Terms

Account Compromise

An account compromise is the unauthorized use of a computer account by someone other than the account owner, without involving system-level or root-level privileges (privileges a system administrator or network manager has). An account compromise might expose the victim to serious data loss, data theft, or theft of services. The lack of root-level access means that the damage can usually be contained, but a user-level account is often an entry point for greater access to the system. (From http://www.us-cert.gov/reading_room/tocencyc.html#AccComp)

Backdoor

Also called a trapdoor. An undocumented way of gaining access to a program, online service or an entire computer system. The backdoor is written by the programmer who creates the code for the program. It is often only known by the programmer. A backdoor is a potential security risk.

Cracker

Legitimate hackers resent the association of the term hacker with criminal activity. They use the term "cracker" to describe someone who breaks into networks.

DDOS (Distributed Denail of Service)

Same concept as a Denial of Service Attack but using many systems to attack a single system at the same time, thus greatly increasing the attack. See "DOS (Denial of Service)"

Desktop Computer

A desktop computer is an independent personal computer that is made especially for use on a desk in an office or home. The term is used mainly to distinguish this type of personal computer from portable computers and laptops, but also to distinguish other types of computers like the PDA, server or mainframe. Desktops are currently the more affordable and most common computers, and are frequently used by businesses, schools, households and other organizations. Nearly all modern desktop computers are modular, meaning that the components can easily be replaced or upgraded. A desktop computer can also refer to a computer whose case is oriented horizontally (usually, the monitor is placed on top of the case). Such cases are called Desktops as opposed to Towers. (From http://en.wikipedia.org/wiki/Desktop_computer)

DOS (Denial of Service)

The goal of denial-of-service attacks is not to gain unauthorized access to machines or data, but to prevent legitimate users of a service from using it. A denial-of-service attack can come in many forms. Attackers may "flood" a network with large volumes of data or deliberately consume a scarce or limited resource, such as process control blocks or pending network connections. They may also disrupt physical components of the network or manipulate data in transit, including encrypted data. (From http://www.us-cert.gov/reading_room/tocencyc.html#Denial)

Encryption

The translation of data into a secret code. Encryption is the most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. Unencrypted data is called plain text; encrypted data is referred to as cipher text. See our DOC on Encryption

Exploit

An exploit is a common term in the computer security community to refer to a piece of software that takes advantage of a bug, glitch or vulnerability, leading to privilege escalation or denial of service on a computer system. (From en.wikipedia.org/wiki/Exploit_(computer_security))

Exploitation of Trust

Computers on networks often have trust relationships with one another. For example, before executing some commands, the computer checks a set of files that specify which other computers on the network are permitted to use those commands. If attackers can forge their identity, appearing to be using the trusted computer, they may be able to gain unauthorized access to other computers.

Firewall

A device or piece of software that is designed to control access to a computer or an entire network. Firewalls are often used to control who can access a system and what programs or protocols can be used. Also see Understanding Firewalls

Hacker

A hacker is a person who creates and modifies computer software and computer hardware, including computer programming, administration, and security-related items. In computer programming, a 'hacker' is a programmer who hacks or reaches a goal by employing a series of modifications to exploit or extend existing code or resources. In computer security, a hacker is a person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers), and grey hats. (See: Hacker (computer security))

IDS (Intrusion Detection System)

An Intrusion Detection System or IDS is a software/hardware tool used to detect unauthorized access to a computer system or network. This may take the form of attacks by skilled malicious hackers, or Script kiddies using automated tools. An IDS is required to detect all types of malicious network traffic and computer usage. This includes network attacks against vulnerable services, data driven attacks on applications, host based attacks such as privilege escalation, unauthorised logins and access to sensitive files, and malware (viruses, trojan horses, and worms). For more information on IDS please refer to http://en.wikipedia.org/wiki/Intrusion-detection_system

Internet Infrastructure Attacks

These rare but serious attacks involve key components of the Internet infrastructure rather than specific systems on the Internet. Examples are network name servers, network access providers, and large archive sites on which many users depend. Widespread automated attacks can also threaten the infrastructure. Infrastructure attacks affect a large portion of the Internet and can seriously hinder the day-to-day operation of many sites. (From http://www.us-cert.gov/reading_room/tocencyc.html#InfraAtt)

IPS (Intrusion Prevention System)

An intrusion prevention system (a computer security term) is any device which exercises access control to protect computers from exploitation. "Intrusion prevention" technology is considered by some to be an extension of intrusion detection (IDS) technology, but it is actually another form of access control, like an application layer firewall. Intrusion prevention systems were invented by One Secure which was latter acquired by NetScreen Technologies that was aquired by Juniper Networks in 2004 who decided to make access control decisions based on application content, rather than IP address or ports as traditional firewalls had done. This ability to inspect network traffic at a deeper level confused them with intrusion detection systems, which also inspect network traffic for signs of intrusions. Intrusion prevention systems may also act at the host level to deny potentially malicious activity. An Intrusion Prevention system must also be a very good Intrusion Detection system to enable a low rate of false positives. (From http://en.wikipedia.org/wiki/Intrusion-prevention_system)

Malicious Code

Malicious code is a general term for programs that, when executed, would cause undesired results on a system. Users of the system usually are not aware of the program until they discover the damage. Malicious code includes Trojan horses, viruses, and worms. Trojan horses and viruses are usually hidden in legitimate programs or files that attackers have altered to do more than what is expected. Worms are self-replicating programs that spread with no human intervention after they are started. Viruses are also self-replicating programs, but usually require some action on the part of the user to spread inadvertently to other programs or systems. These sorts of programs can lead to serious data loss, downtime, denial of service, and other types of security incidents. (From http://www.us-cert.gov/reading_room/tocencyc.html#Malicious)

Network

A wide variety of systems of interconnected components are called networks. (From http://en.wikipedia.org/wiki/Network)

Packet Sniffer

A packet sniffer is a program that captures data from information packets as they travel over the network. That data may include user names, passwords, and proprietary information that travels over the network in clear text. With perhaps hundreds or thousands of passwords captured by the sniffer, intruders can launch widespread attacks on systems. Installing a packet sniffer does not necessarily require privileged access. For most multi-user systems, however, the presence of a packet sniffer implies there has been a root compromise. (From http://www.us-cert.gov/reading_room/tocencyc.html#PackSnif)

PC (Personal Computer)

A personal computer or PC is generally a microcomputer intended to be used by one person at a time, and suitable for general purpose tasks such as word processing, programming, or game play, usually used to run purchased or other software not written by the user. Unlike minicomputers, a personal computer is often owned by the person using it, indicating a low cost of purchase and simplicity of operation. The user of a modern personal computer may have significant knowledge of the operating environment and application programs, but is not necessarily interested in programming nor even able to write programs for the computer. (From http://en.wikipedia.org/wiki/Personal_computer)

Phishing

A way of using spoofed emails and fraudulent websites designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, social security numbers, etc. Also see Email Scams and Phishing Attacks

Port

In TCP/IP and UDP networks, an endpoint to a logical connection. The port number identifies what type of port it is. For example, port 80 is used for HTTP traffic. Also see Well-Known TCP Port Numbers in the Quick Reference section of Webopedia..

Probe

A probe is characterized by unusual attempts to gain access to a system or to discover information about the system. One example is an attempt to log in to an unused account. Probing is the electronic equivalent of testing doorknobs to find an unlocked door for easy entry. Probes are sometimes followed by a more serious security event, but they are often the result of curiosity or confusion. (From http://www.us-cert.gov/reading_room/tocencyc.html#Probe)

Risk

The likelihood of a given threat-source’s attempting to exercise a given vulnerability, and the resulting impact of that adverse event on the organization. (From www.nrc.gov.edgesuite.net/reading-rm/ doc-collections/insp-gen/2004/04-a-21.pdf)

Root Compromise

A root compromise is similar to an account compromise, except that the account that has been compromised has special privileges on the system. The term root is derived from an account on UNIX systems that typically has unlimited, or "superuser", privileges. Intruders who succeed in a root compromise can do just about anything on the victim's system, including run their own programs, change how the system works, and hide traces of their intrusion. (From http://www.us-cert.gov/reading_room/tocencyc.html#RootComp)

Router

A Router is a device that forwards data packets along networks. A router is connected to at least two networks, commonly two LANs or WANs or a LAN and its ISP?s network. Routers are located at gateways, the places where two or more networks connect. Routers use headers and forwarding tables to determine the best path for forwarding the packets, and they use protocols such as ICMP to communicate with each other and configure the best route between any two hosts. Very little filtering of data is done through routers.

Scan

A scan is simply a large number of probes done using an automated tool. Scans can sometimes be the result of a misconfiguration or other error, but they are often a prelude to a more directed attack on systems that the intruder has found to be vulnerable. (From http://www.us-cert.gov/reading_room/tocencyc.html#Scan)

Script Kiddie

In computing, a script kiddie (occasionally script kitty) is a derogatory term for people who use scripts and programs developed by others for the purpose of compromising computer accounts and files, and for launching attacks on whole computer systems. See "DOS (Denial of Service)". In general, they do not have the ability to write said programs on their own. Such programs have included WinNuke applications and Back Orifice. (From en.wikipedia.org/wiki/Script_kiddie)

Server

Over the years, the term has been misinterpreted (but in common usage now) to also mean the physical computer on which the server software runs. Software ultimately requires computer hardware to run, and originally server software would be run on a large powerful computer such as a mainframe computer or minicomputer. These have largely been replaced by computers built using a more robust version of the microprocessor technology than is used in personal computers, and the term "server" was adopted to describe microprocessor-based machines designed for this purpose. In a general sense, "server" machines have high-capacity (and sometimes redundant) power supplies, a motherboard built for durability in 24x7 operations, large quantities of ECC RAM, and fast I/O subsystems employing technologies such as SCSI, RAID, and PCI-X or PCI Express. It is important to note, however, that computers referred to as "servers" do not necessarily run any server software, nor is it required that server software only be run on these types of computers. (From http://en.wikipedia.org/wiki/Server)

Social Engineering

Social engineering is the art and science of getting people to comply to your wishes. It is not a way of mind control, it will not allow you to get people to perform tasks wildly outside of their normal behavior and it is far from foolproof. (From http://packetstormsecurity.nl/docs/social-engineering/aaatalk.html )

Spyware

Spyware is any application that impairs users control over material changes that affect their user experience, privacy or system security; use of their system resources, including what programs are installed on their computers; or collection, use and distribution of their personal or otherwise sensitive information. (From http://www.antispywarecoalition.org/documents/definitions.htm)

Switch

A switch is a device the filters and forwards packets between LAN segments. It acts as a bridge giving each and every port the full bandwidth capability. If you have an 8-port 10/100 switch, then each port can be either 10 or 100 Mb, and each port is full-duplex. This means that there are no collisions, so no re-transmits, no back offs, full speed ahead and because it is full duplex, you can get full speed in both directions, or up to 200Mb throughput per port. Think of it like a high-speed 16-lane highway where each device gets, a full 2 lanes all to themselves, no speed limit. Each interface is its own collision domain, but the whole switch is one broadcast domain.

Threat

A threat is a force that could affect an organization or an element of an organization. Threats can be either external or internal to an organization. A threat can be man made or something that occurs in nature (IE floods, Tornadoes, Wild Fires, etc).

Trojan

A Trojan also known as Trojan horse is a program that looks legit, but actually is not. Trojans are usually attached to files popularly shared online, and when these files are run, the Trojan program can have many destructive effects. A Trojan programs does not replicate itself, it tries to modify setting on the computer its on to allow itself to exist for malicious purposes. Some of the effects of Trojans are opening backdoors on the system giving access to hackers as well as capture credit card information, passwords, email address, keystroke logging, using your computer to launch attacks.

Virus

Virus is a program that infects a computer when it is run. It attaches itself to other programs or documents enabling it be executed when the host file is executed without the user being aware. Viruses can spread via email attachments or other files that are shared between users (Never open email attachments unless you are sure they are from someone you know and the sender actually did send it to you. Attachments to avoid not limited to with extensions .exe, .com, .bat, exe). Viruses can corrupt data while infecting files, display messages or lie dormant till a set date.

Virus Signature

A virus signature is the binary pattern of a virus?s machine code that can be used as a fingerprint aiding in the virus detection by antivirus programs. Different viruses have different signatures that help detect their presence.

VPN (Virtual Private Network)

A Virtual Private Network, or VPN, is a private communications network usually used within a company, or by several different companies or organizations, to communicate over a public network. VPN message traffic is carried on public networking infrastructure (e.g. the Internet) using standard (often insecure) protocols, or over a service providers network providing VPN service guarded by well defined Service Layer Agreement (SLA) between the VPN customer and the VPN Service Provider. (From http://en.wikipedia.org/wiki/VPN)

Vulnerability

A feature or combination of features of a system that allows an adversary, the intruder, to place the system, your computer, in a state that is both contrary to the desires of the people responsible for the system and increases the risk (probability or consequence) of undesirable behavior in or of the system. A feature or combination of features of a system that prevents the successful implementation of a particular security policy for that system. A program with a buffer that can be overflowed with data supplied by the invoker will usually be considered a vulnerability. A telephone procedure that provides private information about the caller without prior authentication will usually be considered to have a vulnerability.

Worm

A worm is a special type of computer program that replicates itself and tries to spread across the network infecting other computers while consuming bandwidth. Worms can install backdoors, delete files as well as install hacked executables.

Displaying 37 terms out of 37