GLOSSARY
OF TERMS
Principles
and Practice of
Information Security
Linda Volonino & Stephen R. Robinson
Accountability A functional requirement of hardware and software that requires that the actions of an entity can be traced uniquely to that entity.
Address A data field in an IP packet header that specifies either the sender (source address) or the intended receiver (destination address) of the packet.
Allow With regard to packets, allow is an action that permits, or allows, the packet to be sent or received by a network. The opposite is block. See Block.
Anna Kournikova A virus that arrives as an email attachment. Opening this attachment infects a machine. Once infected, the virus mails itself to all recipients found in the Windows address book.
Asymmetric cryptography Electronic signature technology eliminates
the need for manual signatures on contracts. Digital signature technology utilizing
asymmetric cryptography is a form of electronic signature particularly appropriate
for electronic contracting, because it replaces manual signatures
with digital codes that ensure the identity of the sender.
ADSL (asymmetric digital subscriber line) Technically, ADSL allows large data transfers over copper telephone lines. Operationally, ADSL is a high-speed digital service providing fast file downloads from the Web. Its upload speeds are much slower. Because of lack of symmetry in speeds for downloading and uploading with DSL service, it is referred to as asymmetric DSL or ADSL.A computer with an ADSL connection has a fixed or static IP address that is permanently assigned to it. These connections have fixed IP addresses that are easy to identify and attack. See DSL.
Antivirus (AV) software Software programs that filter incoming email and computer files to detect and deter viruses.
Application gateway A type of firewall that applies security mechanisms to specific applications, such as FTP and Telnet. They can be highly effective but tend to degrade performance.
Application virus These are viruses that attack software programs or database management systems.
Application level Programs that support business functions like accounting or marketing applications.
ARIN (American Registry for Internet Numbers) Companies are assigned their IP addresses by their Internet service providers (ISPs), who have been assigned their IP addresses by a central governing body called ARIN..ARIN controls the allocation of IP addresses so that there are no duplicates. See www.arin.net.
ASP (application service provider) A company that develops and hosts software applications on its own servers within its own facilities for other companies. In effect, companies outsource their applications to an ASP rather than manage the application in-house.
Asynchronous Asynchronous means that the data transfer rate is not the same in both directions.
ATM (asynchronous transfer mode) In an asynchronous transfer mode, the data transfer rate for uploading is slower than for downloading. For example, cable modems download files or Websites from a network (e.g., the Internet) at a much faster rate than they upload files to the network. This method is used to transmit data, voice, and video over high-speed local area networks at up to 2.2 Gbps.
AUP (acceptable-use policy) A company policy that defines (or should define) acceptable and unacceptable use of all components of the company’s information, computer networks, and communication systems. An AUP should clearly specify the company’s standards for onsite access and remote access to corporate networks and secure use of company usernames, passwords, and computer accounts.
Authentication A method by which a computer system attempts
to validate or verify (authenticate) that a user is really who he or she claims
to be. The process is usually based on a username and password. In security
systems, authentication is not the same as authorization, which gives individuals
access to a system based on their identity.
Authenticity A functional requirement of hardware and software that the content must not have been altered.
Autoreply or Autoresponse An email feature that allows the system to send a prepared message automatically to every email message it receives. This is often considered a courtesy to inform senders that the recipient is unavailable to read messages at the current time.
Availability A functional requirement of hardware and software
that the IT systems and data are available for operations or to avoid substantial
losses. Availability also includes ensuring that resources are used only for
intended purposes.
Backdoors Hidden and typically undetectable ways left by the programmer, hacker, or malware, such as a blended threat, to get back into a system.
Back Orifice One of many backdoor programs that attackers have used to access a computer system without anyone’s knowledge or consent. Back Orifice 2000 allows complete remote administrative control of infected Windows 95/98/NT computers.
Bandwidth A measure of the throughput, transfer, or access speed for telecommunications. It is the amount of data a network can transport in a given period of time (1 second). Higher bandwidth means more data per second can be transferred. Bandwidth is measured in kilobits per second (e.g., a 56K modem) and megabits per second.
Best practices An industry standard that is determined or based on what is commonly accepted as the most effective or efficient methods. Best practices are not necessarily recognized by the courts as the standard providing a sufficient defense. That is, best computer security practices for an industry may not be an effective defense for a company if those practices can be shown to be substandard or outdated.
Biometric device A device that uses something a person was born with to positively identify that person in lieu of a token. Fingerprints, voiceprints, and retinal scans are examples of such unique properties that can be read by special devices attached to a computer.
Biometrics An identification process that involves a human or biological feature, such as eyes (retinal scan), voiceprint, handprint, fingerprint, face print, or handwriting.
Black hat hackers or Black hats Black hat hackers commit illegal hacks for personal gain or notoriety. They are malicious individuals who try to break into computers and networks. The number of hackers and systems available for them to attack is growing, which means many attacks on Internet-connected resources can be expected. See also White hat hackers.
Blended threats A malicious application that spreads like a computer virus or worm but blends the capabilities of viruses and worms to attack security vulnerabilities in applications and operating systems.Viruses are destructive code, which have to be a script or macro or attach to an executable file to spread.Worms can spread through memory and disk space. A blended threat may attempt to infect by having the properties of an email virus and attempting to find an insecure operating system or application to infect/attack. Once the PC or server is infected, there is no limit to the destruction or manipulation of files. These threats can install backdoors, Trojan horses, or zombies. Blended threats are a continuation of the evolution of malicious code. Also called hybrid threats.
Block With regard to packets, block is an action that denies, or blocks, the packet from being sent or received by a network. See Allow.
Broadband A network that provides very high (that is, broad) bandwidth. It is the short way of saying “broad bandwidth.”
Brute force attack A cracker term that means continuously hurling passwords at a system until it is compromised.
Bug A problem in software or hardware, which have been referred to jokingly as “undocumented features.” Bugs can adversely affect computers or networks or make them vulnerable to security breaches.
Bugbear This dangerous virus spreads by mailing itself using the addresses found in the victim’s address book. It also changes the email FROM: field. Thus, it may appear that this virus has been received from a known person, when it was actually sent from a different user. The worm opens remote access and searches for various running programs and stops them. The remote access allows a hacker to steal files, run, terminate, and delete programs on the victim’s computer.
Bugtraq An email mailing list for computer security issues. SecurityFocus is host of the BugTraq newsgroups. It is used to alert everyone, including hackers, about vulnerabilities. For example, Jeffrey Baker, who discovered the password vulnerability in E-Trade, wrote an alert to the BugTraq mailing list. Baker said that he had notified E-Trade about its problem, but since nothing had been done, he alerted Etrade customers to the potential risk via BugTraq.
Buffer overflow This occurs when the capacity of the memory buffer is exceeded. During a buffer overflow, the network is vulnerable to attack. Many of the vulnerabilities that exist in the Internet software systems today are buffer overflow vulnerabilities. Buffer overflows are the most significant security problem that exists. All of the buffer overflow attacks in IIS could pass through a firewall and not show up in log files either.
Business records Documents, communication, and printouts created
as part of an organization’s operations or transactions.
Cache Temporary file copies to enhance system performance.
CERT® Coordination Center A federally funded research and development center operated by Carnegie Mellon University dedicated to information security monitoring and alerts.
Certification authority (CA) A CA authenticates or attests to the integrity of an entity. Cas are part of PKI standards.
Chain of custody This is a legal term referring to a showing of how evidence was handled from the time of collection to the time it was admitted as evidence in a judicial proceeding.
Chatroom Real-time, text-based teleconferences that can be private (entered by invitation only) or public (anyone can enter).
Checksum A numeric value used to verify that a file has not been tampered with. It is calculated based on the contents of the file. It is a fast way to check if anything in a file had been changed. If there is any change in the file’s contents—even a single character or space—the checksum would be radically different. Thus, an infected file can be detected because of the change in its checksum. However, when an existing file is modified, a new checksum has to be created. This is often too inconvenient for users to do whenever they modify any file. The software Tripwire can be used to take an MD5 (message digest) checksum snapshot of a system. See File Integrity Checker.
Children’s Online Privacy Protection Act (COPPA) This act, effective since April 21, 2000, applies to the online collection of personal information from children under 13. The new rules spell out what a Website operator must include in a privacy policy, when and how to seek verifiable consent from a parent, and what responsibilities an operator has to protect children’s privacy and safety online.
Circuit-level gateway A firewall technique that applies security mechanisms at the time when an Internet connection is originally made. After the connection is made, packets can flow between the hosts without checking.
Civil Rights Act of 1964 This act prohibits any type of discrimination based on gender, race, national origin, or age. The act also requires employers to provide nonhostile, nonharassing workplaces and holds them legally responsible for failure to maintain such workplaces.
Clear text Unencrypted text.
Code Red virus On July 19, 2001, over 359,000 computers were infected with the Code Red worm in less than 14 hours. It spread at up to 2,000 new infections per minute. Code Red and Nimda cost businesses worldwide $3 billion in lost productivity, disinfection, follow-up testing, and deployment of patches to computer systems. Each of these worms was a sophisticated blended threat that infected hundreds of thousands of systems worldwide. See Blended threats. Mercifully, hackers had not written hybrid (blended) threats Code Red, Code Red 2, and Nimda to do damage to critical data. Nimda and Code Red infected IT systems but did not attack data.
Computer crime Any violation of criminal law that involves a knowledge of computer technology for its perpetration, investigation, or prosecution.
Computer Emergency Response Team (CERT) CERT is a federally funded computer security research center operated by Carnegie Melon University.
Computer forensics The discovery, recovery, preservation, and control of electronic documents for use as evidence. This imposes unique risks on companies and impacts litigation strategies.
Computer Security Institute and FBI (CSI/FBI) Computer Crime and Security Survey The Computer Crime and Security Survey is conducted by CSI with the participationof the San Francisco Federal Bureau of Investigation’s (FBI) Computer Intrusion Squad.The aim of this effort is to raise thelevel of security awareness, as well as help determine the scope of computer crime in the United States.
Confidentiality A functional requirement of hardware and software that information (or file or message) must be protected from unauthorized disclosure.
Counterfeit Access Device and Computer Fraud and Abuse Law This law addresses computer crimes in which the computer is the subject of the crime.
Contributory negligence Legally, failure by the injured party to exercise reasonable care (due care) for his/her/its own safety.
Convention on Cybercrime An international treaty designed to improve international cyber crime prevention. Among its provisions, the Cybercrime Convention seeks to ensure that when a corporation fails to properly supervise employees in leading positions, and that failure makes certain computer crimes possible, the corporation itself will be held liable for the cyber crimes committed for its benefit, even if such crimes were committed without its knowledge, consent, or approval.
Convergence The integration of different technologies or capabilities into one device.Examples are accessing the Internet over a cell phone or making phone calls through a PC.
Cookies A block of reference data sent from a Website to the browser of a specific user and stored on the PC for later use. Cookies enable the Website to deliver customized content to that user and can be a convenience, invasion of privacy, or malicious.
Cracker A person with malicious intent who breaks into a computer system without authorization. The term refers to a bad hacker, but since the term hacker has acquired malicious connotations, cracker has become synonymous with hacker. Crackers are also utility programs or tools, such as password crackers, used to identify holes or weaknesses in networks and systems. Of course, these tools can be used illegally for spying or gaining access to unauthorized resources. Such tools are not network aware, so they do not run autonomously and transmit their findings back to a remote server— as do RATs. See RAT.
Critical infrastructure An infrastructure made up of service companies that the national economy depends on.These companies are primarily in telecommunications, transportation, financial services, chemical, water, and energy and power grids.
Cryptography A form of encryption; the study of mathematical codes for making or breaking encryption algorithms. See Asymmetric cryptography.
Customer relationship management (CRM) A popular business strategy that requires collecting extensive amounts of customer information.
Cyber law Any law dealing with computers, computer networks,
the Internet, email, or digital information.
Daemon In computer systems, daemons perform specific operations at predefined times, such as email handling, or perform administrative tasks for the operating system.
Datagram A datagram, often called a packet, is a small piece of data. Datagrams are completely self-contained. They have a source and a destination. Datagrams have no relationship to any others that came before or after them.
Data mining A class of software applications that automatically seek out previously undetected patterns within a set of historical data.These patterns can be used to predict future purchasing behavior or profile individual customers.
Data warehouse An application designed to provide integrated access to information about customers, finances, and operations.
DDOS (distributed denial of service) A type of denial of service attack that takes over thousands of computer systems to orchestrate a simultaneous attack on a Website— forcing that Website to crash or become unavailable to legitimate users. Sometimes simply referred to as “denial of service” (DOS). DOS or DDOS attacks prevent any part of a system or network from functioning properly. These incidents have become common due to increased hacker activity. See also Zombie.
Decryption Decoding encrypted data to return it to its original form.
Default The configuration and behavior of software or hardware on installation before any changes are made to it.
Demilitarized zone (DMZ) A subnet that contains a firewall and proxy server. It serves as a barrier or buffer zone between a company’s private intranet and the public Internet.
Department of Justice (DOJ) A department of the U.S. federal government that is responsible for the prosecution of federal crimes.
Detection avoidance The method by which a virus attempts to hide itself.
Digital certificates See Digital signatures.
Digital liability All the ways the information on computer devices and networks can hurt a company or an individual.
Digital liability management (DLM) A model that explains how people, process, and technology all play a key role in implementing an effective cyber security program.
Digital Pearl Harbor In July 2002, the U.S. Naval War College and Gartner Group simulated a distributed digital attack on U.S. critical infrastructures, which was called Digital Pearl Harbor.
Digital signatures The equivalent of a physical signature on a document or message. It verifies that the encrypted message or document originated from the person whose signature is attached to it. Digital signatures issued by a company are referred to as digital certificates.They are also referred to as dig sigs.
Directory The Unix equivalent of a Mac or Windows file folder. All UNIX files are stored in directories.
Directory protocol Standards that make it possible to edit a user’s set of access privileges. The edits are made in one centralized location and apply across all systems.
Discovery In preparation for trial, each party has the right to learn as much as possible about an opponent or the opponent’s case. The process of collecting information is called discovery. The purpose of discovery is to help the parties determine what the evidence may consist of, who the potential witnesses are, and what might be relevant. Discovery also helps preserve relevant evidence so that it is not destroyed. Information is discoverable if it is relevant to the facts that lead to the lawsuit or litigation and does not violate the confidentiality of communication between an attorney and client.
Discovery request In a legal action, if the opposing party submits a discovery request for the company’s emails and other electronic information, the company is required by law to retrieve and produce that evidence.
Distributed Coordinated Attacks (DCAs) See DDOS.
DNS (domain name server) An Internet service that translates domain names (easy to remember words) into IP addresses (long set of numbers).
Domain A subsection of the Internet that ends with .com, .net, .edu, .gov, or .org.
DOS (denial of service) attack This term refers to an attack on a network or server that causes it to receive more hits (requests for service) than it can respond to—so the server “denies service.”This happens when a Website or server is deliberately overwhelmed (usually by a hacker) with so many requests for service that it cannot respond to normal requests for information or access. If the attack is set up so that the requests for service come from more than one computer, it’s referred to as a DDOS (distributed denial of service) attack. Since most attacks come from more than one computer, DDOS and DOS are used interchangeably.
DSL (digital subscriber line) Transmits data over existing copper wire telephone lines at a much greater speed than regular phone wires. DSL works only when the user is close to one of the telephone company’s central offices. It is faster than dial-up and cheaper than leased lines.DSL can be sold in a variety of bandwidths.
Duty A legal obligation not to interfere with a protected interest. See also Right.
Duty of care Refers to a very high degree of responsibility. It is a defense needed for business and legal reasons and means that a company or person cannot create unreasonable risk of harm to others.
Dynamic IP address When dialing up to access the Internet, a user gets a different IP address for each Internet session, referred to as a dynamic IP address. During a single Internet session, every email message sent by the user will have the same IP address, but new sessions get different dynamic IP addresses. This is in contrast to a fixed IP, or static IP, address that is permanently assigned. See ADSL and Internet protocol (IP) address.
Dynamic routing Routing that adjusts automatically to changes
in network traffic. See Router.
ebusiness Using Internet technologies to conduct business, serve customers, and streamline processes.
ECHO A situation in which a user’s computer sends back a copy of the data that it received to the originating computer— comparable to a sound echo. This lets the sender visually inspect what the recipient has received.
ecommerce Buying and selling goods and services on the Internet.
Economic model of marginal cost–benefit analysis According to marginal analysis, the firm is not negligent if and only if the marginal costs of safeguards are greater than the marginal benefits of those safeguards.
Electronic document retention policy An effective document retention policy ensures that electronic documents are efficiently handled and neither retained too long nor destroyed too soon. In the event of a subpoena or lawsuit, a document retention policy can protect the firm against a claim of spoliation. Courts do not approve of companies that fail to preserve electronic evidence. Sanctions for the destruction of electronic evidence include monetary fines, adverse jury instructions, and possibly entry of a default judgment.
Electronic evidence (e-evidence) Refers to any electronically stored data or information that can be used as evidence in a legal action.
Electronic fraud (efraud) Electronic records are amenable to fraudulent use because they are susceptible to illegal interception and manipulation. There has been a migration of traditional crimes—including threats, fraud, and extortion—to electronic records because online perpetrators can reach victims easily and anonymously.
Electronic record The Uniform Electronic Transaction Act (UETA) broadly defines an electronic record, or electronic document, as a record “created, generated, sent, communicated, received or stored by electronic means.”
Electronic records management (ERM) The systemic review, retention, and destruction of documents received or created in the course of doing business. It is the policy for managing the retention, destruction, and storage of electronic records. See Electronic document retention policy.
Email-borne viruses Viruses spread via email.
Email header Every email message contains a header that shows the path that the email traveled from its point of origin to its ultimate destination. Depending on the software, sometimes the header will appear at the bottom of an email message.
Encryption The process of encoding data to protect it from being understood by unauthorized users.
Ethernet One of the most widely used LAN (local area network) standards for transferring data.
Ethical hacking To exercise reasonable care, many corporations hire outside security firms to test their firewall security. Called ethical hacking, the process is intended to help system administrators pinpoint weaknesses in networks. In addition, ethical hacking enables IT managers to gauge response time to an attack—crucial in the fight against cyber crime.
Event An event is something observable that happened in an information system or network; for instance, a system crash or an attempt to access a network.
Evidence-mail Email used as evidence.
Execution The carrying out of a plan.
Expected loss A quantitative model that provides an important benchmark against which to assess and justify investments in digital security. Expected loss equals the amount of the loss multiplied by the probability of its occurrence.
Expected value (EV) The expected average value of a loss.
Exploit A tool (software program) or technique designed to take advantage of a weakness or vulnerability in a program or computer system to exceed the user’s authorized level of access.
Expressed consent Consent that involves some action on the
part of a user, such as his or her signature.
False positive A false alarm; for example, if an IDS detects an “intrusion,” and that detection is incorrect, that is a false positive.
File integrity checker It is very difficult to compromise a system without altering a system file, so file integrity checkers are important to detect intrusion. A file integrity checker computes a checksum for every guarded file and stores the result. At a later time, a checksum is computed again and tested against the stored value to determine if the file had been modified. This capability should be used with commercial host-based intrusion detection systems. The primary checksum method had used a 32-bit CRC (cyclic redundancy check). But attackers have been able to modify a file in ways the CRC checksum could not detect, so stronger checksums, known as cryptographic hashes, are recommended. Examples of cryptographic hashes include MD5 and snefru. One challenge in using a file integrity checker is the false positive problem.When files are updated or systems are patched, files change. Creating the initial database of signatures (checksums) is easy, but keeping it up-todate is much harder. However, even if a checker is run only when a system is first installed, it can be run any time to determine which files have or have not been modified. It is very important that the reference database be stored offline so attackers cannot compromise the system and hide their tracks by modifying the reference database.
File transfer protocol (FTP) A telecommunications protocol used to transmit files. This protocol does error checking to ensure that the entire file was received correctly.
Filter A tool for monitoring and intercepting packets to determine whether they should be allowed or blocked. Filters look at signatures to determine whether to allow or block access. Firewalls use filters. See Allow and Block.
First-party risks Risks that concern the company itself, such as risks to company information assets.
Firewall A security feature designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software or a combination of both. Firewalls control authentication routines, decide which packet types to admit into the network and which to deny, and can check both incoming and outgoing traffic. Conceptually, these are the functions that firewalls are designed to perform. In practice, firewalls do not always offer security as claimed.The main types of firewall techniques are packet filtering, application gateway, circuit-level gateway, and proxy server.
Fixed IP address An address permanently assigned to a computer or account. Also referred to as a static IP address, in contrast to a dynamic IP address that changes every time a new connection to the network is made.When the Internet connection is permanently assigned, every email sent by that Internet user will contain the same IP address. See ADSL and Internet protocol (IP) address.
Flame wars Highly contentious email exchanges where participants
shoot off insults at each other via email.
Gateway A special-purpose network device or software that routes packets.
Gnutella A peer-to-peer (P2P) file-sharing network.
Goner A devastating computer virus that spread at a rate of 100,000 computers per minute. Goner was designated as a level-4 virus— the highest level of destructiveness. It proved that gullible computer users are a serious security risk. Goner arrived as an email with the subject “Hi” and disguised itself as a screensaver. It was written in Visual Basic Script (VBS) but compressed into UPX format, making it hard to detect by AV software. This format also enabled Goner to bypass corporate firewalls, which had no filters in place to protect against it.
Gramm–Leach–Bliley Act (GLB) Regulations pertaining to the financial services industry require board and management involvement in the development and implementation of an information security program.The board must approve an institution’s written information security program and then oversee the program’s development, implementation, and maintenance.
Gray hat hackers Gray hat hackers have characteristics of
black and white hat hackers. Like black hats, they illegally break into systems
or servers, but they notify companies about the break-ins and generally don’t
interfere with business processes.
Hacker A person who is either a computer enthusiast or accesses computer networks to steal, corrupt, extort, etc.
Hacking Unauthorized access to a network or computer system. Hacking is illegal according to Section 2701(a), which states that whoever intentionally accesses without authorization a facility through which an electronic communication service is provided; or intentionally exceeds anauthorization to access that facility, and thereby obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage in such a system shall be punished.
Handshake A sequence of messages that are exchanged between two or more networksto synchronize themselves so that they can transfer data.
Health Insurance Portability and Accountability Act (HIPAA) A regulatory obligation by organizations, imposed by legislation, that specifies the privacy, security, and electronic transaction standards with regard to patient information for all health care providers.
Hidden directory A directory that is deliberately concealed, which makes it difficult to detect. Hackers use these directories for storing files to escalate their attacks.
Hits Requests for service.
Hoaxes An email that contains bogus warnings usually intended to frighten or mislead users.The best course of action is to merely delete these hoax emails.
Honeynet or Honeypot The decoy or tool to learn about hackers or other intruders. A honeynet is a network of systems deliberately designed to be compromised by hackers so that they can be caught or stopped from doing damage to production systems or Websites.
Hop-through A computer that is used as a host in an attack but that is not the target of the attack. Hackers may use hop-through computers in their attacks to disguise their activities.
Host computer A computer system on a network that has full two-way access to other computers on that network.
HTTP (hypertext transport protocol) A protocol to request Websites or html (hypertext markup language) documents from the Web.
Hybrid threats See Blended threats.
ICQ An Internet service for finding users and sharing information. ICQ is known to have serious security vulnerabilities.
Identity theft The theft of personal information, including credit cards, Social Security and account numbers, or any other information to gain unlawful access to a person’s cash, credit line, or identity. The FBI estimates there are 350,000 to 500,000 incidents of identity theft in the United States each year.
ILoveYou virus A virus that spread rapidly because of its attention-grabbing email subject. It tricked and enticed recipients to open it, mostly at work, and unleashed over a billion dollars of destruction in May 2000. Also known as the LoveBug.
Inbound or Inbound packet A packet that arrives from a remote computer or from outside the network.
Incident This term refers to a harmful or threatening event in an information system or network. Incident implies harm or attempt to harm.
Incident management Products that support integration and correlation of network events to identify an incident.
Incident response policy A policy that provides guidance on what to do when faced with an attack on the system, which may have legal consequences. It also defines the scope of the powers, authority, and discretion that the team has in responding to the attack and focuses management’s attention on security and response issues
Information Sharing and Analysis Center (ISAC) An ISAC comprises
a secure database, analytic tools, and informationgathering and distribution
facilities designed to allow authorized individuals to submit either anonymous
or attributed reports about information security threats, vulnerabilities, incidents,
and solutions. ISAC members also have access to information and analysis relating
to information provided by other members and obtained from other sources, such
as U.S. government and law enforcement agencies, technology providers, and security
associations, such as the CERT®
Coordination Center.
InfraGard The FBI and local leaders in several U.S. cities have teamed up to create the security expertise and information about threats to the region’s critical infrastructure.
Instant messaging (IM) The highly utilized IM programs let people chat in real time over their computers.With the added capability of exchanging file attachments, and due to the constant server connections required, IM allow for greater exposure to bugs and vulnerabilities.
Integrity A functional requirement of hardware and software that the information must be protected from unauthorized, unanticipated, or unintentional modification.
Integrity checker If a company cannot prevent hostile code from being installed or executed, the last defense mechanism is to examine the system for changes using an integrity checker. Integrity testers create a baseline record of files on the system.That baseline is used in later scans for comparisons to determine if there have been any changes in the files. See File integrity checker.
Internal intrusions Intrusions that are carried out by employees or insiders.
Internet protocol (IP) The protocol of the Internet for email and file transfers.The IP performs only two functions to deliver a package of bits (a datagram) from a source to a destination over a network. First, it defines a datagram that can be routed through the Internet. Second, it provides a means for breaking up datagrams into packets for transmission and then reassembling those packets back into theoriginal datagrams when they reach their destination. There are no mechanisms forend-to-end data reliability, flow control, sequencing, or other services provided by the IP. The IP relies on the services of networks to provide various types and qualities of service.
Internet protocol (IP) forgery Sending a packet with a fake or incorrect source address.
Intranet An organization’s internal network based on the Internet’s TCP/IP protocols. Access is usually limited to insiders. Intranet Websites act like Internet Websites but have firewalls to help prevent unauthorized access.
Intrusion detection system (IDS) An IDS refers to a category of defense tools that is used to provide warnings indicating that the system is under attack or intrusion. IDSs must be configured to work correctly and be programmed to look for specific types of network behavior. For example, an IDS sensor can be set to look at all traffic into and out of a network and to block traffic that indicates an internal or external intrusion.
IP address The numeric address of a Website or computer that is attached to the Internet. Every computer on a network has a unique address, called its IP address. IP addresses are somewhat comparable to physical addresses or telephone numbers. IP addresses identify a specific computer on a specific network.Technically, an IP address is a logical network address whose parts identify the network that the computer is on and the computer itself. More technically,an IP address is a unique 32-bit identifier for a specific TCP/IP host computer on a network. An example of an IP address is 192.168.1.201 IP addresses consist of four sets of numbers (which are the address fields) separated by decimal points. Since the infrastructure of the Internet consists primarily of a set of gateway computers and packet routers, the routing of packets is based on their IP addresses. The IP address can be static (always the same) or dynamic (as when someone dials into the Internet via their ISP).When the hookup is permanent, every email sent by that Internet user will contain the same IP address—the static IP address. In contrast, when an Internet user must dial up to access the Internet, the user will have a different IP address for each Internet session—a dynamic IP address. During each such session, every email message sent will share the same IP address, but new sessions mean new IP addresses.
IP address forgery Also called IP spoofing. IP forgery is the sending of packets using a fake IP address. The fake IP address is used to hide the sender’s true source. Forexample, it can make the message look as though it is coming from a trusted host.
IP spoofing See IP address forgery.
Iptest A tool that is part of the free and publicly available ipfilter security package that automatically forges packets for the purpose of testing configurations or routers and other IP security setups.
Internet service provider (ISP) A company that provides access to the Internet.
ISDN (integrated services digital network) International communications standard for transmitting voice, video, and data over existing telephone lines. ISDN uses digital technology that allows data to be transmitted much faster than it would be over standard phone lines.
ISO 17799 An international standard for best practices in information security.
IIS (Internet Information Server) Microsoft’s Web server
that runs on Windows NT platforms. These servers are particularly vulnerable
to buffer overflows.
Java A general-purpose, high-level, object-oriented, cross-platform programming languagedeveloped by Sun Microsystems.
KaZaa A peer-to-peer (P2P) file-sharing program on the Gnutella network.
Kerberos A security system used for user authentication in a client–server environment.
Key In encryption, a key is a sequence of data that is combined with the source documentto produce output that is unreadable until it has been decrypted. See Asymmetric cryptography.
Klez The most prevalent virus throughout January 2003. It was successful because of its ability to send itself to addresses found on infected PCs within address books and documents, such as resumes. In this way, infected messages appeared to their recipients to be coming from a familiar and trusted source.
Knowledge management (KM) The capture and storage of unstructured
information.
LAN (local area network) A communications network that connects users within a single location, such as in an office.
Legal action Civil or criminal legal actions, which include civil disputes, criminal cases, class actions, and government investigations.
Liability exposure Risk from an organization’s failure to take action, which results in harm.
Lightweight directory access protocol (LDAP) A standard that makes it possible to maintain or remove an employee’s set of access privileges in one place and have those settings apply across all systems that are impacted.
Linux worm A worm that probes the Internet looking for vulnerable Linux networks or servers to victimize.
Listen Ports are set to listen for incoming requests for a connection and accept them. For example, port 80 listens for requests for connections to the Website to accept the connection. Listening ports are potential access points into a network and need to be secured.
Listserv An external email distribution list that must be subscribed to.
Load The amount of activity on a network server or router.
Local Refers to the organization’s or user’s computer or network, in contrast to remote ones. See Remote.
Log or log file A file or record that lists all access requests or activities on a computer or network so that they can be analyzed for security purposes.
Logic bombs Malicious codes that can be triggered on command to destroy or disrupt a computer network or application.
LoveBug virus See ILoveYou virus.
Malware Malicious software. Increasingly, shrewd social engineering methods are being used by malware to dupe victims. For example, a user receives an email appearing to be awarning from a software vendor that claims to detect or protect against a virus; but in reality, the message contains a mechanism to infect the victim with a new virus.
Marginal cost–benefit analysis A tool for evaluating alternative decisions. See Economic model of marginal cost–benefit analysis.
Melissa virus The Melissa virus was one of the first major viruses to wreak havoc as a friendly email containing the subject line “Important message from” followed by the name of a familiar person. If an Outlook user opened the attachment, the virus would send itself to the top 50 listings in the user’s address book and add that person’s name to the subject of the message. Although the virus itself was not considered malicious because it did not delete files, the exponential multiplication of messages caused some systems to come to a grinding halt.
Memory buffer The section of computer memory that stores the destination and transmission data. See Buffer overflow.
Meta-data Descriptions or properties of data files or email, examples of which are dates/times an email or file was created or accessed. When these electronic documents or logs are requested or subpoenaed in a legal action, they become e-evidence.
Microsoft SQL Server 2000 These were the servers that were vulnerable to the SQL Slammer worm.
MIME (multipurpose Internet mail extensions) The standard
protocol for transmitting nontext multimedia (audio, video, binary) email messages.
It is an extension of SMTP (simple mail transport protocol).
National Information Infrastructure Protection Act (NIIPA) The National Information Infrastructure Protection Act of 1995 increased protection for both government and private computers, and the information on those computers, from the growing threat of computer crime.
National Infrastructure Protection Center (NIPC) The NIPC was established by a presidential directive in 1998. The NIPC is a global reporting partnership between the FBI and the private sector. It is the federal government’s first line of defense against information warfare—attacks on strategic computer systems by cyber terrorists. The NIPC is directed to detect, prevent, and respond to any physical or cyber threats against the country’s critical government installations, public utilities, and private industry. One of the NIPC’s missions is to partner with the business community to help executives protect their critical information systems.
Negligent supervision Under the theory of negligent supervision, the employer’s duty of care and liability may extend to actions outside the scope of employment.
Negligent tort Conduct that creates an unreasonable risk of harm. Failure to exercise a degree of care that a prudent person would exercise under the same circumstances
Network A channel for computer communications, such as the Internet or local area network (LAN).
Network address translation (NAT) An Internet standard that enables an internal network,or LAN, to use two sets of IP addresses. One set of IP addresses is for internal traffic, and the second set is for external traffic. This effectively disguises the home network by assigning a hidden IP address to each protected device.
Network device A hardware device that connects a computer
to a network.
Nimda Nimda is by definition a worm, but it
also has a virus component by which it attaches itself to files to do damage,
which makes it a blended threat. It is more virulent than most viruses, such
as the Code Red, because of its multifaceted modes of attack. Once Nimda has
infected a PC, it will try to do a mass emailing to addresses listed in the
user’s Microsoft Outlook and potentially infect the PCs of the recipients.
PCs can get infected during a visit to a Website that is hosted (stored) on
an infected server. The worm can modify files on a Web server to allow anonymous
access to it, wherein the server has no protection against destruction, theft,
or defacing.
Nonrepudiation A functional requirement of hardware and software that the origin or the receipt of a specific message is verifiable by a third party and cannot be denied.
Nonreproducing malware See Nonviral malware.
Nonviral malware Malicious code that does not reproduce or replicate itself. This category of malicious code is largely unstoppable by AV software. Examples of nonviral malware are password crackers, traffic sniffers, keystroke loggers, data scroungers, and remote access Trojans (RATs).These electronicburglar tools are used by attackers (both insiders and outsiders) to capturepasswords and spy on network traffic or private communication or for unauthorized stealth communication with remote hosts. Corporate servers can become vulnerable to malware when users download popular software, for example, P2P or remote access programs, because they open up holes in the corporate firewall.
Null password A setting in which no password has yet been
specified, so anyone can gain access.A severe security breach.
Operating system (OS) A low-level control program that runs the computer; for example, OS/2, Linux,Windows XP, Unix, Mac OS 10.
Opportunity costs Measurements of missed or lost sales or profits.
Organization for Economic Cooperation and Development (OECD) An international organization whose mission is to protect privacy. The organization has developed a set of guiding principles for the processing, retention, and disclosure of personal data.
Outbound or Outbound packet A packet that is sent from a local computer or from inside the network.
Outside the scope of employment Activities not directly related
to work.
P2P (peer-to-peer) A network in which each computer has equivalent capabilities and responsibilities. Many Web-based P2P applications, such as Napster, AIM, orGroove, tunnel through corporate firewalls via HTTP or other open ports. In effect, this allows employees to create their own ad hoc VPNs.
P3P (Privacy Preferences Project) A software standard for browsers and Websites designed to automate the implementation of privacy policies. They can be programmed to interact with a Website in specific ways.
Packet A unit of data for transmission over a network that contains header and control information. This term is often used instead of datagram.
Packet filtering A firewall technique that looks at each incoming and outgoing packet and accepts or rejects it according to rules defined by the company or IT staff. It can be effective and transparent to users if it is configured correctly, which is difficult. The limitation of packet filtering is that it is susceptible to IP spoofing.
Packet switching The Internet uses a technology called packet switching to carry data. Packet switching works as follows. The computer that sends a document file (sending computer), such as a music file or digital image, cuts the document up into many small portions of information called a packet. Each packet contains the IP address of the destination Website, a small portion of data from the original document, and an indication of the data’s place in the original document. The sending computer then sends all the packets through its local network to an external router. Since packets from the sending computer take entirely different routes over the Internet (i.e., traveling over different routers and cables) to their final destination, they arrive out of their original order. Because each packet has a header section with information that identifies its place in the original document, the destination computer is able to reassemble the original document from the disorganized packets. If the packets were sent using TCP/IP, the destination computer sends a message back to the originating computer either reporting that it received the full message or requesting that the originating computer resend any packets that never arrived. See Router.
Password crackers Software that can “crack,” or decipher, a password.
Passwords A sequence of characters used for authentication. Weak passwords provide no protection against unauthorized access. The most commonly used passwords are “password,” names of the area’s major sports team, popular words from Star Trek’s Klingon dictionary, or none at all(null password). Passwords typically used to protect financial files and entry to company LANs, intranets, and extranets pose only a minor hacking challenge. As such, computer security problems will increase dramatically as the Internet becomes more prevalent in PDAs, mobile phones, and pagers and migrates to video game devices and TV.
Patch Software provided by the operating system (OS), such as Microsoft or UNIX, or application program vendors to fix a problem or vulnerability.
Payload The mechanism by which a virus causes damage.
PBX (private branch exchange) A private telephone network owned and operated by an organization.
PDA (personal digital assistant) A handheld device that functions in several capacities— as a cell phone, fax sender and personal organizer, among other things. PDAs use astylus, or pen, rather than a keyboard.
Permission Privileges granted to each user on a network that control what data and applications that user is allowed to access. The system administrator controls permissions.
Personally identifiable health information (PIHI) Health or health care information that can identify an individual. HIPAA regulations protect the privacy of individually identifiable health information.
Ping (Packet Internet Groper) This is a software utility program used to determine whether a specific IP address is real and accessible. The term is often used as a verb; for example, “ping a server.”
Port Ports are interfaces, or entry/exit points, to a network. They are numbered and usually associated with a specific process. For example, port 80 is associated with HTTP used for access to Web pages.
Port scanners Tools or techniques for inspecting computers connected to the Internet for accessible open ports. Some of these tools are Foundstone’s SuperScan, Fyodor’s nmap, NetScanTools Pro 2000 (NSTP2K), Legion Network’s port scanner, and X-Scan.
Port scanning The process of connecting to TCP or UDP (user datagram protocol) ports on a target system to identify services that are active, or running, and ports that are listening to traffic.
Pretty good privacy (PGP) PGP is an effective encryption technique commonly used to protect messages sent via the Internet. PGP is based on PKI, which uses a public key and a private key. PGP is available for free from several sources, including the Massachusetts Institute of Technology.
Privacy The state of being left alone and free from surveillance is a fundamental right protected by the U.S. Constitution.
Privileged access Greater access authority than at the end-user level. For example, root access.
Product suite A collection of software products; for example,Microsoft Office.
Propagation The way a virus replicates locally and over a network. Also called migration.
Protocol A standard method of communication, such as IP (Internet protocol).
Proxy server A type of firewall designed to hide the identity or IP address of the organization’s servers. To prevent packets from revealing any critical IP addresses, a proxy server, or simply proxy, intercepts and relays all inbound/outbound requests.
Prudent man rule A rule that imposes on organizations the duty to protect information assets as a prudent person would.
Public key infrastructure (PKI) A system of digital certificates
to identify and authenticate the sender or receiver of an Internet message or
transaction. See Key.
Qaz Trojan A Trojan horse malware program. The Microsoft trespassers (in October 2000) apparently used the Qaz Trojan, a widely available program, to take control of the computers.
RAT (remote-access Trojan) A program that gives unauthorized computer or network access after it has been installed on a victim’s computer. Examples are Back Orifice and NetBus. As is the case with Trojans, it is disguised as an innocuous program that can be transmitted via email as an executable file, downloaded from a Website, or installed by someone with physical access to the computer.
Reconnaissance probes Refers to the activities, such as port scanning, that are done in preparation for an attack. This is also called recon.
Recons Slang for reconnaissance probes.
Regression Regression testing is generally used to certify all updates to key components before application, but this process can be costly and time-consuming. It is often impractical given the frequency with which these patches are released.
Remote Refers to a computer or network that is not local to the company or user. Remote is the opposite of local. See Local.
Remote and local exploit tools Tools used to gain high-level privileged access (root access to all other files and directories) to a company’s network and systems. See Root access.
Respondeat superior With respect to cyber security, respondeat superior is a liability risk a company may face for not diligently monitoring the cyber activities of its employees.
Return on investment (ROI) The ratio of the net gain from a proposed investment divided by its total costs.
Right A legal claim that others not interfere with a protected interest, such as the right to privacy. Personal rights are those rights that one possesses solely by virtue of being a person and a citizen. See Duty.
Risk analysis The purpose of risk analysis is to fully identify and assess risk factors, then to balance the expected costs (damages) of incidents with the cost of defenses needed to avoid incidents.
Roles An effective way to manage permissions and access rights is to divide users into roles, or access-level categories.
Root access This is the greatest (most intrusive) degree of access into a system—basically it means getting “access to the root.” This access level gives a user (or a hacker) access to, and control of, all files on a network or PC.
Rootkit Tools used by hackers to collect passwords. They are available freely on the Internet.
Router A device that transfers packets between two or more
networks. A router contains continuously updated directories of Internet addresses
called routing tables. The router takes each packet from the original
document and sends it to the next available router in the direction of the destination
Website. Because each router is connected to many other routers, and because
the connection between any two given routers may be congested with traffic at
a given moment, packets from the same document are typically sent to different
routers. Each of these routers, in turn, repeats this process, forwarding each
packet it receives to the next available router in the direction of the destination
Website. Collectively, this process is called dynamic routing. See
Packet switching.
Sapphire See SQL Slammer.
SarbanesOxley Act An investor protection bill passed by Congress in 2002 after financial scandals at Enron,WorldCom, and other companies. The Sarbanes–Oxley Act orders the SEC to issue rules requiring disclosure of financial transactions.
Scope of employment See Respondeat superior.
Script Computer code (language) that can be executed directly by a program that understands the language the script was written in. Scripts can be executed without first being compiled. Examples of script languages are Visual Basic script (VBScript) and Java script.
Script kiddie A novice hacker who uses existing hacker tools and virus-building code. Script Kiddies may not know enough to develop new viruses, but they can be just as disruptive and destructive as expert hackers.
Secure sockets layer (SSL) A widely used encryption security mechanism on the Internet. The 128-bit secure socket layer encryption is used to protect Internet transactions; for example, financial transactions. Hackers have tried tackling this 128-bit encryption by marshaling enough computers together to crack SSL.
Security Security is defined as the policies, practices, and technology that must be in place for an organization to transact business electronically via networks with a reasonable assurance of safety. This assurance applies to all online activities, transmissions, and storage. It also applies to business partners, customers, regulators, insurers, or others who might be at risk in the event of a breach of that company’s security.
Security audits Reviews of all aspects of the security program, including technology, procedures, documentation, training, and personnel in some cases. They work best when they are conducted both internally and certified by a recognized third-party expert.
Server Servers are computers that store files and documents and make them available over the Internet through TCP/IP (transmission control protocol/Internet protocol). Every Website is made up of document files, which have a unique URL (universal resource locator) that identifies its physical location on a server in the Internet’s infrastructure. Users access documents by sending request messages to the servers that store the documents.
Service pack A service pack is an up-to-date software patch to fix a vulnerability.
Signature IP traffic patterns are defined or described by their signature.A signature is the identifier by which a virus is detected by AV software. Viral signatures are the patterns used to identify a virus within a file.
SirCam worm An email virus that sends itself, along with local files from the infected PC, to all users found in the Windows address book.
Slammer A computer virus that attacked computer server systems and shut down ATM operations at some of the nation’s largest financial institutions in late January 2003. Slammer shut down server systems by attacking and overloading computer networks that use Microsoft Corp.’s SQL Server 2000 servers.
Slow sweep Scanning probes that are deliberately intermittent to avoid detection.
SMTP (simple mail transfer protocol) Protocol for sending email messages between servers. Most email systems that send mail over the Internet use SMTP to send messages from one server to another.
Smoking gun A term used by the legal or litigation community to describe a physical or electronic document that constitutes strong evidence in favor of the claim being made.
Sniffer An eavesdropping program or device that can monitor and steal data traveling over a network. Sniffers are a common weapon of hackers. They can be used for legitimate network management functions or to steal information from a network. Unauthorized sniffers are a network security risk because they are almost impossible to detect.
Social engineering This is the method that Kevin Mitnick used to gain access to servers and networks. It’s the ability of a hacker to break into a system simply by fooling an employee into revealing access codes, passwords, or other confidential information. Social engineering is an elaborate term for using fraud to obtain passwords. A common hacker trick for obtaining a user’s password is to pretend in a phone call to be a member of the firm’s IS staff.
Spam Spam is junk email. Officially, it is called unsolicited commercial email (UCE) or unsolicited advertising.
Spammer Anyone who sends junk email.
Spamming The sending of junk email, or spam.
Spam relay An offensive attack wherein a company’s domain mail system is used as the host to deliver, or relay, spam. This can result in a DOS because while the (host) company’s email server is occupied by the processing of spam mail, it cannot handle legitimate inbound and outbound email.
Spamware Software that automatically searches the Web to collect what it recognizes as email addresses.
Spoliation Spoliation means “destruction of evidence.” It involves the destruction of evidence having potential evidentiary value. It may be viewed as a criminal obstruction of justice. Under federal law, spoliation is the destruction or significant alteration of evidence or the failure to preserve evidence for pending or reasonably foreseeable litigation. Thus, spoliation involves two elements: a duty to preserve evidence and the intentional destruction of that evidence.
Spoof To trick, disguise, or deceive. For example, a spoofed Website is one wherein a correct Web address is replaced with a phony one. Identities of email senders can also be spoofed to disguise the true identity of the sender or to pretend to be someone else.
Spoofing system or Website A system or Website that looks exactly like a legitimate one and that presents the same login interface.
Spyware Software that covertly gathers information about a user through the user’s Internet connection. The information is collected without the person’s knowledge and disclosed without the person’s consent. Spyware has the ability to monitor keystrokes, scan hard drive files, and snoop other applications, including word processing and spreadsheets.
SQL slammer (also called Sapphire) A worm that caused chaos around the world by sending out a flood of messages that jammed networks. This global traffic jam substantially slowed down the Internet in January 2003.
Standard of reasonableness The duty of care imposed by law that is measured against the conduct of a reasonable, prudent person.
Stateful inspection A type of firewall that compares the fields in the inbound IP packet to fields in the outbound messages that had preceded it. This information is used to build a database of characteristics of legitimate traffic.
Static IP address See Fixed IP address.
Statute A written rule or law.
Subnet (subnetwork) A network that is segmented into smaller networks.
SubSeven A Trojan horse that was rampant in P2P networks and could open company networks to script kiddies’ backdoor attacks.
Symmetrical DSL Bandwidths to and from a user’s PC that are at the same speed; for example, 384K. Downloading and uploading speeds are the same. See DSL and ADSL.
SYN flood attack An attack on a network that prevents a TCP/IP
server from servicing other users.
T-1 A leased telephone line connection with a transmission speed of 1.544 Mbps.A single T-1 line can handle 24 voice or data channels at 64 Kbps. Capacity sold at less than full T-1 rates is known as fractional T-1.
Taxonomy of threats and vulnerabilities (TTV) A classification of intruders and intrusions that organizations and users are exposed to.
TCP/IP (transmission control protocol/ Internet protocol) TCP/IP makes it possible for all types of computers to communicate with each other. It is a set of operating and transmission protocols that enables the Web to operate.
TCP/IP ports Every IP address is broken down into small components called TCP/IP ports. To ensure that packets get delivered to their intended application, TCP/IP port numbers are assigned to each application on a network.
Telnet A program that lets users connect to other computers on the Internet.
Third-party risks Risks that are threats to the company’s customers, suppliers, business partners, or competitors, who may seek legal redress by lawsuit.
Token A physical device, analogous to an ID card, designed to be used by only one person to prove his/her identity. Tokens are better than ordinary passwords, which are effective only as long as they are secret.A token, which a user must physically possess, in conjunction with a password offers far better authentication.
Torts Legally, any civil wrong that may be grounds for a lawsuit. Two categories of torts are negligent torts and strict liability torts. Intentional torts are any wrongs that the defendant knew, or should have known, would occur through his actions or inactions. Negligent torts occur when the defendant’s actions were unreasonably unsafe.
Total Quality Management (TQM) A popular business strategy for improving quality and reducing cost.
Trade secret Any information protected by a business because it provides the business with a particular economic advantage.
Trigger The action that activates a virus.
Trojan program (Trojan) Harmless-looking software programs or executable code that can damage computers or steal information from them. Often the user is unaware of the transmission and installation of a Trojan on his or her PC. Trojans can be sent as email attachments.When the recipient highlights or opens the infected email message, the Trojan can invisibly install itself on the PC. Trojans can give the sender complete access to the PC that it has infected. Afterwards, that PC could be commanded to send unauthorized email (see IP address forgery) or launch attacks on other PCs, causing a DOS. See Worm.
Tunnel Tunneling is the enclosing of one protocol or data
stream within another. For example, a VPN (virtual private network) tunnels
data by encrypting it for transfer via the Internet.
Unicode A 16-bit code used to represent alphanumeric characters in binary form.
Unicode bug The so-called Unicode bug was used by the Dutch hacker Dimitri to gain unauthorized access to Microsoft’s systems in October 2000. Microsoft had first patched this security hole on August 10, 2000 and issued a security bulletin on October 17, 2000 pointing customers to the same software patch. On its TechNet Website, Microsoft refers to the bug as the “Web Server Folder Traversal” vulnerability.
Unicode hole A vulnerability or “security hole” that lets hackers get deeper into a Website and control it.
Uniform Electronic Transaction Act (UETA) UETA is a uniform law approved in July 1999 by the National Conference of Commissioners on Uniform State Laws. If adopted by state legislatures, UETA will elevate electronic records and signatures to the same legal status accorded paper records and handwritten signatures.
USA PATRIOT Act The USA PATRIOT Act broadly expands law enforcement’s
surveillance and investigative powers. In particular, the law raises complicated
questions with respect to what constitutes a business record and the law’s
broad definition of computer trespassers. The law also creates a new relationship
between domestic criminal investigations related to foreign intelligence.
Virtual hacking A type of Internet attack referred to as a blended threat.This type of hack attack can be conducted using worms to exploit vulnerabilities in Microsoft’s Internet Information Services (IIS). Nimda had infected hundreds of thousands of networks by moving through email, Web browsing, and files shared across networks In effect, blended (or hybrid) threats create virtual hackers by automating the ways hackers break into systems.
Virtual private network (VPN) A VPN uses the public Internet for private communication, which is accomplished though encryption.
Virtual workplace Any place where company business is being conducted using company- provided equipment.
Virus A virus is a malicious computer program. Viruses infect computers by attaching themselves to programs and data files, replicating on a hard drive, and then doing damage, such as deleting files.A virus consists of two parts: the propagation (replication) mechanism and the payload, which does the damage. See Worm. Many viruses attempt to hide themselves. They may insert themselves into unused space within a program so as not to change the size or other characteristics of those files, though they would affect a checksum.
Visual Basic Script (VBS) Visual Basic Script is a language developed by Microsoft and supported by Microsoft’s Internet Explorer Web browser. VBScript enables Web authors to include interactive controls, such as buttons and scrollbars, on their Web pages.
Voice over IP (VoIP) Voice transmission over the Internet rather than phone lines.The quality is generally not as good as phone transmission, but it’s much cheaper.
VPN (virtual private network) A VPN is a private connection, or network, that is created by tunneling within the Internet. The connection can be between (1) remote users and the company network or (2) two or more remote LANs. VPNs use encryption to provide the security of private networks, which are not always secure. See Tunnel.
Vulnerability An exposure to risk or threat. Users can minimize
their vulnerability by constantly updating antivirus and firewall software;
turning off always-on broadband connections when not using them; staying out
of chat rooms, usenet news groups, and instant messaging; deleting email with
attachments or from strangers; and by not forwarding email or opening forwarded
email.
WAN (wide area network) A communications network that connects widely separate locations. Think of WANs as the interstate highways and LANs as the secondary roads connecting them.
WAP (Web application protocol) The telecommunications protocol used on personal digital assistants (PDAs) and mobile phones.
Warez (pronounced wares) Commercial software that has been pirated and made publicly available via electronic bulletin boards or Websites.
Warez site (plural: Warez sitez) A hacker site for obtaining or downloading freeware tools or commercial software, including password crackers and keystroke loggers.
Web bugs Web bugs are links to small images that are often 1 pixel in size and thus not visible. They are placed within host Web pages specifically to eavesdrop an visitors without their knowledge.
White-collar crime (WCC) Any nonviolent crime committed in a commercial context. Examples of WCC are embezzlement, bribery, and fraud.
White hat hackers Hackers whose hobbies or job it is to find security weaknesses in computer systems or business applications and help correct them.
Whois database An online database of domain names that can be queried by anyone to find out information or identities of the owners of those domain names. The database reveals information such as company domains, network, and hosts; the name, address, telephone, fax, and email address of the administrator of the domain name. The data revealed by Whois is used for social engineering or to gain access to the system administrator’s network account. The data provided when registering a domain name is a serious security leak that can be avoided by using generic email (e.g., info@companyname.com) and other indirect contact information.
World Wide Web (WWW) The WWW is often mistakenly referred to as the Internet.TheInternet is the physical infrastructure consisting of hardware, software, and telecom devices—servers, computers, network, cables, and routers. The Web is the data,documents, and multimedia files that are accessed via the Internet.
Worm A type of software attack that infects one computer and
then attempts to infect other network. These programs can reproduce themselves
and overload networks. An automated worm can randomly probe the Internet looking
for vulnerable networks to victimize. The speed with which worms can spread
across the Internet makes them ideal delivery mechanisms for setting up a network
of clients that can be later exploited to launch DDOS or other types of attacks.
In the future, worms can be expected to become stealthier or more lethal to
computer systems. See also Nimda.
XML (extensible markup language) A Web programming language
that can be used instead of HTML. It is used for Websites and database applications
that need to share data between applications and organizations. There is no
agreed-upon industry standard for XML.
Zombie A computer program used to infect a computer and then
to remotely activate the infected computer to launch a DDOS. Zombies can be
used to send an enormous number of bogus requests to a targeted Website or server
to which the server cannot respond so that the Website becomes unreachable.
This is a serious threat to electronic commerce. Hackers seek out millions of
vulnerable PCs to take control over—like zombies. Zombies, also called
denial-of-service programs, can be simultaneously installed on several
host computers through automated attack scripts (e.g.,Trojans or viruses) that
exploit vulnerabilities in a computer network. Thus, zombies are used to orchestrate
DDOS attacks. Many corporate Websites have been attacked by zombies that resided
on other corporate host computers.These host computers are effectively secondary
victims (targets) that are coordinated to attack one or more primary victims
or targets. “Secondary victim” companies whose servers are used
to launch DOS attacks on primary victims may be held liable for, in effect,
aiding the DDOS attack.