Send Feedback
» Site Navigation

Glossary
Find out what that word means.
 Glossary A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Back to ACC
chapter - 1, 2, 3, 4, 5

A

Access controls - After initial identification and authentication, access controls allow users to access files, applications and perform certain tasks. Essentially 'access controls' control individual access to computer capabilities. They allow the administrator of a computer to customize and define the rights of individual users of that computer, or computers, on a network. Using Access Controls, the administrator can define who has access to run which applications, view which files or perform certain tasks.

ACK (ACKnowledgment code) - Code that communicates that a system is ready to receive data from a remote transmitting station, or code that acknowledges the error-free transmission of data.

ActiveX - ActiveX is a set of technologies developed by Microsoft that enables software components to interact with one another in a networked environment, like the Internet, regardless of the development language in which they were created. Microsoft's office assistant "Clippy" uses ActiveX technology. Malicious code can abuse existing ActiveX components like "Clippy" or be contained in new ActiveX components downloaded to your machine. ActiveX also allows you to view Word or Excel documents within your Internet Explorer web browser. For more information, check out Microsoft's ActiveX Web site.

Anti-virus software - A tool that examines a system and/or network for viruses and removes any that are found. Most anti-virus software includes an auto-update feature that enables the program to download profiles of new viruses so that it can check for the new viruses as soon as they are discovered. Symantec's Norton Utilities offers a live update feature that allows subscribers to receive protection from the latest forms of malicious code.

Anti-virus software definitions - The latest virus protection updates, developed by research teams shortly after a virus is discovered. These updates are available for immediate download as soon as a fix for the virus has been created.

Authentication - Authentication is simply identity verification and is often required to gain access to computer systems or networks. For example, authentication is achieved when a user provides their username and password to log onto their ISP.

B

Back door - A loophole in the security of a computer system, sometimes deliberately coded by programmers, but more often an unforeseen technique to abuse the system. It is also known as a trap door.

BackOrifice (a.k.a. BackOrifice 2000) - A new version of the BackOrifice Trojan. When installed on a Microsoft Windows system, this Trojan horse program allows other users to gain full access to the system through a network connection. BackOrifice is used to transfer files, control infected systems, and use infected systems to infect or launch attacks on other systems.

C

Content filtering - The blocking, or "filtering," of undesirable Internet content. Businesses can block content based on traffic type. For example, Web access might be allowed, but file transfers may not be allowed. Content can also be filtered by site through the use of lists of URLs that are cataloged by content (these catalogs are updated frequently). Parents can control and restrict their children's access to inappropriate content via special browsers and content filtering programs.

Cookie - A message supplied to a Web browser by a Web server which may contain specific data about the end user. The browser stores the message in a text file and sends the message back to the server each time the browser requests a page from the server. Typical data stored includes the user's surfing habits, preferences or demographic data. This technology also is used to identify users and customize Web pages. Cookies may also be used to track user activity within a Web site.

D

Denial of Service attack (DoS) - Action(s) which prevent any part of a system or network from functioning properly. Denial of Service can result when a system, such as a Web server, has been flooded with illegitimate requests, thus making it impossible to respond to real requests or tasks. Yahoo! and e-Bay were both victims of such attacks in February 2000.

DHCP (Dynamic Host Configuration Protocol) - Software that automatically assigns IP addresses to client stations logging onto a TCP/IP network. It eliminates traditional manual assignment of permanent IP addresses. DHCP software typically runs in servers and is also found in network devices such as ISDN routers and modem routers that allow multiple users access to the Internet. Newer DHCP servers update the DNS servers after making assignments.

Digital certificate (a.k.a. public-key certificate, digital ID or digital passport) - An electronic "document" which uses high-security encryption keys to verify identities for the purpose of executing secure transactions online. When you shop online and select the option to purchase a product, digital certificates are exchanged between your system and the merchant, which allows them to create a secure Internet connection with your computer. Online merchants obtain digital certificates from Certification Authorities, such as VeriSign, who confirm the legitimacy of the business, obtain specific data about the business, and issue a certificate that is unique to that merchant.

Digital signature - The functional equivalent of a paper signature; a digital signature can make a document binding. Digital signatures are typically verified in a manner similar to Digital Certificates.

DNS (Domain Name System or Domain Name Server) - A domain name look-up system which interprets the domain name of a computer that is connected to the Internet into an IP address. DNS servers or switching stations are located at numerous strategic places to assist in the process of routing of e-mail and Internet connections. Successful routing can require routing and switching through several levels of DNS servers.

E

Ethernet (a.k.a. "Thick Ethernet" and "ThickNet") - The most popular LAN access method, which is defined by the IEEE 802.3 standard. Ethernet is typically a shared media LAN. All systems on the segment share the total bandwidth, which is either 10 Mbps (Ethernet), 100 Mbps (Fast Ethernet) or 1000 Mbps (Gigabit Ethernet). Ethernet uses a thick coax cable as long as 1,640 feet without repeaters. With switched Ethernet, each sender and receiver pair have the full use of bandwidth. Ethernet was invented by Robert Metcalfe and David Boggs at Xerox PARC in 1973.

F

Firewall - A system or combination of systems that enforce borders between two or more networks. A firewall regulates access between networks according to a specific security policy. It is almost like an invisible barrier that protects a network or computer. The technology is very similar to its real world equivalent. For example, the barrier between the passenger compartment and engine compartment in a car is known as a firewall. It is designed to allow communication such as the accelerator and brake pedals to travel to the engine but keeps fumes, heat and noise out of the passenger compartment.

FTP (File Transfer Protocol) - A protocol used to send files back and forth over a TCP/IP network. It also can log onto a network, list directories, copy files and convert between the ASCII and EBCDIC character codes. FTP transfers can also begin from within a Web browser by entering ftp:// in front of the URL. Unlike e-mail programs in which files must be "attached," FTP handles binary files directly and is not forced to bother with encoding and decoding data.

H

Hacker - A person holds a great deal of knowledge and expertise in the field of computing, and who is capable of exercising this expertise with great finesse. This individual explores the details of computers, including security holes, and may exploit them. The hacker term has changed meaning over time. It was previously used to describe a dedicated programmer or devoted programming hobbyist.

HTTP (Hypertext Transfer Protocol) - The protocol for moving hypertext files across the Internet. Requires a HTTP client program on one end and an HTTP server program on the other end. HTTP is the most crucial protocol used in the World Wide Web (WWW).

I

ICMP (Internet Control and Message Protocol) - Used to communicate problems or availability information on the Internet. The Ping program uses ICMP to determine if a remote computer system is powered on and available on the Internet. ICMP is also used to communicate when a system cannot be found.

IGMP (Internet Group Management Protocol) - The standard for IP Multicasting on the Internet. It's used to establish host memberships in particular multicast groups on a single network. The particulars of the protocol allow a host to inform its local router, using Host Membership Reports, that it wants to receive messages addressed to a specific multicast group.

Intrusion detection - Techniques which try to detect intrusion or unauthorized entry into a computer or network by observation of actions, security logs or audit data. Intrusion detection is the discovery of break-ins or attempted break-ins either manually or via specific software systems that operate on logs or other information available on the network.

IP (Internet Protocol) - The communications standard that defines how the Internet works. IP defines how data is formatted and what particular information it contains to allow information to be exchanged on computer systems existing on a variety of different networks utilizing different hardware. An example of the information defined by the IP is in an IP datagram, which includes the addresses of the two computers communicating and the data they wish to exchange. This is not unlike an addressed envelope one would send using the postal service.

IP datagram - A piece of a message transmitted over a packet-switching network. In addition to the data being sent, a packet also contains the destination address. In IP networks, datagrams are often called packets.

IP fragment - A fragment of an IP packet or datagram. Packets are sometimes broken into fragments to be transported.

J

JavaScript - A platform-independent computer language developed by Netscape Communications in 1994 to enable Web authors to design interactive Web sites. JavaScript does not require access to critical or potentially 'sensitive' parts of your computer, system or network. Examples of JavaScript on Web sites include stock tickers and interactive quizzes. Unlike Java, JavaScript is text that is included within a Web page. Java is downloaded separately and not in a readable format.

L

LAN (Local Area Network) - A computer network that covers a relatively small area. Most LANs are kept to a single building or group of buildings. However, one LAN can be connected to other LANs over any distance via telephone lines and radio waves. A system of connected LANs is called a Wide Area Network (WAN).

Logic bomb (a.k.a. fork bomb) - A computer program that is triggered under certain conditions specific to the requirements set forth by the programmers of the logic bomb. Trigger conditions may be a date or time combination. When the Logic Bomb is triggered, it then makes copies of itself, "exploding," until the entire system is locked.

M

Macro virus - A type of computer virus that is encoded as a macro and embedded in a document. Macro viruses are commonly associated with Microsoft Office applications. Once the macro virus infects one document, it can embed itself in all future documents created within the applications. Macros may insert words or numbers into documents or change the command functions of the application.

Mail bomb - An e-mail that is sent, often multiple times, to an enormous number of recipients, urging them to respond to a single system or person. The result can often overload and crash a system.

Malicious code - Hardware, software or firmware that is intentionally introduced to a system for an unauthorized or malicious purpose. A Trojan horse is an example of malicious code.

Mobile code - Mobile code uses legitimate technologies such as Java applets and ActiveX controls as pathways for introducing malicious code, which may destroy programs and compromise system integrity. Mobile code attacks can modify data, steal passwords or files, redirect modem dial-ins or launch a Denial of Service attack. Malicious mobile code is usually executed without user knowledge or consent.

N

NetBus - Netbus is a remote Trojan program similar to BackOrifice. If this program is running on your computer and you are connected to the Internet, anyone who has the Netbus client program can invade your computer -- without your knowledge or consent -- to collect data from your computer such as passwords, e-mail and keystroke patterns. Once intruders have gained access via NetBus, they can execute programs in your computer, copy files, plant Trojan horses or viruses, control your mouse and more.

NNTP (Network News Transfer Protocol) - An industry protocol standard for the distribution, request, retrieval and posting of news articles on newsgroup servers.

P

Packet sniffer - A device or program that monitors packets traveling between computers on a network. A packet is a block of data that transmits the identities of sending and receiving stations, error-control information and data. Packet sniffing devices can be used to compromise computer security by intercepting data (such as confidential financial information or passwords) while it is being transmitted between two machines.

Payload - Term typically used to describe the actions of the malicious code or executable program carried by a Trojan horse or worm.

Piggybacking - Gaining unauthorized access to a system via another user's legitimate connection.

POP (Point of Presence) - The point where a line from a long distance carrier connects to the line of the local telephone company or to the user if the local company is not involved. For online services and Internet providers, the POP is the local exchange users dial into with their modem.

Port scanning - An attempt by hackers to find the weaknesses of a computer or network by scanning or probing system ports via requests for information. It can be used by IT professionals as a genuine tool to discover and correct security holes. But it can also be used maliciously to detect and exploit weaknesses.

PPP (Point-to-Point Protocol) - A method of connecting a computer to the Internet. PPP is relatively stable when compared to older versions of similar technology.

PPPoE (Point to Point Protocol over Ethernet) - A proposal specifying how a host personal computer (PC) interacts with a broadband modem (i.e. xDSL, cable, wireless, etc.) to achieve access to the growing number of high-speed data networks. Relying on two widely accepted standards, Ethernet and point-to-point protocol (PPP), the PPPoE implementation requires virtually no more knowledge on the part of the end user other than that required for standard dial-up Internet access. In addition, PPPoE requires no major changes in the operational model for Internet Service Providers (ISPs) and carriers.

R

Retro-virus - Waits until all possible backup media are infected with the virus before it performs malicious tasks visible to the user, so that it is not possible to restore the system to an uninfected state. Sometimes known as an "anti-anti-virus virus," this is a virus designed to avoid detection by anti-virus software.

RFC (Request for Comments) - A series of notes about the Internet, started in 1969. An RFC can be submitted by anyone. Eventually, if it gains enough interest, it may evolve into an Internet standard. Each RFC is assigned an RFC number.

S

SATAN (Security Administrator Tool for Analyzing Networks) - A tool for probing and identifying the vulnerabilities of systems on IP networks from a remote location. It can be used by network administrators to identify system security weaknesses. It may also be used by hackers to find system security weaknesses.

SMTP (Simple Mail Transfer Protocol) - A protocol for sending e-mail messages between servers. Most e-mail systems use SMTP to send messages from one server to another. In addition, SMTP is generally used to send messages from a mail client to a mail server.

Smurfing - A Denial of Service attack in which an automated program attacks a network by exploiting Internet Protocol (IP) broadcast addressing. An attacker will spoof (impersonate) the source address of an ICMP echo request (ping) and send it to many systems on a network at once causing a flood of echo replies. This causes clogging of the network and prevents normal network communication.

Spam - The functional equivalent to unsolicited, electronic junk mail. It is often used to advertise products or to broadcast a political or social commentary. Spam floods a user's inbox with irrelevant, unwanted messages.

Spoofing - Faking the sending address or otherwise masquerading as an authorized user in an attempt to gain illegal entry into a secure system.

Spyware - Spyware is any software or program that employs a user's Internet connection in the background (the so-called "backchannel") without their knowledge or explicit permission. Silent background use of an Internet "backchannel" connection requires a complete and truthful disclosure of backchannel usage, followed by the receipt of explicit, informed consent for such use. If permission is not obtained, the act is considered to be information theft.

SSL (Secure Sockets Layer) - Provides authentication and confidentiality on top of existing applications like Web browsers. Digital Certificates and Digital Signatures utilize this protocol layer to enhance security during online transactions.

SYN - The mnemonic for ASCII character 22, representing Synchronous idle, often used to control display monitors, printer and other modem devices. Also, a syntactic specification language for COPS.

SYN flood - When the SYN queue is flooded, it is not possible to open a new connection.

T

TCP (Transmission Control Protocol) - TCP is one of the main protocols in TCP/IP networks. TCP enables two hosts to establish a connection and exchange streams of data. TCP guarantees delivery of data and that packets will be delivered in the same order in which they were sent.

Telnet - A terminal emulation program for TCP/IP networks. The Telnet program runs on your computer and connects your computer to a server on the network. At such time, you can enter commands through the Telnet program and each direction given will be executed as if you were entering them directly on the server console. This enables you to control the server and communicate with other servers on the network.

Trin00 - A Trojan program that is run from a remote host and can be used to control a system or cause it to attack another network. Classified as a Distributed Denial of Service attack tool.

Trojan horse - A seemingly useful and innocent program that contains hidden code that allows the unauthorized modification, exploitation or destruction of data. Trojan horse programs are generally distributed via the Internet. Games, freeware and screen savers are common vehicles for Trojan horses.

U

UDP (User Datagram Protocol) - a transport layer communications method, or protocol, used for applications that transmit short bursts of data. This protocol offers a limited amount of service and is therefore the mechanism for data communication for applications that do not require verification of delivery at the destination.

Unix - A multi-user, multi-tasking operating system that is mainly used as the master control program in workstations and particularly servers.

V

Virus - A program that can "infect" or "contaminate" other programs by modifying them to include a copy of itself. Viral code is typically malicious and detrimental to data or system integrity.

VPN (Virtual Private Network) - Refers to a network in which some of the parts are connected using the public Internet, but the data sent across the Internet is encrypted, so the entire network is "virtually" private. A typical example would be a company network where there are two offices in different cities. Using the Internet, the two offices merge their networks into one network, but encrypt traffic that uses the Internet link.

W

WAN (Wide Area Network) - A communications network that covers a wide geographic area, such as a state or country. It usually consists of several LANs.

Worm - Is an independent program that replicates itself, crawling from machine to machine across network connections. It often clogs networks as it spreads -- often via e-mail or system exploits.



 end of Glossary
Back to ACC
chapter - 1, 2, 3, 4, 5

:: site navigation ::