logs
to exclude unauthorized activity.
Malware
Malware is a general term for a range of malicious
software including viruses, worms, Trojan horses and spyware.
Message Authentication Code (MAC)
An algorithm that allows a receiver to ensure that a block
of data has retained its integrity from the time it was sent
until the time it was received.
Misuse
Misuse occurs when someone uses a computing system
for other than official
or authorized purposes.
MPEG
Stands for "Moving Picture Experts Group."
The MPEG organization, develops standards for digital audio
and video compression. The term MPEG also refers to a type
of multimedia file, which is denoted by the file extension
".mpg" or ".mpeg." These files
are compressed movies that can contain both audio and video.
Though they are compressed, MPEG files maintain most of the
original quality of the uncompressed movie.
return
to top
Network
A group of computers and associated devices connected by communications
facilities (both hardware and software) to share information
and peripheral devices, such as printers and modems.
Network Address Translator (NAT)
Is a technique of transceiving network traffic through a router.
Most systems using NAT do so in order to enable multiple hosts
on a private network
to access the Internet using a single public IP address. NAT
can introduce complications
in communication between hosts and may have a performance
impact.
OS (Operating Systems) fingerprinting
OS fingerprinting determines the operating system
that a host computer is running based on specific characteristics.
An outsider can discover general information by searching
for those spesific characteristics that can give detailed
information on even what version of OS a host is running.
Partition
A hard disk can be divided into several partitions that function
as a separate unit and have their own volume name such as
D:, E:, F: etc). Partitioning makes the hard drive work faster
as the computer can search smaller sections for a specific
file rather than the whole drive.
Password cracker
Is a software designed to help a user or administrator to
either recover a forgotten password or to use to uncover weak
passwords. It is also used from attackers to get a list of
weak passwords to access systems.
Patch
Is a small piece of software used to repair a bug or vulnerability
in computing.
Payload
This is the malicious activity that the virus performs. Not
all viruses have payloads, but there are some that perform
destructive actions.
Payload trigger
The condition that causes the virus to activate or drop its
destructive payload. Some viruses trigger their payloads on
a certain date. Others may trigger their payload based on
the execution of certain programs or on the availability of
an Internet connection.
Peripheral Component Interconnect (PCI)
It is a hardware bus designed by Intel and used in both PCs
and Macs. Most add-on cards such as SCSI, Firewire, and USB
controllers, use a PCI connection. Some graphics cards use
PCI, but most new graphics cards connect to the AGP slot.
PCI slots are found
in the back of your computer and are about 3.5" long
and about 0.5" high.
Phishing
Phising attacks usually involve sending emails asking for
financial and personal information that need immediate attention.
Malicious websites from where attackers
can retract information.
Ping
Ping is a protocol used across a network to see if a particular
computer is 'alive' or not. Computers that recognize the ping,
report back their status. Computers that are down
will not report anything back.
Plug in
An application added on web browsers in order to
handle a special type of data like sound or movie files.
Post Office Protocol (POP3)
Post Office Protocol version 3 (POP3) is an application
layer Internet standard protocol used to retrieve email from
a remote server to a local client over a TCP/IP connection.
Nearly all individual Internet service provider email accounts
are accessed via POP3.
Port
Is a location from where data travels in and out of a computing
device. In computers there are internal ports where users
can connect disk drives, USBs, Keyboards and other peripherals.
In TCP/IP and UDP networks, a port is the endpoint to a logical
connection.
Port scanning
Is a hacking technique to check TCP/IP ports and find which
services are available for exploitation and to also find out
which operating system is run by a particular computer.
Pretty Good Privacy PGP
Public key encryption used for encrypting and decrypting
email messages.
Proxy
A software agent, often a firewall mechanism, which performs
a function or operation on behalf of another application or
system while hiding the details involved.
return
to top
Quarantine
Suspected files containing a virus, are sent to a quarantine
by the anti-virus system
so that the files cannot be opened or executed.
Radio Frequency Identification RFID
This technology uses devices attached to objects that transmit
data to an RFID receiver.
It is an alternative to bar coding used in shops. Advantages
include data capacity, read/write capability, and no line-of-sight
requirements.
Rootkit
A rootkit is a set of software tools designed to
be invisible and placed on a computer
by a third party. It is used to conceal running processes,
files or system data.
Rootkits do not infect machines by themselves like viruses
or worms, but rather,
seek to provide an undetectable environment for malicious
code to execute.
Attackers will typically leverage vulnerabilities in the target
machine, or use social engineering techniques, to manually
install rootkits. Or, in some cases, rootkits can
be installed automatically upon execution of a virus or worm
or simply even by browsing to a malicious website.
Router
Is a type of hardware (rarely software) that directs
the transfer of data to different computers within a network.
Runtime
When a program is running, or executing, it is said to be
in runtime. A "runtime error"
is an error that happens while the program is executing. A
memory leak, where the program sucks up excessive amounts
of system memory is also a runtime error.
Safe Mode
Sometimes, Windows may not fully load after an unexpected
crash and the only way to get the computer to boot is to use
Safe Mode. Safe Mode is a way for the Windows operating system
to run with the minimum system files necessary. It uses a
generic VGA display driver instead of the vendor-specific
driver, which means you will likely be working with only 16
colors in a resolution of 640x480. Safe Mode also turns off
all third-party drivers for other peripherals such as mice,
keyboards, printers, and scanners. In basic Safe Mode, networking
files and settings are not loaded, meaning you won't be able
to connect to the Internet or other computers on a network.
Scam
A fraudulent business scheme or swindle.
Script
A type of program that consists of a set of instructions for
an application. A script usually consists of instructions
that are expressed using the application's rules and syntax,
combined with simple control structures.
Search engine
Is a computer progamme used to search pages online
for information. It indexes
its results according to the search words put by the users.
Some common search engines include Google and Yahoo!.
Secure Sockets Layer (SSL)
SSL protocol is used for transmitting private documents
via the Internet using
a cryptographic system with two keys. One key is used to encrypt
data (public key)
and another one to decrypt data (private key). The SSL standard
is used by a wide variety of online providers such as online
bank accounts and provides protection from the interception
of sensitive data by third parties, as well as the misrepresentation
of access control and credit card processing services.
Serial Advanced Technology Attachment SATA
A computer bus designed to transfer data to and from a hard
drive using serial signaling technology. Because SATA cables
are thinner than its ribbon type counterpart, they can be
connected to more devices while maintaining its signal integrity.
Service Pack
A service pack is a software package that includes software
or operating system updates. They are usually called patches
and are reliesed to cover security holes.
Session
In communications, the time during which two computers maintain
a connection and are usually engaged in transferring information.
SMB (Server Message Block) probe
An SMB probe checks a system to find out which shared files
are available. When used internally, it probes intentional
alerts. When used externally, sometimes in the form
of a worm, it can determine file system weaknesses.
Shareware
Software distributed on the basis of an honor system. Most
shareware is delivered free
of charge, but the author usually requests that you pay a
small fee if you like the program and use it regularly. By
sending the small fee, you become registered with the producer
so that you can receive service assistance and updates. You
can copy shareware and pass it along to friends and colleagues,
but they too are expected to pay a fee if they use
the product.
Skype
Skype is a peer-to-peer voice over Internet protocol (VoIP).
This Internet telephony network was developed as a free desktop
software application that gives users the ability to make
free Internet phone calls to other Skype users or you can
use the application
to place and receive phone calls to and from traditional phone
lines for a reduced fee.
Sniffer
A device or program that captures packets transmitted
over a network.
Social engineering
"Conning" unsuspecting people into sharing
information about computing systems
(e.g., passwords) that should not be shared for the sake of
security.
Spam
Electronic unwanted junk email messages.
Spoofing
In networking, the term is used to describe a variety of ways
in which hardware and software can be fooled. Email spoofing,
for example, involves trickery that makes a message appear
as if it came from a legitimate business email address.
Spyware
Spyware is a term used to describe a broad set of
applications that send information
from a computer to a third party without the user's permission
or knowledge.
Stealth port scans
A port scan helps find which ports are available
by sending a message to each port,
one at a time and depending on the type of response we can
understand whether the port is used. Usually they are done
very quickly but by scanning very slowly,
it cannot be detected, becoming a stealth technique.
Switch
A switch is used to network multiple computers together. Switches
made for the consumer market are typically small, flat boxes
with 4 to 8 Ethernet ports. These ports can connect to computers,
cable or DSL modems, and other switches. High-end switches
can have more than 50 ports and often are rack mounted.
return
to top
TCP/IP
Tramsmission Control Protocol/Internet Protocol is
a four-layer protocol for connecting computers into the Internet.
Threat Capabilities
intentions, and attack methods of adversaries to
exploit any circumstance or event
with the potential to cause harm to information or an information
system.
Trojan horse
Computer program containing an apparent or actual
useful function that contains additional (hidden) functions
that allows unauthorized collection, falsification
or destruction of data.
Unauthorized access
Unauthorized access encompasses a range of incidents
from improperly logging
into a user's account (e.g., when a hacker logs in to a legitimate
user's account)
to obtaining unauthorized access to files and directories
possibly by obtaining "super-user" privileges. Unauthorized
access also includes access to network data gained by planting
an unauthorized "sniffer" program (or some such
device) to capture all packets traversing the network at a
particular point.
Uninterruptible Power Supplies (UPS)
Is a device that maintains a continuous power supply to the
connected equipment
when electricity is not available. Also called battery back
up.
Utility
Utility programs, commonly referred to as just "utilities,"
are software programs that add functionality to your computer
or help your computer perform better. These include antivirus,
backup, disk repair, file management, security, and networking
programs. Utilities can also be applications such as screensavers,
font and icon tools, and desktop enhancements.
Virus
A computer program that copies itself. Often viruses
will disrupt computer systems
or damage the data contained upon them. A virus requires a
host program and will
not infect a computer until it has been run. Some viruses
spread across networks
by making copies of themselves or may forward themselves via
email.
The term 'virus' is often used generically to refer to both
viruses and worms.
Virus Hoax
A warning about a non-existent virus. Usually urge
users to forward them to everyone they know.
Virus Self replicating
malicious program segment that attaches itself to
an application program or other executable system component
and leaves no external signs of its presence.
Voice Over IP
A telephone service that uses the internet as a global
telephone network.
VPN
Virtual Private Network is a network that is connected to
the internet and uses encryption to cover all the data that
is sent through the network so that the network is private.
Vulnerability
A weakness in an information system, cryptographic
system, or components (e.g., system security procedures, hardware
design, internal controls) that could be exploited to violate
system security policy.
Vulnerability analysis
Part of a risk analysis. It takes under consideration anything
that could be taken advantage to cause a security threat in
an organisation. It identifies potential threats
to and vulnerabilities of intormation systems and the associated
risk so as to protect
the Confidentiality, Integrity and Availability of an organisation.
Webmaster
The webmaster is the person in charge of maintaining
a Web site. The jobs of a webmaster include writing HTML for
Web pages, organizing the Web site's structure, responding
to e-mails about the Web site, and keeping the site up-to-date.
Worm
An independent program that replicates from machine
to machine across network connections often clogging networks
and computer systems as it spreads.
Wiki
A wiki is a Web site that allows users to add and update content
on the site using their own Web browser. This is made possible
by Wiki software that runs on the Web server. Wikis end up
being created mainly by a collaborative effort of the site
visitors. A great example of a large wiki is the Wikipedia,
a free encyclopedia in many languages that anyone can edit.
Zero-Day
A zero day threat is a new threat released in the
wild before threat detection signatures are available to protect
against it. Fast moving threats such as internet worms can
cause huge amounts of damage at zero day.
return
to top
|
